diff --git a/app/routes/invites.js b/app/routes/invites.js
new file mode 100644
index 0000000..3ebfae7
--- /dev/null
+++ b/app/routes/invites.js
@@ -0,0 +1,66 @@
+var express = require('express');
+var router = express.Router();
+
+var Invite = require('../models/Invite.js');
+
+router.post('/create', function (req, res) {
+    if (!req.body.scope) {
+        res.status(400).json({'message': 'Bad request.'});
+        return;
+    }
+
+    var scope;
+    try {
+        scope = JSON.parse(req.body.scope);
+    } catch (e) {
+        res.status(500).json({'message': e.name + ': ' + e.message});
+        return;
+    }
+
+    var expiry = req.body.exp;
+    if (!expiry || expiry < Date.now())
+        expiry = 0;
+
+    var entry = {
+        code: crypto.randomBytes(12).toString('hex'),
+        scope: scope,
+        issuer: req.session.passport.user,
+        issued: Date.now(),
+        exp: expiry
+    };
+
+    Invite.create(entry, function (err) {
+        if (err) {
+            throw err;
+        } else {
+            res.status(200).json({
+                code: entry.code,
+                scope: entry.scope
+            });
+        }
+    })
+});
+
+router.get('/get', function (req, res, next) {
+    var query = {issuer: req.session.passport.user};
+
+    if (req.body.code)
+        query.code = req.body.code;
+
+    Invite.find(query, function (err, invites) {
+        if (err) {
+            next(err);
+        } else {
+            res.status(200).json(invites);
+        }
+    })
+});
+
+router.post('/delete', function (req, res, next) {
+    Invite.deleteOne({code: req.body.code}, function (err) {
+        if (err) next(err);
+        else res.status(200).json({'message': 'Successfully deleted.'});
+    });
+});
+
+module.exports = router;
\ No newline at end of file
diff --git a/app/routes/routes.js b/app/routes/routes.js
index fe75047..9f93520 100755
--- a/app/routes/routes.js
+++ b/app/routes/routes.js
@@ -7,6 +7,7 @@ var register = require('./register.js');
 var login = require('./login.js');
 var panel = require('./panel.js');
 var keys = require('./keys.js');
+var invites = require('./invites.js')
 
 var Key = require('../models/Key.js');
 
@@ -48,6 +49,7 @@ module.exports = function (app) {
     app.use('/api/upload', upload);
     app.use('/api/auth', auth);
     app.use('/api/keys', requireLogin, keys);
+    app.use('/api/invites', requireLogin, invites);
     app.use('/register', register);
     app.use('/login', login);
     app.use('/panel', requireLogin, panel);