diff --git a/main.go b/main.go
index 5572c41..788daba 100644
--- a/main.go
+++ b/main.go
@@ -28,6 +28,7 @@ func main() {
 
 	// initiate jwt token
 	auth.TokenAuth = jwtauth.New("HS256", []byte("secret"), nil)
+	users.TokenAuth = auth.TokenAuth
 	_, tokenString, _ := auth.TokenAuth.Encode(jwt.MapClaims{"asara": 123})
 	log.Printf("DEBUG: a sample jwt is %s\n\n", tokenString)
 	// initiate the routes
@@ -59,6 +60,7 @@ func Routes() *chi.Mux {
 
 	router.Route("/v1", func(r chi.Router) {
 		r.Mount("/api/auth", auth.Routes())
+		r.Mount("/api/users", users.Routes())
 	})
 
 	return router
diff --git a/packages/auth/auth.go b/packages/auth/auth.go
index 7fbe31e..f3803b9 100644
--- a/packages/auth/auth.go
+++ b/packages/auth/auth.go
@@ -29,12 +29,12 @@ func Init() {
 
 func Routes() *chi.Mux {
 	router := chi.NewRouter()
-	router.Post("/signin", Signin)
-	router.Post("/signup", Signup)
+	router.Post("/signin", signin)
+	router.Post("/signup", signup)
 	return router
 }
 
-func Signup(w http.ResponseWriter, r *http.Request) {
+func signup(w http.ResponseWriter, r *http.Request) {
 	creds := &Credentials{}
 	err := json.NewDecoder(r.Body).Decode(creds)
 	if err != nil {
@@ -53,7 +53,7 @@ func Signup(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusCreated)
 }
 
-func Signin(w http.ResponseWriter, r *http.Request) {
+func signin(w http.ResponseWriter, r *http.Request) {
 	creds := &Credentials{}
 	err := json.NewDecoder(r.Body).Decode(creds)
 	if err != nil {
diff --git a/packages/users/users.go b/packages/users/users.go
index e3cdd39..aef3b13 100644
--- a/packages/users/users.go
+++ b/packages/users/users.go
@@ -4,12 +4,14 @@ import (
 	"fmt"
 	"database/sql"
 	"github.com/go-chi/chi"
+	"github.com/go-chi/jwtauth"
 	"github.com/go-chi/render"
 	"net/http"
 )
 
 var (
 	DB        *sql.DB
+	TokenAuth *jwtauth.JWTAuth
 )
 
 type User struct {
@@ -29,17 +31,26 @@ func Init() {
 }
 
 func Routes() *chi.Mux {
-	router := chi.NewRouter()
-	router.Get("/{username}", GetUser)
-	return router
+	r := chi.NewRouter()
+	r.Group(func(r chi.Router) {
+		r.Use(jwtauth.Verifier(TokenAuth))
+		r.Use(jwtauth.Authenticator)
+	r.Get("/{username}", getUser)
+	})
+		r.Post("/{username}", updateUser)
+	return r
 }
 
-func GetUser(w http.ResponseWriter, r *http.Request) {
+func getUser(w http.ResponseWriter, r *http.Request) {
 	username := chi.URLParam(r, "username")
 	user := User{
 		Username: username,
 	}
-	render.JSON(w, r, user) // A chi router helper for serializing and returning json
+	render.JSON(w, r, user)
+}
+
+func updateUser(w http.ResponseWriter, r *http.Request) {
+	return
 }
 
 func CreateProfile(username string) {