diff --git a/lib/wechat.js b/lib/wechat.js
index fb6bebb..d4d65e0 100644
--- a/lib/wechat.js
+++ b/lib/wechat.js
@@ -189,14 +189,17 @@ class Wechat {
       const echostr = query.echostr;
       const method = ctx.method;
 
+      const TOKEN = ctx.wx_token || this.token;
+      const CRYPTOR = ctx.wx_cryptor || this.cryptor;
+
       if (method === 'GET') {
         var valid = false;
         if (encrypted) {
           var signature = query.msg_signature;
-          valid = signature === this.cryptor.getSignature(timestamp, nonce, echostr);
+          valid = signature === CRYPTOR.getSignature(timestamp, nonce, echostr);
         } else {
           // 校验
-          valid = query.signature === getSignature(timestamp, nonce, this.token);
+          valid = query.signature === getSignature(timestamp, nonce, TOKEN);
         }
 
         if (!valid) {
@@ -204,7 +207,7 @@ class Wechat {
           ctx.body = 'Invalid signature';
         } else {
           if (encrypted) {
-            var decrypted = this.cryptor.decrypt(echostr);
+            var decrypted = CRYPTOR.decrypt(echostr);
             // TODO 检查appId的正确性
             ctx.body = decrypted.message;
           } else {
@@ -214,7 +217,7 @@ class Wechat {
       } else if (method === 'POST') {
         if (!encrypted) {
           // 校验
-          if (query.signature !== getSignature(timestamp, nonce, this.token)) {
+          if (query.signature !== getSignature(timestamp, nonce, TOKEN)) {
             ctx.status = 401;
             ctx.body = 'Invalid signature';
             return;
@@ -240,12 +243,12 @@ class Wechat {
         var formatted = formatMessage(result.xml);
         if (encrypted) {
           var encryptMessage = formatted.Encrypt;
-          if (query.msg_signature !== this.cryptor.getSignature(timestamp, nonce, encryptMessage)) {
+          if (query.msg_signature !== CRYPTOR.getSignature(timestamp, nonce, encryptMessage)) {
             ctx.status = 401;
             ctx.body = 'Invalid signature';
             return;
           }
-          var decryptedXML = this.cryptor.decrypt(encryptMessage);
+          var decryptedXML = CRYPTOR.decrypt(encryptMessage);
           var messageWrapXml = decryptedXML.message;
           if (messageWrapXml === '') {
             ctx.status = 401;
@@ -274,10 +277,10 @@ class Wechat {
           ctx.body = replyMessageXml;
         } else {
           var wrap = {};
-          wrap.encrypt = this.cryptor.encrypt(replyMessageXml);
+          wrap.encrypt = CRYPTOR.encrypt(replyMessageXml);
           wrap.nonce = parseInt((Math.random() * 100000000000), 10);
           wrap.timestamp = new Date().getTime();
-          wrap.signature = this.cryptor.getSignature(wrap.timestamp, wrap.nonce, wrap.encrypt);
+          wrap.signature = CRYPTOR.getSignature(wrap.timestamp, wrap.nonce, wrap.encrypt);
           ctx.body = encryptWrap(wrap);
         }