diff --git a/app/(auth)/forgot-password/page.tsx b/app/(auth)/forgot-password/page.tsx
index 742f0fa..0263cc8 100644
--- a/app/(auth)/forgot-password/page.tsx
+++ b/app/(auth)/forgot-password/page.tsx
@@ -29,6 +29,7 @@ const forgotSchema = z
 export default function ForgotPasswordPage() {
   const router = useRouter()
   const [countdown, setCountdown] = useState(0)
+  const [requestId, setRequestId] = useState("")
 
   const {
     register,
@@ -52,7 +53,8 @@ export default function ForgotPasswordPage() {
 
     try {
       const email = getValues("email")
-      await sendForgotPasswordCode(email)
+      const rid = await sendForgotPasswordCode(email)
+      setRequestId(rid)
       setCountdown(60)
       notifySuccess("验证码已发送到你的邮箱")
     } catch (err) {
@@ -62,7 +64,12 @@ export default function ForgotPasswordPage() {
 
   const onSubmit = async (data: z.infer<typeof forgotSchema>) => {
     try {
-      await resetPassword({ email: data.email, vcode: data.vcode, newPassword: data.newPassword })
+      await resetPassword({
+        email: data.email,
+        vcode: data.vcode,
+        newPassword: data.newPassword,
+        requestId,
+      })
       notifySuccess("密码已重置")
       router.push("/login")
     } catch (err) {
diff --git a/app/(auth)/register/page.tsx b/app/(auth)/register/page.tsx
index d0bc27d..fda158b 100644
--- a/app/(auth)/register/page.tsx
+++ b/app/(auth)/register/page.tsx
@@ -40,6 +40,7 @@ export default function RegisterPage() {
   const [showPassword, setShowPassword] = useState(false)
   const [showConfirmPassword, setShowConfirmPassword] = useState(false)
   const [countdown, setCountdown] = useState(0)
+  const [requestId, setRequestId] = useState("")
   const {
     register,
     handleSubmit,
@@ -65,7 +66,8 @@ export default function RegisterPage() {
     const email = String(getValues("email") ?? "")
 
     try {
-      await sendEmailVerificationCode({ email, scene: "register" })
+      const rid = await sendEmailVerificationCode({ email, scene: "register" })
+      setRequestId(rid)
       setCountdown(60)
       notifySuccess("验证码已发送到你的邮箱")
     } catch (err) {
@@ -80,6 +82,7 @@ export default function RegisterPage() {
         email: data.email,
         password: data.password,
         vcode: data.vcode,
+        requestId,
       })
       storeLogin(user, ["consumer"])
       router.push("/")
diff --git a/lib/api/auth-extra.ts b/lib/api/auth-extra.ts
index 6c5255c..55f3a64 100644
--- a/lib/api/auth-extra.ts
+++ b/lib/api/auth-extra.ts
@@ -1,8 +1,15 @@
 import { httpJson } from "./http"
 
-export async function sendForgotPasswordCode(email: string): Promise<void> {
-  await httpJson<unknown>("/api/v1/auth/forgot-password/send", {
+interface SendVerificationCodeResp {
+  requestId: string
+  expireInSec: number
+  message: string
+}
+
+export async function sendForgotPasswordCode(email: string): Promise<string> {
+  const res = await httpJson<SendVerificationCodeResp>("/api/v1/auth/forgot-password/send", {
     method: "POST",
     json: { email },
   })
+  return res.requestId
 }
diff --git a/lib/api/auth.ts b/lib/api/auth.ts
index 2e388ae..25e56c5 100644
--- a/lib/api/auth.ts
+++ b/lib/api/auth.ts
@@ -7,6 +7,7 @@ export type RegisterInput = {
   email: string
   password: string
   vcode?: string
+  requestId?: string
 }
 
 export type LoginInput = {
@@ -28,9 +29,13 @@ export async function register(input: RegisterInput): Promise<User> {
   if (!email) throwApiError(400, "请输入邮箱")
   if (!password || password.length < 6) throwApiError(400, "密码至少6位")
 
+  const headers: Record<string, string> = {}
+  if (input.requestId) headers["X-Request-Id"] = input.requestId
+
   const res = await httpJson<{ user: User }>("/api/v1/auth/register", {
     method: "POST",
     json: { username, email, password, vcode },
+    headers,
   })
   return res.user
 }
@@ -53,6 +58,7 @@ export async function resetPassword(input: {
   email: string
   vcode: string
   newPassword: string
+  requestId?: string
 }): Promise<void> {
   const email = input.email.trim()
   const vcode = input.vcode.trim()
@@ -62,8 +68,12 @@ export async function resetPassword(input: {
   if (!vcode) throwApiError(400, "请输入验证码")
   if (!newPassword || newPassword.length < 8) throwApiError(400, "密码至少8位")
 
+  const headers: Record<string, string> = {}
+  if (input.requestId) headers["X-Request-Id"] = input.requestId
+
   await httpJson<unknown>("/api/v1/auth/reset-password", {
     method: "POST",
     json: { email, vcode, newPassword },
+    headers,
   })
 }
diff --git a/lib/api/email.ts b/lib/api/email.ts
index 58b6220..cafcc3e 100644
--- a/lib/api/email.ts
+++ b/lib/api/email.ts
@@ -1,11 +1,18 @@
 import { httpJson } from "./http"
 
+interface SendVerificationCodeResp {
+  requestId: string
+  expireInSec: number
+  message: string
+}
+
 export async function sendEmailVerificationCode(input: {
   email: string
   scene: string
-}): Promise<void> {
-  await httpJson<unknown>("/api/v1/email/verification-code/send", {
+}): Promise<string> {
+  const res = await httpJson<SendVerificationCodeResp>("/api/v1/email/verification-code/send", {
     method: "POST",
     json: { email: input.email, scene: input.scene },
   })
+  return res.requestId
 }