diff --git a/application/admin/behavior/ApiAuth.php b/application/admin/behavior/ApiAuth.php
index 7d9f9e6..2e583b1 100644
--- a/application/admin/behavior/ApiAuth.php
+++ b/application/admin/behavior/ApiAuth.php
@@ -23,16 +23,16 @@ class ApiAuth {
     public function run() {
         $request = Request::instance();
         $header = config('apiAdmin.CROSS_DOMAIN');
-        $userToken = $request->header('Authorization', '');
+        $userToken = $request->header('ApiAuth', '');
         if ($userToken) {
             $userInfo = cache($userToken);
             $userInfo = json_decode($userInfo, true);
             if (!$userInfo || !isset($userInfo['id'])) {
-                $data = ['code' => ReturnCode::AUTH_ERROR, 'msg' => 'Authorization不匹配', 'data' => []];
+                $data = ['code' => ReturnCode::AUTH_ERROR, 'msg' => 'ApiAuth不匹配', 'data' => []];
                 return json($data, 200, $header);
             }
         } else {
-            $data = ['code' => ReturnCode::AUTH_ERROR, 'msg' => '缺少Authorization', 'data' => []];
+            $data = ['code' => ReturnCode::AUTH_ERROR, 'msg' => '缺少ApiAuth', 'data' => []];
             return json($data, 200, $header);
         }
     }
diff --git a/application/admin/behavior/ApiPermission.php b/application/admin/behavior/ApiPermission.php
index 8ece779..4a59613 100644
--- a/application/admin/behavior/ApiPermission.php
+++ b/application/admin/behavior/ApiPermission.php
@@ -29,7 +29,7 @@ class ApiPermission {
         $request = Request::instance();
         $route = $request->routeInfo();
         $header = config('apiAdmin.CROSS_DOMAIN');
-        $userToken = $request->header('Authorization', '');
+        $userToken = $request->header('ApiAuth', '');
         $userInfo = cache($userToken);
         $userInfo = json_decode($userInfo, true);
         if (!$this->checkAuth($userInfo['id'], $route['route'])) {
diff --git a/application/extra/apiAdmin.php b/application/extra/apiAdmin.php
index 5449beb..5d27cac 100644
--- a/application/extra/apiAdmin.php
+++ b/application/extra/apiAdmin.php
@@ -29,7 +29,7 @@ return [
     'CROSS_DOMAIN' => [
         'Access-Control-Allow-Origin'      => '*',
         'Access-Control-Allow-Methods'     => 'POST,PUT,GET,DELETE',
-        'Access-Control-Allow-Headers'     => 'Authorization, User-Agent, Keep-Alive, Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With',
+        'Access-Control-Allow-Headers'     => 'ApiAuth, User-Agent, Keep-Alive, Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With',
         'Access-Control-Allow-Credentials' => 'true'
     ],