diff --git a/apps/users/api.py b/apps/users/api.py
index b9ffa9de4..ba8af72b3 100644
--- a/apps/users/api.py
+++ b/apps/users/api.py
@@ -1,6 +1,7 @@
 # ~*~ coding: utf-8 ~*~
 #
 
+import base64
 
 from django.core.cache import cache
 from django.conf import settings
@@ -84,6 +85,31 @@ class UserGroupUpdateUserApi(generics.RetrieveUpdateAPIView):
     permission_classes = (IsSuperUser,)
 
 
+class UserToken(APIView):
+    permission_classes = (IsValidUser,)
+    expiration = settings.CONFIG.TOKEN_EXPIRATION or 3600
+
+    def get(self, request):
+        if not request.user:
+            return Response({'error': 'unauthorized'})
+
+        remote_addr = request.META.get('REMOTE_ADDR', '')
+        remote_addr = base64.b16encode(remote_addr).replace('=', '')
+        token = cache.get('%s_%s' % (request.user.id, remote_addr))
+        if not token:
+            token = token_gen(request.user)
+            cache.set(token, request.user.id, self.expiration)
+            cache.set('%s_%s' % (request.user.id, remote_addr), token, self.expiration)
+        return Response({'token': token})
+
+
+class UserProfile(APIView):
+    permission_classes = (IsValidUser,)
+
+    def get(self, request):
+        return Response(request.user.to_json())
+
+
 class UserAuthApi(APIView):
     permission_classes = ()
     expiration = settings.CONFIG.TOKEN_EXPIRATION or 3600
@@ -106,6 +132,7 @@ class UserAuthApi(APIView):
             cache.set('%s_%s' % (user.id, remote_addr), token, self.expiration)
             write_login_log_async.delay(user.username, name=user.name, terminal=terminal,
                                         login_ip=remote_addr, login_type=login_type)
-            return Response({'token': token, 'id': user.id, 'username': user.username, 'name': user.name})
+            return Response({'token': token, 'id': user.id, 'username': user.username,
+                             'name': user.name, 'is_active': user.is_active})
         else:
             return Response({'msg': 'Invalid password or public key or user is not active or expired'}, status=401)
diff --git a/apps/users/backends.py b/apps/users/backends.py
index 688adcace..aad173ff4 100644
--- a/apps/users/backends.py
+++ b/apps/users/backends.py
@@ -52,7 +52,7 @@ class TerminalAuthentication(authentication.BaseAuthentication):
 
 
 class AccessTokenAuthentication(authentication.BaseAuthentication):
-    keyword = 'Token'
+    keyword = 'Bearer'
     model = User
     expiration = settings.CONFIG.TOKEN_EXPIRATION or 3600
 
diff --git a/apps/users/models.py b/apps/users/models.py
index 84ec5d6a1..ede813e83 100644
--- a/apps/users/models.py
+++ b/apps/users/models.py
@@ -1,15 +1,12 @@
 # ~*~ coding: utf-8 ~*~
 
 from __future__ import unicode_literals
+from collections import OrderedDict
 
-from django.conf import settings
-from django.contrib.auth import logout
 from django.contrib.auth.hashers import make_password
 from django.contrib.auth.models import AbstractUser
 from django.core import signing
 from django.db import models, IntegrityError
-from django.db.models.signals import post_save
-from django.dispatch import receiver
 from django.utils.translation import ugettext_lazy as _
 from django.utils import timezone
 from django.shortcuts import reverse
@@ -202,6 +199,22 @@ class User(AbstractUser):
     def generate_reset_token(self):
         return signer.sign_t({'reset': self.id, 'email': self.email}, expires_in=3600)
 
+    def to_json(self):
+        return OrderedDict({
+            'id': self.id,
+            'username': self.username,
+            'name': self.name,
+            'email': self.email,
+            'is_active': self.is_active,
+            'is_superuser': self.is_superuser,
+            'role': self.get_role_display(),
+            'groups': [group.name for group in self.groups.all()],
+            'wechat': self.wechat,
+            'phone': self.phone,
+            'comment': self.comment,
+            'date_expired': self.date_expired.strftime('%Y-%m-%d %H:%M:%S')
+        })
+
     @classmethod
     def validate_reset_token(cls, token):
         try:
diff --git a/apps/users/urls/api_urls.py b/apps/users/urls/api_urls.py
index bc6f3fcb0..e0fafeebb 100644
--- a/apps/users/urls/api_urls.py
+++ b/apps/users/urls/api_urls.py
@@ -16,15 +16,11 @@ router.register(r'v1/user-groups', api.UserGroupViewSet, 'user-group')
 
 
 urlpatterns = [
-    # url(r'^v1/users/$', api.UserListUpdateApi.as_view(), name='user-bulk-update-api'),
-    url(r'^v1/users/token/$', api.UserAuthApi.as_view(), name='user-token'),
+    url(r'^v1/users/token/$', api.UserToken.as_view(), name='user-token'),
+    url(r'^v1/users/profile/$', api.UserProfile.as_view(), name='user-profile'),
     url(r'^v1/users/(?P<pk>\d+)/reset-password/$', api.UserResetPasswordApi.as_view(), name='user-reset-password'),
     url(r'^v1/users/(?P<pk>\d+)/reset-pk/$', api.UserResetPKApi.as_view(), name='user-reset-pk'),
     url(r'^v1/users/(?P<pk>\d+)/update-pk/$', api.UserUpdatePKApi.as_view(), name='user-update-pk'),
-    # url(r'^v1/user-groups/$', api.GroupListUpdateApi.as_view(), name='user-group-bulk-update-api'),
-    # url(r'^v1/user-groups/(?P<pk>\d+)/$', api.GroupDetailApi.as_view(), name='user-group-detail-api'),
-    # url(r'^v1/user-groups/(?P<pk>\d+)/user/(?P<uid>\d+)/$',
-    #     api.DeleteUserFromGroupApi.as_view(), name='delete-user-from-group-api'),
     url(r'^v1/users/(?P<pk>\d+)/groups/$',
         api.UserUpdateGroupApi.as_view(), name='user-update-group'),
     url(r'^v1/user-groups/(?P<pk>\d+)/users/$',