diff --git a/src/main/scala/app/ControllerBase.scala b/src/main/scala/app/ControllerBase.scala
index 8a184f0..4a83dda 100644
--- a/src/main/scala/app/ControllerBase.scala
+++ b/src/main/scala/app/ControllerBase.scala
@@ -10,7 +10,7 @@
 import jp.sf.amateras.scalatra.forms._
 import org.apache.commons.io.FileUtils
 import model._
-import service.{SystemSettingsService, AccountService}
+import service.{SystemSettingsService, AccountService, AccessTokenService}
 import javax.servlet.http.{HttpServletResponse, HttpServletRequest}
 import javax.servlet.{FilterChain, ServletResponse, ServletRequest}
 import org.scalatra.i18n._
@@ -74,7 +74,12 @@
     }
   }
 
-  private def LoginAccount: Option[Account] = session.getAs[Account](Keys.Session.LoginAccount)
+  private def LoginAccount: Option[Account] = {
+    Option(request.getHeader("Authorization")) match {
+      case Some(auth) if auth.startsWith("token ") => AccessTokenService.getAccountByAccessToken(auth.substring(6).trim)
+      case _ => session.getAs[Account](Keys.Session.LoginAccount)
+    }
+  }
 
   def ajaxGet(path : String)(action : => Any) : Route =
     super.get(path){
diff --git a/src/main/scala/service/AccesTokenService.scala b/src/main/scala/service/AccesTokenService.scala
index 916fde1..f4ef727 100644
--- a/src/main/scala/service/AccesTokenService.scala
+++ b/src/main/scala/service/AccesTokenService.scala
@@ -2,7 +2,7 @@
 
 import model.Profile._
 import profile.simple._
-import model.AccessToken
+import model.{Account, AccessToken}
 import util.StringUtil
 import scala.util.Random
 
@@ -34,6 +34,13 @@
     (tokenId, token)
   }
 
+  def getAccountByAccessToken(token: String)(implicit s: Session): Option[Account] =
+    Accounts
+      .innerJoin(AccessTokens)
+      .filter{ case (ac, t) => (ac.userName === t.userName) && (t.tokenHash === tokenToHash(token).bind) && (ac.removed === false.bind) }
+      .map{ case (ac, t) => ac }
+      .firstOption
+
   def getAccessTokens(userName: String)(implicit s: Session): List[AccessToken] =
     AccessTokens.filter(_.userName === userName.bind).sortBy(_.accessTokenId.desc).list
 
@@ -41,3 +48,5 @@
     AccessTokens filter (t => t.userName === userName.bind && t.accessTokenId === accessTokenId) delete
 
 }
+
+object AccessTokenService extends AccessTokenService