diff --git a/src/index.tsx b/src/index.tsx
index 6b2f213..b3f2875 100644
--- a/src/index.tsx
+++ b/src/index.tsx
@@ -35,13 +35,14 @@ const Api = new Elysia({
   .use(ApiUser)
   .use(WaRoute)
   .use(WebhookRoute)
-  .use(WaHookRoute);
+
 
 const app = new Elysia()
   .use(cors())
   .use(Api)
   .use(Docs)
   .use(Auth)
+  .use(WaHookRoute)
   .get("*", html)
   .listen(3000, () => {
     console.log("Server running at http://localhost:3000");
diff --git a/src/server/routes/wa_hook_route.ts b/src/server/routes/wa_hook_route.ts
index fb7955a..1e2a584 100644
--- a/src/server/routes/wa_hook_route.ts
+++ b/src/server/routes/wa_hook_route.ts
@@ -1,4 +1,5 @@
 import Elysia, { t } from "elysia";
+import { prisma } from "../lib/prisma";
 
 const VERIFY_TOKEN = "token_yang_kamu_set_di_dashboard";
 
@@ -7,14 +8,26 @@ const WaHookRoute = new Elysia({
     tags: ["WhatsApp Hook"],
 })
     // ✅ Handle verifikasi Webhook (GET)
-    .get("/hook", (ctx) => {
+    .get("/hook", async(ctx) => {
         const { query, set } = ctx;
         const mode = query["hub.mode"];
         const challenge = query["hub.challenge"];
+        const verifyToken = query["hub.verify_token"];
+
+        const getToken = await prisma.webHook.findFirst({
+            where: {
+                apiToken: verifyToken || "",
+            },
+        });
+
+        if (!getToken) {
+            set.status = 403;
+            return "Verification failed";
+        }
 
         if (mode === "subscribe") {
             set.status = 200;
-            return challenge; // WA butuh raw challenge string
+            return challenge;
         }
 
         set.status = 403;