Laravel 11 not executing Policy – Blancer.com Tutorials and projects

So I have a Model, Middleware and a Policy.
The problem is that I seem to can not get the policy to work correctly.

This is my policy code:

<?php

namespace AppPolicies;

use IlluminateSupportFacadesLog;
use AppModelsApiKey;

class ApiKeyPolicy
{
    /**
     * Determine if the given API key is valid for the given user.
     *
     * @param  string  $apiUser
     * @param  string  $apiKey
     * @return bool
     */
    public function access($apiUser, $apiKey)
    {
        Log::info("Checking API key for user: $apiUser with key: $apiKey");

        $userApiKey = ApiKey::where('key_user', $apiUser)->first();

        if (!$userApiKey) {
            Log::warning("User not found: $apiUser");
            return false;
        }

        $valid = $userApiKey->key === $apiKey;

        Log::info("API key valid: " . ($valid ? 'Yes' : 'No'));

        return $valid;
    }
}

This is my middleware code:

<?php

namespace AppHttpMiddleware;

use Closure;
use IlluminateHttpRequest;
use IlluminateSupportFacadesLog;
use IlluminateSupportFacadesGate;
use SymfonyComponentHttpFoundationResponse;

class VerifyApiKeyMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  Closure(IlluminateHttpRequest): (SymfonyComponentHttpFoundationResponse)  $next
     */
    public function handle(Request $request, Closure $next): Response
    {
        $apiKey = $request->header('X-AW-KEY');
        $apiUser = $request->header('X-AW-USER');

        Log::info("Received API User: $apiUser, API Key: $apiKey");

        if (!$apiKey || !$apiUser) {
            Log::warning('API key or user not found');
            abort(401, 'API key or user not found');
        }

        // This is always false somehow
        $allowed = Gate::allows('access-api', [$apiUser, $apiKey]);

        Log::info("Gate check result for API User: $apiUser, API Key: $apiKey, Allowed: " . ($allowed ? 'Yes' : 'No'));

        if (!$allowed) {
            Log::warning('Unauthorized API key');
            abort(403, 'Unauthorized API key');
        }

        return $next($request);
    }
}

Inside the AppServiceProvider.php inside the boot() function I am registering the Policy the following way: Gate::define('access-api', [ApiKeyPolicy::class, 'access']);

This is how I use it:

<?php

use IlluminateSupportFacadesRoute;
use AppHttpControllersAPILoginController;

use AppHttpMiddlewareVerifyApiKeyMiddleware;

Route
    ::prefix('/user')
    ->middleware(['api', VerifyApiKeyMiddleware::class])
    ->group(function ()
    {
        Route::post('/authenticate', [LoginController::class, 'DoAuth'])->name('api.user.authenticate');
    }
);

My problem is that despite having all the logs and such it never actually does execute the Policy code therefore always returning a false. I really do not see where I did go wrong in this. I tried to map the policies inside the AppServiceProvider but this also did not help.