diff --git a/src/main/java/cc/ryanc/halo/model/enums/BlogPropertiesEnum.java b/src/main/java/cc/ryanc/halo/model/enums/BlogPropertiesEnum.java
index 2b86c31f9..01be00b2b 100644
--- a/src/main/java/cc/ryanc/halo/model/enums/BlogPropertiesEnum.java
+++ b/src/main/java/cc/ryanc/halo/model/enums/BlogPropertiesEnum.java
@@ -143,7 +143,12 @@ public enum BlogPropertiesEnum {
     /**
      * 自动备份
      */
-    AUTO_BACKUP("auto_backup");
+    AUTO_BACKUP("auto_backup"),
+
+    /**
+     * API Token
+     */
+    API_TOKEN("api_token");
 
     private String prop;
 
diff --git a/src/main/java/cc/ryanc/halo/web/controller/admin/AdminController.java b/src/main/java/cc/ryanc/halo/web/controller/admin/AdminController.java
index 992435c48..f2b932789 100755
--- a/src/main/java/cc/ryanc/halo/web/controller/admin/AdminController.java
+++ b/src/main/java/cc/ryanc/halo/web/controller/admin/AdminController.java
@@ -8,6 +8,7 @@ import cc.ryanc.halo.model.dto.HaloConst;
 import cc.ryanc.halo.model.dto.JsonResult;
 import cc.ryanc.halo.model.dto.LogsRecord;
 import cc.ryanc.halo.model.enums.CommonParamsEnum;
+import cc.ryanc.halo.model.enums.ResponseStatusEnum;
 import cc.ryanc.halo.model.enums.ResultCodeEnum;
 import cc.ryanc.halo.model.enums.TrueFalseEnum;
 import cc.ryanc.halo.service.*;
@@ -35,6 +36,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import java.util.Date;
 import java.util.List;
+import java.util.Random;
 
 /**
  * <pre>
@@ -239,4 +241,16 @@ public class AdminController extends BaseController {
     public String halo() {
         return "admin/admin_halo";
     }
+
+    /**
+     * 获取一个Token
+     *
+     * @return JsonResult
+     */
+    @GetMapping(value = "/getToken")
+    @ResponseBody
+    public JsonResult getToken() {
+        String token = (System.currentTimeMillis() + new Random().nextInt(999999999)) + "";
+        return new JsonResult(ResponseStatusEnum.SUCCESS.getCode(), ResponseStatusEnum.SUCCESS.getMsg(), SecureUtil.md5(token));
+    }
 }
diff --git a/src/main/java/cc/ryanc/halo/web/interceptor/ApiInterceptor.java b/src/main/java/cc/ryanc/halo/web/interceptor/ApiInterceptor.java
index 431eaecf5..3f5f931ac 100644
--- a/src/main/java/cc/ryanc/halo/web/interceptor/ApiInterceptor.java
+++ b/src/main/java/cc/ryanc/halo/web/interceptor/ApiInterceptor.java
@@ -4,12 +4,15 @@ import cc.ryanc.halo.model.dto.HaloConst;
 import cc.ryanc.halo.model.enums.BlogPropertiesEnum;
 import cc.ryanc.halo.model.enums.TrueFalseEnum;
 import cn.hutool.core.util.StrUtil;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.HashMap;
+import java.util.Map;
 
