diff --git a/public/api.html b/public/api.html
new file mode 100644
index 0000000..6e6086a
--- /dev/null
+++ b/public/api.html
@@ -0,0 +1,542 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <link rel="stylesheet" href="/css/main.css">
+    <link rel="stylesheet" href="/css/header.css">
+    <link rel="stylesheet" href="/css/console.css">
+    <link rel="stylesheet" href="/css/api.css">
+    <title>XSSBook - API Documentation</title>
+</head>
+<body>
+    <div id="header">
+        <span class="logo"><a href="/">xssbook</a></span>
+        <span class="gtext desc" style="margin-left: 6em; font-size: 2em; color: #606770">API Documentation</span>
+    </div>
+    <div id="docs">
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/auth/register</span>
+                <span class="desc">Registeres a new account</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"firstname"</span> : <span class="string">"[Object"</span><br>
+                        <span class="key">"lastname"</span> : <span class="string">"object]"</span><br>
+                        <span class="key">"email"</span> : <span class="string">"object@object.object"</span><br>
+                        <span class="key">"password"</span> : <span class="string">"i love js"</span><br>
+                        <span class="key">"gender"</span> : <span class="string">"lettuce"</span><br>
+                        <span class="key">"day"</span> : <span class="number">1</span><br>
+                        <span class="key">"month"</span> : <span class="number">1</span><br>
+                        <span class="key">"year"</span> : <span class="number">1970</span><br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">201</span>
+                    <span class="pdesc">Successfully created new user, auth cookie is returned</span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does not match paramaters</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/auth/login</span>
+                <span class="desc">Logs into an existing account</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"email"</span> : <span class="string">"object@object.object"</span><br>
+                        <span class="key">"password"</span> : <span class="string">"i love js"</span><br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Successfully logged in, auth cookie is returned</span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does not match paramaters, or email/password is already in use</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/auth/logout</span>
+                <span class="desc">Logs out of an logged in account</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Successfully logged out</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to log out user</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/posts/create</span>
+                <span class="desc">Creates a new post</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"content"</span> : <span class="string">"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua."</span><br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">201</span>
+                    <span class="pdesc">Successfully created post</span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does not match paramaters</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to create post</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/posts/page</span>
+                <span class="desc">Load a section of posts from newest to oldest</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"page"</span> : <span class="number">0</span><br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Returns posts in <span>application/json</span></span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does not match paramaters</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to fetch posts</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/posts/user</span>
+                <span class="desc">Load a section of posts from newest to oldest from a specific user</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                 <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"user_id"</span> : <span class="number">3</span><br>
+                        <span class="key">"page"</span> : <span class="number">0</span><br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Returns posts in <span>application/json</span></span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does not match paramaters</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to fetch posts</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method patch">PATCH</span>
+                <span class="uri">/api/posts/comment</span>
+                <span class="desc">Adds a comment to a post</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"content"</span> : <span class="string">"This is a very good post"</span><br>
+                        <span class="key">"post_id"</span> : <span class="number">0</span><br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Successfully added comment</span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does not match paramaters</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to add comment</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method patch">PATCH</span>
+                <span class="uri">/api/posts/like</span>
+                <span class="desc">Set like status on a post</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"state"</span> : <span class="bool">true</span><br>
+                        <span class="key">"post_id"</span> : <span class="number">0</span><br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Successfully set like status</span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does not match paramaters</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to set like status</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/users/load</span>
+                <span class="desc">Load a requested set of users</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"ids"</span> : [<span class="number">0</span>,<span class="number">3</span>,<span class="number">7</span>]<br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Returns users in <span>application/json</span></span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does not match paramaters</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to fetch users</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/users/page</span>
+                <span class="desc">Load a section of users from newest to oldest</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"page"</span> : <span class="number">0</span><br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Returns users in <span>application/json</span></span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does not match paramaters</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to fetch users</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/users/self</span>
+                <span class="desc">Returns current authenticated user (whoami)</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Returns authed user in <span>application/json</span></span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to fetch user</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method put">PUT</span>
+                <span class="uri">/api/users/avatar</span>
