diff --git a/Newsbot.Collector.Api/Filters/ApiKeyAuthAttribute.cs b/Newsbot.Collector.Api/Filters/ApiKeyAuthAttribute.cs
new file mode 100644
index 0000000..e30f4b2
--- /dev/null
+++ b/Newsbot.Collector.Api/Filters/ApiKeyAuthAttribute.cs
@@ -0,0 +1,32 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Newsbot.Collector.Domain.Consts;
+
+namespace Newsbot.Collector.Api.Filters;
+
+[AttributeUsage(AttributeTargets.Class| AttributeTargets.Method)]
+public class ApiKeyAuthAttribute : Attribute, IAsyncActionFilter
+{
+    private const string ApiKeyHeaderName = "X-API-KEY";
+    
+    public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
+    {
+        if (!context.HttpContext.Request.Headers.TryGetValue(ApiKeyHeaderName, out var foundKey))
+        {
+            context.Result = new BadRequestResult();
+            return;
+        }
+
+        var config = context.HttpContext.RequestServices.GetRequiredService<IConfiguration>();
+        var apiKeys = config.GetValue<string[]>(ConfigConst.ApiKeys);
+
+        foreach (var key in apiKeys ?? Array.Empty<string?>())
+        {
+            if (key != foundKey) continue;
+            await next();
+            return;
+        }
+
+        context.Result = new BadRequestResult();
+    }
+}
\ No newline at end of file