diff --git a/app/Http/Controllers/Api/V1/ImageController.php b/app/Http/Controllers/Api/V1/ImageController.php
new file mode 100644
index 00000000..9522015b
--- /dev/null
+++ b/app/Http/Controllers/Api/V1/ImageController.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Exceptions\UploadException;
+use App\Http\Controllers\Controller;
+use App\Models\User;
+use App\Services\ImageService;
+use Illuminate\Auth\AuthenticationException;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Log;
+
+class ImageController extends Controller
+{
+    /**
+     * @throws AuthenticationException
+     */
+    public function upload(Request $request, ImageService $service): Response
+    {
+        if ($request->hasHeader('Authorization')) {
+            $guards = array_keys(config('auth.guards'));
+
+            if (empty($guards)) {
+                $guards = [null];
+            }
+
+            foreach ($guards as $guard) {
+                if (Auth::guard($guard)->check()) {
+                    Auth::shouldUse($guard);
+                    break;
+                }
+            }
+
+            if (! Auth::check()) {
+                throw new AuthenticationException('Authentication failed.');
+            }
+        }
+
+        try {
+            /** @var User $user */
+            $user = Auth::user();
+            $image = $service->store($request, $user);
+        } catch (UploadException $e) {
+            return $this->error($e->getMessage());
+        } catch (\Throwable $e) {
+            Log::error("Api 上传文件时发生异常，", ['message' => $e->getMessage(), 'trace' => $e->getTraceAsString()]);
+            if (config('app.debug')) {
+                return $this->error($e->getMessage());
+            }
+            return $this->error('服务异常，请稍后再试');
+        }
+        return $this->success('上传成功', $image->setAppends(['pathname', 'links'])->only(
+            'key', 'name', 'extension', 'pathname', 'origin_name', 'size', 'mimetype', 'md5', 'sha1', 'links'
+        ));
+    }
+}
diff --git a/resources/views/common/api.blade.php b/resources/views/common/api.blade.php
index bb6ce1fb..bc40bb31 100644
--- a/resources/views/common/api.blade.php
+++ b/resources/views/common/api.blade.php
@@ -14,8 +14,6 @@
                 <p class="text-lg text-gray-700 font-semibold">验证方式</p>
                 <div class="my-2 text-sm bg-white rounded-md p-4 overflow-x-auto">
                     当前版本接口采用 「HTTP 基本验证」的方式验证授权，通过接口获取 token 后，通过设置请求 header 标头来验证请求，例如：
-                    <b class="block my-2 text-gray-600 text-sm">"Authorization": "1|1bJbwlqBfnggmOMEZqXT5XusaIwqiZjCDs7r1Ob5"</b>
-                    或者：
                     <b class="block my-2 text-gray-600 text-sm">"Authorization": "Bearer 1|1bJbwlqBfnggmOMEZqXT5XusaIwqiZjCDs7r1Ob5"</b>
                     <p class="text-sm">如果未设置 Authorization 的情况下请求上传接口，将被视为游客上传。</p>
                 </div>
@@ -26,7 +24,7 @@
         <div class="space-y-4 bg-gray-50 p-3 rounded-md mb-5">
             <div>
                 <p class="text-lg text-gray-700 font-semibold">上传图片</p>
-                <x-code><span class="text-green-500">POST</span> /upload</x-code>
+                <x-code><span class="text-green-500 select-none">POST </span>/upload</x-code>
 
                 <div class="my-4 overflow-x-auto">
                     <p class="text-sm mb-2">Headers</p>
@@ -113,9 +111,19 @@
                             <td class="px-3 py-2 whitespace-nowrap">图片数据</td>
                         </tr>
                         <tr>
-                            <td class="px-3 py-2 whitespace-nowrap pl-6">id</td>
-                            <td class="px-3 py-2 whitespace-nowrap">Integer</td>
-                            <td class="px-3 py-2 whitespace-nowrap">图片唯一ID</td>
+                            <td class="px-3 py-2 whitespace-nowrap pl-6">key</td>
+                            <td class="px-3 py-2 whitespace-nowrap">String</td>
+                            <td class="px-3 py-2 whitespace-nowrap">图片唯一密钥</td>
+                        </tr>
+                        <tr>
+                            <td class="px-3 py-2 whitespace-nowrap pl-6">name</td>
+                            <td class="px-3 py-2 whitespace-nowrap">String</td>
+                            <td class="px-3 py-2 whitespace-nowrap">图片名称</td>
+                        </tr>
+                        <tr>
+                            <td class="px-3 py-2 whitespace-nowrap pl-6">extension</td>
+                            <td class="px-3 py-2 whitespace-nowrap">String</td>
+                            <td class="px-3 py-2 whitespace-nowrap">图片拓展名</td>
                         </tr>
                         <tr>
                             <td class="px-3 py-2 whitespace-nowrap pl-6">pathname</td>
diff --git a/routes/api.php b/routes/api.php
index a173790f..1c4323d1 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -1,8 +1,8 @@
 <?php
 
-use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Route;
-use App\Http\Controllers\Controller;
+use App\Http\Controllers\Api\V1\ImageController;
+use App\Http\Controllers\Api\V1\TokenController;
 
 /*
 |--------------------------------------------------------------------------
@@ -15,10 +15,8 @@ use App\Http\Controllers\Controller;
 |
 */
 
-use App\Http\Controllers\Api\V1\TokenController;
-
 Route::group(['prefix' => 'v1'], function () {
-    Route::post('upload', [Controller::class, 'upload']);
+    Route::post('upload', [ImageController::class, 'upload']);
 
     Route::group([
         'middleware' => 'auth:sanctum',
