diff --git a/src/controllers/ProfileController.ts b/src/controllers/ProfileController.ts
index 57d618c6..f4769367 100644
--- a/src/controllers/ProfileController.ts
+++ b/src/controllers/ProfileController.ts
@@ -86,7 +86,7 @@ import { ProfileSalaryHistory } from "../entities/ProfileSalaryHistory";
 import { ProfileAssistance } from "../entities/ProfileAssistance";
 import { CommandRecive } from "../entities/CommandRecive";
 import { EmployeePosMaster } from "../entities/EmployeePosMaster";
-import { getTopDegrees } from "../services/PositionService";
+import { CreatePosMasterHistoryOfficer, getTopDegrees } from "../services/PositionService";
 import { ProfileLeaveService } from "../services/ProfileLeaveService";
 
 @Route("api/v1/org/profile")
@@ -10789,6 +10789,9 @@ export class ProfileController extends Controller {
     await this.profileRepo.save(profile, { data: request });
     setLogDataDiff(request, { before, after: profile });
     if (requestBody.isLeave == true) {
+      if(orgRevisionRef){
+        await CreatePosMasterHistoryOfficer(orgRevisionRef.id, request);
+      }
       await removeProfileInOrganize(profile.id, "OFFICER");
     }
     return new HttpSuccess();
diff --git a/src/middlewares/auth.ts b/src/middlewares/auth.ts
index 396ada4d..1f636080 100644
--- a/src/middlewares/auth.ts
+++ b/src/middlewares/auth.ts
@@ -27,6 +27,14 @@ export async function expressAuthentication(
   securityName: string,
   _scopes?: string[],
 ) {
+  // API_KEY bypass logic (support api_key, x-api-key, apikey)
+  const apiKeyHeader =
+    request.headers["api-key"] || request.headers["x-api-key"] || request.headers["apikey"];
+  if (apiKeyHeader !== undefined) {
+    if (apiKeyHeader === process.env.API_KEY) {
+      return { preferred_username: "api_key_bypass", apiKeyBypass: true };
+    }
+  }
   if (process.env.NODE_ENV !== "production" && process.env.AUTH_BYPASS) {
     return { preferred_username: "bypassed" };
   }