diff --git a/dapi/dapi.py b/dapi/dapi.py
index c217438..9665154 100644
--- a/dapi/dapi.py
+++ b/dapi/dapi.py
@@ -1,81 +1,183 @@
-
-from time import time
-from appPublic.aes import aes_encrypt_ecb, aes_decrypt_ecb
+from traceback import format_exc
+from appPublic.log import debug, exception, info
 from appPublic.timeUtils import curDateString
+from uniqueID import getID
+from time import time
+from ahserver.serverenv import ServerEnv
+from ahserver.auth_api import get_session_userinfo, user_login
 from sqlor.dbpools import DBPools
-from ahserver.serverenv import get_serverenv
-from ahserver.auth_api import get_session_userinfo
+form rbac.check_perm improt create_org, create_user
+
+from appPublic.aes import aes_encrypt_ecb, aes_decrypt_ecb
+
+return_messages = {
+	-9: '用户同步：未知未知错误',
+	-4: '用户同步：添加用户apikey失败',
+	-3: '用户同步：添加用户失败',
+	-2: '用户同步：添加机构失败',
+	-1: '用户同步：用户已同步'
+}
 
 def get_dbname():
-	f = get_serverenv('get_module_dbname')
-	if f:
-		return f('dapi')
+	dbname = get_serverenv('get_module_dbname')('dapi')
+	return dbname
+
+async def get_secretkey(sor, appid):
+	recs = await sor.R('downapp', {'id':appid})
+	if len(recs) < 1:
+		return None
+	secretkey = recs[0].secretkey
+	f = get_serverenv('password_decode')
+	return f(secret_key).encode('utf-8')
+
+async def get_apikey_user(sor, apikey):
+	f = get_serverenv('password_encode')
+	apikey = f(apikey)
+    sql = """select u.* from downapikey a, users u 
+where a.userid = b.id 
+	and apikey=${apikey}$ 
+	and expired_date > ${today}$"""
+
+    recs = await sor.sqlExe(sql, {"apikey":apikey, 'today': curDateString()})
+    if len(recs) < 1:
+        return None
+    return recs[0]
+
+async def bearer_auth(auth):
+	if not auth.startswith('Bearer '):
+		return None
+    apikey = auth[7:]
+
+    if apikey is None:
+        return None
+	db = DBPools()
+	dbname = get_dbname()
+	async with db.sqlorContext(dbname) as sor:
+		user = await get_apikey_user(sor, apikey)
+		await user_login(user.id, username=user.username, userorgid=user.orgid)
+		return user.id
 	return None
 
-def build_manisdata(appid, apikey, secretkey):
-	"""
-	this appid is isusses by upapp we connect to,
-	secretkey is with the appid, is s fixed key from upapp
-	apikey is user's apikey assigned by upapp when the users is synchronous to upapp
-	"""
-	t = time()
-	txt = f'{t}:{apikey}
-	cyber = aes_encrypt_ecb(secretkey, txt)
-	return f'Manis {appid}-:-{cyber}'
+async def deerer_auth(auth):
+	if not auth.startswith('Deerer '):
+		return None
+	deer_data = auth[7:]
+	appid, cyber = bear_data.split('-:-')
+	db = DBPools()
+	dbname = get_dbname()
+	async with db.sqlorContext(dbname) as sor:
+		secretkey = await get_secretkey(sor, appid)
+		txt = aes_decrypt_ecb(secretkey, cyber)
+		t, apikey = txt.split(':')
+		user = await get_apikey_user(apikey)
+		await user_login(user.id, username=user.username, userorgid=user.orgid)
+		return user.id
 	
-def build_dearerdata(apikey):
-	return f'Dearer {apikey}'
-
-async def get_apikeys(sor, appid, orgid, userid):
-	ns = {
-		'appid':appid,
-		'orgid':orgid,
-		'userid':userid,
-		'today':curDateString()
+	return None
+			
+def return_error(code):
+	return {
+		'status':'error',
+		'errcode': code,
+		'errmsg': return_messages.get(code, '未定义信息')
 	}
-	sql = """select a.myid, b.apikey, b.secretkey from upapp a, upapikey b
-where a.upappid = ${appid}$
-	and b.userid = ${userid}$
-	and b.orgid = ${orgid}$
-	and b.expired_date > ${today}$
-	and b.enabled_date <= ${today}$"""
-	recs = await sor.sqlExe(sql, ns)
-	if len(recs) > 0:
-		r = recs[0]
-		return r
-	return r
 
-async def sync_users(request, upappid, orgid):
-	db = DBPools()
-	dbname = get_dbname()
-	async with db.sqlorContext(dbname) as sor:
-		upapp = await get_upapp(sor, upappid)
+def return_success(data):
+	return {
+		'status':'success',
+		'data':data
+	}
 
