diff --git a/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/aspect/ExternalAppRequestAuthAspect.java b/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/aspect/ExternalAppRequestAuthAspect.java
index db9dc79da3..e64f678937 100644
--- a/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/aspect/ExternalAppRequestAuthAspect.java
+++ b/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/aspect/ExternalAppRequestAuthAspect.java
@@ -35,7 +35,7 @@ public class ExternalAppRequestAuthAspect {
 
     private static Logger logger = LoggerFactory.getLogger(ExternalAppRequestAuthAspect.class);
 
-    public static final String ACCESS_TOKEN_HEADER_KEY = "access_token";
+    public static final String ACCESS_TOKEN_HEADER_KEY = "AccessToken";
     public static final String APP_ID_HEADER_KEY = "appId";
 
     @Autowired
diff --git a/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java b/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
index 7aec3a7f6f..43fbf6d0cb 100644
--- a/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
+++ b/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
@@ -208,11 +208,19 @@ public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory<CpA
 	 * @return
 	 */
 	private boolean needAuth(String requestUri) {
+		// 优先判断白名单，在白名单中的就直接放行
+		for (String url : cpProperty.getUrlWhiteList()) {
+			if (antPathMatcher.match(url, requestUri)) {
+				return false;
+			}
+		}
+
 		for (String url : cpProperty.getSwaggerUrls()) {
 			if (antPathMatcher.match(url, requestUri)) {
 				return false;
 			}
 		}
+
 		for (String url : cpProperty.getUrls()) {
 			if (antPathMatcher.match(url, requestUri)) {
 				return true;
diff --git a/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java b/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java
index 9d6b103f20..f52d8f13a2 100644
--- a/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java
+++ b/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java
@@ -19,6 +19,11 @@ public class CpProperty {
 
     private List<String> urls;
 
+    /**
+     * 白名单
+     */
+    private List<String> urlWhiteList;
+
     /**
      * 不处理token，直接通过
      */
diff --git a/epmet-gateway/src/main/resources/bootstrap.yml b/epmet-gateway/src/main/resources/bootstrap.yml
index c2105542bb..0e8c054d2e 100644
--- a/epmet-gateway/src/main/resources/bootstrap.yml
+++ b/epmet-gateway/src/main/resources/bootstrap.yml
@@ -427,6 +427,12 @@ epmet:
     - /gov/issue/**
     - /gov/project/**
     - /resi/home/**
+    - /data/report/**
+
+  # url认证白名单，先判断白名单，在白名单中的url直接放行，不再判断上述需要认证的名单
+  urlWhiteList:
+    - /data/report/test/test
+
   swaggerUrls:
 
 jwt:
diff --git a/epmet-module/epmet-common-service/common-service-client/src/main/java/com/epmet/dto/form/ExternalCustomerFormDTO.java b/epmet-module/epmet-common-service/common-service-client/src/main/java/com/epmet/dto/form/ExternalCustomerFormDTO.java
new file mode 100644
index 0000000000..da8c394aea
--- /dev/null
+++ b/epmet-module/epmet-common-service/common-service-client/src/main/java/com/epmet/dto/form/ExternalCustomerFormDTO.java
@@ -0,0 +1,15 @@
+package com.epmet.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.Min;
+
+@Data
+public class ExternalCustomerFormDTO {
+
+    @Min(0)
+    private Integer pageNo;
+
+    @Min(0)
+    private Integer pageSize;
+}
diff --git a/epmet-module/epmet-common-service/common-service-client/src/main/java/com/epmet/dto/result/ExternalCustomerResultDTO.java b/epmet-module/epmet-common-service/common-service-client/src/main/java/com/epmet/dto/result/ExternalCustomerResultDTO.java
new file mode 100644
index 0000000000..79e58686fe
--- /dev/null
+++ b/epmet-module/epmet-common-service/common-service-client/src/main/java/com/epmet/dto/result/ExternalCustomerResultDTO.java
@@ -0,0 +1,46 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dto.result;
+
+import java.io.Serializable;
+import java.util.Date;
+import lombok.Data;
+
+
+/**
+ * 
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-08-19
+ */
+@Data
+public class ExternalCustomerResultDTO implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 客户ID
+     */
+	private String id;
+
+    /**
+     * 客户名称
+     */
+	private String customerName;
+
+}
\ No newline at end of file
diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/controller/ExternalAppController.java b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/controller/ExternalAppController.java
index 98fa8e9fc9..1e627e5de8 100644
--- a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/controller/ExternalAppController.java
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/controller/ExternalAppController.java
@@ -23,6 +23,11 @@ public class ExternalAppController {
     @Autowired
     private ExternalAppAuthService externalAppAuthService;
 
