header('X-Custom-Header') !== env('MIDDLEWARE_TOKEN')) { return response()->json(['error' => 'Unauthorized'], 401); } return $next($request); } }