diff --git a/private/functions_api.php b/private/functions_api.php
new file mode 100644
index 0000000..0ae9a41
--- /dev/null
+++ b/private/functions_api.php
@@ -0,0 +1,18 @@
+<?php
+
+    function responseBadRequest() {
+        http_response_code(400);
+        echo json_encode([
+            "releaseNo" => REQX_RELEASENO,
+            "error_type" => "Invalid parameter"
+        ]);
+    }
+
+    function responseOk() {
+        http_response_code(200);
+        echo json_encode([
+            "releaseNo" => REQX_RELEASENO,
+            "error_type" => "(none)"
+        ]);
+    }
+
diff --git a/private/functions_user.php b/private/functions_user.php
index 41f37bd..0a02993 100644
--- a/private/functions_user.php
+++ b/private/functions_user.php
@@ -59,6 +59,16 @@ function find_user_by_nameuser($name_user) {
 	return $request;
 }
 
+function find_user_by_apikey($apikey) {
+    global $db;
+    $sql = "SELECT * FROM users ";
+    $sql .= "WHERE apikey = '" . $apikey . "' ";
+//	$sql .= "AND flg_active = 1";
+    $result = mysqli_query($db, $sql);
+    $request = mysqli_fetch_assoc($result);
+    return $request;
+}
+
 function validate_user($user) {
 	$errors = [];
 
@@ -107,6 +117,20 @@ function delete_password($key) {
 	return $result;
 }
 
+function new_apikey($key) {
+    global $db;
+
+    $sql = "UPDATE users SET ";
+    $sql .= "apikey='" . get_uid() . "', ";
+    $sql .= "utl_modification_user_kp='" . $_SESSION['kp_user'] . "' ";
+
+    $sql .= "WHERE kp_user='" . $key . "' ";
+    $sql .= "LIMIT 1";
+
+    $result = mysqli_query($db, $sql);
+    return $result;
+}
+
 function update_user($user) {
 	global $db;
 	
diff --git a/private/initialize.php b/private/initialize.php
index beba9a0..193325c 100644
--- a/private/initialize.php
+++ b/private/initialize.php
@@ -27,6 +27,7 @@
 	require_once('functions_user.php');
 	require_once('functions_request.php');
 	require_once('functions_selection.php');
+	require_once('functions_api.php');
 
 	require_once('mail.class.php');
 
diff --git a/private/meta.php b/private/meta.php
index 0e2f610..9fa311f 100644
--- a/private/meta.php
+++ b/private/meta.php
@@ -1,5 +1,5 @@
 <?php
 
-    define("REQX_VERSION", '1.5.3');
-    define("REQX_RELEASENO", '99');
-    define("REQX_RELEASEDATE", '2019-10-15');
+    define("REQX_VERSION", '1.6.0');
+    define("REQX_RELEASENO", '101');
+    define("REQX_RELEASEDATE", '2019-10-19');
diff --git a/private/subs_user/details_get_edit.php b/private/subs_user/details_get_edit.php
index 3abba40..3ac91ce 100644
--- a/private/subs_user/details_get_edit.php
+++ b/private/subs_user/details_get_edit.php
@@ -2,6 +2,7 @@
 			$key = $_GET['key'];
 			$user = find_user_by_kp($key);
 			$pwreset = $_GET['pwreset'] === 'true';
+            $apikeyreset = $_GET['apikeyreset'] === 'true';
 ?>
 
 				<a href="<?php echo 'index'; ?>">Abbrechen&nbsp;&raquo;</a>
@@ -61,8 +62,28 @@
 						}
 					}
 
