diff --git a/app/Http/Middleware/ApiKeyMiddleware.php b/app/Http/Middleware/ApiKeyMiddleware.php
index 4005127..78351b9 100644
--- a/app/Http/Middleware/ApiKeyMiddleware.php
+++ b/app/Http/Middleware/ApiKeyMiddleware.php
@@ -37,7 +37,7 @@ public function handle(Request $request, Closure $next)
         }
 
         if (!$validApiKey) {
-            return response()->json(['message' => 'Unauthorized. Invalid or missing API key or token'], 401);
+            return response()->json(['message' => 'Unauthorized. Invalid or missing API key'], 401);
         }
 
         // Bearer 인증 (Sanctum)
@@ -46,11 +46,13 @@ public function handle(Request $request, Closure $next)
             $accessToken = PersonalAccessToken::findToken($token);
             if ($accessToken && $accessToken->tokenable instanceof Member) {
                 $user = $accessToken->tokenable;
+
+                if ($user) {
+                    $request->attributes->set('tenant_id', $user->tn_num);
+                    $request->attributes->set('api_user', $user->mb_num);
+                }
             }
         }
-        if ($user) {
-            $request->setUserResolver(fn() => $user);
-        }
 
         $response = $next($request);
 
diff --git a/app/Models/Member.php b/app/Models/Member.php
index bbd2ff8..43fbe6a 100644
--- a/app/Models/Member.php
+++ b/app/Models/Member.php
@@ -42,4 +42,9 @@ public function company()
         return $this->belongsTo(MemberCompany::class, 'tn_num', 'mc_num');
         // members.tn_num = member_company.mc_num
     }
+
+    public function tenant()
+    {
+        return $this->belongsTo(Tenant::class, 'tn_num');
+    }
 }
diff --git a/app/Models/Products/CommonCode.php b/app/Models/Products/CommonCode.php
index ac509f7..1c3bc62 100644
--- a/app/Models/Products/CommonCode.php
+++ b/app/Models/Products/CommonCode.php
@@ -4,10 +4,10 @@
 
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\SoftDeletes;
-
+use App\Traits\BelongsToTenant;
 class CommonCode extends Model
 {
-    use SoftDeletes;
+    use SoftDeletes, BelongsToTenant;
 
     protected $table = 'common_codes';
 
diff --git a/app/Models/Scopes/TenantScope.php b/app/Models/Scopes/TenantScope.php
new file mode 100644
index 0000000..62efb82
--- /dev/null
+++ b/app/Models/Scopes/TenantScope.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Models\Scopes;
+
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Scope;
+use Illuminate\Http\Request;
+
+class TenantScope implements Scope
+{
+    /**
+     * Apply the scope to a given Eloquent query builder.
+     */
+    public function apply(Builder $builder, Model $model)
+    {
+
+        // artisan migrate 등은 제외
+        if (app()->runningInConsole()) return;
+
+        // request 헬퍼 사용 → request 인스턴스를 명시적으로 주입받아 사용해야 함
+        $request = app(Request::class);
+
+        $tenantId = $request->attributes->get('tenant_id')
+            ?? $request->header('X-TENANT-ID')
+            ?? auth()->user()?->tenant_id;
+
+        if ($tenantId) {
+            $builder->where($model->getTable().'.tenant_id', $tenantId);
+        }
+    }
+}
diff --git a/app/Traits/BelongsToTenant.php b/app/Traits/BelongsToTenant.php
new file mode 100644
index 0000000..51be792
--- /dev/null
+++ b/app/Traits/BelongsToTenant.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace App\Traits;
+
+use App\Models\Scopes\TenantScope;
+
+trait BelongsToTenant
+{
+    protected static function bootBelongsToTenant(): void
+    {
+        static::addGlobalScope(new TenantScope);
+    }
+}