diff --git a/AuthAPI.py b/AuthAPI.py
new file mode 100644
index 0000000..1c659d2
--- /dev/null
+++ b/AuthAPI.py
@@ -0,0 +1,33 @@
+import json
+import jwt
+from flask import Flask, Blueprint, request,jsonify
+from db import datab
+from db import profile_auth
+
+
+auth_api = Blueprint('auth_api',__name__,url_prefix='/auth')
+
+
+@auth_api.route('/register/POST/<string:username>/<string:password>/', methods=['POST','GET'])
+def register_user(username,password):
+    passwordhash = hash(password)
+    user_dict = {"username":username, "hashedPassword": passwordhash}
+    if user_dict["hashedPassword"] == -9223363242168321331:
+        return jsonify({"message":"failure", "status":"400"})
+    else:
+        profile_auth.append(user_dict)
+        return jsonify({"message":"success", "status":"200"})
+
+
+
+@auth_api.route('/login/POST/<string:username>/<string:password>/', methods=['POST','GET'])
+def user_login(username,password):
+    passwordhash = hash(password)
+    user_dict = {"username":username, "hashedPassword": passwordhash}
+    match = list(filter(lambda a:a["username"] == username and a["hashedPassword"] ==passwordhash, profile_auth))
+    try:
+        if match[0] == user_dict:
+            token = jwt.encode({"username":username, "hashedPassword": passwordhash}, "secret", algorithm="HS256")
+            return jsonify({"token":token, "message":"success", "status":"200"})
+    except:
+            return jsonify({"message":"failure", "status":"401"})
\ No newline at end of file
diff --git a/ProfilesAPI.py b/ProfilesAPI.py
new file mode 100644
index 0000000..f772eb8
--- /dev/null
+++ b/ProfilesAPI.py
@@ -0,0 +1,46 @@
+from flask import Flask,request,Blueprint,jsonify
+from db import datab
+
+
+profile = Blueprint('profile',__name__,url_prefix='/profiles')
+
+
+@profile.route('/GET/<string:name>/', methods=['GET'])
+def get_profile(name):
+    GET_profile = {}
+    for obj in datab:
+        if obj["name"] == str(name):
+            GET_profile = {"name" : name , "scores" : obj.get("scores")}
+    if GET_profile == {}:
+        return jsonify({"message":"failure", "status":"401"})
+    else:
+        return jsonify(GET_profile) 
+
+@profile.route('/POST/<string:name>/', methods=["POST","GET"])
+def create_profile(name):
+    user_dict ={"name" : name,"scores": []} 
+    datab.append(user_dict)
+    return jsonify({"message":"success", "status":"200"})
+
+@profile.route('/DELETE/<string:name>/', methods=["DELETE","GET"])
+def delete_profile(name):
+    unwanted_profile_list = list(filter(lambda a: a["name"] == name, datab))
+    if unwanted_profile_list !=[]:
+        datab.remove(unwanted_profile_list[0])
+        return jsonify({"message":"success", "status":"200"})
+    else:
+        return jsonify({"message":"failure", "status":"400"})
+
+
+@profile.route('/scores/GET/<string:name>/', methods=['GET' , 'POST'])
+def get_above_minscore(name):
+    minscore = request.args.get('minScore',type=int,default=0)
+    score_list = []
+    for obj in datab:
+        if obj["name"] == str(name):
+            score_list = list(filter(lambda a : a > minscore, obj["scores"]))
+            score_dict = {"name":name, "scores": score_list}
+            return jsonify(score_dict)
+    if score_list == []:
+        return jsonify({"message":"failure", "status":"400"})
+
diff --git a/db.py b/db.py
index 777200b..72b69b7 100644
--- a/db.py
+++ b/db.py
@@ -1,5 +1,4 @@
-# Simulated db
-db = [{
+datab = [{
     "name": "Nobel",
     "scores": [1, 2, 3, 4, 5]
 }, {
@@ -9,3 +8,6 @@
     "name": "Hui Hui",
     "scores": [9, 29, 34]
 }]
+
+profile_auth = []
+
diff --git a/documentation.md b/documentation.md
new file mode 100644
index 0000000..747cf15
--- /dev/null
+++ b/documentation.md
@@ -0,0 +1,129 @@
+1)/GET/
+
+description:returns welcome message
+
+function used: def welcome()
+
+Source: main.py
+
+Parameters: None
+
+Response: returns welcome message
+
+eg: Welcome!
