Hi,
I assume you are using Delphi.
I can suggest to use two ways:
- You can use HTTPServer.OnCustomResponseEvent event. client should pass request to unregistered dispatcher. You can catch it in this event, validate your token and pass request to valid httpapi dispatcher. check for more details at Using OnCustomResponseEvent in a ROSDK Server snippet and related links like Delphi DA REST server versioning with code-first server - #2 by EvgenyK .
- you can create own TROHttpApiBaseAuthenticationManager descendant that will check your key in http header.