diff --git a/server/src/auth.rs b/server/src/auth.rs
index 401262a..97e989e 100644
--- a/server/src/auth.rs
+++ b/server/src/auth.rs
@@ -27,6 +27,10 @@ pub struct AuthKey {
     secret: String,
 }
 
+#[derive(Serialize)]
+pub struct SessionToken {
+    pub data: String
+}
 pub type AuthResult<T, AuthErr> = std::result::Result<T, AuthErr>;
 
 #[derive(Debug, Clone)]
@@ -73,7 +77,7 @@ pub fn join(conn: DBConn, hashcode: u64, name: String) -> AuthResult<Json<User>,
         match data.uses {
             1 ..= std::i32::MAX => {
                 let new_user = crate::users::create_new_user(name);
-                // update the uses counter
+                // At this point we don't really care about the return
                 let _ignore = diesel::update(invites.filter(invites::dsl::id.eq(hashcode)))
                     .set(uses.eq(data.uses - 1))
                     .execute(&conn.0);
@@ -95,6 +99,44 @@ pub fn join(conn: DBConn, hashcode: u64, name: String) -> AuthResult<Json<User>,
     }
 }
 
+fn confirm_user_api_access(conn: &MysqlConnection, user_id: u64, user_secret: &str) -> bool {
+    use schema::users::{self, dsl::*};
+    let result = users
+        .filter(id.eq(user_id))
+        .filter(secret.eq(user_secret))
+        .first::<User>(conn);
+    
+    match result {
+        Ok(_data) => true,
+        Err(_e) => false
+    }
+}
+
+fn blind_remove_session(conn: &MysqlConnection, sesh_secret: &str) {
+}
+
+#[post("/login", data = "<api_key>")]
+pub fn login(conn: DBConn, api_key: Form<AuthKey>) -> AuthResult<Json<SessionToken>, AuthErr>{
+    /*
+     * Session Tokens are used to key into a subset of online users
+     * This is what should make queries faster per instance as we'll have less data to sift through w/ diesel
+    */
+
+    if confirm_user_api_access(&conn.0, api_key.id, &api_key.secret) {
+        // Dump any tokens from before and make a new one
+        blind_remove_session(&conn.0, &api_key.secret);
+        Ok(Json(SessionToken {
+            data: "skeleton code".to_string()
+        }))
+    }
+    else {
+        Err(AuthErr {
+            msg: "Nothing found",
+            status: 400
+        })
+    }
+}
+
 #[post("/leave", data = "<api_key>")]
 pub fn leave(conn: DBConn, api_key: Form<AuthKey>) -> Status {
     /*