diff --git a/core/api/auth.py b/core/api/auth.py
index 51f942a163bbf9cb54b17170a8713371ff928d8d..fcaaac89bf13082264d8e89c76394b1fbb478fa3 100644
--- a/core/api/auth.py
+++ b/core/api/auth.py
@@ -7,7 +7,7 @@ from django.contrib.auth.models import User
 from django.shortcuts import render
 from django.urls import reverse
 from rest_framework import generics, status, serializers, HTTP_HEADER_ENCODING, permissions
-from rest_framework.decorators import api_view, authentication_classes, permission_classes
+from rest_framework.decorators import api_view, authentication_classes
 from rest_framework.response import Response
 from knox.auth import TokenAuthentication
 from knox.models import AuthToken
@@ -180,17 +180,14 @@ def validate_token(request):
         return Response({'valid': 'false'})
 
 
-@api_view(['DELETE'])
-@authentication_classes([])
-# @permission_classes([permissions.IsAuthenticated])
-def delete_account(request):
-    try:
-        authenticator = TokenAuthentication()
-        user, auth_token = authenticator.authenticate(request)
-        if user and auth_token:
+class DeleteAccountAPI(generics.GenericAPIView):
+    permission_classes = (permissions.IsAuthenticated,)
+
+    def delete(self, request):
+        user = self.request.user
+        if user:
             user.delete()
             return Response({'msg': 'Delete successfully.'})
-    except:
         return Response({'msg': 'Failed to delete this account.'}, status=status.HTTP_401_UNAUTHORIZED)
 
 
diff --git a/core/api/bill.py b/core/api/bill.py
index 271f0988eb828bc5557807d0cba46bc367524b2d..c4b7318ee024fc8c6794e3c6e1c26507ff13e5c7 100644
--- a/core/api/bill.py
+++ b/core/api/bill.py
@@ -12,7 +12,7 @@ class BillListCreate(mixins.ListModelMixin, mixins.CreateModelMixin, generics.Ge
     #     authentication.SessionAuthentication,
     #     authentication.TokenAuthentication
     # ]
-    # permission_classes = (permissions.IsAuthenticated,)
+    permission_classes = (permissions.IsAuthenticated,)
 
     def get(self, request, *args, **kwargs):
         return self.list(request, *args, **kwargs)
diff --git a/core/urls.py b/core/urls.py
index bcf2c32033bf0192cafb341fffdae156083bccae..6a102fd795d9ab046663629b6fb944332f94ea89 100644
--- a/core/urls.py
+++ b/core/urls.py
@@ -2,7 +2,7 @@ from django.urls import path, include
 from knox import views as knox_views
 from rest_framework import routers
 
-from core.api.auth import RegisterAPI, LoginAPI, AppleLogin, GoogleLogin, FacebookLogin, validate_token, delete_account, verify_user_and_activate
+from core.api.auth import RegisterAPI, LoginAPI, AppleLogin, GoogleLogin, FacebookLogin, validate_token, DeleteAccountAPI, verify_user_and_activate
 from core.api.password import ChangePasswordView
 from core.api.profile import ProfileViewSet
 from core.api.coupon import CouponViewSet
@@ -24,7 +24,7 @@ urlpatterns += [
     path('api/auth/google', GoogleLogin.as_view(), name='google_login'),
     path('api/auth/facebook', FacebookLogin.as_view(), name='facebook_login'),
     path('api/auth/validate-token', validate_token, name='validate-token'),
-    path('api/auth/delete-account', delete_account, name='delete-account'),
+    path('api/auth/delete-account', DeleteAccountAPI.as_view(), name='delete-account'),
     # passwd
     path('api/change-password', ChangePasswordView.as_view(), name='change-password'),
     path('api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),