diff --git a/.env.sample b/.env.sample
index ae056d5..2059120 100644
--- a/.env.sample
+++ b/.env.sample
@@ -1,4 +1,3 @@
 SECRET_KEY=ldskjflkdsnejnjsdnf
 DEBUG=False
-ENABLE_DEBUG_LOG=True
-ALLOWED_HOSTS=localhost,.ungleich.ch
\ No newline at end of file
+ENABLE_DEBUG_LOG=True
\ No newline at end of file
diff --git a/README.md b/README.md
index 37f3a16..d847eae 100644
--- a/README.md
+++ b/README.md
@@ -118,12 +118,12 @@ Request JSON object:
 
 ```
 {
-    auth_name: "auth-name",
-    auth_realm: "auth-realm",
-    auth_token: "current time based token",
-    name: "name that wants to be authenticated",
-    realm: "realm that wants to be authenticated",
-    token: "token that wants to be authenticated"
+    name: "your-name",
+    realm: "your-realm",
+    token: "current time based token",
+    verifyname: "name that wants to be authenticated",
+    verifyrealm: "realm that wants to be authenticated",
+    verifytoken: "token that wants to be authenticated",
 }
 ```
 
diff --git a/flaskapp/__init__.py b/flaskapp/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/flaskapp/app.py b/flaskapp/app.py
new file mode 100644
index 0000000..9e01226
--- /dev/null
+++ b/flaskapp/app.py
@@ -0,0 +1,66 @@
+from flask import Flask, request, jsonify, json
+from flask_restful import Resource, Api
+import requests
+from decouple import config
+from pyotp import TOTP
+
+app = Flask(__name__)
+api = Api(app)
+
+
+def check_otp(name, realm, token):
+    data = {
+        "auth_name": config('AUTH_NAME', ''),
+        "auth_token": TOTP(config('AUTH_SEED', '')).now(),
+        "auth_realm": config('AUTH_REALM', ''),
+        "name": name,
+        "realm": realm,
+        "token": token
+    }
+    response = requests.post(
+        "https://{OTP_SERVER}{OTP_VERIFY_ENDPOINT}".format(
+            OTP_SERVER=config('OTP_SERVER', ''),
+            OTP_VERIFY_ENDPOINT=config('OTP_VERIFY_ENDPOINT', '/ungleichotp/verify/')
+        ),
+        data=data
+    )
+    return response.status_code
+
+
+class MainView(Resource):
+    def get(self):
+        return jsonify({'Detail': 'This view is open to users'})
+
+
+class ProtectedView(Resource):
+    def post(self):
+        data = request.get_json()
+        if data is not None:
+            try:
+                user = data['name']
+                realm = data['realm']
+                token = data['token']
+                assert(realm == config('REALM_ALLOWED'))
+                code = check_otp(user, realm, token)
+                assert(code == 200)
+            except (KeyError, AssertionError) as e:
+                response = app.response_class(response=json.dumps({'Message': 'Invalid data'}),
+                                              status=400,
+                                              mimetype='application/json')
+                return response
+
+            response = app.response_class(response=json.dumps({'data sent': data}),
+                                          status=200,
+                                          mimetype='application/json')
+            return response
+        else:
+            return app.response_class(response=json.dumps({'Message': 'invalid request'}),
+                               status=400,
+                               mimetype='application/json')
+
+
+api.add_resource(MainView, '/')
+api.add_resource(ProtectedView, '/protected')
+
+if __name__ == '__main__':
+    app.run(host='::')
diff --git a/flaskapp/wsgi.py b/flaskapp/wsgi.py
new file mode 100644
index 0000000..86ea110
--- /dev/null
+++ b/flaskapp/wsgi.py
@@ -0,0 +1,4 @@
+from flaskapp.app import app
+
+if __name__ == "__main__":
+    app.run()
diff --git a/otpauth/models.py b/otpauth/models.py
index 81ae71f..6e1898e 100644
--- a/otpauth/models.py
+++ b/otpauth/models.py
@@ -4,7 +4,6 @@ from rest_framework import exceptions
 from rest_framework import authentication
 import json
 import logging
-import pyotp
 
 logger = logging.getLogger(__name__)
 
@@ -22,13 +21,7 @@ class OTPSeed(AbstractUser):
         """
         inject username to ensure it stays unique / is setup at all
         """
-        if not self.is_superuser:
-            self.username = "{}@{}".format(self.name, self.realm)
-        else:
-            self.name = self.username
-            self.realm = "ungleich-admin"
-            self.seed = pyotp.random_base32()
-
+        self.username = "{}@{}".format(self.name, self.realm)
         super().save(*args, **kwargs)
 
     def __str__(self):
diff --git a/requirements.txt b/requirements.txt
index 04fe0b0..f467678 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,10 +1,12 @@
 pyotp>=2.2.6
-django==2.2.16
+django>=2.1.2
 djangorestframework
 python-decouple>=3.1
-
+flask
+flask_restful
+requests
 # DB
-psycopg2>=2.8,<2.9
+psycopg2
 
 # Recommended
 markdown
diff --git a/ungleichotpserver/settings.py b/ungleichotpserver/settings.py
index 72befd5..2be3f0f 100644
--- a/ungleichotpserver/settings.py
+++ b/ungleichotpserver/settings.py
@@ -132,7 +132,9 @@ DEBUG_DATABASES = {
 }
 
 DEBUG = config('DEBUG', False, cast=bool)
-ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='localhost', cast=Csv())
+ALLOWED_HOSTS = [
+    ".ungleich.ch"
+]
 
 DATABASES = {
     'default': {
diff --git a/ungleichotpserver/wsgi.py b/ungleichotpserver/wsgi.py
index 1eed050..8fc5f7e 100644
--- a/ungleichotpserver/wsgi.py
+++ b/ungleichotpserver/wsgi.py
@@ -8,9 +8,10 @@ https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/
 """
 
 import os
-
 from django.core.wsgi import get_wsgi_application
 
 os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'ungleichotpserver.settings')
 
 application = get_wsgi_application()
+
+