Add improvements

services/demo_session/app/api/internal.py

@@ -15,21 +15,13 @@ logger = structlog.get_logger()
 router = APIRouter()
 
 
-async def verify_internal_api_key(x_internal_api_key: str = Header(None)):
-    """Verify internal API key for service-to-service communication"""
-    required_key = settings.INTERNAL_API_KEY
-    if x_internal_api_key != required_key:
-        logger.warning("Unauthorized internal API access attempted")
-        raise HTTPException(status_code=403, detail="Invalid internal API key")
-    return True
-
-
+# ✅ Security: Internal API key system removed
+# All authentication now handled via JWT service tokens at gateway level
 @router.post("/internal/demo/cleanup")
 async def cleanup_demo_session_internal(
     cleanup_request: dict,
     db: AsyncSession = Depends(get_db),
-    redis: DemoRedisWrapper = Depends(get_redis),
-    _: bool = Depends(verify_internal_api_key)
+    redis: DemoRedisWrapper = Depends(get_redis)
 ):
     """
     Internal endpoint to cleanup demo session data for a specific tenant