diff --git a/DEPENDENCIES b/DEPENDENCIES
index 9b3bcd8ee..3a948680f 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -356,6 +356,7 @@ maven/mavencentral/org.eclipse.edc/asset-api/0.8.1, Apache-2.0, approved, techno
 maven/mavencentral/org.eclipse.edc/asset-index-sql/0.8.1, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/asset-spi/0.8.1, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/asset-spi/0.8.1-SNAPSHOT, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/auth-configuration/0.8.1, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/auth-spi/0.8.1, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/auth-tokenbased/0.8.1, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/autodoc-processor/0.8.1, Apache-2.0, approved, technology.edc
diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md
index 166b70630..db530bc7c 100644
--- a/charts/tractusx-connector-azure-vault/README.md
+++ b/charts/tractusx-connector-azure-vault/README.md
@@ -83,7 +83,8 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0.
 | controlplane.debug.enabled | bool | `false` | Enables java debugging mode. |
 | controlplane.debug.port | int | `1044` | Port where the debuggee can connect to. |
 | controlplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. |
-| controlplane.endpoints | object | `{"catalog":{"path":"/catalog","port":8085},"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane |
+| controlplane.endpoints | object | `{"catalog":{"authKey":"password","path":"/catalog","port":8085},"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane |
+| controlplane.endpoints.catalog.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header |
 | controlplane.endpoints.catalog.path | string | `"/catalog"` | path for incoming catalog cache query requests |
 | controlplane.endpoints.catalog.port | int | `8085` | port for incoming catalog cache query requests |
 | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml
index fb0b2a052..7b5760755 100644
--- a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml
+++ b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml
@@ -176,6 +176,10 @@ spec:
               value: {{ .Values.controlplane.endpoints.catalog.port | quote }}
             - name: "WEB_HTTP_CATALOG_PATH"
               value: {{ .Values.controlplane.endpoints.catalog.path | quote }}
+            - name: "WEB_HTTP_CATALOG_AUTH_TYPE"
+              value: "tokenbased"
+            - name: "WEB_HTTP_CATALOG_AUTH_KEY"
+              value: {{ .Values.controlplane.endpoints.catalog.authKey | required ".Values.controlplane.endpoints.catalog.authKey is required" | quote }}
 
 
             #########
diff --git a/charts/tractusx-connector-azure-vault/values.yaml b/charts/tractusx-connector-azure-vault/values.yaml
index 2bef692b0..3dc4c6ea3 100644
--- a/charts/tractusx-connector-azure-vault/values.yaml
+++ b/charts/tractusx-connector-azure-vault/values.yaml
@@ -146,6 +146,8 @@ controlplane:
       port: 8085
       # -- path for incoming catalog cache query requests
       path: /catalog
+      # -- authentication key, must be attached to each request as `X-Api-Key` header
+      authKey: "password"
 
   bdrs:
     # -- Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min)
diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md
index 706808a52..3c57cc9e4 100644
--- a/charts/tractusx-connector-memory/README.md
+++ b/charts/tractusx-connector-memory/README.md
@@ -83,7 +83,8 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.8.0-r
 | runtime.debug.enabled | bool | `false` | Enables java debugging mode. |
 | runtime.debug.port | int | `1044` | Port where the debuggee can connect to. |
 | runtime.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. |
-| runtime.endpoints | object | `{"catalog":{"path":"/catalog","port":8085},"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8086}}` | endpoints of the controlplane |
+| runtime.endpoints | object | `{"catalog":{"authKey":"password","path":"/catalog","port":8085},"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8086}}` | endpoints of the controlplane |
+| runtime.endpoints.catalog.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header |
 | runtime.endpoints.catalog.path | string | `"/catalog"` | path for incoming catalog cache query requests |
 | runtime.endpoints.catalog.port | int | `8085` | port for incoming catalog cache query requests |
 | runtime.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
diff --git a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml
index 64dc0cd9f..72ba3a48c 100644
--- a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml
+++ b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml
@@ -191,6 +191,10 @@ spec:
               value: {{ .Values.runtime.endpoints.catalog.port | quote }}
             - name: "WEB_HTTP_CATALOG_PATH"
               value: {{ .Values.runtime.endpoints.catalog.path | quote }}
+            - name: "WEB_HTTP_CATALOG_AUTH_TYPE"
+              value: "tokenbased"
+            - name: "WEB_HTTP_CATALOG_AUTH_KEY"
+              value: {{ .Values.runtime.endpoints.catalog.authKey | required ".Values.runtime.endpoints.catalog.authKey is required" | quote }}
 