 /**
  * <pre>
@@ -25,7 +28,18 @@ public class ApiInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         if (StrUtil.equals(TrueFalseEnum.TRUE.getDesc(), HaloConst.OPTIONS.get(BlogPropertiesEnum.API_STATUS.getProp()))) {
-            return true;
+            if (StrUtil.equals(request.getHeader("token"), HaloConst.OPTIONS.get(BlogPropertiesEnum.API_TOKEN.getProp()))) {
+                return true;
+            } else {
+                response.setCharacterEncoding("UTF-8");
+                response.setContentType("application/json;charset=utf-8");
+                Map<String, Object> map = new HashMap<>(2);
+                ObjectMapper mapper = new ObjectMapper();
+                map.put("code", 400);
+                map.put("msg", "Invalid Token");
+                response.getWriter().write(mapper.writeValueAsString(map));
+                return false;
+            }
         }
         response.sendRedirect("/404");
         return false;
diff --git a/src/main/resources/i18n/messages.properties b/src/main/resources/i18n/messages.properties
index 1b9c25f80..c8a974c92 100644
--- a/src/main/resources/i18n/messages.properties
+++ b/src/main/resources/i18n/messages.properties
@@ -246,6 +246,7 @@ admin.setting.form.email-from-name = 发件姓名：
 admin.setting.form.api-status = API 服务：
 admin.setting.form.statistics-code = 统计代码：
 admin.setting.form.statistics-code-tips = 可以使用cnzz，百度，google等
+admin.setting.form.btn-update-token = 刷新
 
 # 页面管理页面
 admin.pages.title = 页面管理
diff --git a/src/main/resources/i18n/messages_en_US.properties b/src/main/resources/i18n/messages_en_US.properties
index 871bf1558..0e6b57c09 100644
--- a/src/main/resources/i18n/messages_en_US.properties
+++ b/src/main/resources/i18n/messages_en_US.properties
@@ -246,6 +246,7 @@ admin.setting.form.email-from-name = Shipping name:
 admin.setting.form.api-status = API server：
 admin.setting.form.statistics-code = Statistics code：
 admin.setting.form.statistics-code-tips = Can use cnzz, Baidu, google, etc.
+admin.setting.form.btn-update-token = Update
 
 # pages page
 admin.pages.title = Pages manage
diff --git a/src/main/resources/i18n/messages_zh_CN.properties b/src/main/resources/i18n/messages_zh_CN.properties
index 1b9c25f80..c8a974c92 100644
--- a/src/main/resources/i18n/messages_zh_CN.properties
+++ b/src/main/resources/i18n/messages_zh_CN.properties
@@ -246,6 +246,7 @@ admin.setting.form.email-from-name = 发件姓名：
 admin.setting.form.api-status = API 服务：
 admin.setting.form.statistics-code = 统计代码：
 admin.setting.form.statistics-code-tips = 可以使用cnzz，百度，google等
+admin.setting.form.btn-update-token = 刷新
 
 # 页面管理页面
 admin.pages.title = 页面管理
diff --git a/src/main/resources/templates/admin/admin_option.ftl b/src/main/resources/templates/admin/admin_option.ftl
index 964a680a0..5c960fcd4 100755
--- a/src/main/resources/templates/admin/admin_option.ftl
+++ b/src/main/resources/templates/admin/admin_option.ftl
@@ -630,6 +630,17 @@
                                             </div>
                                         </div>
                                     </div>
+                                    <div class="form-group">
+                                        <label for="apiToken" class="col-lg-2 col-sm-4 control-label">Api Token</label>
+                                        <div class="col-lg-4 col-sm-8">
+                                            <div class="input-group">
+                                                <input type="text" class="form-control" id="apiToken" name="api_token" value="${options.api_token?if_exists}">
+                                                <span class="input-group-btn">
+                                                    <button class="btn btn-default " id="btnUpdateToken" onclick="updateToken()" type="button"><@spring.message code='admin.setting.form.btn-update-token' /></button>
+                                                </span>
+                                            </div>
+                                        </div>
+                                    </div>
                                     <div class="form-group">
                                         <label for="statisticsCode" class="col-lg-2 col-sm-4 control-label"><@spring.message code='admin.setting.form.statistics-code' />
                                             <span data-toggle="tooltip" data-placement="top" title="<@spring.message code='admin.setting.form.statistics-code-tips' />" style="cursor: pointer">
@@ -698,6 +709,19 @@
             });
         }
 
+        function updateToken() {
+            $.ajax({
+                type: 'GET',
+                url: '/admin/getToken',
+                data: {},
+                success: function (data) {
+                    if(data.code==1){
+                        $("#apiToken").val(data.result);
+                    }
+                }
+            });
+        }
+
         /**
          * 附件选项切换
          */