+    /**
+     * 外部请求认证
+     * @param formDTO
+     * @return
+     */
     @PostMapping("/auth")
     public Result<ExternalAppAuthResultDTO> auth(@RequestBody ExternalAppAuthFormDTO formDTO) {
         String appId = formDTO.getAppId();
diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/controller/ExternalCustomerController.java b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/controller/ExternalCustomerController.java
new file mode 100644
index 0000000000..e5ae0ae464
--- /dev/null
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/controller/ExternalCustomerController.java
@@ -0,0 +1,47 @@
+package com.epmet.controller;
+
+import com.epmet.commons.tools.exception.RenException;
+import com.epmet.commons.tools.utils.Result;
+import com.epmet.commons.tools.validator.ValidatorUtils;
+import com.epmet.dto.form.ExternalAppAuthFormDTO;
+import com.epmet.dto.form.ExternalCustomerFormDTO;
+import com.epmet.dto.result.ExternalAppAuthResultDTO;
+import com.epmet.service.ExternalAppAuthService;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.validation.constraints.Min;
+
+/**
+ * 外部客户管理
+ */
+@RestController
+@RequestMapping("/externalcustomer")
+public class ExternalCustomerController {
+
+    private static Logger logger = LoggerFactory.getLogger(ExternalCustomerController.class);
+
+    @Autowired
+    private ExternalAppAuthService externalAppAuthService;
+
+    /**
+     * 外部客户管理
+     * @return
+     */
+    @PostMapping("/list")
+    public Result<ExternalAppAuthResultDTO> list(@RequestBody ExternalCustomerFormDTO form) {
+        ValidatorUtils.validateEntity(form);
+        Integer pageNo = form.getPageNo();
+        Integer pageSize = form.getPageSize();
+
+
+        return null;
+    }
+
+}
diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/dao/ExternalCustomerDao.java b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/dao/ExternalCustomerDao.java
new file mode 100644
index 0000000000..b22be4caf9
--- /dev/null
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/dao/ExternalCustomerDao.java
@@ -0,0 +1,41 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dao;
+
+import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.dto.result.ExternalCustomerResultDTO;
+import com.epmet.entity.ExternalCustomerEntity;
+import org.apache.ibatis.annotations.Mapper;
+
+import java.util.List;
+
+/**
+ * 
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-08-19
+ */
+@Mapper
+public interface ExternalCustomerDao extends BaseDao<ExternalCustomerEntity> {
+
+    /**
+     * 列出客户基本信息
+     * @return
+     */
+    List<ExternalCustomerResultDTO> listBaseInfo();
+}
\ No newline at end of file
diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/entity/ExternalCustomerEntity.java b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/entity/ExternalCustomerEntity.java
new file mode 100644
index 0000000000..fccfbbb6a1
--- /dev/null
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/entity/ExternalCustomerEntity.java
@@ -0,0 +1,46 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+
+import com.epmet.commons.mybatis.entity.BaseEpmetEntity;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.util.Date;
+
+/**
+ * 
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-08-19
+ */
+@Data
+@EqualsAndHashCode(callSuper=false)
+@TableName("external_customer")
+public class ExternalCustomerEntity extends BaseEpmetEntity {
+
+	private static final long serialVersionUID = 1L;
+
+    /**
+     * 客户名称
+     */
+	private String customerName;
+
+}
diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/ExternalCustomerService.java b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/ExternalCustomerService.java
new file mode 100644
index 0000000000..bcc8d10cc6
--- /dev/null
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/ExternalCustomerService.java
@@ -0,0 +1,11 @@
+package com.epmet.service;
+
+import com.epmet.dto.result.ExternalCustomerResultDTO;
+
+import java.util.List;
+
+public interface ExternalCustomerService {
+
+    public List<ExternalCustomerResultDTO> list(Integer pageNo, Integer pageSize);
+
+}
diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalAppAuthServiceImpl.java b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalAppAuthServiceImpl.java
index 52b82011c9..822e654cbb 100644
--- a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalAppAuthServiceImpl.java
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalAppAuthServiceImpl.java
@@ -29,6 +29,8 @@ public class ExternalAppAuthServiceImpl implements ExternalAppAuthService {
     @Autowired
     private ExternalAppSecretDao externalAppSecretDao;
 
+    private int diffMillins = 1000 * 60 * 5;
+
     @Override
     public ExternalAppAuthResultDTO auth(String appId, String token) {
         String secret;
@@ -47,6 +49,19 @@ public class ExternalAppAuthServiceImpl implements ExternalAppAuthService {
 
