diff --git a/README.md b/README.md
index f7933d8..d3922e3 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ php think apiadmin:adminRouter
 > 第五步：获取管理后台账号密码
 
 ```
-cat application/install/lock.ini
+cat install/lock.ini
 ```
 
 ## 灵 感
diff --git a/app/controller/api/BuildToken.php b/app/controller/api/BuildToken.php
index fcf3733..3538ca4 100644
--- a/app/controller/api/BuildToken.php
+++ b/app/controller/api/BuildToken.php
@@ -30,6 +30,7 @@ class BuildToken extends Base {
 
         $signature = $param['signature'];
         unset($param['signature']);
+        unset($param['Access-Token']);
         $sign = $this->getAuthToken($appInfo['app_secret'], $param);
         $this->debug($sign);
         if ($sign !== $signature) {
diff --git a/app/middleware/ApiAuth.php b/app/middleware/ApiAuth.php
index 58ff1c9..1e9610f 100644
--- a/app/middleware/ApiAuth.php
+++ b/app/middleware/ApiAuth.php
@@ -50,7 +50,16 @@ class ApiAuth {
                 }
             }
 
+
             $accessToken = $request->header('Access-Token', '');
+            if (!$accessToken) {
+                if ($apiInfo['method'] == 2) {
+                    $accessToken = $request->get('Access-Token', '');
+                }
+                if ($apiInfo['method'] == 1) {
+                    $accessToken = $request->post('Access-Token', '');
+                }
+            }
             if (!$accessToken) {
                 return json([
                     'code' => ReturnCode::AUTH_ERROR,