diff --git a/en/application-dev/security/permission-verify-guidelines.md b/en/application-dev/security/permission-verify-guidelines.md
index cca11b49b4f02be2631b354adf47c83d4d57e2c1..738c6ddb5dd28136cbc50e1faa8982a057b36c75 100644
--- a/en/application-dev/security/permission-verify-guidelines.md
+++ b/en/application-dev/security/permission-verify-guidelines.md
@@ -2,7 +2,7 @@
## When to Use
-To protect sensitive data and eliminate security threads on core abilities, you can use the permissions in the [App Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.
+To protect sensitive data and eliminate security threads on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.
## Available APIs
@@ -18,8 +18,14 @@ The table below lists only the API used in this guide. For more information, see
The procedure is as follows:
1. Obtain the caller's identity (**tokenId**).
+
+ > **NOTE**
+ > Use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md#getcallingtokenid8).
+
2. Determine the permission to verify, which is **ohos.permission.PERMISSION** in this example.
+
3. Call **verifyAccessToken()** to perform a permission verification of the caller.
+
4. Proceed based on the permission verification result.
```js
@@ -42,5 +48,3 @@ The procedure is as follows:
}
```
-> **NOTE**
-> You can use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md#getcallingtokenid8).