+                <span class="desc">Set your current profile avatar</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    PNG sent as a binary blob
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Successfully updated avatar</span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Invalid PNG or disallowed size</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to update avatar</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method put">PUT</span>
+                <span class="uri">/api/users/banner</span>
+                <span class="desc">Set your current profile banner</span>
+                <span class="auth"><span>auth</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    PNG sent as a binary blob
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Successfully updated banner</span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Invalid PNG or disallowed size</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to update banner</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/admin/auth</span>
+                <span class="desc">Authenticates on the admin panel</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"secret"</span> : <span class="string">"admin"</span><br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Successfully authed, admin cookie returned</span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does match parameters, or invalid admin scret</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/admin/query</span>
+                <span class="desc">Run a SQL query on the database</span>
+                <span class="auth"><span>admin</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Body</h2>
+                <div class="body">
+                    <span>{</span><br>
+                        <span class="key">"query"</span> : <span class="string">"DROP TABLE users;"</span><br>
+                    <span>}</span><br>
+                </div>
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Successfully ran SQL query</span>
+                </div>
+                <div>
+                    <span class="ptype">400</span>
+                    <span class="pdesc">Body does match parameters</span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">SQL query error</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/admin/posts</span>
+                <span class="desc">Returns the entire posts table</span>
+                <span class="auth"><span>admin</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Returns sql table in <span>text/html</span></span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to fetch data</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/admin/users</span>
+                <span class="desc">Returns the entire users table</span>
+                <span class="auth"><span>admin</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Returns sql table in <span>text/html</span></span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to fetch data</span>
+                </div>
+            </div>
+        </div>
+        <div>
+            <div class="endpoint">
+                <span class="method post">POST</span>
+                <span class="uri">/api/admin/sessions</span>
+                <span class="desc">Returns the entire posts sessions</span>
+                <span class="auth"><span>admin</span> cookie is required for authentication</span>
+            </div>
+            <div class="info">
+                <h2>Responses</h2>
+                <div>
+                    <span class="ptype">200</span>
+                    <span class="pdesc">Returns sql table in <span>text/html</span></span>
+                </div>
+                <div>
+                    <span class="ptype">401</span>
+                    <span class="pdesc">Unauthorized</span>
+                </div>
+                <div>
+                    <span class="ptype">500</span>
+                    <span class="pdesc">Failed to fetch data</span>
+                </div>
+            </div>
+        </div>
+    </div>
+</body>
\ No newline at end of file
diff --git a/public/css/api.css b/public/css/api.css
new file mode 100644
index 0000000..8358538
--- /dev/null
+++ b/public/css/api.css
@@ -0,0 +1,128 @@
+body {
+    margin: 0;
+    padding: 0;
+    background-color: #181818;
+    overflow-x: hidden;
+    font-family: sfpro;
+}
+
+#docs {
+    margin-top: 5.5em;
+    width: 100%;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+}
+
+#docs>div {
+    display: block;
+    max-width: 100%;
+    width: 100em;
+    background-color: #242424;
+    border-radius: .5em;
+    padding: 1em;
+    box-shadow: 0 2px 4px rgba(0, 0, 0, .05), 0 8px 16px rgba(0, 0, 0, .05);
+    margin-bottom: 2em;
+}
+
+.endpoint {
+    width: 100%;
+    height: 3em;
+    display: flex;
+    align-items: center;
+    flex-direction: row;
+}
+
+.method {
+    font-family: sfprobold;
+    font-size: 1em;
+    color: #e2ded6;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    border-radius: 3px;
+    width: 5em;
+    height: 2em;
+    margin-left: .5em;
+}
+
+.uri {
+    margin-left: 1em;
+    font-size: 1.25em;
+    display: inline-block;
+    font-family: sfprobold;
+}
+
+.auth {
+    flex: 1;
+    text-align: right;
+    padding-right: 20px;
+    font-size: 1.25em;
+}
+
+.desc {
+    margin-left: 2em;
+}
+
+.info {
+    width: 100%;
+    font-family: sfpro;
+    display: flex;
+    flex-direction: column;
+}
+
+h2 {
+    border-bottom: 1px solid #e2ded6;
+    margin-top: 0;
+    padding: 10px;
+    font-size: 20px;
+}
+
+.info div {
+    width: calc(100% - 4em);
+    margin-left: 2em;
+    padding-bottom: .5em;
+}
+
+.ptype {
+    font-size: 1.25em;
+    width: 20em;
+    display: inline-block;
+}
+
+.auth span, .ptype span, .pdesc span {
+    color: orange;
+}
+
+.bigger {
+    width: 100%;
+    margin-left: 2em;
+}
+
+.pdesc {
+    font-size: 1em;
+    display: inline-block;
+}
+
+.body {
+    padding: 20px !important;
+    width: calc(100% - 4em - 40px) !important;
+    display: block;
+    background-color: #181818;
+}
+
+.post {
+    background-color: #853fe0ff;
+}
+
+.patch {
+    background-color: #e0773f;
+}
+
+.put {
+    background-color: #bfa354;
+}
+
+.key { 
+    margin-left: 40px; 
+}
\ No newline at end of file
diff --git a/src/api/posts.rs b/src/api/posts.rs
index d85fb98..6aa074f 100644
--- a/src/api/posts.rs
+++ b/src/api/posts.rs
@@ -119,7 +119,7 @@ async fn comment(
     Json(body): Json<PostCommentRequest>,
 ) -> Response {
     let Ok(mut post) = Post::from_post_id(body.post_id) else {
-        return ResponseCode::InternalServerError.text("Failed to fetch posts")
+        return ResponseCode::InternalServerError.text("Failed to add comment")
     };
 
     if let Err(err) = post.comment(user.user_id, body.content) {
diff --git a/src/public/pages.rs b/src/public/pages.rs
index 1614d81..196a441 100644
--- a/src/public/pages.rs
+++ b/src/public/pages.rs
@@ -48,6 +48,10 @@ async fn admin() -> Response {
     super::serve("/admin.html").await
 }
 
+async fn api() -> Response {
+    super::serve("/api.html").await
+}
+
 async fn wordpress(_: Log) -> Response {
     ResponseCode::ImATeapot.text("Hello i am a teapot owo")
 }
@@ -62,4 +66,5 @@ pub fn router() -> Router {
         .route("/console", get(console))
         .route("/wp-admin", get(wordpress))
         .route("/admin", get(admin))
+        .route("/docs", get(api))
 }