diff --git a/VoidCat/Controllers/Admin/AdminController.cs b/VoidCat/Controllers/Admin/AdminController.cs
index 7ac0e48..49e152f 100644
--- a/VoidCat/Controllers/Admin/AdminController.cs
+++ b/VoidCat/Controllers/Admin/AdminController.cs
@@ -65,7 +65,7 @@ public class AdminController : Controller
     /// <param name="request">Page request</param>
     /// <returns></returns>
     [HttpPost]
-    [Route("user")]
+    [Route("users")]
     public async Task<RenderedResults<AdminListedUser>> ListUsers([FromBody] PagedRequest request)
     {
         var result = await _userStore.ListUsers(request);
@@ -91,7 +91,7 @@ public class AdminController : Controller
     /// <param name="user"></param>
     /// <returns></returns>
     [HttpPost]
-    [Route("user/{id}")]
+    [Route("update-user")]
     public async Task<IActionResult> UpdateUser([FromBody] PrivateVoidUser user)
     {
         var oldUser = await _userStore.Get(user.Id);
diff --git a/VoidCat/Controllers/AuthController.cs b/VoidCat/Controllers/AuthController.cs
index f4e6fa7..082eae0 100644
--- a/VoidCat/Controllers/AuthController.cs
+++ b/VoidCat/Controllers/AuthController.cs
@@ -52,7 +52,7 @@ public class AuthController : Controller
             }
 
             var user = await _manager.Login(req.Username, req.Password);
-            var token = CreateToken(user);
+            var token = CreateToken(user, DateTime.UtcNow.AddHours(12));
             var tokenWriter = new JwtSecurityTokenHandler();
             return new(tokenWriter.WriteToken(token), Profile: user.ToPublic());
         }
@@ -86,7 +86,7 @@ public class AuthController : Controller
             }
 
             var newUser = await _manager.Register(req.Username, req.Password);
-            var token = CreateToken(newUser);
+            var token = CreateToken(newUser, DateTime.UtcNow.AddHours(12));
             var tokenWriter = new JwtSecurityTokenHandler();
             return new(tokenWriter.WriteToken(token), Profile: newUser.ToPublic());
         }
@@ -137,7 +137,7 @@ public class AuthController : Controller
         {
             Id = Guid.NewGuid(),
             UserId = user.Id,
-            Token = new JwtSecurityTokenHandler().WriteToken(CreateApiToken(user, expiry)),
+            Token = new JwtSecurityTokenHandler().WriteToken(CreateToken(user, expiry)),
             Expiry = expiry
         };
 
@@ -145,7 +145,7 @@ public class AuthController : Controller
         return Json(key);
     }
 
-    private JwtSecurityToken CreateApiToken(VoidUser user, DateTime expiry)
+    private JwtSecurityToken CreateToken(VoidUser user, DateTime expiry)
     {
         var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_settings.JwtSettings.Key));
         var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
@@ -153,7 +153,6 @@ public class AuthController : Controller
         var claims = new List<Claim>()
         {
             new(ClaimTypes.NameIdentifier, user.Id.ToString()),
-            new(JwtRegisteredClaimNames.Aud, "API"),
             new(JwtRegisteredClaimNames.Exp, new DateTimeOffset(expiry).ToUnixTimeSeconds().ToString()),
             new(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString())
         };
@@ -164,24 +163,6 @@ public class AuthController : Controller
             signingCredentials: credentials);
     }
 
-    private JwtSecurityToken CreateToken(VoidUser user)
-    {
-        var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_settings.JwtSettings.Key));
-        var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
-
-        var claims = new List<Claim>()
-        {
-            new(ClaimTypes.NameIdentifier, user.Id.ToString()),
-            new(JwtRegisteredClaimNames.Exp, DateTimeOffset.UtcNow.AddHours(6).ToUnixTimeSeconds().ToString()),
-            new(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString())
-        };
-
-        claims.AddRange(user.Roles.Select(a => new Claim(ClaimTypes.Role, a)));
-
-        return new JwtSecurityToken(_settings.JwtSettings.Issuer, claims: claims,
-            signingCredentials: credentials);
-    }
-
     public sealed class LoginRequest
     {
         public LoginRequest(string username, string password)
diff --git a/VoidCat/Services/Users/UsersStartup.cs b/VoidCat/Services/Users/UsersStartup.cs
index 1b88548..e1de418 100644
--- a/VoidCat/Services/Users/UsersStartup.cs
+++ b/VoidCat/Services/Users/UsersStartup.cs
@@ -19,6 +19,7 @@ public static class UsersStartup
         {
             services.AddTransient<IUserStore, CacheUserStore>();
             services.AddTransient<IEmailVerification, CacheEmailVerification>();
+            services.AddTransient<IApiKeyStore, CacheApiKeyStore>();
         }
     }
 }
\ No newline at end of file
diff --git a/VoidCat/spa/src/Api.js b/VoidCat/spa/src/Api.js
index 9a227f2..a8479be 100644
--- a/VoidCat/spa/src/Api.js
+++ b/VoidCat/spa/src/Api.js
@@ -27,8 +27,8 @@ export function useApi() {
         AdminApi: {
             fileList: (pageReq) => getJson("POST", "/admin/file", pageReq, auth),
             deleteFile: (id) => getJson("DELETE", `/admin/file/${id}`, undefined, auth),
-            userList: (pageReq) => getJson("POST", `/admin/user`, pageReq, auth),
-            updateUser: (user) => getJson("POST", `/admin/user/${user.id}`, user, auth)
+            userList: (pageReq) => getJson("POST", `/admin/users`, pageReq, auth),
+            updateUser: (user) => getJson("POST", `/admin/update-user`, user, auth)
         },
         Api: {
             info: () => getJson("GET", "/info"),