diff --git a/src/index.ts b/src/index.ts
index af4aec5..7550831 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,10 +1,14 @@
+import { appAccessTokenMiddleware } from "./middleware/global/appAccessToken.middleware";
 import { validateEnv } from "./utils/startups/validateEnv";
 validateEnv();
 
 const { Elysia } = await import("elysia");
 const { routes } = await import("./routes");
 
-const app = new Elysia().use(routes).listen(process.env.APP_PORT || 3000);
+const app = new Elysia()
+  .use(appAccessTokenMiddleware())
+  .use(routes)
+  .listen(process.env.APP_PORT || 3000);
 
 console.log(
   `🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`
diff --git a/src/middleware/global/appAccessToken.middleware.ts b/src/middleware/global/appAccessToken.middleware.ts
new file mode 100644
index 0000000..d1e4a1e
--- /dev/null
+++ b/src/middleware/global/appAccessToken.middleware.ts
@@ -0,0 +1,12 @@
+import Elysia, { Context } from "elysia";
+import { returnErrorResponse } from "../../helpers/callback/httpResponse";
+
+export const appAccessTokenMiddleware = () =>
+  new Elysia().onRequest(({ request, set }) => {
+    const headerToken = request.headers.get("access_token");
+    const storedToken = process.env.API_KEY;
+
+    if (headerToken !== storedToken) {
+      return returnErrorResponse(set, 403, "Unauthorized");
+    }
+  });