diff --git a/backend/cmd/api/api.go b/backend/cmd/api/api.go
index 4bff235..e09dd1d 100644
--- a/backend/cmd/api/api.go
+++ b/backend/cmd/api/api.go
@@ -82,6 +82,8 @@ func (app *application) mount() http.Handler {
 	// v1 of api
 	r.Route("/v1", func(r chi.Router) {
 
+		// SEPERATE STUFF FOR THE LOGIN RELATED STUFF. CONSIDER A GROUP
+
 		// FIX API. NEED TO ALSO CONSIDER GROUPS AND STUFF
 		// Operations
 		// r.Get("/health", app.healthCheckHandler)
@@ -90,52 +92,123 @@ func (app *application) mount() http.Handler {
 		// docsURL := fmt.Sprintf("%s/swagger/doc.json", app.config.addr)
 		// r.Get("/swagger/*", httpSwagger.Handler(httpSwagger.URL(docsURL)))
 
-		r.Route("/users", func(r chi.Router) {
-			// r.Put("/activate/{token}", app.activateUserHandler)
-
-			// r.Get("/", app.check)
+		// Need to sign in as a user. Then, you can see the groups you're in, your role in the groups,
 
+		r.Route("/user", func(r chi.Router) {
 			r.Route("/{userID}", func(r chi.Router) {
-				r.Use(app.AuthSessionMiddleware)
-				r.Use(app.CSRFCheckMiddleware)
-				r.Use(app.CheckUserMatchingMiddleware)
+				r.Use(app.AuthSessionMiddleware, app.CSRFCheckMiddleware, app.CheckUserMatchingMiddleware)
 
 				r.Get("/", app.getUserHandler)
 
+				r.Route("/groups", func(r chi.Router) {
+					r.Get("/", app.getUsersGroupsHandler)
+
+					r.Route("/{groupID}", func(r chi.Router) {
+						r.Get("/", app.getUsersGroupHandler)
+						r.Delete("/", app.removeUserGroupHandler) // maybe this should expect authentication headers to reverify the password when deleting a group you own.
+
+						r.Put("/moderator", app.addGroupModeratorHandler)
+						r.Delete("/moderator/{secondaryuserID}", app.removeModeratorPriviligesHandler)
+
+						r.Get("/users", app.getGroupUsersHandler)
+						r.Delete("/users/{secondaryuserID}", app.removeUserFromGroupHandler)
+
+						r.Put("/owner", app.setGroupOwnerHandler)
+					})
+				})
+
 				r.Route("/receipts", func(r chi.Router) {
-					r.With(app.Paginate).Get("/", app.getReceiptsHandler)
-
-					r.Post("/", app.createReceiptHandler)
-
+					r.Get("/", app.getReceiptsHandler)
 					r.Route("/{receiptID}", func(r chi.Router) {
-						r.Use(app.receiptsContextMiddleware)
-
 						r.Get("/", app.getReceiptHandler)
-						r.Patch("/", app.updateReceiptHandler)
-						r.Delete("/", app.checkReceiptOwnership("admin", app.deleteReceiptHandler))
+						r.Delete("/", app.deleteReceiptHandler)
 
 						r.Route("/images", func(r chi.Router) {
-							r.Post("/", app.addImageHandler)
-							r.Delete("/{imageID}", app.deleteImageHandler)
+							r.Get("/", app.getReceiptImagesHandler)
+							r.Put("/", app.addReceiptImageHandler)
+							r.Route("/{imageID}", func(r chi.Router) {
+								r.Get("/", app.getReceiptImageHandler)
+								r.Put("/", app.changeReceiptImageHandler)
+								r.Delete("/", app.deleteReceiptImageHandler)
+							})
 						})
 					})
+
+				})
+
+			})
+
+		})
+
+		r.Use(app.CSRFCheckMiddleware)
+
+		r.Group(func(r chi.Router) {
+			r.Use(app.AuthSessionMiddleware)
+			r.Use(app.CSRFCheckMiddleware)
+
+			r.Route("/groups", func(r chi.Router) {
+				r.Get("/", app.getGroupsHandler)
+				r.Route("/{groupID}", func(r chi.Router) {
+					r.Get("/", app.getGroupHandler)
 				})
 			})
 
-		})
-
-		// Admin page routes
-		r.Route("/admin", func(r chi.Router) {
-			r.Use(app.AuthSessionMiddleware)
-			r.Use(app.CheckRoleMiddleware("admin"))
-
 			r.Route("/users", func(r chi.Router) {
-				r.Get("/", app.getUsersHandler)
-				r.Delete("/{userID}", app.deleteUserHandler)
-			})
+				r.With(app.CheckRoleMiddleware("admin")).Get("/", app.getUsersHandler)
 
+				r.Route("/{userID}", func(r chi.Router) {
+
+					r.With(app.CheckRoleMiddleware("admin")).Delete("/", app.getUserHandler)
+				})
+			})
 		})
 
+		// r.Route("/users", func(r chi.Router) {
+		// 	// r.Put("/activate/{token}", app.activateUserHandler)
+
+		// 	// r.Get("/", app.check)
+
+		// 	r.Route("/{userID}", func(r chi.Router) {
+		// 		r.Use(app.AuthSessionMiddleware)
+		// 		r.Use(app.CSRFCheckMiddleware)
+		// 		// r.Use(app.CheckUserMatchingMiddleware)
+
+		// 		r.Get("/", app.getUserHandler)
+
+		// 		r.Route("/receipts", func(r chi.Router) {
+		// 			r.With(app.Paginate).Get("/", app.getReceiptsHandler)
+
+		// 			r.Post("/", app.createReceiptHandler)
+
+		// 			r.Route("/{receiptID}", func(r chi.Router) {
+		// 				r.Use(app.receiptsContextMiddleware)
+
+		// 				r.Get("/", app.getReceiptHandler)
+		// 				r.Patch("/", app.updateReceiptHandler)
+		// 				r.Delete("/", app.checkReceiptOwnership("admin", app.deleteReceiptHandler))
+
+		// 				r.Route("/images", func(r chi.Router) {
+		// 					r.Post("/", app.addImageHandler)
+		// 					r.Delete("/{imageID}", app.deleteImageHandler)
+		// 				})
+		// 			})
+		// 		})
+		// 	})
+
+		// })
+
+		// // Admin page routes
+		// r.Route("/admin", func(r chi.Router) {
+		// 	r.Use(app.AuthSessionMiddleware)
+		// 	r.Use(app.CheckRoleMiddleware("admin"))
+
+		// 	r.Route("/users", func(r chi.Router) {
+		// 		r.Get("/", app.getUsersHandler)
+		// 		r.Delete("/{userID}", app.deleteUserHandler)
+		// 	})
+
+		// })
+
 		// Public routes
 		r.Route("/auth", func(r chi.Router) {
 			r.Post("/login", app.loginHandler)