diff --git a/package.json b/package.json
index 1ec7a47..2157eeb 100644
--- a/package.json
+++ b/package.json
@@ -68,7 +68,7 @@
     "multer": "^1.4.5-lts.1",
     "node-ssh-no-cpu-features": "^1.0.1",
     "nodejs-file-downloader": "^4.12.1",
-    "piclist": "^1.3.3",
+    "piclist": "^1.3.4",
     "pinia": "^2.1.6",
     "pinia-plugin-persistedstate": "^3.2.0",
     "qiniu": "^7.9.0",
diff --git a/public/i18n/en.yml b/public/i18n/en.yml
index 720cb2b..de5e135 100644
--- a/public/i18n/en.yml
+++ b/public/i18n/en.yml
@@ -200,8 +200,10 @@ SETTINGS_TIPS_SERVER_NOTICE: If you don't know what is the server's function, pl
 SETTINGS_ENABLE_SERVER: Enable Server
 SETTINGS_SET_SERVER_HOST: Set Server Host
 SETTINGS_SET_SERVER_PORT: Set Server Port
+SETTINGS_SET_SERVER_KEY: Set Auth Key
 SETTINGS_TIP_PLACEHOLDER_HOST: Default:127.0.0.1
 SETTINGS_TIP_PLACEHOLDER_PORT: Default:36677
+SETTINGS_TIP_PLACEHOLDER_KEY: This key is used to avoid malicious requests, through urlParams '?key=xxx' to pass
 SETTINGS_LOG_LEVEL_ALL: All
 SETTINGS_LOG_LEVEL_SUCCESS: Success
 SETTINGS_LOG_LEVEL_ERROR: Error
diff --git a/public/i18n/zh-CN.yml b/public/i18n/zh-CN.yml
index 73e0e70..c6d459a 100644
--- a/public/i18n/zh-CN.yml
+++ b/public/i18n/zh-CN.yml
@@ -202,8 +202,10 @@ SETTINGS_TIPS_SERVER_NOTICE: 如果你不知道Server的作用，请阅读文档
 SETTINGS_ENABLE_SERVER: 是否开启Server
 SETTINGS_SET_SERVER_HOST: 设置监听地址
 SETTINGS_SET_SERVER_PORT: 设置监听端口
+SETTINGS_SET_SERVER_KEY: 设置鉴权密钥
 SETTINGS_TIP_PLACEHOLDER_HOST: 推荐默认地址:127.0.0.1
 SETTINGS_TIP_PLACEHOLDER_PORT: 推荐默认端口:36677
+SETTINGS_TIP_PLACEHOLDER_KEY: 用于接口鉴权, 通过url参数添加'?key=xxx'
 SETTINGS_LOG_LEVEL_ALL: 全部-All
 SETTINGS_LOG_LEVEL_SUCCESS: 成功-Success
 SETTINGS_LOG_LEVEL_ERROR: 错误-Error
diff --git a/public/i18n/zh-TW.yml b/public/i18n/zh-TW.yml
index 848410d..e122d88 100644
--- a/public/i18n/zh-TW.yml
+++ b/public/i18n/zh-TW.yml
@@ -200,8 +200,10 @@ SETTINGS_TIPS_SERVER_NOTICE: 如果你不知道Server的作用，請閱讀文檔
 SETTINGS_ENABLE_SERVER: 是否開啟Server
 SETTINGS_SET_SERVER_HOST: 設定監聽地址
 SETTINGS_SET_SERVER_PORT: 設定監聽端口
+SETTINGS_SET_SERVER_KEY: 設定鑒權密鑰
 SETTINGS_TIP_PLACEHOLDER_HOST: 推薦預設地址:127.0.0.1
 SETTINGS_TIP_PLACEHOLDER_PORT: 推薦預設端口:36677
+SETTINGS_TIP_PLACEHOLDER_KEY: 用於接口鑒權, 通過url參數添加'?key=xxx'
 SETTINGS_LOG_LEVEL_ALL: 全部-All
 SETTINGS_LOG_LEVEL_SUCCESS: 成功-Success
 SETTINGS_LOG_LEVEL_ERROR: 錯誤-Error
diff --git a/src/main/server/routerManager.ts b/src/main/server/routerManager.ts
index f27cde2..e714dfd 100644
--- a/src/main/server/routerManager.ts
+++ b/src/main/server/routerManager.ts
@@ -32,6 +32,18 @@ router.post('/upload', async ({
 }): Promise<void> => {
   try {
     const picbed = urlparams?.get('picbed')
+    const passedKey = urlparams?.get('key')
+    const serverKey = picgo.getConfig('settings.serverKey') || ''
+    if (serverKey && passedKey !== serverKey) {
+      handleResponse({
+        response,
+        body: {
+          success: false,
+          message: 'server key is not correct'
+        }
+      })
+      return
+    }
     let currentPicBedType = ''
     let currentPicBedConfig = {} as IStringKeyMap
     let currentPicBedConfigId = ''
diff --git a/src/renderer/pages/PicGoSetting.vue b/src/renderer/pages/PicGoSetting.vue
index b252607..cc6d0c6 100644
--- a/src/renderer/pages/PicGoSetting.vue
+++ b/src/renderer/pages/PicGoSetting.vue
@@ -1055,6 +1055,16 @@
               :placeholder="$T('SETTINGS_TIP_PLACEHOLDER_PORT')"
             />
           </el-form-item>
+          <el-form-item
+            :label="$T('SETTINGS_SET_SERVER_KEY')"
+          >
+            <el-input
+              v-model="form.serverKey"
+              type="input"
+              :placeholder="$T('SETTINGS_TIP_PLACEHOLDER_KEY')"
+              @change="handleServerKeyChange"
+            />
+          </el-form-item>
         </template>
       </el-form>
       <template #footer>
@@ -1691,7 +1701,8 @@ const form = reactive<ISettingForm>({
   shortUrlServer: 'c1n',
   yourlsDomain: '',
   yourlsSignature: '',
-  deleteLocalFile: false
+  deleteLocalFile: false,
+  serverKey: ''
 })
 
