diff --git a/cmd/uplink/cmd/share.go b/cmd/uplink/cmd/share.go
index f9fe8df6f..c2f638ee0 100644
--- a/cmd/uplink/cmd/share.go
+++ b/cmd/uplink/cmd/share.go
@@ -79,11 +79,7 @@ func shareMain(cmd *cobra.Command, args []string) (err error) {
 		return err
 	}
 
-	// TODO(jeff): we have to have the server side of things expecting macaroons
-	// before we can change libuplink to use macaroons because of all the tests.
-	// For now, just use the raw macaroon library.
-
-	key, err := macaroon.ParseAPIKey(cfg.Client.APIKey)
+	key, err := libuplink.ParseAPIKey(cfg.Client.APIKey)
 	if err != nil {
 		return err
 	}
diff --git a/lib/uplink/apikey.go b/lib/uplink/apikey.go
index af2e06f35..64183836e 100644
--- a/lib/uplink/apikey.go
+++ b/lib/uplink/apikey.go
@@ -3,17 +3,34 @@
 
 package uplink
 
+import (
+	"storj.io/storj/pkg/macaroon"
+)
+
 // APIKey represents an access credential to certain resources
 type APIKey struct {
-	key string
+	key *macaroon.APIKey
 }
 
 // Serialize serializes the API key to a string
 func (a APIKey) Serialize() string {
-	return a.key
+	return a.key.Serialize()
 }
 
 // ParseAPIKey parses an API key
 func ParseAPIKey(val string) (APIKey, error) {
-	return APIKey{key: val}, nil
+	k, err := macaroon.ParseAPIKey(val)
+	if err != nil {
+		return APIKey{}, err
+	}
+	return APIKey{key: k}, nil
+}
+
+// Restrict generates a new APIKey with the provided Caveat attached.
+func (a APIKey) Restrict(caveat macaroon.Caveat) (APIKey, error) {
+	k, err := a.key.Restrict(caveat)
+	if err != nil {
+		return APIKey{}, err
+	}
+	return APIKey{key: k}, nil
 }