diff --git a/server/telemetry.mjs b/server/telemetry.mjs
index 3434aac..3ceafa4 100644
--- a/server/telemetry.mjs
+++ b/server/telemetry.mjs
@@ -16,7 +16,7 @@ const execAsync = promisify(exec);
 const CONFIG = {
   backendUrl: process.env.HF_MONITOR_BACKEND_URL || 'https://monitor.hangman-lab.top',
   identifier: process.env.HF_MONITOR_IDENTIFIER || hostname(),
-  challengeUuid: process.env.HF_MONITOR_CHALLENGE_UUID,
+  apiKey: process.env.HF_MONITOR_API_KEY,
   reportIntervalSec: parseInt(process.env.HF_MONITOR_REPORT_INTERVAL || '30', 10),
   httpFallbackIntervalSec: parseInt(process.env.HF_MONITOR_HTTP_FALLBACK_INTERVAL || '60', 10),
   logLevel: process.env.HF_MONITOR_LOG_LEVEL || 'info',
@@ -177,7 +177,6 @@ async function buildPayload() {
   
   return {
     identifier: CONFIG.identifier,
-    challenge_uuid: CONFIG.challengeUuid,
     timestamp: new Date().toISOString(),
     ...system,
     openclaw_version: openclaw.version,
@@ -194,13 +193,19 @@ async function sendHttpHeartbeat() {
     const payload = await buildPayload();
     log.debug('Sending HTTP heartbeat...');
     
-    const response = await fetch(`${CONFIG.backendUrl}/monitor/server/heartbeat`, {
+    const headers = {
+      'Content-Type': 'application/json',
+      'X-Server-Identifier': CONFIG.identifier,
+    };
+    
+    // Add API Key authentication if configured
+    if (CONFIG.apiKey) {
+      headers['X-API-Key'] = CONFIG.apiKey;
+    }
+    
+    const response = await fetch(`${CONFIG.backendUrl}/monitor/server/heartbeat-v2`, {
       method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Server-Identifier': CONFIG.identifier,
-        'X-Challenge-UUID': CONFIG.challengeUuid,
-      },
+      headers,
       body: JSON.stringify(payload),
     });
     
@@ -268,11 +273,11 @@ log.info('Config:', {
   identifier: CONFIG.identifier,
   backendUrl: CONFIG.backendUrl,
   reportIntervalSec: CONFIG.reportIntervalSec,
+  hasApiKey: !!CONFIG.apiKey,
 });
 
-if (!CONFIG.challengeUuid) {
-  log.error('Missing HF_MONITOR_CHALLENGE_UUID environment variable');
-  process.exit(1);
+if (!CONFIG.apiKey) {
+  log.warn('Missing HF_MONITOR_API_KEY environment variable - API authentication will be disabled');
 }
 
 reportingLoop();