diff --git a/json-api/src/main.rs b/json-api/src/main.rs
index a1e1a38..66588b1 100644
--- a/json-api/src/main.rs
+++ b/json-api/src/main.rs
@@ -58,7 +58,8 @@ async fn route_dispatcher(
         path: &str, 
         body: Body,
         params: HashMap<String, String>,
-        headers: HeaderMap) {
+        headers: HeaderMap,
+        claims: Option<auth::Claim>/* Faster id/perms access from here */) {
 
     const GET: &Method = &Method::GET;
     const POST: &Method = &Method::POST;
@@ -87,6 +88,8 @@ async fn route_dispatcher(
         (POST, routes::SET_NEW_ADMIN) => admin::new_admin(pool, resp, params).await,
         /* META ROUTE */
         (GET, routes::META) => meta::server_meta(resp).await,
+        /* Federated Routes */
+        (GET, routes::GET_NEIGHBORS) => meta::server_neighbors(pool, resp).await,
         _ => {
             println!("[HTTP]\tNOT FOUND: {}: {}", meth, path);
             *resp.status_mut() = StatusCode::NOT_FOUND
@@ -109,15 +112,18 @@ async fn main_responder(request: Request<Body>) -> Result<Response<Body>, hyper:
         None
     };
 
-    if let Some(params) = params_opt {
-        match auth::wall_entry(path, &DB_POOL, &params).await {
-            OpenAuth | Good => {
-                // route dispatch has its own more comprehensive logging
-                route_dispatcher(&DB_POOL, &mut response, &method, path, body, params, headers).await;
+    if let Some(qs) = params_opt {
+        match auth::wall_entry(path, &DB_POOL, &qs).await {
+            OpenAuth => {
+                route_dispatcher(&DB_POOL, &mut response, &method, path, body, qs, headers, None).await;
             },
-            LoginValid => {
+            // Only with typical routes do we have to inject the permissions
+            Good(claim) => {
+                route_dispatcher(&DB_POOL, &mut response, &method, path, body, qs, headers, Some(claim)).await;
+            },
+            LoginValid(member) => {
                 println!("[HTTP] POST /login");
-                auth::login_get_jwt(&mut response, params).await;
+                auth::login_get_jwt(&DB_POOL, &mut response, member).await;
             },
             NoKey | BadKey => {
                 *response.status_mut() = StatusCode::UNAUTHORIZED;
@@ -225,6 +231,13 @@ fn init_config() -> Result<(), Box<dyn std::error::Error>> {
 
     set_var("PUBLIC_URL", fields.public_url);
     set_var("PUBLIC_WS_URL", fields.public_ws_url);
+    // NOTE: the debug print actually prints out what looks to be valid json
+    // so we're just going to leverage that for passing this bs around
+    let tags_json = match fields.tags {
+        Some(t) => format!("{:?}", t),
+        None => format!("[]")
+    };
+    set_var("SERVER_TAGS", tags_json);
 
     Ok(())
 }