diff --git a/server/action/organisation/application/token/route.go b/server/action/organisation/application/token/route.go
index 052e0174..c2efb4a2 100644
--- a/server/action/organisation/application/token/route.go
+++ b/server/action/organisation/application/token/route.go
@@ -9,7 +9,9 @@ type createAppToken struct {
 	Name        string `json:"name,omitempty" validate:"required"`
 	Description string `json:"description,omitempty"`
 }
+
 const namespace string = "applications"
+
 type applicationToken struct {
 	model.Base
 	Name          string             `gorm:"column:name" json:"name"`
@@ -25,6 +27,7 @@ func Router() chi.Router {
 	r.Post("/", create)
 	r.Get("/", list)
 	r.Delete("/{token_id}", delete)
+	r.Post("/validate", validate)
 
 	return r
 }
diff --git a/server/action/organisation/application/token/validate.go b/server/action/organisation/application/token/validate.go
index 08038a1b..ebb9d1cc 100644
--- a/server/action/organisation/application/token/validate.go
+++ b/server/action/organisation/application/token/validate.go
@@ -12,10 +12,11 @@ import (
 	"github.com/factly/x/renderx"
 	"github.com/factly/x/validationx"
 	"github.com/go-chi/chi"
+	"gorm.io/gorm"
 )
 
-// ValidationBody request body
-type ValidationBody struct {
+// validationBody request body
+type validationBody struct {
 	Token string `json:"token" validate:"required"`
 }
 
@@ -29,21 +30,21 @@ type ValidationBody struct {
 // @Param application_slug path string true "Application Slug"
 // @Param ValidationBody body ValidationBody true "Validation Body"
 // @Success 200 {object} model.Application
-// @Router /applications/{application_slug}/validateToken [post]
-func Validate(w http.ResponseWriter, r *http.Request) {
-	appSlug := chi.URLParam(r, "application_slug")
-	if appSlug == "" {
-		errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid slug", http.StatusBadRequest)))
-		return
-	}
-
-	orgID, err := strconv.Atoi(r.Header.Get("X-Organisation"))
+// @Router /applications/{application_id}/tokens/validate [post]
+func validate(w http.ResponseWriter, r *http.Request) {
+	applicaion_id := chi.URLParam(r, "application_id")
+	// if applicaion_id == "" {
+	// 	errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest)))
+	// 	return
+	// }
+	id, err := strconv.ParseUint(applicaion_id, 10, 64)
 	if err != nil {
-		errorx.Render(w, errorx.Parser(errorx.InvalidID()))
+		errorx.Render(w, errorx.Parser(errorx.GetMessage("invalid id", http.StatusBadRequest)))
 		return
 	}
+	//parse applicaion_id
 
-	tokenBody := ValidationBody{}
+	tokenBody := validationBody{}
 	err = json.NewDecoder(r.Body).Decode(&tokenBody)
 	if err != nil {
 		loggerx.Error(err)
@@ -61,18 +62,18 @@ func Validate(w http.ResponseWriter, r *http.Request) {
 	appToken := model.ApplicationToken{}
 	// Fetch all tokens for a application
 	err = model.DB.Model(&model.ApplicationToken{}).Preload("Application").Where(&model.ApplicationToken{
-		Token: tokenBody.Token,
+		Token: tokenBody.Token, ApplicationID: uint(id),
 	}).First(&appToken).Error
 
-	if err != nil || appToken.Application.Slug != appSlug || appToken.Application.OrganisationID != uint(orgID) {
+	if err != nil {
 		loggerx.Error(err)
-		errorx.Render(w, errorx.Parser(errorx.RecordNotFound()))
+		if err == gorm.ErrRecordNotFound {
+			renderx.JSON(w, http.StatusUnauthorized, map[string]interface{}{"valid": false})
+			return
+		}
+		errorx.Render(w, errorx.Parser(errorx.InternalServerError()))
 		return
 	}
 
-	if tokenBody.Token == appToken.Token {
-		renderx.JSON(w, http.StatusOK, map[string]interface{}{"valid": true})
-	} else {
-		renderx.JSON(w, http.StatusUnauthorized, map[string]interface{}{"valid": false})
-	}
+	renderx.JSON(w, http.StatusOK, map[string]interface{}{"valid": true})
 }