diff --git a/src/components/core/handler/ddoHandler.ts b/src/components/core/handler/ddoHandler.ts
index 5df1162e3..7ef17b8f3 100644
--- a/src/components/core/handler/ddoHandler.ts
+++ b/src/components/core/handler/ddoHandler.ts
@@ -800,7 +800,7 @@ export class ValidateDDOHandler extends CommandHandler {
           task.publisherAddress,
           task.policyServer
         )
-        if (!response) {
+        if (!response.success) {
           CORE_LOGGER.logMessage(
             `Error: Validation for ${task.publisherAddress} was denied`,
             true
diff --git a/src/components/core/handler/encryptHandler.ts b/src/components/core/handler/encryptHandler.ts
index 520d92807..1b213ae85 100644
--- a/src/components/core/handler/encryptHandler.ts
+++ b/src/components/core/handler/encryptHandler.ts
@@ -71,7 +71,7 @@ export class EncryptHandler extends CommandHandler {
         task.consumerAddress,
         task.policyServer
       )
-      if (!response) {
+      if (!response.success) {
         CORE_LOGGER.logMessage(
           `Error: Encrypt for ${task.consumerAddress} was denied`,
           true
@@ -163,7 +163,7 @@ export class EncryptFileHandler extends CommandHandler {
         task.policyServer,
         task.files
       )
-      if (!response) {
+      if (!response.success) {
         CORE_LOGGER.logMessage(
           `Error: EncryptFile for ${task.consumerAddress} was denied`,
           true
diff --git a/src/components/policyServer/index.ts b/src/components/policyServer/index.ts
index 8596b8dc6..7ff535422 100644
--- a/src/components/policyServer/index.ts
+++ b/src/components/policyServer/index.ts
@@ -5,26 +5,34 @@ import { BaseFileObject } from '../../@types/fileObject.js'
 
 export class PolicyServer {
   serverUrl: string
+  private apikey: string
 
   public constructor() {
     this.serverUrl = process.env.POLICY_SERVER_URL
+    this.apikey = process.env.POLICY_SERVER_API_KEY
   }
 
   private async askServer(command: any): Promise<PolicyServerResult> {
     if (!this.serverUrl) return { success: true, message: '', httpStatus: 404 }
     let response
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json'
+    }
+    if (this.apikey) {
+      headers['X-API-Key'] = this.apikey
+    }
     try {
       response = await fetch(this.serverUrl, {
-        headers: {
-          'Content-Type': 'application/json'
-        },
+        headers,
         method: 'POST',
         body: JSON.stringify(command)
       })
     } catch (e) {
+      const errorText =
+        e instanceof Error ? e.message : typeof e === 'string' ? e : JSON.stringify(e)
       return {
-        success: true,
-        message: '',
+        success: false,
+        message: errorText || 'Policy server request failed',
         httpStatus: 400
       }
     }