diff --git a/.idea/dataSources.xml b/.idea/dataSources.xml
index 7781fac..a831897 100644
--- a/.idea/dataSources.xml
+++ b/.idea/dataSources.xml
@@ -8,13 +8,13 @@
       <jdbc-url>jdbc:mysql://127.0.0.1:3306</jdbc-url>
       <working-dir>$ProjectFileDir$</working-dir>
     </data-source>
-    <data-source source="LOCAL" name="DDEV" uuid="ac04e527-2f9a-49a3-9321-8e4d0cb5d115">
+    <data-source source="LOCAL" name="DDEV" uuid="5ac23057-b782-421b-8d88-fecc4d3386ee">
       <driver-ref>mariadb</driver-ref>
       <synchronize>true</synchronize>
       <configured-by-url>true</configured-by-url>
       <remarks>DDEV generated data source</remarks>
       <jdbc-driver>org.mariadb.jdbc.Driver</jdbc-driver>
-      <jdbc-url>jdbc:mariadb://127.0.0.1:60799/db?user=db&amp;password=db</jdbc-url>
+      <jdbc-url>jdbc:mariadb://127.0.0.1:55619/db?user=db&amp;password=db</jdbc-url>
       <working-dir>$ProjectFileDir$</working-dir>
     </data-source>
   </component>
diff --git a/config/packages/monolog.yaml b/config/packages/monolog.yaml
index 8c9efa9..8c1dc99 100644
--- a/config/packages/monolog.yaml
+++ b/config/packages/monolog.yaml
@@ -41,10 +41,14 @@ when@prod:
     monolog:
         handlers:
             main:
-                type: fingers_crossed
+                type: stream
+                path: "%kernel.logs_dir%/%kernel.environment%.log"
+                level: debug
+                channels: [ "!event" ]
+                #type: fingers_crossed
                 action_level: error
                 handler: nested
-                excluded_http_codes: [404, 405]
+                #excluded_http_codes: [404, 405]
                 buffer_size: 50 # How many messages should be saved? Prevent memory leaks
             nested:
                 type: stream
@@ -58,4 +62,4 @@ when@prod:
             deprecation:
                 type: stream
                 channels: [deprecation]
-                path: php://stderr
+                path: php://stderr
\ No newline at end of file
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 367af25..bfe9203 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -4,14 +4,20 @@ security:
         Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
     # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
     providers:
-        users_in_memory: { memory: null }
+        users_in_memory: { memory: {
+            users: [
+                { identifier: "ahch0joh9ahthoh6xiew9Eer5aevieR1", roles: ["ROLE_USER"] }
+            ]
+        } }
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
         main:
-            lazy: true
+            #lazy: true
             provider: users_in_memory
+            custom_authenticators:
+                - App\Security\ApiKeyAuthenticator
 
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
@@ -36,4 +42,4 @@ when@test:
                 algorithm: auto
                 cost: 4 # Lowest possible value for bcrypt
                 time_cost: 3 # Lowest possible value for argon
-                memory_cost: 10 # Lowest possible value for argon
+                memory_cost: 10 # Lowest possible value for argon
\ No newline at end of file
diff --git a/src/Security/ApiKeyAuthenticator.php b/src/Security/ApiKeyAuthenticator.php
new file mode 100644
index 0000000..913d405
--- /dev/null
+++ b/src/Security/ApiKeyAuthenticator.php
@@ -0,0 +1,64 @@
+<?php
+
+namespace App\Security;
+
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
+use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
+
+class ApiKeyAuthenticator extends AbstractAuthenticator
+{
+
+    /**
+     * Called on every request to decide if this authenticator should be
+     * used for the request. Returning `false` will cause this authenticator
+     * to be skipped.
+     *
+     * @param Request $request
+     * @return bool|null
+     */
+    public function supports(Request $request): ?bool
+    {
+        return true;
+        //return $request->headers->has('X-AUTH-TOKEN');
+    }
+
+    public function authenticate(Request $request): Passport
+    {
+        $apiKey = $request->headers->get('X-AUTH-TOKEN');
+
+        if (null === $apiKey) {
+            // The token header was empty, authentication fails with HTTP Status
+            // Code 401 "Unauthorized"
+            throw new CustomUserMessageAuthenticationException('No API key found', [], Response::HTTP_UNAUTHORIZED);
+        }
+
+        return new SelfValidatingPassport(
+            new UserBadge($apiKey)
+        );
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
+    {
+        return null;
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+       # dump($exception);
+
+        $data = [
+            'message' => $exception->getMessage()
+        ];
+
+        return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
+    }
+
+}
\ No newline at end of file