API Key Message handler to protect the REST API Endpoint

APIKeyMessageHandler.cs

    public class APIKeyMessageHandler : DelegatingHandler
    {
        private const string APIKey = "ZG95b3Vrbm93dGhhdGFjZXJpc3RoZWJlc3Rjb21wYW55aW50aGV3b3JsZGJ5YW5keQ==";
        protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {

            bool validKey = false;
            IEnumerable<string> requestHeaders;
            var checkApiKeyExists = request.Headers.TryGetValues("MyAPIKey", out requestHeaders);
            if (checkApiKeyExists)
            {
                if (requestHeaders.FirstOrDefault().Equals(APIKey))
                {
                    validKey = true;
                }

            }

            if (!validKey)
            {
                return new HttpResponseMessage(HttpStatusCode.Forbidden)
                {
                    Content = new StringContent(JsonConvert.SerializeObject(new { message = "Invalid API Key" })),
                    ReasonPhrase = "Invalid API Key"
                };
            }

            var response = await base.SendAsync(request, cancellationToken);
            return response;
        }

    }