diff --git a/parity/configuration.rs b/parity/configuration.rs
index 0366cb056..a5d9e2d4d 100644
--- a/parity/configuration.rs
+++ b/parity/configuration.rs
@@ -891,6 +891,12 @@ impl Configuration {
 		let ui = self.ui_config();
 		let http = self.http_config()?;
 
+		let support_token_api =
+			// never enabled for public node
+			!self.args.flag_public_node
+			// enabled when not unlocking unless the ui is forced
+			&& (self.args.arg_unlock.is_none() || ui.enabled);
+
 		let conf = WsConfiguration {
 			enabled: self.ws_enabled(),
 			interface: self.ws_interface(),
@@ -899,7 +905,7 @@ impl Configuration {
 			hosts: self.ws_hosts(),
 			origins: self.ws_origins(),
 			signer_path: self.directories().signer.into(),
-			support_token_api: !self.args.flag_public_node,
+			support_token_api,
 			ui_address: ui.address(),
 			dapps_address: http.address(),
 		};
diff --git a/parity/rpc.rs b/parity/rpc.rs
index 2940e178e..41b10ba87 100644
--- a/parity/rpc.rs
+++ b/parity/rpc.rs
@@ -227,7 +227,7 @@ pub fn new_ws<D: rpc_apis::Dependencies>(
 	let allowed_hosts = into_domains(with_domain(conf.hosts, domain, &Some(url.clone().into()), &None));
 
 	let signer_path;
-	let path = match conf.support_token_api && conf.ui_address.is_some() {
+	let path = match conf.support_token_api {
 		true => {
 			signer_path = ::signer::codes_path(&conf.signer_path);
 			Some(signer_path.as_path())
diff --git a/parity/run.rs b/parity/run.rs
index 308394200..ab9d8d3d9 100644
--- a/parity/run.rs
+++ b/parity/run.rs
@@ -303,7 +303,7 @@ fn execute_light_impl(cmd: RunCmd, can_restart: bool, logger: Arc<RotatingLogger
 	let rpc_stats = Arc::new(informant::RpcStats::default());
 
 	// the dapps server
-	let signer_service = Arc::new(signer::new_service(&cmd.ws_conf, &cmd.ui_conf, &cmd.logger_config));
+	let signer_service = Arc::new(signer::new_service(&cmd.ws_conf, &cmd.logger_config));
 	let (node_health, dapps_deps) = {
 		let contract_client = ::dapps::LightRegistrar {
 			client: client.clone(),
@@ -699,7 +699,7 @@ pub fn execute_impl(cmd: RunCmd, can_restart: bool, logger: Arc<RotatingLogger>)
 		false => Some(account_provider.clone())
 	};
 
-	let signer_service = Arc::new(signer::new_service(&cmd.ws_conf, &cmd.ui_conf, &cmd.logger_config));
+	let signer_service = Arc::new(signer::new_service(&cmd.ws_conf, &cmd.logger_config));
 
 	// the dapps server
 	let (node_health, dapps_deps) = {
diff --git a/parity/signer.rs b/parity/signer.rs
index 8bdf18bd0..ab476ef9d 100644
--- a/parity/signer.rs
+++ b/parity/signer.rs
@@ -32,10 +32,10 @@ pub struct NewToken {
 	pub message: String,
 }
 
-pub fn new_service(ws_conf: &rpc::WsConfiguration, ui_conf: &rpc::UiConfiguration, logger_config: &LogConfig) -> rpc_apis::SignerService {
-	let signer_path = ws_conf.signer_path.clone();
+pub fn new_service(ws_conf: &rpc::WsConfiguration, logger_config: &LogConfig) -> rpc_apis::SignerService {
 	let logger_config_color = logger_config.color;
-	let signer_enabled = ui_conf.enabled;
+	let signer_path = ws_conf.signer_path.clone();
+	let signer_enabled = ws_conf.support_token_api;
 
 	rpc_apis::SignerService::new(move || {
 		generate_new_token(&signer_path, logger_config_color).map_err(|e| format!("{:?}", e))
@@ -56,6 +56,24 @@ pub fn execute(ws_conf: rpc::WsConfiguration, ui_conf: rpc::UiConfiguration, log
 pub fn generate_token_and_url(ws_conf: &rpc::WsConfiguration, ui_conf: &rpc::UiConfiguration, logger_config: &LogConfig) -> Result<NewToken, String> {
 	let code = generate_new_token(&ws_conf.signer_path, logger_config.color).map_err(|err| format!("Error generating token: {:?}", err))?;
 	let auth_url = format!("http://{}:{}/#/auth?token={}", ui_conf.interface, ui_conf.port, code);
+	let colored = |s: String| match logger_config.color {
+		true => format!("{}", White.bold().paint(s)),
+		false => s,
+	};
+
+	if !ui_conf.enabled {
+		return Ok(NewToken {
+			token: code.clone(),
+			url: auth_url.clone(),
+			message: format!(
+				r#"
+Generated token:
+{}
+"#,
+				colored(code)
+			),
+		})
+	}
 
 	// And print in to the console
 	Ok(NewToken {
@@ -67,10 +85,7 @@ Open: {}
 to authorize your browser.
 Or use the generated token:
 {}"#,
-			match logger_config.color {
-				true => format!("{}", White.bold().paint(auth_url)),
-				false => auth_url
-			},
+			colored(auth_url),
 			code
 		)
 	})