diff --git a/.gitignore b/.gitignore
index 6c08a57..41ca351 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@
 .idea/**/usage.statistics.xml
 .idea/**/dictionaries
 .idea/**/shelf
+done.txt
 
 # Generated files
 .idea/**/contentModel.xml
diff --git a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
index b96905d..a245f13 100644
--- a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
+++ b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
@@ -10,8 +10,10 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.security.crypto.bcrypt.BCrypt;
 import org.springframework.web.bind.annotation.*;
 
-import java.time.Clock;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Optional;
+import java.util.Random;
 import java.util.concurrent.atomic.AtomicLong;
 
 @RestController
@@ -38,6 +40,9 @@ public class Controller {
   @Autowired
   UserRepository userRepository;
 
+  @Autowired
+  StationReihenfolgeRepository stationReihenfolgeRepository;
+
   private AtomicLong counter = new AtomicLong();
 
   @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
@@ -50,18 +55,19 @@ public class Controller {
   @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
   @RequestMapping("/api/login")
   @ResponseBody
-  public ResponseEntity<Object> login(@RequestBody User user){
-    if(user.getUsername() == null || user.getPassword() == null){
+  public ResponseEntity<Object> login(@RequestBody User user) {
+    if (user.getUsername() == null || user.getPassword() == null) {
       System.out.println(user.getUsername());
       System.out.println(user.getPassword());
       return ResponseEntity.status(401).body(null);
     }
-    if(userRepository.findByUsername(user.getUsername()) == null){
+    if (userRepository.findByUsername(user.getUsername()) == null) {
       return ResponseEntity.status(401).body(null);
     }
 
-    if(BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())){
-      String token = BCrypt.hashpw(String.valueOf(System.currentTimeMillis() + counter.incrementAndGet()), BCrypt.gensalt());
+    if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
+      String token = user.getUsername() + BCrypt.hashpw(String.valueOf(System.currentTimeMillis() + counter.incrementAndGet()), BCrypt.gensalt());
+      System.out.println(token);
       String hashedToken = BCrypt.hashpw(token, BCrypt.gensalt());
       userRepository.findByUsername(user.getUsername()).setToken(hashedToken);
       userRepository.save(userRepository.findByUsername(user.getUsername()));
@@ -72,46 +78,35 @@ public class Controller {
 
   @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
   @RequestMapping("/api/startCache")
-  public @ResponseBody
-  String startCache(@RequestParam(value = "userID", defaultValue = "-1") String userID,
-                    @RequestParam String cacheID,
-                    @RequestParam String stationID) throws IllegalParameterException {
+  @ResponseBody
+  public String startCache(@RequestParam(value = "token", defaultValue = "-1") String token,
+                           @RequestParam String cacheID) throws IllegalParameterException {
 
-    if (!userID.equals("-1")) { // ein angemeldeter user startet den cache(es werden zwei parameter übergeben)
+    if (!token.equals("-1")) { // ein angemeldeter user startet den cache(es werden zwei parameter übergeben)
 
       Bearbeitet bearbeitet = new Bearbeitet();
 
-      Optional<User> userOptional = userRepository.findById(Integer.valueOf(userID));
-      if (userOptional.isPresent()) {
-        User user = userOptional.get();
-        bearbeitet.setUser(user);
-      } else {
-        throw new IllegalParameterException("There is no user with the ID " + userID);
-      }
+      User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+      bearbeitet.setUser(user);
 
       Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID));
       if (cacheOptional.isPresent()) {
         Cache cache = cacheOptional.get();
         bearbeitet.setCache(cache);
+
+        Station startStation = cache.getStartStation();
+        bearbeitet.setAktuelleStation(startStation);
       } else {
         throw new IllegalParameterException("There is no cache with the ID " + cacheID);
       }
 
