diff --git a/frontend/modules/api/controllers/ProfileController.php b/frontend/modules/api/controllers/ProfileController.php
index e347d71..d840714 100644
--- a/frontend/modules/api/controllers/ProfileController.php
+++ b/frontend/modules/api/controllers/ProfileController.php
@@ -6,6 +6,8 @@ use common\behaviors\GsCors;
 use common\classes\Debug;
 use common\models\InterviewRequest;
 use frontend\modules\api\models\ProfileSearchForm;
+use yii\filters\auth\CompositeAuth;
+use yii\filters\auth\HttpBearerAuth;
 use yii\filters\auth\QueryParamAuth;
 
 class ProfileController extends \yii\rest\Controller
@@ -20,10 +22,12 @@ class ProfileController extends \yii\rest\Controller
                     'application/json' => \yii\web\Response::FORMAT_JSON,
                 ],
             ],
-            'authenticatior' => [
-                'class' => QueryParamAuth::class, //implement access token authentication
-                'except' => ['login'], // no need to verify the access token method, pay attention to distinguish between $noAclLogin
-            ],
+            'authenticator' => [
+                'class' => CompositeAuth::class,
+                'authMethods' => [
+                    HttpBearerAuth::class,
+                ],
+            ]
 //            'corsFilter' => [
 //                'class' => GsCors::class,
 //                'cors' => [
diff --git a/frontend/modules/api/controllers/SkillsController.php b/frontend/modules/api/controllers/SkillsController.php
index 1227319..c0bc06f 100644
--- a/frontend/modules/api/controllers/SkillsController.php
+++ b/frontend/modules/api/controllers/SkillsController.php
@@ -5,6 +5,8 @@ namespace frontend\modules\api\controllers;
 use common\behaviors\GsCors;
 use common\models\Options;
 use yii\filters\AccessControl;
+use yii\filters\auth\CompositeAuth;
+use yii\filters\auth\HttpBearerAuth;
 use yii\filters\auth\QueryParamAuth;
 
 class SkillsController extends \yii\rest\Controller
@@ -18,10 +20,12 @@ class SkillsController extends \yii\rest\Controller
                     'application/json' => \yii\web\Response::FORMAT_JSON,
                 ],
             ],
-            'authenticatior' => [
-                'class' => QueryParamAuth::class, //implement access token authentication
-                'except' => ['login'], // no need to verify the access token method, pay attention to distinguish between $noAclLogin
-            ],
+            'authenticator' => [
+                'class' => CompositeAuth::class,
+                'authMethods' => [
+                    HttpBearerAuth::class,
+                ],
+            ]
 //            'corsFilter' => [
 //                'class' => GsCors::class,
 //                'cors' => [
diff --git a/frontend/modules/api/controllers/UserController.php b/frontend/modules/api/controllers/UserController.php
index 34cea86..682357f 100644
--- a/frontend/modules/api/controllers/UserController.php
+++ b/frontend/modules/api/controllers/UserController.php
@@ -8,6 +8,8 @@ use common\classes\Debug;
 use common\models\User;
 use frontend\modules\api\models\LoginForm;
 use Yii;
+use yii\filters\auth\CompositeAuth;
+use yii\filters\auth\HttpBearerAuth;
 use yii\filters\ContentNegotiator;
 use yii\rest\ActiveController;
 use yii\helpers\ArrayHelper;
@@ -28,9 +30,11 @@ class UserController extends ActiveController
                     'application/json' => Response::FORMAT_JSON,
                 ],
             ],
-            'authenticatior' => [
-                'class' => QueryParamAuth::class, //implement access token authentication
-                'except' => ['login'], // no need to verify the access token method, pay attention to distinguish between $noAclLogin
+            'authenticator' => [
+                'class' => CompositeAuth::class,
+                'authMethods' => [
+                    HttpBearerAuth::class,
+                ],
             ],
             'corsFilter' => [
                 'class' => GsCors::class,