diff --git a/safesite/urls.py b/safesite/urls.py
index e77940ef..d6535459 100644
--- a/safesite/urls.py
+++ b/safesite/urls.py
@@ -182,6 +182,7 @@ urlpatterns = [
     path('gchandle',views.gchandle),
     path('menutree',views.menutree),
     path('setup',views.setup),
+    path('api/login', views.apilogin),
     path('api/company',views.apicompany),
     path('drapi',views.drapi),
     path('api/miss',views.apimiss),
diff --git a/safesite/views.py b/safesite/views.py
index 8d7f5cef..72589564 100644
--- a/safesite/views.py
+++ b/safesite/views.py
@@ -663,8 +663,27 @@ def init_permission(user,req):
                                         })
     req.session['permissions'] = permission_dict
 
-
-
+def apilogin(req):
+    """
+    json登录
+    """
+    data = json.loads(req.body.decode('utf-8'))
+    username = data['username']
+    password = data['password']
+    user = User.objects.filter(username=username, deletemark=1, usecomp__enabled=True)
+    if user.exists():
+        if check_password(password, user[0].epassword):
+            req.session['userid'] = user[0].userid
+            req.session.set_expiry(60*40)
+            init_permission(user[0],req)
+            return JsonResponse({'code':1})
+        else:
+            msg = '密码错误'
+            return JsonResponse({'code':0, 'msg':msg})
+    else:
+        msg = '用户不存在或被禁用'
+        return JsonResponse({'code':0, 'msg':msg})
+        
 def login(req):
     if req.session.get('userid', None):
         return redirect('index')