settings->get('integration.api_key') ?? config('services.integration.api_key'); $provided = $request->header('X-Api-Key'); if (empty($expected) || $provided !== $expected) { return response()->json(['message' => 'Unauthorized: invalid API key'], 401); } return $next($request); } }