-      Optional<Station> stationOptional = stationRepository.findById(Integer.valueOf(stationID));
-      if (stationOptional.isPresent()) {
-        Station station = stationOptional.get();
-        bearbeitet.setAktuelleStation(station);
-      } else {
-        throw new IllegalParameterException("There is no station with the ID " + stationID);
-      }
-
       Optional<CacheAccesDefinition> cacheAccesDefinitionOptional =
-          cacheAccesDefinitionRepository.findById(1); // bearbeitet
+          cacheAccesDefinitionRepository.findById(0); // angefangen
       if (cacheAccesDefinitionOptional.isPresent()) {
         CacheAccesDefinition cacheAccesDefinition = cacheAccesDefinitionOptional.get();
         bearbeitet.setCacheAccesDefinition(cacheAccesDefinition);
       } else {
-        throw new IllegalParameterException("There is no cacheAccesDefinition with the ID " + 1);
+        throw new IllegalParameterException("There is no cacheAccesDefinition with the ID " + 0);
       }
 
       bearbeitetRepository.save(bearbeitet);
@@ -128,4 +123,190 @@ public class Controller {
       }
     }
   }
+
+  @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
+  @RequestMapping("/api/logout")
+  @ResponseBody
+  boolean logout(@RequestParam String token) {
+
+    User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+    user.setToken(null);
+    userRepository.save(user);
+    return true;
+  }
+
+  @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
+  @RequestMapping("/api/createStation")
+  @ResponseBody
+  String createStation(@RequestParam String description,
+                       @RequestParam String lattitude,
+                       @RequestParam String longitude,
+                       @RequestParam String solution) throws IllegalParameterException {
+
+    if (description.length() == 0 || lattitude.length() == 0 || longitude.length() == 0 || solution.length() == 0) {
+      throw new IllegalParameterException("Fields can´t be empty");
+    }
+
+    double latti;
+    double longi;
+
+    try {
+      latti = Double.valueOf(lattitude);
+      if (latti < -90 || latti > 90) {
+        throw new IllegalParameterException("Lattitude has to be in the range of -90 to 90 degrees");
+      }
+    } catch (NumberFormatException e) {
+      throw new NumberFormatException("Lattitude has to be a decimal number");
+    }
+
+    try {
+      longi = Double.valueOf(longitude);
+      if (longi < -180 || longi > 180) {
+        throw new IllegalParameterException("Longitude has to be in the range of -180 to 180 degrees");
+      }
+    } catch (NumberFormatException e) {
+      throw new NumberFormatException("Longitude has to be a decimal number");
+    }
+
+    Station station = new Station();
+    station.setDescription(description);
+    station.setLattitude(latti);
+    station.setLongitude(longi);
+    station.setSolution(solution);
+    Random r = new Random();
+    int low = 100000;
+    int high = 1000000;
+    int code = r.nextInt(high - low) + low;
+    station.setCode(code);
+
+    stationRepository.save(station);
+
+    return new Gson().toJson(station);
+
+  }
+
+  @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
+  @RequestMapping("/api/checkAdmin")
+  @ResponseBody
+  boolean checkAdmin(@RequestParam String token) {
+    User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+    for (Role role : user.getRoles()) {
+      if (role.getId() == 0) { // is admin
+        return true;
+      }
+    }
+    return false;
+  }
+
+  @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
+  @RequestMapping("/api/getAllStations")
+  @ResponseBody
+  String getAllStations() {
+    return new Gson().toJson(stationRepository.findAll());
+  }
+
+  @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
+  @RequestMapping("/api/createCache")
+  @ResponseBody
+  String createCache(@RequestParam String description,
+                     @RequestParam String name,
+                     @RequestParam String rankingPoints,
+                     @RequestParam(value = "rewardID", defaultValue = "-1") String rewardID,
+                     @RequestParam List<Station> stationen) throws IllegalParameterException {
+
+    if (description.length() == 0 || name.length() == 0 || rankingPoints.length() == 0 || stationen.size() == 0) {
+      throw new IllegalParameterException("Fields can´t be empty");
+    }
+
+    for (Cache cache : cacheRepository.findAll()) {
+      if (cache.getName().equals(name)) {
+        throw new IllegalParameterException("name is already taken");
+      }
+    }
+
+    int points;
+
+    try {
+      points = Integer.valueOf(rankingPoints);
+      if (points < 0) {
+        throw new IllegalParameterException("Ranking points has to be a positive number");
+      }
+    } catch (NumberFormatException e) {
+      throw new NumberFormatException("Ranking points has to be an integer");
+    }
+
+    Optional<Reward> rewardOptional = rewardRepository.findById(Integer.valueOf(rewardID));
+    Reward reward = rewardOptional.orElse(null);
+
+    Cache cache = new Cache();
+    cache.setDescription(description);
+    cache.setName(name);
+    cache.setRankingPoints(Integer.valueOf(rankingPoints));
+    cache.setReward(reward);
+    cache.setStartStation(stationen.get(0));
+    cache.setStationen(stationen);
+
+    cacheRepository.save(cache);
+
+    for (int i = 0; i + 1 < stationen.size(); i++) {
+      StationReihenfolge stationReihenfolge = new StationReihenfolge();
+      stationReihenfolge.setCache(cache);
+      stationReihenfolge.setStation(stationen.get(i));
+      stationReihenfolge.setNachfolgeStation(stationen.get(i + 1));
+      stationReihenfolgeRepository.save(stationReihenfolge);
+    }
+
+    return new Gson().toJson(cache);
+  }
+
+  @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
+  @RequestMapping("/api/deleteCache")
+  @ResponseBody
+  boolean deleteCache(@RequestParam String cacheID) throws IllegalParameterException {
+    Optional<Cache> optionalCache = cacheRepository.findById(Integer.valueOf(cacheID));
+    if (!optionalCache.isPresent()) {
+      throw new IllegalParameterException("There is no cache with the ID " + cacheID);
+    }
+
+    Cache cache = optionalCache.get();
+
+    for (StationReihenfolge stationReihenfolge : stationReihenfolgeRepository.findAll()) {
+      if (stationReihenfolge.getCache().getId() == cache.getId()) {
+        stationReihenfolgeRepository.delete(stationReihenfolge);
+      }
+    }
+
+    for (Bearbeitet bearbeitet : bearbeitetRepository.findAll()) {
+      if (bearbeitet.getCache().getId() == cache.getId()) {
+        bearbeitetRepository.delete(bearbeitet);
+      }
+    }
+
+    cacheRepository.delete(cache);
+
+    return true;
+  }
+
+  @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
+  @RequestMapping("/api/getMyCaches")
+  @ResponseBody
+  String getMyCaches(@RequestParam String token) {
+    User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+    ArrayList<Bearbeitet> bearbeitetList = new ArrayList<>();
+
+    for (Bearbeitet bearbeitet : bearbeitetRepository.findAll()) {
+      if (bearbeitet.getUser().getId() == user.getId()) {
+        bearbeitetList.add(bearbeitet);
+      }
+    }
+    return new Gson().toJson(bearbeitetList);
+  }
+
+  @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
+  @RequestMapping("/api/getRankingList")
+  @ResponseBody
+  String getRankingList() {
+    return new Gson().toJson(userRepository.getRankingList());
+  }
 }
+
diff --git a/src/main/java/hhn/labsw/bugageocaching/entities/Cache.java b/src/main/java/hhn/labsw/bugageocaching/entities/Cache.java
index d514df3..6846b04 100644
--- a/src/main/java/hhn/labsw/bugageocaching/entities/Cache.java
+++ b/src/main/java/hhn/labsw/bugageocaching/entities/Cache.java
@@ -23,6 +23,9 @@ public class Cache {
   @ManyToOne
   private Reward reward;
 