+                    if($apikeyreset) {
+
+                        $result = new_apikey($key);
+
+                        if( $result === true ) {
+                            header('Location: details?key=' . $key . '&action=edit');
+                            exit;
+                        } else {
+                            $errors = $result;
+                            echo 'Error DB: ' . $errors;
+                        }
+                    } ?>
+
+					<dl>
+                        <dt>API-Key</dt>
+                        <dd><?php echo h($user['apikey']); ?></dd>
+                        <dd><a href='details?key=<?php echo $key; ?>&action=edit&apikeyreset=true'>Neuen Key erzeugen&nbsp;&raquo;</a></dd>
+                    </dl><br />
+
+                    <?php
 					if(isset($user['password_hashed'])) {
-						echo '<p>Wenn Sie das Passwort eines Benutzers zurücksetzen, wird das Passowort des Benutzers in der Datenbank gelöscht und, wie bei neuen Benutzern, wird das Passwort, das der Benutzer beim ersten Login eingibt, verschlüsselt gespeichert und ist für spätere Logins notwendig.</p>
+						echo '<p>Wenn Sie das Passwort eines Benutzers zurücksetzen, wird das Passwort des Benutzers in der Datenbank gelöscht und, wie bei neuen Benutzern, wird das Passwort, das der Benutzer beim ersten Login eingibt, verschlüsselt gespeichert und ist für spätere Logins notwendig.</p>
 						<a href=';
 							echo 'details?key=' . $key . '&action=edit&pwreset=true>Passwort zurücksetzen&nbsp;&raquo;</a>';
 					} else {
diff --git a/public/.htaccess b/public/.htaccess
index 109918b..65df8b2 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -3,4 +3,5 @@ RewriteEngine On
 
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^([^\.]+)$ $1.php [NC,L]
-RewriteRule ^([^\.]+)$ $1.html [NC,L]
\ No newline at end of file
+RewriteRule ^([^\.]+)$ $1.html [NC,L]
+RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
\ No newline at end of file
diff --git a/public/api/index.php b/public/api/index.php
new file mode 100644
index 0000000..12da54d
--- /dev/null
+++ b/public/api/index.php
@@ -0,0 +1,3 @@
+<?php
+
+    // help page
\ No newline at end of file
diff --git a/public/api/tickets.php b/public/api/tickets.php
new file mode 100644
index 0000000..5cc72b2
--- /dev/null
+++ b/public/api/tickets.php
@@ -0,0 +1,60 @@
+<?php require_once('../../private/initialize.php');
+
+header("Access-Control-Allow-Headers: Access-Control-Allow-Headers,Content-Type,Access-Control-Allow-Methods, Authorization, X-Requested-With");
+header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE");
+header('Access-Control-Allow-Origin: *');
+header('Content-Type: application/json');
+header("WWW-Authenticate: Basic realm=\"My Realm\"");
+
+// $a = base64_decode( substr($_SERVER["REMOTE_USER"],6)) ;
+// list($name, $password) = explode(':', $a);
+// $_SERVER['PHP_AUTH_USER'] = $name;
+// $_SERVER['PHP_AUTH_PW']    = $password;
+// echo 'PHP_AUTH_USER =' . $_SERVER['PHP_AUTH_USER'] . '<br>';
+// echo 'PHP_AUTH_PW =' . $_SERVER['PHP_AUTH_PW'] . '<br>';
+$token = substr($_SERVER['REMOTE_USER'], 7);
+
+$user = find_user_by_apikey($token);
+// TODO: sanitize $token
+if(!$user) {
+    http_response_code(401);
+    echo json_encode(array(
+       "message" => "Valid access token missing"
+    ));
+    exit();
+}
+
+http_response_code(200);
+
+// return all tickets
+$request_set = find_all_requests();
+$request = mysqli_fetch_assoc($request_set);
+$tickets = array(
+    array(
+        "id" => $request['kp_request'],
+        "description" => $request['description'],
+        "category" => find_selectiontext_by_kp(h($request['category'])),
+        "priority" => find_selectiontext_by_kp(h($request['priority'])),
+        "source" => find_userabbr_by_kp(h($request['source'])),
+        "status" => find_selectiontext_by_kp(h($request['status'])),
+        "responsible" => find_userabbr_by_kp(h($request['responsible']))
+    )
+);
+while($request = mysqli_fetch_assoc($request_set)) {
+    $tickets[] = array(
+        "id" => $request['kp_request'],
+        "description" => $request['description'],
+        "category" => find_selectiontext_by_kp(h($request['category'])),
+        "priority" => find_selectiontext_by_kp(h($request['priority'])),
+        "source" => find_userabbr_by_kp(h($request['source'])),
+        "status" => find_selectiontext_by_kp(h($request['status'])),
+        "responsible" => find_userabbr_by_kp(h($request['responsible']))
+    );
+}
+
+$response = array(
+    "success" => true,
+    "tickets" => $tickets
+);
+
+echo json_encode($response);