diff --git a/json/uapi.json b/json/uapi.json
index 5ba992d..e28048f 100644
--- a/json/uapi.json
+++ b/json/uapi.json
@@ -27,11 +27,11 @@
 
 		"title":"API",
 		"description":"API定义",
-		"sortby":"name",
+		"sortby":["apisetid", "name"],
 		"browserfields":{
-			"exclouded":["id"],
+			"exclouded":["id", "apisetid"],
 			"alters":{}
 		},
-		"editexclouded":["id", "usid"]
+		"editexclouded":["id", "apisetid"]
 	}
 }
diff --git a/json/upapp.json b/json/upapp.json
index 057d7b6..bb9d42e 100644
--- a/json/upapp.json
+++ b/json/upapp.json
@@ -4,17 +4,13 @@
 		"title":"上位系统",
 		"description":"上位系统",
 		"sortby":"name",
+		"logined_userorgid":"ownerid",
 		"browserfields":{
-			"exclouded":["id"],
+			"exclouded":[],
 			"alters":{}
 		},
-		"editexclouded":["id"],
+		"editexclouded":[],
 		"subtables":[
-			{
-				"field":"upappid",
-				"subtable": "uapi",
-				"title": "API"
-			},
 			{
 				"field":"upappid",
 				"subtable": "upappkey",
diff --git a/json/upapp1.json b/json/upapp1.json
deleted file mode 100644
index a4b9083..0000000
--- a/json/upapp1.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-	"tblname":"upapp",
-	"alias":"upapp1",
-	"params":{
-		"title":"上位系统",
-		"sortby":"name",
-		"noedit":true,
-		"browserfields":{
-			"exclouded":["id"],
-			"alters":{}
-		},
-		"subtables":[
-			{
-				"field":"upappid",
-				"subtable":"upappkey",
-				"title":"应用密码"
-			}
-		]
-	}
-}
diff --git a/json/upappkey.json b/json/upappkey.json
index c57b081..3fb224f 100644
--- a/json/upappkey.json
+++ b/json/upappkey.json
@@ -2,9 +2,9 @@
 	"tblname":"upappkey",
 	"params":{
 		"title":"上位系统密码",
-		"logined_userorgid":"ownerid",
+		"logined_useid":"ownerid",
 		"description":"上位系统密码",
-		"confidential_fields":["apikey", "apipasswd" ],
+		"confidential_fields":["apikey", "secretkey", "apipasswd" ],
 		"browserfields":{
 			"exclouded":["id", "ownerid"],
 			"alters":{}
diff --git a/models/uapi.xlsx b/models/uapi.xlsx
index 03aa6ec..384ff11 100644
Binary files a/models/uapi.xlsx and b/models/uapi.xlsx differ
diff --git a/models/uapiset.xlsx b/models/uapiset.xlsx
index db31836..48bed87 100644
Binary files a/models/uapiset.xlsx and b/models/uapiset.xlsx differ
diff --git a/uapi/appapi.py b/uapi/appapi.py
index da330a5..fe8778d 100644
--- a/uapi/appapi.py
+++ b/uapi/appapi.py
@@ -15,37 +15,14 @@ def get_dbname():
 	dbname = f('uapi')
 	return dbname
 
-def build_deererdata(appid, apikey, secretkey):
-    """
-    this appid is isusses by upapp we connect to,
-    secretkey is with the appid, is s fixed key from upapp
-    apikey is user's apikey assigned by upapp when the users is synchronous to upapp
-    """
+def deerer(myappid, apikey, secretkey):
     t = time()
     txt = f'{t}:{apikey}'
     cyber = aes_encrypt_ecb(secretkey, txt)
-    return f'Manis {appid}-:-{cyber}'
+    return f'Deerer {appid}-:-{cyber}'
 
-def build_dearerdata(apikey):
-    return f'Dearer {apikey}'
-
-async def get_apikeys(sor, appid, userid):
-    ns = {
-        'appid':appid,
-        'userid':userid,
-        'today':curDateString()
-    }
-    sql = """select a.myid, b.apikey, b.secretkey from upapp a, upappkey b
-where a.id = b.upappid
-	and a.id = ${appid}$
-    and b.owner = ${userid}$
-    and b.expired_date > ${today}$
-    and b.enabled_date <= ${today}$"""
-    recs = await sor.sqlExe(sql, ns)
-    if len(recs) > 0:
-        r = recs[0]
-        return r
-    return r
+def bearer(apikey):
+    return f'Bearer {apikey}'
 
 async def sync_users(request, upappid, userid):
     db = DBPools()
@@ -53,31 +30,6 @@ async def sync_users(request, upappid, userid):
     async with db.sqlorContext(dbname) as sor:
         upapp = await get_upapp(sor, upappid)
 
