diff --git a/control b/control
index fbb6e3ab..ff087d43 100755
--- a/control
+++ b/control
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # release version
-version=2.3.0
+version=2.4.1
 
 CWD=$(cd $(dirname $0)/; pwd)
 cd $CWD
diff --git a/etc/monapi.yml b/etc/monapi.yml
index ba7c2238..cdadb75f 100644
--- a/etc/monapi.yml
+++ b/etc/monapi.yml
@@ -59,3 +59,7 @@ redis:
   #   conn: 500
   #   read: 3000
   #   write: 3000
+
+tokens:
+  - 7dcd606e0462f9df2fea0bf505c9e622
+
diff --git a/src/modules/monapi/config/yaml.go b/src/modules/monapi/config/yaml.go
index 26f0fbc5..f9a2694f 100644
--- a/src/modules/monapi/config/yaml.go
+++ b/src/modules/monapi/config/yaml.go
@@ -19,6 +19,7 @@ type Config struct {
 	Cleaner cleanerSection      `yaml:"cleaner"`
 	Link    linkSection         `yaml:"link"`
 	Notify  map[string][]string `yaml:"notify"`
+	Tokens  []string            `yaml:"tokens"`
 }
 
 type linkSection struct {
diff --git a/src/modules/monapi/http/middleware/authorization.go b/src/modules/monapi/http/middleware/authorization.go
index af8c69d6..8a34fceb 100644
--- a/src/modules/monapi/http/middleware/authorization.go
+++ b/src/modules/monapi/http/middleware/authorization.go
@@ -5,10 +5,12 @@ import (
 	"strings"
 
 	"github.com/didi/nightingale/src/model"
+	"github.com/didi/nightingale/src/modules/monapi/config"
 
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/errors"
+	"github.com/toolkits/pkg/slice"
 )
 
 func Logined() gin.HandlerFunc {
@@ -74,7 +76,7 @@ const internalToken = "monapi-builtin-token"
 func CheckHeaderToken() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		token := c.GetHeader("x-srv-token")
-		if token != internalToken {
+		if token != internalToken && !slice.ContainsString(config.Get().Tokens, token) {
 			errors.Bomb("token[%s] invalid", token)
 		}
 		c.Next()
diff --git a/src/modules/monapi/http/routes/routes.go b/src/modules/monapi/http/routes/routes.go
index 01042881..109bc3d5 100644
--- a/src/modules/monapi/http/routes/routes.go
+++ b/src/modules/monapi/http/routes/routes.go
@@ -127,6 +127,8 @@ func Config(r *gin.Engine) {
 	v1 := r.Group("/v1/portal").Use(middleware.CheckHeaderToken())
 	{
 		v1.POST("/endpoint", endpointImport)
+		v1.GET("/tree", treeGet)
+		v1.GET("/endpoints/bynodeids", endpointByNodeIdsGets)
 	}
 
 	transferProxy := r.Group("/api/transfer")