diff --git a/pom.xml b/pom.xml
index da5b00600..84588407e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -9,7 +9,7 @@
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>manage</artifactId>
-    <version>1.3.36</version>
+    <version>1.3.39</version>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <jib-maven-plugin.version>1.8.0</jib-maven-plugin.version>
diff --git a/src/main/java/au/com/royalpay/payment/manage/appclient/core/impls/RetailRSvcServiceImpl.java b/src/main/java/au/com/royalpay/payment/manage/appclient/core/impls/RetailRSvcServiceImpl.java
index bc23206c4..e44363a17 100644
--- a/src/main/java/au/com/royalpay/payment/manage/appclient/core/impls/RetailRSvcServiceImpl.java
+++ b/src/main/java/au/com/royalpay/payment/manage/appclient/core/impls/RetailRSvcServiceImpl.java
@@ -82,7 +82,7 @@ public class RetailRSvcServiceImpl implements RetailRSvcService {
                 throw new BadRequestException("this channel config is wrong");
             }
             String signa = params.getString("sign");
-            params.remove(signa);
+            params.remove("sign");
             params = JSONObject.parseObject(JSON.toJSONString(params), Feature.OrderedField);
             boolean checkSign = SignUtils.validSign(params.toJSONString(), signa, svcInfo.getString("channel_pub_key"));
             if (!checkSign) {
@@ -92,8 +92,7 @@ public class RetailRSvcServiceImpl implements RetailRSvcService {
             if (client == null) {
                 throw new InvalidShortIdException();
             }
-            String aesKeyStr = Base64.encodeBase64String(AESCrypt.randomKey().getEncoded());
-            Key key = AESCrypt.fromKeyString(Base64.decodeBase64(aesKeyStr));
+            Key key = AESCrypt.fromKeyString(Base64.decodeBase64(params.getString("nonce_str")));
             JSONObject serviceApply = new JSONObject();
             serviceApply.put("apply_id", UUID.randomUUID().toString());
             serviceApply.put("service_code", sourceCode);
@@ -108,6 +107,7 @@ public class RetailRSvcServiceImpl implements RetailRSvcService {
             clientServicesApplyMapper.save(serviceApply);
             result.put("result_status", "PROCESSING");
         } catch (Exception e) {
+            logger.error("enter R services fail:{} - {}",sourceCode,e.getMessage());
             result.put("result_status", "SYSTEMERROR");
             result.put("result_msg", e.getMessage());
         }
@@ -120,7 +120,7 @@ public class RetailRSvcServiceImpl implements RetailRSvcService {
     }
 
     private String decData(String data, Key key, String privateKey) {
-        String priKeyDecData = SignUtils.decData(data, privateKey);
-        return org.apache.commons.codec.binary.Base64.encodeBase64String(AESCrypt.encrypt(priKeyDecData.getBytes(StandardCharsets.UTF_8), key));
+        String aesData = new String(AESCrypt.decrypt(Base64.decodeBase64(data), key), StandardCharsets.UTF_8);
+        return SignUtils.decData(aesData, privateKey);
     }
 }