-
-async def bearer_header(request, appid):
-    db = DBPools()
-    dbname = get_dbname()
-    async with db.sqlorContext(dbname) as sor:
-        u = await get_session_userinfo(request)
-        r  = await get_apikeys(sor, appid, u.userorgid, u.userid)
-        if r is None:
-            return None
-        dearer = build_dearerdata(r.apikey)
-        return dearer
-    return None
-
-async def deerer_header(request, appid):
-    db = DBPools()
-    dbname = get_dbname()
-    async with db.sqlorContext(dbname) as sor:
-        u = await get_session_userinfo(request)
-        r  = await get_apikeys(sor, appid, u.userorgid, u.userid)
-        if r is None:
-            return None
-        manis = build_deererdata(r.myid, r.apikey, r.secretkey)
-        return manis
-    return None
-
 class UAPI:
 	def __init__(self, request, env=DictObject()):
 		self.te = MyTemplateEngine([], env=env)
@@ -94,38 +46,47 @@ class UAPI:
 		te = MyTemplateEngine([], env=self.env)
 		return te.renders(tmplstr, ns)
 
-	async def get_uapis(self, upappid, uapiid, callerid, params={}):
+	async def get_uapis(self, upappid, apiname, callerid, params={}):
 		self.env.update(params)
 		db = DBPools()
 		dbname = get_dbname()
 		uapi = None
 		auth_uapi = None
 		async with db.sqlorContext(dbname) as sor:
-			recs = await sor.R('uapi', {'id':uapiid})
+			upapps = await sor.R('upapp', {'id': upappid})
+			if len(upapps) == 0:
+				e = Exceptions(f'{upappid=}, {apiname=}, {callerid=} upapp not found')
+				exception(f'{e=}\n{format_exc()}')
+				raise e
+			upapp = upapps[0]
+			apisets = await sor.R('uapiset', {'id': upapp.apisetid})
+			if len(apisets) == 0:
+				e = Exceptions(f'{upappid=}, {apiname=}, {callerid=} apiset not found')
+				exception(f'{e=}\n{format_exc()}')
+				raise e
+				return None, None
+			apiset = apisets[0]
+			recs = await sor.R('uapi', {'name':apiname, 'apisetid': upapp.apisetid})
 			if len(recs)==0:
 				return None, None
 			uapi = recs[0]
 			kinfo = await self.get_userapikey(sor, upappid, callerid)
 			self.env.update(kinfo)
-			apisets = await sor.R('uapiset', {'id': uapi.usid})
-			if len(apisets) == 0:
-				return None, None
-			apiset = apisets[0]
 			auth_uapi = None
-			if apiset.auth_apiid:
-				uapis = await sor.R('uapi', {'id': apiset.auth_apiid})
+			if apiset.auth_apiname:
+				uapis = await sor.R('uapi', {'name': apiset.auth_apiname, 'apisetid': upapp.apisetid})
 				if len(uapis) == 0:
-					e = Exceptions(f'{upappid=}, {uapiid=}, {callerid=} {apiset.auth_apiid=} auth_apiid not found')
+					e = Exceptions(f'{upappid=}, {uapiid=}, {callerid=} {apiset.auth_apinamed=} auth_api not found')
 					exception(f'{e=}\n{format_exc()}')
 					raise e
 				auth_uapi = uapi[0]
 			return auth_uapi, uapi
 		return None, None
 
-	async def __call__(self, upappid, upapiid, callerid, params={}):
+	async def __call__(self, upappid, apiname, callerid, params={}):
 		"""
 		"""
-		auth_uapi, uapi = await self.get_uapis(upapiid, 
+		auth_uapi, uapi = await self.get_uapis(upapiid, apiname,
 										callerid, params=params)
 		if uapi is None:
 			return
@@ -135,7 +96,7 @@ class UAPI:
 				yield line
 
 	async def request(self, upappid, upapiid, callerid, params={}):
-		auth_uapi, uapi = await self.get_uapis(upapiid, 
+		auth_uapi, uapi = await self.get_uapis(upapiid, apiname,
 										callerid, params=params)
 		if auth_uapi:
 			await self.do_auth(auth_uapi)
diff --git a/uapi/init.py b/uapi/init.py
index d81835f..4e047ef 100644
--- a/uapi/init.py
+++ b/uapi/init.py
@@ -1,9 +1,23 @@
 from ahserver.serverenv import ServerEnv
-from .appapi import UAPI, dearer_header, manis_header
+from .appapi import UAPI, deerer, bearer
 
 def load_uapi():
 	g = ServerEnv()
 	g.UAPI = UAPI
-	g.manis_header = manis_header
-	g.dearer_header = dearer_header
+	g.deerer = deerer
+	g.bearer = bearer
+
+# USAGE in dspy
+
+## uapi = UAPI(request, DictObject(**globals()))
+## d = uapi.request(upappid, apiname. user, params_kw)
+## use d in your following code
+
+# bearer usage
+## in your header template
+## {{bearer(apikey)}}
+
+# deerer usge
+## in your header template
+## {{deerer(myappid, apikey, secretkey)}}