diff --git a/server.go b/server.go
index 4d1eb65..64387d4 100644
--- a/server.go
+++ b/server.go
@@ -17,6 +17,7 @@ import (
 func apiV1Main(w http.ResponseWriter, r *http.Request) {
 	logRequestDebug(httputil.DumpRequest(r, true))
 	if checkSignature(r) == false {
+		log.Println("signature of URL incorrect")
 		fmt.Fprintf(w, "") //empty string
 		return
 	}
diff --git a/server_test.go b/server_test.go
index 64f28be..2dc54e1 100644
--- a/server_test.go
+++ b/server_test.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bytes"
 	"fmt"
 	"log"
 	"net/http"
@@ -42,6 +43,26 @@ signature => [e39de9f2e28079c01ebb4b803dfc3442b819545c]`
 
 }
 
+//Send encrypted text Message ("test"")to server and get encrypted feedback
+//we only check decrypted ToUserName should be the one we sent out.
+//as decrypt itself is already a good proof of its working state.
+func TestPostTxtMsg(t *testing.T) {
+	SetupConfig()
+	req := buildReqWechatPostTxtMsg()
+	rr, _ := getHTTPResponse(req, apiV1Main)
+
+	m := ReadEncryptedMsg(rr.Body.String())
+	xml := Decode(m.Encrypt)
+	h := ReadCommonHeader(xml)
+
+	expected := "oUN420bxqFqlx0ZQHciUOesZO3PE"
+	if h.ToUserName != expected {
+		t.Errorf("expect ToUserName: %v \r\nbut got %v",
+			expected, h.ToUserName)
+	}
+
+}
+
 func getHTTPResponse(req *http.Request, handler http.HandlerFunc) (rr *httptest.ResponseRecorder, err error) {
 
 	// Our handlers satisfy http.Handler, so we can call their ServeHTTP method
@@ -58,6 +79,43 @@ func getHTTPResponse(req *http.Request, handler http.HandlerFunc) (rr *httptest.
 	return
 }
 
+// POST /api?signature=f06bb28c1d3847815d498fc0a343b11b4d03e095&timestamp=1493212928&nonce=1461107899&openid=oUN420bxqFqlx0ZQHciUOesZO3PE&encrypt_type=aes&msg_signature=61a50d4656b13a7bbeecf53a5a85fbf37835762f HTTP/1.1
+// Host: wechat.hitxy.org.au
+// Accept: */*
+// Cache-Control: no-cache
+// Connection: Keep-Alive
+// Content-Length: 534
+// Content-Type: text/xml
+// Pragma: no-cache
+// User-Agent: Mozilla/4.0
+// X-Forwarded-For: 103.7.30.105
+// X-Forwarded-Host: wechat.hitxy.org.au
+// X-Forwarded-Server: wechat.hitxy.org.au
+
+// <xml>
+//     <ToUserName><![CDATA[gh_f09231355c68]]></ToUserName>
+//     <Encrypt><![CDATA[HKILXQjAOV4Zi5Zb8gQ8zt6EPA6cBCRYSq90PZuyMqZSGhtjMESSgveIps74rS2+Q5aZPJhytXIkmuE+dxMTkV06qGNSYuSurXsoJE7bNfrE/Nmxq6GwKH1rwHXk3c50NoHW/h6/jCXu8x0oY1oW/ea1tLRGY4xeoQ9voCuvVYRFSyuU7Zz2QjlbP+AG8mCnGBxUwqrthqWFe7wDEkYa38EoD9DrjrQKRc4Hn2ZIHYN569cn5PDvsif+5FUX4p+3gEkgk/HVxicC7wT9wYzNSk9HH7bET3V7hnhJ+PJa+ZEH7HAPzry61UZ1gghf4dJAGVE9D8R4/0M6DpKGCQBGXmlI/Q3NjN0jx9NAqffPRxsoW4BF7mLV8RmfDbJJEa0W5i0buwyluMyVcrF5KT9Bd2DBvsULCXfuwwp01DmJdfc=]]></Encrypt>
+// </xml>
+
+// decrypt as: <xml><ToUserName><![CDATA[gh_f09231355c68]]></ToUserName>
+// <FromUserName><![CDATA[oUN420bxqFqlx0ZQHciUOesZO3PE]]></FromUserName>
+// <CreateTime>1493212928</CreateTime>
+// <MsgType><![CDATA[text]]></MsgType>
+// <Content><![CDATA[test]]></Content>
+// <MsgId>6413300692136991026</MsgId>
+// </xml>
+func buildReqWechatPostTxtMsg() *http.Request {
+	xml := `<xml>
+<ToUserName><![CDATA[gh_f09231355c68]]></ToUserName>
+<Encrypt><![CDATA[HKILXQjAOV4Zi5Zb8gQ8zt6EPA6cBCRYSq90PZuyMqZSGhtjMESSgveIps74rS2+Q5aZPJhytXIkmuE+dxMTkV06qGNSYuSurXsoJE7bNfrE/Nmxq6GwKH1rwHXk3c50NoHW/h6/jCXu8x0oY1oW/ea1tLRGY4xeoQ9voCuvVYRFSyuU7Zz2QjlbP+AG8mCnGBxUwqrthqWFe7wDEkYa38EoD9DrjrQKRc4Hn2ZIHYN569cn5PDvsif+5FUX4p+3gEkgk/HVxicC7wT9wYzNSk9HH7bET3V7hnhJ+PJa+ZEH7HAPzry61UZ1gghf4dJAGVE9D8R4/0M6DpKGCQBGXmlI/Q3NjN0jx9NAqffPRxsoW4BF7mLV8RmfDbJJEa0W5i0buwyluMyVcrF5KT9Bd2DBvsULCXfuwwp01DmJdfc=]]></Encrypt>
+</xml>`
+	b := bytes.NewBufferString(xml)
+	req, _ := http.NewRequest("POST", "/api?signature=f06bb28c1d3847815d498fc0a343b11b4d03e095&timestamp=1493212928&nonce=1461107899&openid=oUN420bxqFqlx0ZQHciUOesZO3PE&encrypt_type=aes&msg_signature=61a50d4656b13a7bbeecf53a5a85fbf37835762f", b)
+	buildReqCommonHeader(req)
+
+	return req
+}
+
 func buildReqWechatWebRoot() *http.Request {
 	req, _ := http.NewRequest("GET", "/dummydir", nil)
 	buildReqCommonHeader(req)