diff --git a/src/api/acts/admin.ts b/src/api/acts/admin.ts
index 0ce41af..8aa1a7d 100644
--- a/src/api/acts/admin.ts
+++ b/src/api/acts/admin.ts
@@ -144,7 +144,7 @@ export const addOTA = {
     func: async (client: Client, data: any, aws: (code: string, data: any) => void) => {
         try {
             await insert(signupOTA.token, signupOTA.expires, signupOTA.usesLeft)
-                .add(data.token, data.expires, data. usesLeft)
+                .add(data.token, data.expires, data.usesLeft)
                 .query(db);
         } catch (error) {
             await update(signupOTA)
diff --git a/src/api/acts/login.ts b/src/api/acts/login.ts
index 61b1767..c34b77d 100644
--- a/src/api/acts/login.ts
+++ b/src/api/acts/login.ts
@@ -6,8 +6,22 @@ import { oConf } from "../../sys/config.js";
 import { sha256, verify } from "../../sys/crypto.js";
 import { accounts, db, signupOTA as signupOTATable } from "../../sys/db.js";
 import { get64, uts } from "../../sys/tools.js";
+import { addTempToken, postClient } from "../post.js";
 import { Act, Client, STATE } from "../user.js";
 
+export const requestTempToken: Act = {
+    state: STATE.no,
+    right: 0,
+    data: {},
+    func: async (client: Client, data: any, aws: (code: string, data: any) => void): Promise<void> => {
+        if (!(client instanceof postClient)) return void aws("error", "mode");
+        let token = addTempToken(client);
+        aws("ok", {
+            token
+        });
+    }
+};
+
 export const signup: Act = {
     state: STATE.no,
     right: 0,
@@ -128,7 +142,7 @@ export const remote1 = {
     },
     func: async (client: Client, data: any, aws: (code: string, data: any) => void) => {
         data.server = await outbagURLshort(data.server);
-        try{
+        try {
             var cert = await getRemote(data.server);
             var tagAcert = data.name + "@" + data.server + "-" + data.key;
             if (!(await verify(tagAcert, data.sign, cert))) {
@@ -143,9 +157,9 @@ export const remote1 = {
             client.state = STATE.remoteP;
             client.remoteKey = data.key;
             aws("ok", client.challenge);
-        }catch (e){
+        } catch (e) {
             client.suspect();
-            aws("error","signature");
+            aws("error", "signature");
         }
     }
 };
@@ -157,10 +171,10 @@ export const remote2 = {
         sign: "string"
     },
     func: async (client: Client, data: any, aws: (code: string, data: any) => void) => {
-        if(await verify(client.challenge,data.sign,client.remoteKey)){
+        if (await verify(client.challenge, data.sign, client.remoteKey)) {
             aws("ok", "");
             client.state = STATE.remote;
-        }else{
+        } else {
             client.suspect();
             aws("error", "signature");
         }
diff --git a/src/api/acts/server.ts b/src/api/acts/server.ts
new file mode 100644
index 0000000..e69de29
diff --git a/src/api/post.ts b/src/api/post.ts
index 998263b..ffe32f2 100644
--- a/src/api/post.ts
+++ b/src/api/post.ts
@@ -28,11 +28,13 @@ export const addPostMethods = (server: express.Express) => {
             let client: postClient | null = null;
             try {
                 let auth = authorization.parse(req.headers["authorization"] ?? "");
-                if (auth.token != null && typeof auth.token == "string") {
+                if (auth.scheme == "outbagServer") {
+                    
+                } else if (auth.token != null && typeof auth.token == "string") {
                     if (tempTokens[auth.token] != null) {
                         client = tempTokens[auth.token];
                     } else {
-                        if(req.suspect)req.suspect();
+                        if (req.suspect) req.suspect();
                         aws("error", "token");
                         return;
                     }
@@ -50,7 +52,7 @@ export const addPostMethods = (server: express.Express) => {
                         .query(db);
 
                     if (query.length == 0 || query[0].accountKey != sha256((query[0].accountKeySalt ?? '') + accountKey)) {
-                        if(req.suspect)req.suspect();
+                        if (req.suspect) req.suspect();
                         aws("error", "auth");
                         return;
                     }
@@ -72,7 +74,7 @@ export const addPostMethods = (server: express.Express) => {
     }
 }
 
