diff --git a/config/config.go b/config/config.go
index e7f46c6..b658f2d 100644
--- a/config/config.go
+++ b/config/config.go
@@ -15,11 +15,12 @@ import (
 
 // Config is a configuration model
 type Config struct {
-	Host     string
-	User     string
-	Password string
-	Database string
-	Port     int
+	Host         string
+	User         string
+	Password     string
+	Database     string
+	Port         int
+	JWTSignature string
 }
 
 var (
diff --git a/config/config.json b/config/config.json
index 4254fa6..d2d4d56 100644
--- a/config/config.json
+++ b/config/config.json
@@ -3,5 +3,6 @@
     "User": "postgres",
     "Password": "",
     "Database": "paylist",
-    "Port": 5432
+    "Port": 5432,
+    "JWTSignature": "topsecret"
 }
\ No newline at end of file
diff --git a/endpoint/paylist.go b/endpoint/paylist.go
index 5c3c438..65b6bbf 100644
--- a/endpoint/paylist.go
+++ b/endpoint/paylist.go
@@ -13,6 +13,8 @@ import (
 	"github.com/ariebrainware/paylist-api/util"
 )
 
+var conf config.Config
+
 //User stuct for parse token
 type User struct {
 	Username string
@@ -25,11 +27,11 @@ func FetchAllPaylist(c *gin.Context) {
 	tk := User{}
 	tokenString := c.Request.Header.Get("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprint(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
-		util.CallServerError(c, "fail to parse the token, make sure token is valid", err)
+		util.CallServerError(c, "fail to parse the token, make sure token and signature is valid", err)
 		return
 	}
 	username := tk.Username
@@ -48,7 +50,7 @@ func FetchSinglePaylist(c *gin.Context) {
 	tk := User{}
 	tokenString := c.Request.Header.Get("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprint(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
@@ -72,7 +74,7 @@ func CreateUserPaylist(c *gin.Context) {
 	// Parse the payload from token
 	tokenString := c.GetHeader("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprint(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
@@ -114,7 +116,7 @@ func UpdateUserPaylist(c *gin.Context) {
 	// Parse the token payload
 	tokenString := c.GetHeader("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprint(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
@@ -168,7 +170,7 @@ func UpdateUserPaylistStatus(c *gin.Context) {
 	// Parse the token payload and validate the username is own the paylist
 	tokenString := c.GetHeader("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprint(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
@@ -212,7 +214,7 @@ func DeleteUserPaylist(c *gin.Context) {
 	// Parse the token payload and validate the username is own the paylist
 	tokenString := c.GetHeader("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprint(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
diff --git a/endpoint/users.go b/endpoint/users.go
index 25248a6..ab179d7 100644
--- a/endpoint/users.go
+++ b/endpoint/users.go
@@ -76,7 +76,7 @@ func FetchAllUser(c *gin.Context) {
 	tk := User{}
 	tokenString := c.Request.Header.Get("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprint(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
@@ -108,12 +108,13 @@ func FetchAllUser(c *gin.Context) {
 
 // UpdateUser function to update user information
 func UpdateUser(c *gin.Context) {
+
 	var users model.User
 	ID := c.Param("id")
 	tk := User{}
 	tokenString := c.Request.Header.Get("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprint(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
@@ -146,12 +147,13 @@ func UpdateUser(c *gin.Context) {
 	util.CallSuccessOK(c, "User successfully updated!", ID)
 }
 
+// AddBalance is a function to add user balance or income
 func AddBalance(c *gin.Context) {
 	var users model.User
 	tk := User{}
 	tokenString := c.Request.Header.Get("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprintf(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
@@ -185,7 +187,7 @@ func DeleteUser(c *gin.Context) {
 	tk := User{}
 	tokenString := c.Request.Header.Get("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprintf(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
@@ -214,7 +216,7 @@ func FetchSingleUser(c *gin.Context) {
 	tk := User{}
 	tokenString := c.Request.Header.Get("Authorization")
 	token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte(fmt.Sprintf(conf.JWTSignature)), nil
 	})
 	if err != nil || token == nil {
 		fmt.Println(err, token)
@@ -274,7 +276,7 @@ func Login(c *gin.Context) {
 	}
 	//Create JWT token
 	token := jwt.NewWithClaims(jwt.GetSigningMethod("HS256"), tk)
-	tokenString, err := token.SignedString([]byte("secret"))
+	tokenString, err := token.SignedString([]byte(fmt.Sprintf(conf.JWTSignature)))
 	if err != nil {
 		util.CallServerError(c, "error create token", err)
 		c.Abort()
@@ -313,7 +315,7 @@ func Auth(c *gin.Context) {
 		if jwt.GetSigningMethod("HS256") != token.Method {
 			return nil, fmt.Errorf("unexpected SigningMethod :%v", token.Header["alg"])
 		}
-		return []byte("secret"), nil
+		return []byte(fmt.Sprintf(conf.JWTSignature)), nil
 	})
 	config.DB.Model(&logging).Where("token = ? ", tokenString).Find(&logging)
 	if logging.Token == "" {