header('token') ?? $request->input('token'); $token = env('API_AUTH_TOKEN'); if (!$requestToken || !$token || $requestToken !== $token) { return (new JsonResponse(['error' => 'Unauthorized']))->setStatusCode(Response::HTTP_UNAUTHORIZED); } return $next($request); } }