diff --git a/Server/DemoLibrary/TestController.cs b/Server/DemoLibrary/TestController.cs
index 8d187d0..f8a22e9 100644
--- a/Server/DemoLibrary/TestController.cs
+++ b/Server/DemoLibrary/TestController.cs
@@ -3,11 +3,19 @@ using System.Net.Http;
 using System.Web.Http;
 using System.Net;
 using System.IO;
+using DotNetNuke.Application;
 
 namespace Summit.ApiDemo.DemoLibrary
 {
     public class TestController : DnnApiController, IServiceRouteMapper
     {
+        private readonly DotNetNuke.Abstractions.Application.IApplicationStatusInfo applicationStatusInfo;
+
+        public TestController(DotNetNuke.Abstractions.Application.IApplicationStatusInfo applicationStatusInfo)
+        {
+            this.applicationStatusInfo = applicationStatusInfo;
+        }
+
         public void RegisterRoutes(IMapRoute mapRouteManager)
         {
             mapRouteManager.MapHttpRoute(
@@ -38,5 +46,18 @@ namespace Summit.ApiDemo.DemoLibrary
         {
             return Request.CreateResponse(HttpStatusCode.OK, $"Hello from {UserInfo.DisplayName}.");
         }
+
+        [HttpGet]
+        [ApiTokenAuthorize("Test4", "~/App_LocalResources/DemoModule.resx", DotNetNuke.Web.Api.Auth.ApiTokens.Models.ApiTokenScope.Host)]
+        public HttpResponseMessage Test4()
+        {
+            var webConfigPath = Path.Combine(applicationStatusInfo.ApplicationMapPath, "web.config");
+            // calculate md5 of web.config file
+            var fileBytes = File.ReadAllBytes(webConfigPath);
+            var md5 = System.Security.Cryptography.MD5.Create();
+            var hash = md5.ComputeHash(fileBytes);
+            var md5String = System.BitConverter.ToString(hash).Replace("-", "").ToLower();
+            return Request.CreateResponse(HttpStatusCode.OK, md5String);
+        }
     }
 }