+  @ManyToOne
+  private Station startStation;
+
   public Cache() {
   }
 
@@ -73,4 +76,12 @@ public class Cache {
   public void setReward(Reward reward) {
     this.reward = reward;
   }
+
+  public Station getStartStation() {
+    return startStation;
+  }
+
+  public void setStartStation(Station startStation) {
+    this.startStation = startStation;
+  }
 }
diff --git a/src/main/java/hhn/labsw/bugageocaching/repositories/UserRepository.java b/src/main/java/hhn/labsw/bugageocaching/repositories/UserRepository.java
index 2434da1..e0fe553 100644
--- a/src/main/java/hhn/labsw/bugageocaching/repositories/UserRepository.java
+++ b/src/main/java/hhn/labsw/bugageocaching/repositories/UserRepository.java
@@ -1,8 +1,15 @@
 package hhn.labsw.bugageocaching.repositories;
 
 import hhn.labsw.bugageocaching.entities.User;
+import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.CrudRepository;
 
+import java.util.Collection;
+import java.util.List;
+
 public interface UserRepository extends CrudRepository<User, Integer> {
   User findByUsername(String username);
+
+  @Query(value = "SELECT u.username, u.ranking_points_sum from user u order by ranking_points_sum DESC", nativeQuery = true)
+  List<Object[]> getRankingList();
 }