diff --git a/doc/partner.md b/doc/partner.md
index 347b0da..55e0882 100644
--- a/doc/partner.md
+++ b/doc/partner.md
@@ -7,7 +7,16 @@
 ## 说明
 
 1. 所有请求参数中带*号的不能为空
-2. 如无特殊说明, 所有接口返回json, 顶级结构如下, 接口Response的数据结构说明只包含data部分
+2. 接口签名字段说明
+
+```
+# 1. 将参与签名的参数按照key=value的格式，并按照参数名ASCII字典序升序排序, 例如:
+var signStr = 'name=一品漫城&sid=65AB7856FE&timestamp=1624332778169'
+# 2.  把我们提供的 secretKey(37284c327e10d8b73cf4325f33a3de4b34032e3e) 作为key, 使用HMAC-SHA256得到签名
+var sign = HmacSHA256(signStr, secretKey)
+
+```
+3. 如无特殊说明, 所有接口返回json, 顶级结构如下, 接口Response的数据结构说明只包含data部分
 
 ``` JSON
 {
@@ -17,7 +26,7 @@
 }
 ```
 
-2. 页面列表
+4. 页面列表
 
 > 所有的页面均可单独调用, url:  https://puzzle-admin.kingsome.cn/页面url?token=token&mini=1
 > token为 1号接口获取
@@ -57,16 +66,7 @@
 | timestamp | *10或13位均可  		|
 | sign | *签名  		|
 
-> 签名字段说明:
->
-> 取name,sid, timestamp和我们提供的SecretKey字段拼接成 name=店铺名称&sid=店铺id:timestamp:SecretKey, 取该字符串的sha1
-
-```js
-let signStr = `name=${name}&sid=${sid}:${timestamp}:${secretKey}`
-let sha1sum = crypto.createHash('sha1')
-sha1sum.update(signStr)
-let sign = sha1sum.digest('hex')
-```
+> 签名字段: name, sid, timestamp
 
 
 3. Response: JSON
diff --git a/src/admin/controllers/partner.controller.ts b/src/admin/controllers/partner.controller.ts
index e3a9101..635e3e1 100644
--- a/src/admin/controllers/partner.controller.ts
+++ b/src/admin/controllers/partner.controller.ts
@@ -27,8 +27,8 @@ class PartnerController extends BaseController {
     if (!name || !sid || !timestamp || !sign) {
       throw new ZError(10, '缺少必要参数')
     }
-    const signKeys = ['name', 'sid']
-    if (!checkSign({ secretKey: SECRET_KEY, data: req.params, timestamp, sign, signKeys })) {
+    const signKeys = ['name', 'sid', 'timestamp']
+    if (!checkSign({ secretKey: SECRET_KEY, data: req.params, sign, signKeys })) {
       throw new ZError(21, 'sign error')
     }
     sname = sname || name
diff --git a/src/utils/security.util.ts b/src/utils/security.util.ts
index f6abad9..0edbebe 100644
--- a/src/utils/security.util.ts
+++ b/src/utils/security.util.ts
@@ -30,6 +30,13 @@ export function sha1(str) {
   return str
 }
 
+export function hmacSha256(str: string, key: any) {
+  const md5sum = crypto.createHmac('sha256', key)
+  md5sum.update(str)
+  str = md5sum.digest('hex')
+  return str
+}
+
 export function md5(str) {
   const md5sum = crypto.createHash('md5')
   md5sum.update(str)
@@ -45,13 +52,11 @@ export function createSign(secretKey, paramStr, timestamp) {
 export function checkSign({
   secretKey,
   data,
-  timestamp,
   sign,
   signKeys,
 }: {
   secretKey: string
   data: {}
-  timestamp: string
   sign: string
   signKeys: string[]
 }) {
@@ -63,6 +68,6 @@ export function checkSign({
     }
     signStr += `${key}=${data[key]}`
   }
-  let sign1 = createSign(secretKey, signStr, timestamp)
+  let sign1 = hmacSha256(signStr, secretKey)
   return sign1 === sign
 }