-class postClient extends Client {
+export class postClient extends Client {
     lastReq = uts();
     constructor(ip: string) {
         super(ip);
diff --git a/src/api/user.ts b/src/api/user.ts
index 5f68bef..b561ffc 100644
--- a/src/api/user.ts
+++ b/src/api/user.ts
@@ -3,14 +3,15 @@ import { accounts, db, roomMembers, rooms } from "../sys/db.js";
 import { addBruteforcePotantial } from "../sys/bruteforce.js";
 
 export const STATE = {
-    no: 0b0001,
-    remoteP: 0b0010,
-    remote: 0b0100,
-    client: 0b1000
+    no:      0b00001,
+    remoteP: 0b00010,
+    remote:  0b00100,
+    client:  0b01000,
+    server:  0b10000,
 };
 
 export const MODE = {
-    ws: 0b01,
+    ws:   0b01,
     post: 0b10,
     both: 0b11,
 };
diff --git a/src/api/ws.ts b/src/api/ws.ts
index 6ed49d8..ca978fb 100644
--- a/src/api/ws.ts
+++ b/src/api/ws.ts
@@ -15,7 +15,7 @@ export const wsOnConnection = (socket: ws.WebSocket, req: http.IncomingMessage)
 
 let clients: wsClient[] = [];
 
-class wsClient extends Client {
+export class wsClient extends Client {
     socket: ws.WebSocket;
     open = true;
     activeRequests = 0;
diff --git a/src/server/serverCerts.ts b/src/server/serverCerts.ts
index b13faf2..d402027 100644
--- a/src/server/serverCerts.ts
+++ b/src/server/serverCerts.ts
@@ -1,6 +1,6 @@
-import { outbagURL } from "./outbagURL.js";
+import { outbagURL, outbagURLshort } from "./outbagURL.js";
 import { db, serverCerts } from "../sys/db.js"
-import { eq, exists, insert, not, remove, select, update } from "dblang";
+import { eq, insert, select, update } from "dblang";
 import { error, log } from "../sys/log.js";
 import { uts } from "../sys/tools.js";
 import { getSettings, setSettings, SETTINGS } from "../sys/settings.js"
@@ -21,13 +21,12 @@ export const startUpdateCerts = () => {
     };
     let intervalId = setInterval(update, 1000 * 60);
     update();
-    
+
     nman.addShutdownTask(() => {
         clearInterval(intervalId);
     }, 100);
 }
 
-
 async function updateRemote(url: string, pKey: string = ""): Promise<boolean | string> {
     var urlP = await outbagURL(url);
     return new Promise((res, rej) => {
@@ -63,9 +62,9 @@ async function updateRemote(url: string, pKey: string = ""): Promise<boolean | s
                     return;
                 }
                 res(false);
-            })
-    })
-}
+            });
+    });
+};
 
 export const getRemote = async (url: string) => {
     let query = await select([serverCerts.publicKey, serverCerts.expires], serverCerts)
@@ -74,4 +73,4 @@ export const getRemote = async (url: string) => {
     if (query.length == 0 || query[0][serverCerts.expires] < uts() - 60)
         return await updateRemote(url, query[0][serverCerts.publicKey]);
     return query[0][serverCerts.publicKey];
-}
+};
diff --git a/src/sys/db.ts b/src/sys/db.ts
index fbdf3e0..8985c10 100644
--- a/src/sys/db.ts
+++ b/src/sys/db.ts
@@ -72,7 +72,8 @@ serverCerts.addAttributes({
     serverCertID: { type: INT, primaryKey: true, autoIncrement: true },
     url: { type: TEXT },
     publicKey: { type: TEXT },
-    expires: { type: BIGINT }
+    expires: { type: BIGINT },
+    token: { type: TEXT, notNull: false },
 });
 
 export const signupOTA = db.newTable("signupOTA");