More granular control of external validation configuration

app/setup/settings/urls.php

@@ -29,7 +29,10 @@ return [
     ],
     'externalPaths' => [
         '/api/external' => [
-            '/toku/success' => $_ENV['TOKU_TOKEN']
+            '/toku/success' => [
+                'header' => 'x-api-key',
+                'token' => $_ENV['TOKU_TOKEN']
+            ]
         ],
     ]
 ];

app/src/Middleware/API.php

@@ -85,6 +85,13 @@ class API
     }
     protected function validateExternalKey(ServerRequestInterface $request, $basePath, $subPath): bool
     {
+        $data = $this->externalPaths[$basePath][$subPath];
+        if (isset($data['header']) and $request->hasHeader($data['header'])) {
+            $token = $request->getHeaderLine($data['header']);
+            if ($token === $this->externalPaths[$basePath][$subPath]['token']) {
+                return true;
+            }
+        }
         if ($request->hasHeader('x-api-key')) {
             $key = $request->getHeaderLine('x-api-key');
             if ($key === $this->externalPaths[$basePath][$subPath]) {