diff --git a/app/service/controller/api/Client.php b/app/service/controller/api/Client.php
index 1f30cc2b9..36817fed0 100644
--- a/app/service/controller/api/Client.php
+++ b/app/service/controller/api/Client.php
@@ -62,15 +62,15 @@ class Client extends Controller
     private function instance()
     {
         try {
-            $code = $this->app->request->get('code', '');
-            $data = json_decode(debase64url($code), true);
-            list($class, $appid, $time, $sign) = [$data['class'], $data['appid'], $data['time'], $data['sign']];
-            $config = $this->app->db->name('WechatServiceConfig')->where(['authorizer_appid' => $appid])->find();
-            if (empty($config)) throw new Exception("抱歉，该公众号{$appid}未授权！");
-            if (md5("{$class}#{$appid}#{$config['appkey']}#{$time}") !== $sign) {
+            $data = json_decode(debase64url(input('token', '')), true);
+            list($class, $appid, $time, $nostr, $sign) = [$data['class'], $data['appid'], $data['time'], $data['nostr'], $data['sign']];
+            $wechat = $this->app->db->name('WechatServiceConfig')->where(['authorizer_appid' => $appid])->find();
+            if (empty($wechat)) throw new Exception("抱歉，该公众号{$appid}未授权！");
+            if (abs(time() - $data['time']) > 10) throw new Exception('抱歉，接口调用时差过大！');
+            if (md5("{$class}#{$appid}#{$wechat['appkey']}#{$time}#{$nostr}") !== $sign) {
                 throw new Exception("抱歉，该公众号{$appid}签名异常！");
             }
-            return WechatService::$class($appid);
+            return WechatService::__callStatic($class, [$appid]);
         } catch (\Exception $exception) {
             return new \Exception($exception->getMessage(), $exception->getCode());
         }
diff --git a/app/service/service/ClientService.php b/app/service/service/ClientService.php
index 71466a91d..0b8dce71e 100644
--- a/app/service/service/ClientService.php
+++ b/app/service/service/ClientService.php
@@ -35,8 +35,8 @@ class ClientService extends WechatService
             throw new \think\Exception('请按顺序传入APPID及APPKEY两个参数！');
         }
         list($appid, $appkey) = $arguments;
-        $data = ['class' => $name, 'appid' => $appid, 'time' => time()];
-        $data['sign'] = md5("{$data['class']}#{$appid}#{$appkey}#{$data['time']}");
+        $data = ['class' => $name, 'appid' => $appid, 'time' => time(), 'nostr' => uniqid()];
+        $data['sign'] = md5("{$data['class']}#{$appid}#{$appkey}#{$data['time']}#{$data['nostr']}");
         $code = enbase64url(json_encode($data, JSON_UNESCAPED_UNICODE));
         if (class_exists('Yar_Client')) {
             $url = "http://127.0.0.1:1231/service/api.client/yar?not_init_session=1&code={$code}";
diff --git a/app/service/view/config/index.html b/app/service/view/config/index.html
index 3a2fecc3f..c71ab3b06 100644
--- a/app/service/view/config/index.html
+++ b/app/service/view/config/index.html
@@ -76,19 +76,19 @@
                 <div class="layui-form-item">
                     <span class="color-green font-w7">微信消息与事件接收</span>
                     <label class="relative block">
-                        <input disabled class="layui-input layui-bg-gray" value="{:url('@service/api.push/notify/\$APPID\$',[],false,true)}">
-                        <a data-copy="{:url('@service/api.push/notify/\$APPID\$',[],false,true)}" class="fa fa-copy input-right-icon"></a>
+                        <input disabled class="layui-input layui-bg-gray" value="{:url('@service/api.push/notify/appid/\$APPID\$',[],false,true)}">
+                        <a data-copy="{:url('@service/api.push/notify/appid/\$APPID\$',[],false,true)}" class="fa fa-copy input-right-icon"></a>
                     </label>
                     <p class="help-block">通过该 URL 接收微信消息和事件推送，$APPID$ 将被替换为微信 AppId</p>
                 </div>
                 <div class="layui-form-item">
                     <p class="color-green font-w7">客户端系统 Yar 模块接口</p>
-                    <label class="relative block"><input disabled class="layui-input layui-bg-gray" value="{:url('@service/api.client/yar/PARAM',[],false,true)}"></label>
+                    <label class="relative block"><input disabled class="layui-input layui-bg-gray" value="{:url('@service/api.client/yar',[],false,true)}?token=TOKEN"></label>
                     <p class="help-block">客户端 Yar 接口，PARAM 规则 AppName-AppId-AppKey-AppType</p>
                 </div>
                 <div class="layui-form-item">
                     <p class="color-green font-w7">客户端系统 Soap 模块接口</p>
-                    <label class="relative block"><input disabled class="layui-input layui-bg-gray" value="{:url('@service/api.client/soap/PARAM',[],false,true)}"></label>
+                    <label class="relative block"><input disabled class="layui-input layui-bg-gray" value="{:url('@service/api.client/soap',[],false,true)}?token=TOKEN"></label>
                     <p class="help-block">客户端 Soap 接口，PARAM 规则 AppName-AppId-AppKey-AppType</p>
                 </div>
             </div>