header('X-API-key'); if ($apiKey !== config('customs.external.api_key')) { return response()->json(['error' => 'Unauthorized'], 401); } return $next($request); } }