diff --git a/license-service/src/main/java/com/xuqm/license/config/SecurityConfig.java b/license-service/src/main/java/com/xuqm/license/config/SecurityConfig.java
index 79a6a34..8e7caec 100644
--- a/license-service/src/main/java/com/xuqm/license/config/SecurityConfig.java
+++ b/license-service/src/main/java/com/xuqm/license/config/SecurityConfig.java
@@ -36,7 +36,7 @@ public class SecurityConfig {
             .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(auth -> auth
                 .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
-                .requestMatchers("/api/license/register", "/api/license/verify").permitAll()
+                .requestMatchers("/api/license/register", "/api/license/verify", "/api/license/app-info").permitAll()
                 .requestMatchers("/api/license/internal/**", "/actuator/health", "/actuator/info").permitAll()
                 .anyRequest().authenticated()
             )
diff --git a/license-service/src/main/java/com/xuqm/license/controller/GlobalExceptionHandler.java b/license-service/src/main/java/com/xuqm/license/controller/GlobalExceptionHandler.java
index 00de2a0..920c744 100644
--- a/license-service/src/main/java/com/xuqm/license/controller/GlobalExceptionHandler.java
+++ b/license-service/src/main/java/com/xuqm/license/controller/GlobalExceptionHandler.java
@@ -17,6 +17,10 @@ public class GlobalExceptionHandler {
 
     @ExceptionHandler(MethodArgumentNotValidException.class)
     public ResponseEntity<ApiResponse<Void>> handleValidationException(MethodArgumentNotValidException e) {
-        return ResponseEntity.badRequest().body(ApiResponse.badRequest("Invalid request"));
+        String detail = e.getBindingResult().getFieldErrors().stream()
+                .map(f -> f.getField() + ": " + f.getDefaultMessage())
+                .reduce((a, b) -> a + "; " + b)
+                .orElse("Invalid request");
+        return ResponseEntity.badRequest().body(ApiResponse.badRequest(detail));
     }
 }
diff --git a/license-service/src/main/java/com/xuqm/license/controller/LicensePublicController.java b/license-service/src/main/java/com/xuqm/license/controller/LicensePublicController.java
index 543d110..ce2bb70 100644
--- a/license-service/src/main/java/com/xuqm/license/controller/LicensePublicController.java
+++ b/license-service/src/main/java/com/xuqm/license/controller/LicensePublicController.java
@@ -9,8 +9,6 @@ import com.xuqm.common.security.LicenseFileCrypto;
 import com.xuqm.license.entity.AppLicenseEntity;
 import com.xuqm.license.service.AppLicenseService;
 import com.xuqm.license.service.DeviceService;
-import jakarta.validation.Valid;
-import jakarta.validation.constraints.NotBlank;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
@@ -30,7 +28,10 @@ public class LicensePublicController {
     }
 
     @PostMapping("/register")
-    public ResponseEntity<ApiResponse<Map<String, Object>>> register(@Valid @RequestBody RegisterRequest req) {
+    public ResponseEntity<ApiResponse<Map<String, Object>>> register(@RequestBody RegisterRequest req) {
+        if (req.deviceId() == null || req.deviceId().isBlank()) {
+            throw new BusinessException(400, "deviceId 不能为空");
+        }
         String resolvedAppKey = resolveAppKey(req.appKey(), req.licenseFile());
         DeviceService.RegisterResult result = deviceService.register(
                 resolvedAppKey,
@@ -50,7 +51,13 @@ public class LicensePublicController {
     }
 
     @PostMapping("/verify")
-    public ResponseEntity<ApiResponse<Map<String, Object>>> verify(@Valid @RequestBody VerifyRequest req) {
+    public ResponseEntity<ApiResponse<Map<String, Object>>> verify(@RequestBody VerifyRequest req) {
+        if (req.deviceId() == null || req.deviceId().isBlank()) {
+            throw new BusinessException(400, "deviceId 不能为空");
+        }
+        if (req.token() == null || req.token().isBlank()) {
+            throw new BusinessException(400, "token 不能为空");
+        }
         String resolvedAppKey = resolveAppKey(req.appKey(), req.licenseFile());
         DeviceService.VerifyResult result = deviceService.verify(resolvedAppKey, req.deviceId(), req.token(), req.userInfo());
         Map<String, Object> data = new LinkedHashMap<>();
@@ -95,7 +102,7 @@ public class LicensePublicController {
             String appKey,
             @JsonProperty("packageName") @JsonAlias("package_name") String packageName,
             @JsonProperty("licenseFile") @JsonAlias("license_file") String licenseFile,
-            @NotBlank @JsonProperty("deviceId") @JsonAlias("device_id") String deviceId,
+            @JsonProperty("deviceId") @JsonAlias("device_id") String deviceId,
             @JsonProperty("deviceName") @JsonAlias("device_name") String deviceName,
             @JsonProperty("deviceModel") @JsonAlias("device_model") String deviceModel,
             @JsonProperty("deviceVendor") @JsonAlias("device_vendor") String deviceVendor,
@@ -107,8 +114,8 @@ public class LicensePublicController {
             String appKey,
             @JsonProperty("packageName") @JsonAlias("package_name") String packageName,
             @JsonProperty("licenseFile") @JsonAlias("license_file") String licenseFile,
-            @NotBlank @JsonProperty("deviceId") @JsonAlias("device_id") String deviceId,
-            @NotBlank String token,
+            @JsonProperty("deviceId") @JsonAlias("device_id") String deviceId,
+            String token,
             @JsonProperty("userInfo") @JsonAlias("user_info") JsonNode userInfo
     ) {}
 }