diff --git a/spug_api/apps/apis/deploy.py b/spug_api/apps/apis/deploy.py
index 6f4aa6b..6615151 100644
--- a/spug_api/apps/apis/deploy.py
+++ b/spug_api/apps/apis/deploy.py
@@ -8,34 +8,43 @@ from apps.repository.models import Repository
 from apps.repository.utils import dispatch as build_dispatch
 from apps.deploy.utils import dispatch as deploy_dispatch
 from threading import Thread
+import hashlib
+import hmac
 import json
 
 
 def auto_deploy(request, deploy_id, kind):
-    token = request.headers.get('X-Gitlab-Token') or request.headers.get('X-Gitee-Token')
-    if token and _is_valid_token(token):
-        try:
-            body = json.loads(request.body)
+    if not _is_valid_token(request):
+        return HttpResponseForbidden()
+    try:
+        body = json.loads(request.body)
+        if not body['ref'].startswith('refs/'):  # Compatible with gogs
+            body['ref'] = 'refs/tags/' + body['ref']
+
+        body = json.loads(request.body)
+        _, _kind, ref = body['ref'].split('/', 2)
+        if kind == 'branch' and _kind == 'heads':
             commit_id = body['after']
-            _, _kind, ref = body['ref'].split('/', 2)
-            if commit_id != '0000000000000000000000000000000000000000':
-                if kind == 'branch':
-                    if _kind == 'heads' and ref == request.GET.get('name'):
-                        Thread(target=_dispatch, args=(deploy_id, ref, commit_id)).start()
-                        return HttpResponse(status=202)
-                elif kind == 'tag':
-                    if _kind == 'tags':
-                        Thread(target=_dispatch, args=(deploy_id, ref)).start()
-                        return HttpResponse(status=202)
-            return HttpResponse(status=204)
-        except Exception as e:
-            return HttpResponseBadRequest(e)
-    return HttpResponseForbidden()
+            if commit_id != '0000000000000000000000000000000000000000' and ref == request.GET.get('name'):
+                Thread(target=_dispatch, args=(deploy_id, ref, commit_id)).start()
+                return HttpResponse(status=202)
+        elif kind == 'tag' and _kind == 'tags':
+            Thread(target=_dispatch, args=(deploy_id, ref)).start()
+            return HttpResponse(status=202)
+        return HttpResponse(status=204)
+    except Exception as e:
+        return HttpResponseBadRequest(e)
 
 
-def _is_valid_token(token):
+def _is_valid_token(request):
     api_key = AppSetting.get_default('api_key')
-    return api_key == token
+    token = request.headers.get('X-Gitlab-Token') or request.headers.get('X-Gitee-Token')
+    if token:
+        return token == api_key
+    token = request.headers.get('X-Gogs-Signature')
+    if token:
+        return token == hmac.new(api_key.encode(), request.body, hashlib.sha256).hexdigest()
+    return False
 
 
 def _dispatch(deploy_id, ref, commit_id=None):