diff --git a/src/controller/admin/user/apiController.ts b/src/controller/admin/user/apiController.ts
new file mode 100644
index 0000000..93aee08
--- /dev/null
+++ b/src/controller/admin/user/apiController.ts
@@ -0,0 +1,141 @@
+import { Request, Response } from "express";
+import ApiService from "../../../service/user/apiService";
+import ApiFactory from "../../../factory/admin/user/api";
+import ApiPermissionService from "../../../service/user/apiPermissionService";
+import PermissionHelper from "../../../helpers/permissionHelper";
+import { CreateApiCommand, DeleteApiCommand, UpdateApiCommand } from "../../../command/user/api/apiCommand";
+import ApiCommandHandler from "../../../command/user/api/apiCommandHandler";
+import { UpdateApiPermissionsCommand } from "../../../command/user/api/apiPermissionCommand";
+import ApiPermissionCommandHandler from "../../../command/user/api/apiPermissionCommandHandler";
+
+/**
+ * @description get All apis
+ * @param req {Request} Express req object
+ * @param res {Response} Express res object
+ * @returns {Promise<*>}
+ */
+export async function getAllApis(req: Request, res: Response): Promise<any> {
+  let apis = await ApiService.getAll();
+
+  res.json(ApiFactory.mapToBase(apis));
+}
+
+/**
+ * @description get api by id
+ * @param req {Request} Express req object
+ * @param res {Response} Express res object
+ * @returns {Promise<*>}
+ */
+export async function getApiById(req: Request, res: Response): Promise<any> {
+  const id = parseInt(req.params.id);
+  let api = await ApiService.getById(id);
+
+  res.json(ApiFactory.mapToSingle(api));
+}
+
+/**
+ * @description get api token by id
+ * @param req {Request} Express req object
+ * @param res {Response} Express res object
+ * @returns {Promise<*>}
+ */
+export async function getApiTokenById(req: Request, res: Response): Promise<any> {
+  const id = parseInt(req.params.id);
+  let { token } = await ApiService.getTokenById(id);
+
+  res.send(token);
+}
+
+/**
+ * @description get permissions by api
+ * @param req {Request} Express req object
+ * @param res {Response} Express res object
+ * @returns {Promise<*>}
+ */
+export async function getApiPermissions(req: Request, res: Response): Promise<any> {
+  const id = parseInt(req.params.id);
+  let permissions = await ApiPermissionService.getByApi(id);
+
+  res.json(PermissionHelper.convertToObject(permissions.map((p) => p.permission)));
+}
+
+/**
+ * @description create new api
+ * @param req {Request} Express req object
+ * @param res {Response} Express res object
+ * @returns {Promise<*>}
+ */
+export async function createApi(req: Request, res: Response): Promise<any> {
+  let title = req.body.title;
+  let expiry = req.body.expiry;
+
+  // TODO: create jwt as token to prevent random string tests
+
+  let createApi: CreateApiCommand = {
+    token: "",
+    title: title,
+    expiry: expiry,
+  };
+  await ApiCommandHandler.create(createApi);
+
+  res.sendStatus(204);
+}
+
+/**
+ * @description update api data
+ * @param req {Request} Express req object
+ * @param res {Response} Express res object
+ * @returns {Promise<*>}
+ */
+export async function updateApi(req: Request, res: Response): Promise<any> {
+  const id = parseInt(req.params.id);
+  let title = req.body.title;
+  let expiry = req.body.expiry;
+
+  let updateApi: UpdateApiCommand = {
+    id: id,
+    title: title,
+    expiry: expiry,
+  };
+  await ApiCommandHandler.update(updateApi);
+
+  res.sendStatus(204);
+}
+
+/**
+ * @description update api assigned permission strings
+ * @param req {Request} Express req object
+ * @param res {Response} Express res object
+ * @returns {Promise<*>}
+ */
+export async function updateApiPermissions(req: Request, res: Response): Promise<any> {
+  const id = parseInt(req.params.id);
+  let permissions = req.body.permissions;
+
+  let permissionStrings = PermissionHelper.convertToStringArray(permissions);
+
+  let updateApiPermissions: UpdateApiPermissionsCommand = {
+    apiId: id,
+    permissions: permissionStrings,
+  };
+  await ApiPermissionCommandHandler.updatePermissions(updateApiPermissions);
+
+  res.sendStatus(204);
+}
+
+/**
+ * @description delete api by id
+ * @param req {Request} Express req object
+ * @param res {Response} Express res object
+ * @returns {Promise<*>}
+ */
+export async function deleteApi(req: Request, res: Response): Promise<any> {
+  const id = parseInt(req.params.id);
+
+  let deleteApi: DeleteApiCommand = {
+    id: id,
+  };
+  await ApiCommandHandler.delete(deleteApi);
+
+  res.sendStatus(204);
+}
diff --git a/src/entity/user/api.ts b/src/entity/user/api.ts
index 36279fd..3e21b78 100644
--- a/src/entity/user/api.ts
+++ b/src/entity/user/api.ts
@@ -1,4 +1,5 @@
-import { Column, CreateDateColumn, Entity, PrimaryColumn } from "typeorm";
+import { Column, CreateDateColumn, Entity, OneToMany, PrimaryColumn } from "typeorm";
+import { apiPermission } from "./api_permission";
 
