diff --git a/kernel/model/session.go b/kernel/model/session.go
index 4a5ebc65b42..e1b5d53e2c9 100644
--- a/kernel/model/session.go
+++ b/kernel/model/session.go
@@ -195,7 +195,7 @@ func CheckAuth(c *gin.Context) {
 		return
 	}
 
-	// 通过 API token
+	// 通过 API token (header: Authorization)
 	if authHeader := c.GetHeader("Authorization"); "" != authHeader {
 		if strings.HasPrefix(authHeader, "Token ") {
 			token := strings.TrimPrefix(authHeader, "Token ")
@@ -210,6 +210,18 @@ func CheckAuth(c *gin.Context) {
 		}
 	}
 
+	// 通过 API token (query-params: token)
+	if token := c.Query("token"); "" != token {
+		if Conf.Api.Token == token {
+			c.Next()
+			return
+		}
+
+		c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed"})
+		c.Abort()
+		return
+	}
+
 	if "/check-auth" == c.Request.URL.Path { // 跳过访问授权页
 		c.Next()
 		return