diff --git a/server-api/src/admin.rs b/server-api/src/admin.rs
new file mode 100644
index 0000000..42a602c
--- /dev/null
+++ b/server-api/src/admin.rs
@@ -0,0 +1,46 @@
+// Module deals endpoints pertaining to admin-only actions
+
+use hyper::{Response, Body};
+use hyper::StatusCode::{NOT_FOUND, BAD_REQUEST, INTERNAL_SERVER_ERROR};
+
+use mysql_async::Pool;
+use mysql_async::error::Error as SqlError;
+use mysql_async::prelude::Queryable;
+
+use serde_json::Value;
+
+use crate::perms::ADMIN_PERMS;
+
+async fn modify_perms(p: &Pool, target: u64, new_perms: u64) -> Result<(), SqlError>{
+    use mysql_async::params;
+    let conn = p.get_conn().await?;
+    conn.prep_exec(
+        "UPDATE members SET permissions = :perms WHERE id = :id", 
+        params!{
+            "id" => target,
+            "perms" => new_perms
+        }).await?;
+
+    Ok(())
+}
+
+async fn new_admin(p: &Pool, response: &mut Response<Body>, params: Value) {
+    // @requires: owner level permission as regular admins can have conflict of interests
+    let target_id_opt: Option<u64> = match params.get("target-id") {
+        Some(val) => val.as_u64(),
+        None => None
+    };
+
+    if let Some(uid) = target_id_opt {
+        if !modify_perms(p, uid, ADMIN_PERMS).await.is_ok() {
+            *response.status_mut() = NOT_FOUND;
+            *response.body_mut() = Body::from("User not found with that id");
+        }
+    }
+    else {
+        // this is likely the users fault providing shit ass json
+        *response.status_mut() = BAD_REQUEST;
+        *response.body_mut() = Body::from("Missing target user id");
+    }
+}
+
diff --git a/server-api/src/main.rs b/server-api/src/main.rs
index 3e34229..cedcd1e 100644
--- a/server-api/src/main.rs
+++ b/server-api/src/main.rs
@@ -32,6 +32,7 @@ mod channels;
 mod members;
 mod perms;
 mod messages;
+mod admin;
 
 mod http_params;
 mod db_types;