diff --git a/wwwroot/apply_apikey.dspy b/wwwroot/apply_apikey.dspy
index 5f4c6bb..afe868f 100644
--- a/wwwroot/apply_apikey.dspy
+++ b/wwwroot/apply_apikey.dspy
@@ -1,10 +1,17 @@
 debug(f'{params_kw=}')
 db = DBPools()
 env = request._run_ns
+orgid = await get_userorgid()
+userid = await get_user()
+if not userid:
+	return {
+		"status": "error",
+		"data": {
+			"message": "you need login to do this"
+		}
+	}
 try:
 	async with get_sor_context(env, 'dapi') as sor:
-		orgid = await get_userorgid()
-		userid = await get_user()
 		dappid = uuid()
 		ns = {
 			"id": dappid,
@@ -14,7 +21,7 @@ try:
 			"allowedips": params_kw.allowedips,
 			"orgid": orgid
 		}
-		await sor.C('downapp', ns)
+		await sor.C('downapp', ns.copy())
 		ns1 = {
 			"id": uuid(),
 			"dappid": dappid,
@@ -26,6 +33,8 @@ try:
 		await sor.C('downapikey', ns1)
 		return {
 			"status": "ok"
+			"data": ns
+			}
 		}
 except Exception as e:
 	return {
diff --git a/wwwroot/get_apikey.dspy b/wwwroot/get_apikey.dspy
index 552c4c4..12c6e94 100644
--- a/wwwroot/get_apikey.dspy
+++ b/wwwroot/get_apikey.dspy
@@ -1,9 +1,17 @@
 debug(f'{params_kw=}')
 env = request._run_ns
+userid = await get_user()
+orgid = await get_userorgid()
+if userid is None:
+	return {
+		"status": "error",
+		"data": {
+			"message": "need login"
+		}
+	}
+
 try:
 	async with get_sor_context(env, 'dapi') as sor:
-		orgid = await get_userorgid()
-		userid = await get_user()
 		ns = {
 			"id": params_kw.id,
 			"orgid":orgid,