diff --git a/.env.example b/.env.example
index 95e5d81..e4a99c3 100644
--- a/.env.example
+++ b/.env.example
@@ -11,6 +11,13 @@ CACHE_DRIVER=file
 SESSION_DRIVER=file
 QUEUE_DRIVER=sync
 
+PAYPAL_SANDBOX_CLIENT_ID=
+PAYPAL_SANDBOX_SECRET=
+PAYPAL_LIVE_CLIENT_ID=
+PAYPAL_LIVE_SECRET=
+
+API_TOKEN=
+
 MAIL_DRIVER=smtp
 MAIL_HOST=mailtrap.io
 MAIL_PORT=2525
diff --git a/app/Http/Middleware/isAuthorized.php b/app/Http/Middleware/isAuthorized.php
index be156f7..eb29fc7 100644
--- a/app/Http/Middleware/isAuthorized.php
+++ b/app/Http/Middleware/isAuthorized.php
@@ -13,11 +13,11 @@ class isAuthorized {
 	 */
 	public function handle($request, Closure $next)
 	{
-		if(isset(getallheaders()['token']) && getallheaders()['token']=="1HHIaIsT4pvO2S39vMzlVfGWi3AhAz6F5xGBNKil") {
+		$token = $request->header('token') ?? (getallheaders()['token'] ?? null);
+		if ($token && $token === config('app.api_token')) {
 			return $next($request);
-		}else{
-				return response()->json(['status' => false,'error' => "Invalid request"], 503);
 		}
+		return response()->json(['status' => false, 'error' => 'Invalid request'], 401);
 	}
 
 }
diff --git a/config/app.php b/config/app.php
index b3efa87..ac8bd14 100644
--- a/config/app.php
+++ b/config/app.php
@@ -80,6 +80,8 @@ return [
 
 	'key' => env('APP_KEY', 'SomeRandomString'),
 
+	'api_token' => env('API_TOKEN'),
+
 	'cipher' => MCRYPT_RIJNDAEL_128,
 
 	/*
diff --git a/config/services.php b/config/services.php
index 61068a9..fcb4cbb 100644
--- a/config/services.php
+++ b/config/services.php
@@ -36,13 +36,13 @@ return [
 
 	// sandbox
 	'paypal_sandbox' => [
-    'client_id' => 'AQuz-HKzQiL7FygkG8skSekaWf-RP6Rgj4f1XeX1Ghp86bUFj7tQXVT1xbpluu5_WCGRbQpOVGtlJKVB',
-		'secret' => 'EJAMKxQsl-mFkL_4J_90cvTamYfcsgswqgIxz9wQPiRAwJ6sy_wNsttMlmrXIpxI96JpYzdMXkLCHAPz'
-	], 
-	
+		'client_id' => env('PAYPAL_SANDBOX_CLIENT_ID'),
+		'secret'    => env('PAYPAL_SANDBOX_SECRET'),
+	],
+
 	// live
 	'paypal_live' => [
-    'client_id' => 'AUqBUFW5lfyYmrlBtFZA3RNw45sttM3ltbvS_d4qCVBMrkcMG9rEeivGvtNFSy8XTiEp50YyQ6khKxbq',
-	 	'secret' => 'ELlnuiupoFKwGUSc2g5j-sD1EmsvKpdhth1gFV7njpfvyNtKsK8WwIKUMOS0ehJcRatV865eMhfgsnd_'
+		'client_id' => env('PAYPAL_LIVE_CLIENT_ID'),
+		'secret'    => env('PAYPAL_LIVE_SECRET'),
 	],
 ];