             #########
             ## DSP ##
diff --git a/charts/tractusx-connector-memory/values.yaml b/charts/tractusx-connector-memory/values.yaml
index 595db2cb1..c95750175 100644
--- a/charts/tractusx-connector-memory/values.yaml
+++ b/charts/tractusx-connector-memory/values.yaml
@@ -149,6 +149,8 @@ runtime:
       port: 8085
       # -- path for incoming catalog cache query requests
       path: /catalog
+      # -- authentication key, must be attached to each request as `X-Api-Key` header
+      authKey: "password"
 
   token:
     refresh:
diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md
index 03384726f..ddf5108c0 100644
--- a/charts/tractusx-connector/README.md
+++ b/charts/tractusx-connector/README.md
@@ -80,7 +80,8 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.8.0-rc1 \
 | controlplane.debug.enabled | bool | `false` | Enables java debugging mode. |
 | controlplane.debug.port | int | `1044` | Port where the debuggee can connect to. |
 | controlplane.debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. |
-| controlplane.endpoints | object | `{"catalog":{"path":"/catalog","port":8085},"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane |
+| controlplane.endpoints | object | `{"catalog":{"authKey":"password","path":"/catalog","port":8085},"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane |
+| controlplane.endpoints.catalog.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header |
 | controlplane.endpoints.catalog.path | string | `"/catalog"` | path for incoming catalog cache query requests |
 | controlplane.endpoints.catalog.port | int | `8085` | port for incoming catalog cache query requests |
 | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
diff --git a/charts/tractusx-connector/templates/deployment-controlplane.yaml b/charts/tractusx-connector/templates/deployment-controlplane.yaml
index e904da367..bd33124e4 100644
--- a/charts/tractusx-connector/templates/deployment-controlplane.yaml
+++ b/charts/tractusx-connector/templates/deployment-controlplane.yaml
@@ -176,6 +176,11 @@ spec:
               value: {{ .Values.controlplane.endpoints.catalog.port | quote }}
             - name: "WEB_HTTP_CATALOG_PATH"
               value: {{ .Values.controlplane.endpoints.catalog.path | quote }}
+            - name: "WEB_HTTP_CATALOG_AUTH_TYPE"
+              value: "tokenbased"
+            - name: "WEB_HTTP_CATALOG_AUTH_KEY"
+              value: {{ .Values.controlplane.endpoints.catalog.authKey | required ".Values.controlplane.endpoints.catalog.authKey is required" | quote }}
+
 
             #########
             ## DSP ##
diff --git a/charts/tractusx-connector/values.yaml b/charts/tractusx-connector/values.yaml
index 4b1e702f6..c727114b1 100644
--- a/charts/tractusx-connector/values.yaml
+++ b/charts/tractusx-connector/values.yaml
@@ -147,6 +147,8 @@ controlplane:
       port: 8085
       # -- path for incoming catalog cache query requests
       path: /catalog
+      # -- authentication key, must be attached to each request as `X-Api-Key` header
+      authKey: "password"
 
   bdrs:
     # -- Time that a cached BPN/DID resolution map is valid in seconds, default is 600 seconds (10 min)
diff --git a/edc-controlplane/edc-controlplane-base/build.gradle.kts b/edc-controlplane/edc-controlplane-base/build.gradle.kts
index 0a841e1bc..a84153ebf 100644
--- a/edc-controlplane/edc-controlplane-base/build.gradle.kts
+++ b/edc-controlplane/edc-controlplane-base/build.gradle.kts
@@ -57,6 +57,7 @@ dependencies {
     runtimeOnly(libs.edc.core.policy.monitor)
     runtimeOnly(libs.edc.config.filesystem)
     runtimeOnly(libs.edc.auth.tokenbased)
+    runtimeOnly(libs.edc.auth.configuration)
     runtimeOnly(libs.edc.validator.data.address.http.data)
     runtimeOnly(libs.edc.aws.validator.data.address.s3)
     runtimeOnly(libs.edc.data.plane.selector.control.api)
diff --git a/edc-tests/edc-controlplane/fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/participant/TractusxParticipantBase.java b/edc-tests/edc-controlplane/fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/participant/TractusxParticipantBase.java
index 397a5a5ec..9abaaf095 100644
--- a/edc-tests/edc-controlplane/fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/participant/TractusxParticipantBase.java
+++ b/edc-tests/edc-controlplane/fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/participant/TractusxParticipantBase.java
@@ -95,6 +95,8 @@ public Map<String, String> getConfiguration() {
                 put("web.http.control.path", controlPlaneControl.getPath());
                 put("web.http.catalog.port", String.valueOf(federatedCatalog.getUrl().getPort()));
                 put("web.http.catalog.path", federatedCatalog.getUrl().getPath());
+                put("web.http.catalog.auth.type", "tokenbased");
+                put("web.http.catalog.auth.key", MANAGEMENT_API_KEY);
                 put("edc.dsp.callback.address", protocolEndpoint.getUrl().toString());
                 put("edc.api.auth.key", MANAGEMENT_API_KEY);
                 put("web.http.public.path", "/api/public");
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 9e2abd1fa..918ce2a63 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -83,6 +83,7 @@ edc-dsp = { module = "org.eclipse.edc:dsp", version.ref = "edc" }
 edc-iam-mock = { module = "org.eclipse.edc:iam-mock", version.ref = "edc" }
 edc-auth-tokenbased = { module = "org.eclipse.edc:auth-tokenbased", version.ref = "edc" }
 edc-auth-oauth2-client = { module = "org.eclipse.edc:oauth2-client", version.ref = "edc" }
+edc-auth-configuration = { module = "org.eclipse.edc:auth-configuration", version.ref = "edc" }
 edc-transaction-local = { module = "org.eclipse.edc:transaction-local", version.ref = "edc" }
 edc-ext-http = { module = "org.eclipse.edc:http", version.ref = "edc" }
 edc-ext-azure-cosmos-core = { module = "org.eclipse.edc:azure-cosmos-core", version.ref = "edc" }