diff --git a/app/models/user_api_key_scope.rb b/app/models/user_api_key_scope.rb
index 0ea94279649..ed8fa661d0f 100644
--- a/app/models/user_api_key_scope.rb
+++ b/app/models/user_api_key_scope.rb
@@ -10,6 +10,7 @@ class UserApiKeyScope < ActiveRecord::Base
     notifications: [
       RouteMatcher.new(methods: :post, actions: "message_bus"),
       RouteMatcher.new(methods: :get, actions: "notifications#index"),
+      RouteMatcher.new(methods: :get, actions: "notifications#totals"),
       RouteMatcher.new(methods: :put, actions: "notifications#mark_read"),
     ],
     session_info: [
diff --git a/spec/requests/notifications_controller_spec.rb b/spec/requests/notifications_controller_spec.rb
index 8634c32b1c5..2c06d3801c1 100644
--- a/spec/requests/notifications_controller_spec.rb
+++ b/spec/requests/notifications_controller_spec.rb
@@ -626,4 +626,28 @@ RSpec.describe NotificationsController do
       end
     end
   end
+
+  context "with user api keys" do
+    fab!(:user)
+    let(:user_api_key) do
+      UserApiKey.create!(
+        application_name: "my app",
+        client_id: "",
+        scopes: ["notifications"].map { |name| UserApiKeyScope.new(name: name) },
+        user_id: user.id,
+      )
+    end
+
+    before { SiteSetting.user_api_key_allowed_groups = Group::AUTO_GROUPS[:trust_level_0] }
+
+    it "allows access to notifications#totals" do
+      get "/notifications/totals.json", headers: { "User-Api-Key": user_api_key.key }
+      expect(response.status).to eq(200)
+    end
+
+    it "allows access to notifications#index" do
+      get "/notifications.json", headers: { "User-Api-Key": user_api_key.key }
+      expect(response.status).to eq(200)
+    end
+  end
 end