diff --git a/EuroTran/EasyBL.WEBAPP/ShowEasy/BookingMaintain_QryService.cs b/EuroTran/EasyBL.WEBAPP/ShowEasy/BookingMaintain_QryService.cs
index ca53e84..bd58048 100644
--- a/EuroTran/EasyBL.WEBAPP/ShowEasy/BookingMaintain_QryService.cs
+++ b/EuroTran/EasyBL.WEBAPP/ShowEasy/BookingMaintain_QryService.cs
@@ -250,7 +250,7 @@ namespace EasyBL.WEBAPP.SYS
                         sLanguageID = WebAppGlobalConstWord.DEFAULT_LANGUAGE;
                     }
 
-                    var rsBooking = QueryOneDetailBooking(sLanguageID, sBookingID, "");
+                    var rsBooking = QueryOneDetailBooking(sLanguageID, "", sBookingID, "");
 
                     rm = new SuccessResponseMessage(null, i_crm);
                     rm.DATA.Add(BLWording.REL, rsBooking);
@@ -705,9 +705,9 @@ namespace EasyBL.WEBAPP.SYS
 
         }
 
-        public View_SAL_Booking QueryOneDetailBooking(string sLanguageID, string sBookingID, string sBookingNo) {
+        public View_SAL_Booking QueryOneDetailBooking(string sLanguageID, string sMemberID, string sBookingID, string sBookingNo) {
 
-            var Booking = FindAllDetailByIDsAsDictionary(sLanguageID, sBookingID, sBookingNo, "").Values.ToList()
+            var Booking = FindAllDetailByIDsAsDictionary(sLanguageID, sBookingID, sBookingNo, sMemberID).Values.ToList()
                 .Where(w => w.BookingID == sBookingID)
                 .FirstOrDefault();
 
diff --git a/EuroTran/EasyBL.WEBAPP/ShowEasy/BookingService.cs b/EuroTran/EasyBL.WEBAPP/ShowEasy/BookingService.cs
index 88b27bc..3223e9b 100644
--- a/EuroTran/EasyBL.WEBAPP/ShowEasy/BookingService.cs
+++ b/EuroTran/EasyBL.WEBAPP/ShowEasy/BookingService.cs
@@ -243,7 +243,7 @@ namespace EasyBL.WEBAPP.SYS
         /// </summary>
         /// <param name="i_crm"></param>
         /// <returns></returns>
-        public HttpResponseMessage GetOneDetailBooking(string sLanguageID, string sBookingID, string sBookingNo) {
+        public HttpResponseMessage GetOneDetailBooking(string sLanguageID, string sAccount, string sBookingID, string sBookingNo) {
 
             SuccessResponseMessage srm = null;
             string sError = null;
@@ -252,13 +252,16 @@ namespace EasyBL.WEBAPP.SYS
             {
                 do
                 {
+                    MemberMaintain_QryService mm_qry = new MemberMaintain_QryService();
+                    var Member = mm_qry.QueryOneByAccount(sAccount);
+
                     BookingMaintain_QryService bm_qry = new BookingMaintain_QryService();
 
                     if (string.IsNullOrEmpty(sLanguageID)) {
                         sLanguageID = WebAppGlobalConstWord.DEFAULT_LANGUAGE;
                     }
 
-                    var rsBooking = bm_qry.QueryOneDetailBooking(sLanguageID, sBookingID, sBookingNo);
+                    var rsBooking = bm_qry.QueryOneDetailBooking(sLanguageID, Member.MemberID, sBookingID, sBookingNo);
 
                     srm = new SuccessResponseMessage(null, null);
                     srm.DATA.Add(BLWording.REL, rsBooking);
diff --git a/EuroTran/WebApp/Controllers/BookingController.cs b/EuroTran/WebApp/Controllers/BookingController.cs
index 3824ceb..4a8d3ce 100644
--- a/EuroTran/WebApp/Controllers/BookingController.cs
+++ b/EuroTran/WebApp/Controllers/BookingController.cs
@@ -84,9 +84,12 @@ namespace WebApp.Controllers
         }
 
         [HttpGet]
+        [SEApiSecurityFilter]
         public HttpResponseMessage Booking(string Lang, string BookingID, string BookingNo)
         {
-            return new BookingService().GetOneDetailBooking(Lang, BookingID, BookingNo);
+            var SEToken = SETokenUtil.GetToken(this.Request);
+
+            return new BookingService().GetOneDetailBooking(Lang, SEToken.Account, BookingID, BookingNo);
         }
 
         [HttpPost]