 @Entity()
 export class api {
@@ -19,4 +20,7 @@ export class api {
 
   @Column({ type: "datetime", nullable: true })
   expiry?: Date;
+
+  @OneToMany(() => apiPermission, (apiPermission) => apiPermission.api)
+  permissions: apiPermission[];
 }
diff --git a/src/entity/user/api_permission.ts b/src/entity/user/api_permission.ts
index 1b031b4..4e7509f 100644
--- a/src/entity/user/api_permission.ts
+++ b/src/entity/user/api_permission.ts
@@ -1,4 +1,4 @@
-import { Column, Entity, ManyToOne, PrimaryColumn } from "typeorm";
+import { Column, Entity, ManyToOne, OneToMany, PrimaryColumn } from "typeorm";
 import { PermissionObject, PermissionString } from "../../type/permissionTypes";
 import { api } from "./api";
 
diff --git a/src/factory/admin/user/api.ts b/src/factory/admin/user/api.ts
new file mode 100644
index 0000000..111be2a
--- /dev/null
+++ b/src/factory/admin/user/api.ts
@@ -0,0 +1,30 @@
+import { api } from "../../../entity/user/api";
+import PermissionHelper from "../../../helpers/permissionHelper";
+import { ApiViewModel } from "../../../viewmodel/admin/user/api.models";
+
+export default abstract class ApiFactory {
+  /**
+   * @description map record to api
+   * @param {api} record
+   * @returns {apiViewModel}
+   */
+  public static mapToSingle(record: api): ApiViewModel {
+    return {
+      id: record.id,
+      permissions: PermissionHelper.convertToObject(record.permissions.map((e) => e.permission)),
+      title: record.title,
+      expiry: record.expiry,
+      lastUsage: record.lastUsage,
+      createdAt: record.createdAt,
+    };
+  }
+
+  /**
+   * @description map records to api
+   * @param {Array<api>} records
+   * @returns {Array<apiViewModel>}
+   */
+  public static mapToBase(records: Array<api>): Array<ApiViewModel> {
+    return records.map((r) => this.mapToSingle(r));
+  }
+}
diff --git a/src/viewmodel/admin/user/api.models.ts b/src/viewmodel/admin/user/api.models.ts
new file mode 100644
index 0000000..cf3a861
--- /dev/null
+++ b/src/viewmodel/admin/user/api.models.ts
@@ -0,0 +1,10 @@
+import { PermissionObject } from "../../../type/permissionTypes";
+
+export interface ApiViewModel {
+  id: number;
+  permissions: PermissionObject;
+  title: string;
+  createdAt: Date;
+  lastUsage?: Date;
+  expiry?: Date;
+}