-async def dearer_header(request, appid):
-	db = DBPools()
-	dbname = get_dbname()
-	async with db.sqlorContext(dbname) as sor:
-		u = await get_session_userinfo(request)
-		r  = await get_apikeys(sor, appid, u.userorgid, u.userid)
-		if r is None:
-			return None
-		dearer = build_dearerdata(r.apikey)
-		return {
-			"Authorization": dearer
-		}
-	return {}
+async def get_orgid_by_dorgid(sor, dappid, dorgid):
+	d = {
+		'dappid':dappid,
+		'dorgid':dorgid
+	}
+	recs = await sor.R('downapikey', d)
+	if len(recs) < 1:
+		return None
+	return recs[0].orgid
+
+async def check_duserid_exists(sor, dappid, dorgid, duserid):
+	d = {
+		'dappid': dappid,
+		'duserid': duserid,
+		'dorgid': dorgid
+	}
+	recs = await sor.R('kwdownapikey', d)
+	if len(recs):
+		return True
+	return False
+
+async def add_organzation(sor, dappid, org):
+	id = getID()
+	org['id'] = id
+	await create_org(sor, org)
+	return id
+
+async def add_user(sor, user):
+	id = getID()
+	user['id'] = id
+	await create_user(sor, user, roles=user['roles']
+	return id
 	
-async def manis_header(request, appid):
+async def add_apikey(sor, dappid, dorgid, duserid, orgid, userid):
+	apikey = getID()
+	d = {
+		'id': getID,
+		'dappid': dappid, 
+		'dorgid': dorgid,
+		'duserid': duserid,
+		'orgid': orgid,
+		'userid': userid,
+		'apikey': id,
+		'enabled': '1',
+		'created_at': curDateString(),
+		'expires_at': '9999-12-31'
+	}
+	await sor.C('downapikey', d)
+	return apikey
+
+async def sync_user(request, params_kw, *args, **kw):
+	dappid = params_kw.dappid
 	db = DBPools()
 	dbname = get_dbname()
+	userinfo = await get_session_userinfo(request)
 	async with db.sqlorContext(dbname) as sor:
-		u = await get_session_userinfo(request)
-		r  = await get_apikeys(sor, appid, u.userorgid, u.userid)
-		if r is None:
-			return None
-		manis = build_manisdata(r.myid, r.apikey, r.secretkey)
-		return {
-			"Authorization": manis
-		}
-	return {}
+		ret_users = []
+		roles = [{
+			'orgtypeid': 'customer',
+			'roles': [ 'customer', 'syncuser' ]
+		}]
+		for o in  params_kw.organizations:
+			for u in o['users']:
+				dorgid = o['id']
+				duserid = u['id']
+				orgid = await get_orgid_by_dorgid(sor, dappid, dorgid)
+				if orgid is None:
+					if o.get('parentid') is None:
+						o['parentid'] = userinfo.userorgid
+					else:
+						nparentid = await get_orgid_by_dorgid(sor, dappid, o.get('parentid'))
+						o['parentid'] = nparentid
+					orgid = await add_organzation(sor, dappid, o)
+					if orgid is None:
+						return return_error(-2)
+				u['orgid'] = o['id']
+				u['roles'] = roles
+				exists = check_duserid_exists(sor, dappid, dorgid, duserid)
+				if exists:
+					return return_error(-1)
+				userid = await add_user(sor, u)
+				if userid is None:
+					return return_error(-3)
+				apikey = await add_apikey(sor, dappid, orgid, userid, u)
+				if apikey is None:
+					return return_error(-4)
+				ret_users.append({
+					'id': u['id'],
+					'apikey': apikey
+				})
+		return return_success(ret_users)
+	return return_error(-9)
 
diff --git a/dapi/init.py b/dapi/init.py
index 98f71f3..140678b 100644
--- a/dapi/init.py
+++ b/dapi/init.py
@@ -1,7 +1,10 @@
-from daap.dapi import dearer_header, manis_header
+from dapi.dapi import sync_user, bearer_auth, deerer_auth
 from ahserver.serverenv import ServerEnv
+from rbac.check_perm import register_auth_method
+
+def load_kyapikeyserver():
+	env = ServerEnv()
+	env.sync_user = sysnc_user
+	register_auth_method('Bearer', bearer_auth)
+	register_auth_method('Deerer', deerer_auth)
 
-def load_dapi():
-	env = ServerEnv
-	env.dearer_header = dearer_header
-	env.manis_header = manis_header
diff --git a/models/upapikey.xlsx b/models/upapikey.xlsx
deleted file mode 100644
index 225cc93..0000000
Binary files a/models/upapikey.xlsx and /dev/null differ
diff --git a/models/upapp.xlsx b/models/upapp.xlsx
deleted file mode 100644
index 45c74a6..0000000
Binary files a/models/upapp.xlsx and /dev/null differ