diff --git a/BBWY.Client/APIServices/ShopService.cs b/BBWY.Client/APIServices/ShopService.cs
index 563472e6..ea8e5def 100644
--- a/BBWY.Client/APIServices/ShopService.cs
+++ b/BBWY.Client/APIServices/ShopService.cs
@@ -44,7 +44,11 @@ namespace BBWY.Client.APIServices
         /// <returns></returns>
         public ApiResponse<IList<DepartmentResponse>> GetDepartmentList()
         {
-            return SendRequest<IList<DepartmentResponse>>(globalContext.BBYWApiHost, "api/vender/GetDeparmentList", null, null, HttpMethod.Get);
+            return SendRequest<IList<DepartmentResponse>>(globalContext.BBYWApiHost, "api/vender/GetDeparmentList", null,
+                new Dictionary<string, string>()
+                {
+                    { "bbwyTempKey", "21jfhayu27q" } 
+                }, HttpMethod.Get);
         }
 
 
diff --git a/BBWY.Server.API/Controllers/VenderController.cs b/BBWY.Server.API/Controllers/VenderController.cs
index a671c05e..d2a0c728 100644
--- a/BBWY.Server.API/Controllers/VenderController.cs
+++ b/BBWY.Server.API/Controllers/VenderController.cs
@@ -1,7 +1,9 @@
-using BBWY.Server.Business;
+using BBWY.Common.Models;
+using BBWY.Server.Business;
 using BBWY.Server.Model.Dto;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json;
 using NLog;
 using System.Collections.Generic;
@@ -80,6 +82,10 @@ namespace BBWY.Server.API.Controllers
         [HttpGet]
         public IList<DepartmentResponse> GetDeparmentList()
         {
+            if (!Request.Headers.TryGetValue("bbwyTempKey", out StringValues sv))
+                throw new BusinessException("非法请求");
+            if (sv.ToString() != "21jfhayu27q")
+                throw new BusinessException("非法请求");
             return venderBusiness.GetDeparmentList();
         }
     }