diff --git a/files/wifidog-ng.config b/files/wifidog-ng.config
index c4c1503..ca134e5 100644
--- a/files/wifidog-ng.config
+++ b/files/wifidog-ng.config
@@ -7,6 +7,7 @@ config gateway
     option checkinterval 30
     option client_timeout 5
     option temppass_time 30
+    option apikey ''
  
 config server
     option host 'authserver.com'
@@ -17,4 +18,4 @@ config server
     option portal_path 'portal'
     option msg_path 'gw_message.php'
     option ping_path 'ping'
-    option auth_path 'auth'
\ No newline at end of file
+    option auth_path 'auth'
diff --git a/files/wifidog-ng/auth.lua b/files/wifidog-ng/auth.lua
index 7fb2798..c91438b 100644
--- a/files/wifidog-ng/auth.lua
+++ b/files/wifidog-ng/auth.lua
@@ -22,6 +22,7 @@ local httpd = require "wifidog-ng.httpd"
 local http = require "socket.http"
 local util = require "wifidog-ng.util"
 local config = require "wifidog-ng.config"
+local json = require "luci.json"
 
 local M = {}
 
@@ -212,11 +213,6 @@ local function http_callback_ctl(req)
                 new_term(ip, mac, token)
             end
         end
-    elseif op == "kick" then
-        local mac = params["mac"]
-        if mac then
-            deny_user(mac)
-        end
     elseif op == "reload" then
         config.reload()
     end
@@ -230,6 +226,58 @@ local function http_callback_ctl(req)
     req:send(content)
 end
 
+local function http_callback_api(req)
+    local params = req.params
+    
+    local content = nil
+    local apikey = config.get().apikey
+    
+    if apikey and #apikey > 0 then
+        local key = params["key"]
+        if not key then
+            content = json.encode({code = 10001, msg = "Api key is empty"})
+        elseif key ~= config.get().apikey then
+            content = json.encode({code = 10002, msg = "Api key is error"})
+        end
+        if content then
+            local headers = {
+                ["Content-Type"] = "application/json",
+                ["Content-Length"] = #content
+            }
+            req:send_head(200, headers)
+            req:send(content)
+            return
+        end
+    end
+    
+    local op = params["op"]
+    
+    if op == "kick" then
+        local mac = params["mac"]
+        if mac then
+            deny_user(mac)
+        end
+        content = json.encode({code = 0})
+    elseif op == "add" then
+        local mac = params["mac"]
+        if mac then
+            os.execute("ipset add wifidog-ng-mac " .. mac)
+        end
+        content = json.encode({code = 0})
+    elseif op == "show" then
+        content = json.encode({code = 0, terms = M.get_terms()})
+    else
+        content = json.encode({code = 10003, msg = "no such operate"})
+    end
+
+    local headers = {
+        ["Content-Type"] = "application/json",
+        ["Content-Length"] = #content
+    }
+    req:send_head(200, headers)
+    req:send(content)
+end
+
 function M.init()
     local cfg = config.get()
 
@@ -237,7 +285,8 @@ function M.init()
         ["404"] = http_callback_404,
         ["/wifidog/temppass"] = http_callback_temppass,
         ["/wifidog/auth"] = http_callback_auth,
-        ["/wifidog/ctl"] = http_callback_ctl
+        ["/wifidog/ctl"] = http_callback_ctl,
+        ["/wifidog/api"] = http_callback_api
     }
 
     httpd.new(cfg.gw_address, cfg.gw_port, handlers)
diff --git a/files/wifidog-ng/config.lua b/files/wifidog-ng/config.lua
index 8424f20..1bd7d00 100644
--- a/files/wifidog-ng/config.lua
+++ b/files/wifidog-ng/config.lua
@@ -44,6 +44,7 @@ function M.parse()
         cfg.temppass_time = tonumber(temppass_time)
         cfg.gw_address = s.address
         cfg.gw_id = s.id
+        cfg.apikey = s.apikey
 
         local st = util.ubus("network.interface." .. interface, "status")
         cfg.gw_ifname = st.device