diff --git a/src/api/figura/profile.rs b/src/api/figura/profile.rs
index eb9914e..724d46b 100644
--- a/src/api/figura/profile.rs
+++ b/src/api/figura/profile.rs
@@ -155,7 +155,7 @@ pub async fn delete_avatar(Token(token): Token, State(state): State<AppState>) -
     Ok("ok".to_string())
 }
 
-fn send_event(broadcasts: &Arc<DashMap<Uuid, Sender<Vec<u8>>>>, uuid: &Uuid) {
+pub fn send_event(broadcasts: &Arc<DashMap<Uuid, Sender<Vec<u8>>>>, uuid: &Uuid) {
     if let Some(broadcast) = broadcasts.get(&uuid) {
         if broadcast.send(S2CMessage::Event(*uuid).to_vec()).is_err() {
             debug!("[WebSocket] Failed to send Event! There is no one to send. UUID: {uuid}")
diff --git a/src/api/v1/auth.rs b/src/api/v1/auth.rs
deleted file mode 100644
index 54a5491..0000000
--- a/src/api/v1/auth.rs
+++ /dev/null
@@ -1,22 +0,0 @@
-use axum::{extract::State, http::StatusCode, response::{IntoResponse, Response}};
-
-use crate::{auth::Token, AppState};
-
-pub async fn status(
-    Token(token): Token,
-    State(state): State<AppState>
-) -> Response {
-    match token {
-        Some(token) => {
-            if state.user_manager.is_authenticated(&token) {
-                (StatusCode::OK, "ok".to_string()).into_response()
-            } else {
-
-                (StatusCode::UNAUTHORIZED, "unauthorized".to_string()).into_response()
-            }
-        }
-        None => {
-            (StatusCode::BAD_REQUEST, "bad request".to_string()).into_response()
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/api/v1/avatars.rs b/src/api/v1/avatars.rs
new file mode 100644
index 0000000..4d74efe
--- /dev/null
+++ b/src/api/v1/avatars.rs
@@ -0,0 +1,56 @@
+use axum::{body::Bytes, extract::{Path, State}, http::StatusCode, response::{IntoResponse, Response}};
+use tokio::{fs, io::{self, BufWriter}};
+use uuid::Uuid;
+
+use crate::{api::figura::profile::send_event, auth::Token, AppState};
+
+pub async fn upload_avatar(
+    Path(uuid): Path<Uuid>,
+    Token(token): Token,
+    State(state): State<AppState>,
+    body: Bytes,
+) -> Response {
+    let request_data = body;
+
+    match state.config.lock().await.clone().verify_token(&token) {
+        Ok(_) => {},
+        Err(err) => return err,
+    };
+
+    tracing::info!(
+        "trying to upload the avatar for {}",
+        uuid,
+    );
+
+    let avatar_file = format!("avatars/{}.moon", &uuid);
+    let mut file = BufWriter::new(fs::File::create(&avatar_file).await.unwrap());
+    io::copy(&mut request_data.as_ref(), &mut file).await.unwrap();
+    send_event(&state.broadcasts, &uuid);
+
+    (StatusCode::OK, "ok".to_string()).into_response()
+}
+
+pub async fn delete_avatar(
+    Path(uuid): Path<Uuid>,
+    Token(token): Token,
+    State(state): State<AppState>
+) -> Response {
+    match state.config.lock().await.clone().verify_token(&token) {
+        Ok(_) => {},
+        Err(err) => return err,
+    };
+
+    tracing::info!(
+        "trying to delete the avatar for {}",
+        uuid,
+    );
+
+    let avatar_file = format!("avatars/{}.moon", &uuid);
+    match fs::remove_file(avatar_file).await {
+        Ok(_) => {},
+        Err(_) => return (StatusCode::NOT_FOUND, "avatar doesn't exist".to_string()).into_response()
+    };
+    send_event(&state.broadcasts, &uuid);
+
+    (StatusCode::OK, "ok".to_string()).into_response()
+}
\ No newline at end of file
diff --git a/src/api/v1/mod.rs b/src/api/v1/mod.rs
index 2412d92..79ac318 100644
--- a/src/api/v1/mod.rs
+++ b/src/api/v1/mod.rs
@@ -1,16 +1,17 @@
-use axum::{routing::{get, post}, Router};
+use axum::{extract::DefaultBodyLimit, routing::{delete, get, post, put}, Router};
 use crate::AppState;
 
 mod http2ws;
 mod users;
-mod auth;
 mod types;
+mod avatars;
 
 pub fn router() -> Router<AppState> {
     Router::new()
         .route("/verify", get(http2ws::verify))
         .route("/raw", post(http2ws::raw))
         .route("/sub/raw", post(http2ws::sub_raw))
-        .route("/auth/", get(auth::status))
-        .route("/users/create", post(users::create_user))
+        .route("/user/create", post(users::create_user))
+        .route("/avatar/:uuid", put(avatars::upload_avatar).layer(DefaultBodyLimit::disable()))
+        .route("/avatar/:uuid", delete(avatars::delete_avatar))
 }
\ No newline at end of file
diff --git a/src/api/v1/users.rs b/src/api/v1/users.rs
index 2832c4a..34e8243 100644
--- a/src/api/v1/users.rs
+++ b/src/api/v1/users.rs
@@ -13,11 +13,12 @@ pub(super) async fn create_user(
     State(state): State<AppState>,
     Json(json): Json<Userinfo>
 ) -> Response {
-    debug!("Json: {json:?}");
     match state.config.lock().await.clone().verify_token(&token) {
         Ok(_) => {},
         Err(e) => return e,
     }
+
+    debug!("Creating new user: {json:?}");
     
     state.user_manager.insert_user(json.uuid, json);
     (StatusCode::OK, "ok".to_string()).into_response()
diff --git a/src/auth/auth.rs b/src/auth/auth.rs
index 748a805..a6ee9ec 100644
--- a/src/auth/auth.rs
+++ b/src/auth/auth.rs
@@ -137,7 +137,7 @@ impl UManager {
     ) -> Option<dashmap::mapref::one::Ref<'_, Uuid, Userinfo>> {
         self.registered.get(uuid)
     }
-    pub fn is_authenticated(&self, token: &String) -> bool {
+    pub fn _is_authenticated(&self, token: &String) -> bool {
         self.authenticated.contains_key(token)
     }
     pub fn _is_registered(&self, uuid: &Uuid) -> bool {