diff --git a/src/controllers/ApiWebServiceController.ts b/src/controllers/ApiWebServiceController.ts
index 77d8486f..be60fb37 100644
--- a/src/controllers/ApiWebServiceController.ts
+++ b/src/controllers/ApiWebServiceController.ts
@@ -17,9 +17,11 @@ import HttpStatusCode from "../interfaces/http-status";
 import HttpError from "../interfaces/http-error";
 import { ApiName } from "../entities/ApiName";
 import { Profile } from "../entities/Profile";
+import { isPermissionRequest } from "../middlewares/authWebService";
+import { RequestWithUserWebService } from "../middlewares/user";
 @Route("api/v2/org/api-service")
 @Tags("ApiKey")
-// @Security("bearerAuth")
+@Security("webServiceAuth")
 @Response(
   HttpStatusCode.INTERNAL_SERVER_ERROR,
   "เกิดข้อผิดพลาด ไม่สามารถแสดงรายการได้ กรุณาลองใหม่ในภายหลัง",
@@ -33,12 +35,13 @@ export class ApiWebServiceController extends Controller {
    */
   @Get("/:system/:code")
   async listAttribute(
+    @Request() request: RequestWithUserWebService,
     @Path("system") system: "registry" | "registry_emp" | "registry_temp" | "organization",
     @Path("code") code: string,
     @Query("page") page: number = 1,
     @Query("pageSize") pageSize: number = 100,
   ): Promise<HttpSuccess | HttpError> {
-    try {
+    // try {
       const apiName = await this.apiNameRepository.findOne({
         where: { code },
         select: ["id", "code", "methodApi", "system", "isActive"],
@@ -53,7 +56,7 @@ export class ApiWebServiceController extends Controller {
       if (!apiName || apiName.system != system || !apiName.isActive || apiName.methodApi != "GET") {
         throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบ API ที่ระบุ");
       }
-
+      await isPermissionRequest(request, apiName.id);
       const offset = (page - 1) * pageSize;
 
       const propertyKey = apiName.apiAttributes.map((attr) => `${attr.tbName}.${attr.propertyKey}`);
@@ -68,12 +71,12 @@ export class ApiWebServiceController extends Controller {
         .getManyAndCount();
 
       return new HttpSuccess({ items, total });
-    } catch (error) {
-      throw new HttpError(
-        HttpStatusCode.INTERNAL_SERVER_ERROR,
-        (error instanceof Error ? error.message : String(error)) ||
-          "เกิดข้อผิดพลาด ไม่สามารถแสดงรายการได้ กรุณาลองใหม่ในภายหลัง",
-      );
-    }
+    // } catch (error) {
+    //   throw new HttpError(
+    //     HttpStatusCode.INTERNAL_SERVER_ERROR,
+    //     (error instanceof Error ? error.message : String(error)) ||
+    //       "เกิดข้อผิดพลาด ไม่สามารถแสดงรายการได้ กรุณาลองใหม่ในภายหลัง",
+    //   );
+    // }
   }
 }