+
+
+
+
+2)/profiles/GET/<string:name>/
+
+returns the dictionary of the name and score that matches the name provided in the url
+
+function: get_profile(name)
+
+source: ProfilesAPI.py
+
+Parameters: none
+
+Response: returns dictionary of name and score
+
+eg: returns when <string:name> is replaced with Richard
+{
+  "name": "Richard", 
+  "scores": [5,4,3,2,1]
+}
+
+
+
+
+3)/profiles/POST/<string:name>/
+
+creates a dictionary of name and empty list of score and stores it in db.py
+
+function: create_profile(name)
+
+source: ProfilesAPI.py
+
+Parameters: None
+
+Response: after adding the dictionary to the database, return success message
+
+eg: {"message":"success", "status":"200"}
+
+
+
+
+4)/profiles/DELETE/<string:name>
+delete the dictionary that contains the name specified by user
+
+function:delete_profile(name)
+
+source:ProfilesAPI.py
+
+Parameters:None
+
+Response: status message that shows whether the operation is successful.
+
+eg: if there are no dictionaries deleted, {"message":"failure", "status":"400"} is returned
+    if there are dictionaries deleted, {"message":"success", "status":"200"} is returned
+
+
+
+5)/profiles/scores/GET/<string:name>/
+
+return the specified name and scores above the specified minimum score
+
+function: get_above_minscore(name)
+
+source: ProfilesAPI.py
+
+Parameters: minScore
+
+Response: if the data requested exists in the database, it will be presented in json. otherwise there will be error message
+
+eg: successful response             failed response
+{                                   {"message":"failure", "status":"400"}
+  "name": "Richard", 
+  "scores": [4,5]
+}
+
+
+
+6)/auth/register/POST/<string:username>/<string:password>/
+adds a user name and hashed password to database
+
+function: register_user(username,password)
+
+source: AuthAPI.py
+
+Parameter: None
+
+Response: if there is a password entered, it returns a success message; otherwise it returns failure message
+
+eg: successful response                     failed response
+{"message":"success", "status":"200"}       {"message":"failure", "status":"400"}
+
+7)/login/POST/<string:username>/<string:password>/
+match the username and password to a pre-existing username and password in the database, if there is a match, return a token and a success message. Otherwise return a failed message.
+
+function: user_login(username,password)
+
+source: AuthAPI.py
+
+Parameter: None
+
+Response: success message + token         
+{
+  "message": "success", 
+  "status": "200", 
+  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InNoYXduIiwiaGFzaGVkUGFzc3dvcmQiOjUyMDE4ODg3Njk4ODY0NjI5MjF9.mQZZnZ27x08CvwCP_KBZHPYlxaqWWeba3EJUi49Y2wQ"
+}
+  or              
+  failure message
+  {
+  "message": "failure", 
+  "status": "401"
+}
+
+
+
diff --git a/main_app.py b/main_app.py
new file mode 100644
index 0000000..ad9d375
--- /dev/null
+++ b/main_app.py
@@ -0,0 +1,16 @@
+from flask import Flask
+from db import datab
+from ProfilesAPI import profile
+from AuthAPI import auth_api
+
+app = Flask(__name__)
+app.register_blueprint(profile, url_prefix="/profiles")
+app.register_blueprint(auth_api, url_prefix="/auth")
+
+
+@app.route('/GET/', methods=['GET'])
+def welcome():
+    return 'welcome!'
+
+if __name__ == "__main__":
+    app.run(debug=True)
\ No newline at end of file