         String appIdIn = (String)claim.get("appId");
         String customerId = (String)claim.get("customerId");
+        Long timestamp = (Long)claim.get("ts");
+
+        //校验时间戳，允许5分钟误差
+        if (StringUtils.isAnyBlank(appIdIn, customerId) || timestamp == null) {
+            logger.error("access token不完整。{},{},{}", appIdIn, customerId, timestamp);
+            return fillAuthResult(false, "access token不完整。", null);
+        }
+
+        // TODO
+//        if (!validTimeStamp(timestamp)) {
+//            logger.error("服务器存在时差过大，请求被拒绝", appId, appIdIn);
+//            return fillAuthResult(false, "服务器存在时差过大，请求被拒绝", null);
+//        }
 
         if (!appId.equals(appIdIn)) {
             logger.error("AppId不对应，token外部的:{}, token内部解析出来的:{}", appId, appIdIn);
@@ -55,6 +70,15 @@ public class ExternalAppAuthServiceImpl implements ExternalAppAuthService {
         return fillAuthResult(true, "解析成功", customerId);
     }
 
+    private boolean validTimeStamp(Long timestamp) {
+        long now = System.currentTimeMillis();
+//        System.out.println(new Date(timestamp));
+        if (Math.abs(now - timestamp) > diffMillins) {
+            return false;
+        }
+        return true;
+    }
+
     /**
      * 通过APP ID查询对应的秘钥
      * @param appId
diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalCustomerServiceImpl.java b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalCustomerServiceImpl.java
new file mode 100644
index 0000000000..9925841b0f
--- /dev/null
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalCustomerServiceImpl.java
@@ -0,0 +1,26 @@
+package com.epmet.service.impl;
+
+import com.epmet.dao.ExternalCustomerDao;
+import com.epmet.dto.result.ExternalCustomerResultDTO;
+import com.epmet.service.ExternalCustomerService;
+import com.github.pagehelper.PageHelper;
+import com.github.pagehelper.PageInfo;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+@Service
+public class ExternalCustomerServiceImpl implements ExternalCustomerService {
+
+    @Autowired
+    private ExternalCustomerDao externalCustomerDao;
+
+    @Override
+    public List<ExternalCustomerResultDTO> list(Integer pageNo, Integer pageSize) {
+        PageHelper.startPage(pageNo, pageSize);
+        List<ExternalCustomerResultDTO> customers = externalCustomerDao.listBaseInfo();
+        PageInfo<ExternalCustomerResultDTO> pageInfo = new PageInfo<>(customers);
+        return null;
+    }
+}
diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtTokenUtils.java b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtTokenUtils.java
index 8ef9a4cde4..1c3a326c75 100644
--- a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtTokenUtils.java
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtTokenUtils.java
@@ -75,8 +75,9 @@ public class ExtAppJwtTokenUtils {
 
     public static void genToken() {
         HashMap<String, Object> claim = new HashMap<>();
-        claim.put("appId", "1");
-//        claim.put("customerId", "c1");
+        claim.put("appId", "227fb75ae4baa820755aaf43bf7f0a69");
+        claim.put("customerId", "c1");
+        claim.put("ts", System.currentTimeMillis() - 1000 * 60 * 4);
 
         String abc = new ExtAppJwtTokenUtils().createToken(claim, "4a762660254c57996343f8ee42fbc0a6");
         System.out.println(abc);
diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/resources/mapper/ExternalCustomerDao.xml b/epmet-module/epmet-common-service/common-service-server/src/main/resources/mapper/ExternalCustomerDao.xml
new file mode 100644
index 0000000000..9d59a01224
--- /dev/null
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/resources/mapper/ExternalCustomerDao.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.epmet.dao.ExternalCustomerDao">
+
+    <resultMap type="com.epmet.entity.ExternalCustomerEntity" id="externalCustomerMap">
+        <result property="id" column="ID"/>
+        <result property="customerName" column="CUSTOMER_NAME"/>
+        <result property="delFlag" column="DEL_FLAG"/>
+        <result property="revision" column="REVISION"/>
+        <result property="createdBy" column="CREATED_BY"/>
+        <result property="createdTime" column="CREATED_TIME"/>
+        <result property="updatedBy" column="UPDATED_BY"/>
+        <result property="updatedTime" column="UPDATED_TIME"/>
+    </resultMap>
+
+<!--    列出客户基本信息-->
+    <select id="listBaseInfo" resultType="com.epmet.dto.result.ExternalCustomerResultDTO">
+        SELECT
+            id,
+            CUSTOMER_NAME
+        FROM
+            external_customer
+        WHERE
+            DEL_FLAG = 0
+    </select>
+
+
+</mapper>
\ No newline at end of file