diff --git a/apps/action/dist/index.js b/apps/action/dist/index.js
index b5b977e..f3f4479 100644
--- a/apps/action/dist/index.js
+++ b/apps/action/dist/index.js
@@ -4176,7 +4176,7 @@ var TrustSignalVerificationClient = class {
           headers: {
             "content-type": "application/json",
             "accept": "application/json",
-            authorization: `Bearer ${this.apiKey}`
+            "x-api-key": this.apiKey
           },
           body: payloadText,
           signal: controller.signal
diff --git a/docs/integrations/github.md b/docs/integrations/github.md
index 452bfe0..d94cbbb 100644
--- a/docs/integrations/github.md
+++ b/docs/integrations/github.md
@@ -99,7 +99,7 @@ jobs:
           TRUSTSIGNAL_API_KEY: ${{ secrets.TRUSTSIGNAL_API_KEY }}
         run: |
           curl -fsSL \
-            -H "Authorization: Bearer ${TRUSTSIGNAL_API_KEY}" \
+            -H "x-api-key: ${TRUSTSIGNAL_API_KEY}" \
             -H "Content-Type: application/json" \
             -d '{
               "repository": "'"${GITHUB_REPOSITORY}"'",
diff --git a/src/trustsignal/client.ts b/src/trustsignal/client.ts
index 6924197..2167a1c 100644
--- a/src/trustsignal/client.ts
+++ b/src/trustsignal/client.ts
@@ -57,7 +57,7 @@ export class TrustSignalVerificationClient {
           headers: {
             "content-type": "application/json",
             "accept": "application/json",
-            authorization: `Bearer ${this.apiKey}`,
+            "x-api-key": this.apiKey,
           },
           body: payloadText,
           signal: controller.signal,
diff --git a/tests/trustsignalClient.test.ts b/tests/trustsignalClient.test.ts
index 31dd3bd..97a1d92 100644
--- a/tests/trustsignalClient.test.ts
+++ b/tests/trustsignalClient.test.ts
@@ -55,7 +55,7 @@ describe("TrustSignalVerificationClient", () => {
       expect.objectContaining({
         method: "POST",
         headers: expect.objectContaining({
-          authorization: "Bearer secret",
+          "x-api-key": "secret",
           "accept": "application/json",
         }),
       })
@@ -136,7 +136,7 @@ describe("TrustSignalVerificationClient", () => {
       expect.objectContaining({
         method: "POST",
         headers: expect.objectContaining({
-          authorization: "Bearer secret",
+          "x-api-key": "secret",
         }),
       })
     );
@@ -146,7 +146,7 @@ describe("TrustSignalVerificationClient", () => {
       expect.objectContaining({
         method: "POST",
         headers: expect.objectContaining({
-          authorization: "Bearer secret",
+          "x-api-key": "secret",
         }),
       })
     );