diff --git a/sql/marketdb.sql b/sql/marketdb.sql
index 7f926330..8b019bee 100644
--- a/sql/marketdb.sql
+++ b/sql/marketdb.sql
@@ -103,6 +103,7 @@ CREATE TABLE `t_nft` (
   `modifytime` int(11) NOT NULL DEFAULT '0' COMMENT '修改时间',
   PRIMARY KEY (`idx`),
   UNIQUE KEY `token_id` (`token_id`),
+  KEY `owner_address_token_type` (`owner_address`, `token_type`),
   KEY `owner_address` (`owner_address`)
 ) ENGINE=InnoDB AUTO_INCREMENT=10001 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
 /*!40101 SET character_set_client = @saved_cs_client */;
diff --git a/webapp/controller/MarketController.class.php b/webapp/controller/MarketController.class.php
index 54f04abc..06246ee0 100644
--- a/webapp/controller/MarketController.class.php
+++ b/webapp/controller/MarketController.class.php
@@ -494,6 +494,19 @@ class MarketController extends BaseController {
         ));
     }
 
+    public function tokenAuth()
+    {
+        $account = getReqVal('account', '');
+        $token = getReqVal('token', '');
+        if (!$this->isValidToken($account, $token)) {
+            myself()->_rspErr(1, 'invalid token');
+            return;
+        }
+        myself()->_rspData(array(
+            'account' => $account
+        ));
+    }
+
     public function auth()
     {
         $account = getReqVal('account', '');