 const languageList = i18nManager.languageList.map(item => ({
@@ -1848,6 +1859,7 @@ async function initData () {
     form.yourlsDomain = settings.yourlsDomain || ''
     form.yourlsSignature = settings.yourlsSignature || ''
     form.deleteLocalFile = settings.deleteLocalFile || false
+    form.serverKey = settings.serverKey || ''
     currentLanguage.value = settings.language ?? 'zh-CN'
     currentStartMode.value = settings.startMode || 'quiet'
     customLink.value = settings.customLink || '![$fileName]($url)'
@@ -2100,6 +2112,10 @@ function cancelCheckVersion () {
   checkUpdateVisible.value = false
 }
 
+function handleServerKeyChange (val: string) {
+  saveConfig('settings.serverKey', val)
+}
+
 function handleUploadNotification (val: ICheckBoxValueType) {
   saveConfig({
     'settings.uploadNotification': val
diff --git a/src/universal/types/i18n.d.ts b/src/universal/types/i18n.d.ts
index 3acb45d..f605433 100644
--- a/src/universal/types/i18n.d.ts
+++ b/src/universal/types/i18n.d.ts
@@ -195,8 +195,10 @@ interface ILocales {
   SETTINGS_ENABLE_SERVER: string
   SETTINGS_SET_SERVER_HOST: string
   SETTINGS_SET_SERVER_PORT: string
+  SETTINGS_SET_SERVER_KEY: string
   SETTINGS_TIP_PLACEHOLDER_HOST: string
   SETTINGS_TIP_PLACEHOLDER_PORT: string
+  SETTINGS_TIP_PLACEHOLDER_KEY: string
   SETTINGS_LOG_LEVEL_ALL: string
   SETTINGS_LOG_LEVEL_SUCCESS: string
   SETTINGS_LOG_LEVEL_ERROR: string
diff --git a/src/universal/types/view.d.ts b/src/universal/types/view.d.ts
index b7770d9..82e8fc8 100644
--- a/src/universal/types/view.d.ts
+++ b/src/universal/types/view.d.ts
@@ -27,7 +27,8 @@ interface ISettingForm {
   shortUrlServer: string,
   yourlsDomain: string,
   yourlsSignature: string,
-  deleteLocalFile: boolean
+  deleteLocalFile: boolean,
+  serverKey: string
 }
 
 interface IShortKeyMap {
diff --git a/yarn.lock b/yarn.lock
index 9a7d614..23ca195 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -12688,10 +12688,10 @@ performance-now@^2.1.0:
   resolved "https://registry.npmmirror.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
   integrity sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==
 
-piclist@^1.3.3:
-  version "1.3.3"
-  resolved "https://registry.yarnpkg.com/piclist/-/piclist-1.3.3.tgz#3e56e807f931c24e8b39009c4d63e26f809371a9"
-  integrity sha512-k716fioNvkq+VMU2q+YCR/Hi4IO5/0x8p6ghhw86sQBchDSxg8aQ7mqmgKCMSc39+iOQCZGVamBjSsueDEe+Aw==
+piclist@^1.3.4:
+  version "1.3.4"
+  resolved "https://registry.yarnpkg.com/piclist/-/piclist-1.3.4.tgz#695e11140cbfd0bff254434ee10bd7f01b788779"
+  integrity sha512-qlfMx+O1JD12+Gkippn00Gi9Tfj9X3sNbNQnT4pa0SC5PvCJJeMt9va88P97GAhlX9JHjBlG+c3oTOhH4CLDLQ==
   dependencies:
     "@picgo/i18n" "^1.0.0"
     "@picgo/store" "^2.1.0"