# API Security

Secure management endpoints.

## Authorization

```csharp
app.MapEventStreamManagementApi()
    .RequireAuthorization("Admin");
```

## API Keys

```csharp
app.Use(async (context, next) =>
{
    if (!context.Request.Headers.TryGetValue("X-API-Key", out var apiKey) ||
        !IsValidApiKey(apiKey))
    {
        context.Response.StatusCode = 401;
        return;
    }
    await next();
});
```

## See Also

- [Management API Overview](README.md)