diff --git a/.bruno/auth user.bru b/.bruno/auth user.bru
new file mode 100644
index 0000000..f9ae072
--- /dev/null
+++ b/.bruno/auth user.bru	
@@ -0,0 +1,23 @@
+meta {
+  name: auth user
+  type: http
+  seq: 2
+}
+
+post {
+  url: http://localhost:14014/api/auth
+  body: json
+  auth: inherit
+}
+
+body:json {
+  {
+    "name": "teest",
+    "pin": "1234"
+  }
+}
+
+settings {
+  encodeUrl: true
+  timeout: 0
+}
diff --git a/mod.ts b/mod.ts
index 7624db5..c6f544e 100644
--- a/mod.ts
+++ b/mod.ts
@@ -33,17 +33,17 @@ Deno.serve({ port: config.api.port }, async (req) => {
       if (body.pin.length < 4 || body.pin.length > 20) return genericResponse(STATUS_CODE.BadRequest, `PIN too ${body.pin.length < 4 ? 'short' : 'long'}.`);
       if (body.email.length > 20) return genericResponse(STATUS_CODE.BadRequest, `Email too long.`);
 
-      const userId = nanoid();
+      const id = nanoid();
 
       let writeFailure = false;
-      await dbClient.execute('INSERT INTO users(id,name,pin,email) values(?,?,?,?)', [userId, body.name, body.pin, body.email]).catch(() => {
+      await dbClient.execute('INSERT INTO users(id,name,pin,email) values(?,?,?,?)', [id, body.name, body.pin, body.email]).catch(() => {
         writeFailure = true;
       });
 
       if (writeFailure) {
         return genericResponse(STATUS_CODE.InternalServerError, "Couldn't write DB.");
       } else {
-        return genericResponse(STATUS_CODE.OK, JSON.stringify({ userId }));
+        return genericResponse(STATUS_CODE.OK, JSON.stringify({ id }));
       }
     } else {
       return genericResponse(STATUS_CODE.BadRequest, 'Username Taken.');
@@ -52,23 +52,27 @@ Deno.serve({ port: config.api.port }, async (req) => {
     const body = await req.json();
 
     let readFailure = false;
-    const loginMatch = await dbClient.query('SELECT id, email FROM users WHERE name = ? AND pin = ?', [body.name, body.pin]).catch(() => {
+    const loginMatch = await dbClient.query('SELECT id, email, deleteCode FROM users WHERE name = ? AND pin = ?', [body.name, body.pin]).catch(() => {
       readFailure = true;
     });
     if (readFailure) return genericResponse(STATUS_CODE.InternalServerError, "Couldn't read DB.");
     if (loginMatch.length === 0) return genericResponse(STATUS_CODE.Forbidden, 'Invalid name/PIN combination.');
-    const userId = loginMatch[0].userId;
+    const id = loginMatch[0].id;
     const email = loginMatch[0].email;
+    const deleteCode = loginMatch[0].deleteCode;
 
     switch (req.method) {
       case 'POST':
         if (path === '/auth' || path === '/auth/') {
-          return genericResponse(STATUS_CODE.OK, JSON.stringify({ userId, hasEmail: email.length > 0 }));
+          return genericResponse(STATUS_CODE.OK, JSON.stringify({ id, hasEmail: email.length > 0 }));
         }
         break;
       case 'PUT':
         break;
       case 'DELETE':
+        if (path === '/unenroll' || '/unenroll/') {
+          //
+        }
         break;
     }
   }