diff --git a/webapp/controller/BaseAuthedController.class.php b/webapp/controller/BaseAuthedController.class.php
index 4262f686..e95fa366 100644
--- a/webapp/controller/BaseAuthedController.class.php
+++ b/webapp/controller/BaseAuthedController.class.php
@@ -33,6 +33,18 @@ class BaseAuthedController extends BaseController {
     private $sessionId = '';
     private $mysqlConn = null;
 
+    private function isWhiteList()
+    {
+        $whiteList = array(
+            '0x875835829e95fe87e53a2dfcfd9860a735b70754',
+            '0x11299400d87f24e79af8cb8cc5661792bea45300',
+            '0x898a887fa574dd0297f202d66d5a65787acc1316',
+            '0x9b703a5a094df5b1ba4f3dec15810f7c708e31fa',
+            '0xef59f6cc4d190a0ae576c46d4583e92b61174340'
+        );
+        return in_array(myself()->_getOpenId(), $whiteList);
+    }
+
     public function _handlePre()
     {
         $this->accountId = getReqVal('account_id', '');
@@ -61,8 +73,10 @@ class BaseAuthedController extends BaseController {
         }
         if (SERVER_ENV == _ONLINE) {
             if (phpcommon\cmpVersion(getReqVal('_version', ''), '0.2.0') > 0) {
-              phpcommon\sendError(1002, '');
-              die();
+                if (!$this->isWhiteList() || myself()->_getChannel() != BC_CHANNEL) {
+                    phpcommon\sendError(1002, '');
+                    die();
+                }
             }
         }
     }