diff --git a/config.json b/config.json
index c62f739..877306c 100644
--- a/config.json
+++ b/config.json
@@ -6,6 +6,7 @@
     "port": 5000,
     "host": "localhost",
     "route": "/api/logs",
-    "log_file": "server.log"
+    "log_file": "server.log",
+    "key": "devsecops-simplon-2024"
   }
 }
diff --git a/node-client/app.js b/node-client/app.js
index 47cf0a2..2f27e96 100644
--- a/node-client/app.js
+++ b/node-client/app.js
@@ -11,7 +11,11 @@ const axios = require('axios');
 
 async function getLogs() {
     try {
-        const response = await axios.get(API_URL);
+        const response = await axios.get(API_URL, {
+            headers: {
+                'X-API-Key': `${config.api.key}`
+            }
+        });
 
         const data = response.data;
 
diff --git a/python-api/app.py b/python-api/app.py
index bc7c4b5..52a519c 100644
--- a/python-api/app.py
+++ b/python-api/app.py
@@ -1,4 +1,4 @@
-from flask import Flask, jsonify
+from flask import Flask, jsonify, request
 import json
 import os
 
@@ -39,9 +39,17 @@ def parse_logs(filepath):
         "warnings": warnings
     }
 
+def verifier_cle_api():
+    cle = request.headers.get("X-API-Key")
+    if cle != config["api"]["key"]:
+        return jsonify({"erreur": "Clé API invalide ou manquante"}), 401
+    return None
 
 @app.route("/api/logs", methods=["GET"])
 def get_logs():
+    erreur = verifier_cle_api()
+    if erreur:
+        return erreur
     result = parse_logs(config["api"]["log_file"])
     return jsonify(result), 200