diff --git a/api/internal/filter/authentication.go b/api/internal/filter/authentication.go
index 3b4848078b..04ba5456db 100644
--- a/api/internal/filter/authentication.go
+++ b/api/internal/filter/authentication.go
@@ -45,50 +45,55 @@ func (mw *AuthenticationMiddleware) Handle(ctx droplet.Context) error {
 
 	req := httpReq.(*http.Request)
 
-	if req.URL.Path != "/apisix/admin/user/login" && strings.HasPrefix(req.URL.Path, "/apisix") {
-		tokenStr := req.Header.Get("Authorization")
-
-		// verify token
-		token, err := jwt.ParseWithClaims(tokenStr, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
-			return []byte(conf.AuthConf.Secret), nil
-		})
-
-		// TODO: design the response error code
-		response := data.Response{Code: 010013, Message: "request unauthorized"}
-
-		if err != nil || token == nil || !token.Valid {
-			log.Warnf("token validate failed: %s", err)
-			ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
-			return nil
-		}
-
-		claims, ok := token.Claims.(*jwt.StandardClaims)
-		if !ok {
-			log.Warnf("token validate failed: %s, %v", err, token.Valid)
-			ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
-			return nil
-		}
-
-		if err := token.Claims.Valid(); err != nil {
-			log.Warnf("token claims validate failed: %s", err)
-			ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
-			return nil
-		}
-
-		if claims.Subject == "" {
-			log.Warn("token claims subject empty")
-			ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
-			return nil
-		}
-
-		if _, ok := conf.UserList[claims.Subject]; !ok {
-			log.Warnf("user not exists by token claims subject %s", claims.Subject)
-			ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
-			return nil
-		}
+	if req.URL.Path == "/apisix/admin/tool/version" || req.URL.Path == "/apisix/admin/user/login" {
+		return mw.BaseMiddleware.Handle(ctx)
+	}
 
+	if !strings.HasPrefix(req.URL.Path, "/apisix") {
 		return mw.BaseMiddleware.Handle(ctx)
 	}
 
+	// Need check the auth header
+	tokenStr := req.Header.Get("Authorization")
+
+	// verify token
+	token, err := jwt.ParseWithClaims(tokenStr, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
+		return []byte(conf.AuthConf.Secret), nil
+	})
+
+	// TODO: design the response error code
+	response := data.Response{Code: 010013, Message: "request unauthorized"}
+
+	if err != nil || token == nil || !token.Valid {
+		log.Warnf("token validate failed: %s", err)
+		ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
+		return nil
+	}
+
+	claims, ok := token.Claims.(*jwt.StandardClaims)
+	if !ok {
+		log.Warnf("token validate failed: %s, %v", err, token.Valid)
+		ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
+		return nil
+	}
+
+	if err := token.Claims.Valid(); err != nil {
+		log.Warnf("token claims validate failed: %s", err)
+		ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
+		return nil
+	}
+
+	if claims.Subject == "" {
+		log.Warn("token claims subject empty")
+		ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
+		return nil
+	}
+
+	if _, ok := conf.UserList[claims.Subject]; !ok {
+		log.Warnf("user not exists by token claims subject %s", claims.Subject)
+		ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
+		return nil
+	}
+
 	return mw.BaseMiddleware.Handle(ctx)
 }
diff --git a/api/internal/handler/tool/tool.go b/api/internal/handler/tool/tool.go
index def441b1ff..c3f9e996f1 100644
--- a/api/internal/handler/tool/tool.go
+++ b/api/internal/handler/tool/tool.go
@@ -38,7 +38,7 @@ func NewHandler() (handler.RouteRegister, error) {
 }
 
 func (h *Handler) ApplyRoute(r *gin.Engine) {
-	r.GET("/version", wgin.Wraps(h.Version))
+	r.GET("/apisix/admin/tool/version", wgin.Wraps(h.Version))
 }
 
 func (h *Handler) Version(_ droplet.Context) (interface{}, error) {
diff --git a/api/test/e2e/version_test.go b/api/test/e2e/version_test.go
index f486e3ddfd..adea7e7e47 100644
--- a/api/test/e2e/version_test.go
+++ b/api/test/e2e/version_test.go
@@ -27,7 +27,7 @@ func TestInfo(t *testing.T) {
 			Desc:         "get info",
 			Object:       ManagerApiExpect(t),
 			Method:       http.MethodGet,
-			Path:         "/version",
+			Path:         "/apisix/admin/tool/version",
 			ExpectStatus: http.StatusOK,
 			ExpectBody:   []string{"commit_hash", "\"version\""},
 		},
diff --git a/api/test/shell/cli_test.sh b/api/test/shell/cli_test.sh
index 5ec96cc1a6..20e0249598 100755
--- a/api/test/shell/cli_test.sh
+++ b/api/test/shell/cli_test.sh
@@ -288,6 +288,16 @@ if [ "$respCode" != "0" ] || [ $respMessage != "\"\"" ]; then
     exit 1
 fi
 
-./manager-api stop
+# check the version api
+resp=$(curl http://127.0.0.1:9000/apisix/admin/tool/version)
+if [[ `echo ${resp} | grep -c "${VERSION}"` -ne '1' ]]; then
+    echo "failed: can't through api to get version info"
+    exit 1
+fi
+
+if [[ `echo ${resp} | grep -c "${GITHASH}"` -ne '1' ]]; then
+    echo "failed: can't through api to get githash info"
+    exit 1
+fi
 
 check_logfile