diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php
index 80745edb3a1f..c9743041afe3 100644
--- a/app/Http/Controllers/AccountController.php
+++ b/app/Http/Controllers/AccountController.php
@@ -46,7 +46,7 @@ class AccountController extends Controller
     public function store(CreateAccountRequest $request)
     {
 
-        CreateAccount::dispatchNow($request->all());
+        $user = CreateAccount::dispatchNow($request->all());
 
         //todo redirect to localization setup workflow
         return redirect()->route('dashboard.index');
diff --git a/app/Http/Controllers/ClientController.php b/app/Http/Controllers/ClientController.php
index f824b2d2e268..5dffcea7af56 100644
--- a/app/Http/Controllers/ClientController.php
+++ b/app/Http/Controllers/ClientController.php
@@ -163,9 +163,11 @@ class ClientController extends Controller
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function destroy($id)
+    public function destroy(Client $client)
     {
-        //
+        $client->delete();
+
+        return response()->json([], 200);
     }
 
     /**
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index e0f460b51368..de3f6c7d3da8 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -36,11 +36,13 @@ class Kernel extends HttpKernel
             \App\Http\Middleware\VerifyCsrfToken::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
             \App\Http\Middleware\StartupCheck::class,
+            \App\Http\Middleware\QueryLogging::class,
         ],
 
         'api' => [
             'throttle:60,1',
             'bindings',
+            'query_logging',
         ],
         'db' => [
             \App\Http\Middleware\SetDb::class,
@@ -67,5 +69,7 @@ class Kernel extends HttpKernel
         'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'query_logging' => \App\Http\Middleware\QueryLogging::class,
+
     ];
 }
diff --git a/app/Http/Middleware/QueryLogging.php b/app/Http/Middleware/QueryLogging.php
new file mode 100644
index 000000000000..73fc3f1af3ae
--- /dev/null
+++ b/app/Http/Middleware/QueryLogging.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use DB;
+use Illuminate\Http\Request;
+use Log;
+
+/**
+ * Class QueryLogging.
+ */
+class QueryLogging
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param Request $request
+     * @param Closure $next
+     *
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        // Enable query logging for development
+        if(config('ninja.app_env') != 'production') {
+            DB::enableQueryLog();
+            $timeStart = microtime(true);
+        }
+
+        $response = $next($request);
+
+        if(config('ninja.app_env') != 'production') {
+
+            // hide requests made by debugbar
+            if (strstr($request->url(), '_debugbar') === false) {
+                $queries = DB::getQueryLog();
+                $count = count($queries);
+                $timeEnd = microtime(true);
+                $time = $timeEnd - $timeStart;
+                Log::info($request->method() . ' - ' . $request->url() . ": $count queries - " . $time);
+                //Log::info($queries);
+            }
+        
+        }
+        
+        return $response;
+    }
+}
diff --git a/app/Http/Middleware/TokenAuth.php b/app/Http/Middleware/TokenAuth.php
new file mode 100644
index 000000000000..8cf052362660
--- /dev/null
+++ b/app/Http/Middleware/TokenAuth.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Models\CompanyToken;
+use App\Models\User;
+use Closure;
+
+class TokenAuth
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+
+        if($request->header('X-API-TOKEN') 
+            && ($user = CompanyToken::whereRaw("BINARY `token`= ?",[$request->header('X-API-TOKEN')])->user)) {
+
+            auth()->login($user);
+        
+        }
+        else {
+
+            $error['error'] = ['message' => 'Invalid token'];
+
+            return response()->json(json_encode($error, JSON_PRETTY_PRINT) ,403);
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Jobs/Account/CreateAccount.php b/app/Jobs/Account/CreateAccount.php
index 127aa8ed434d..a9bbec5ddb93 100644
--- a/app/Jobs/Account/CreateAccount.php
+++ b/app/Jobs/Account/CreateAccount.php
@@ -4,6 +4,7 @@ namespace App\Jobs\Account;
 
 use App\Events\Account\AccountCreated;
 use App\Jobs\Company\CreateCompany;
+use App\Jobs\Company\CreateCompanyToken;
 use App\Jobs\User\CreateUser;
 use App\Models\Account;
 use App\Models\User;
@@ -59,6 +60,11 @@ class CreateAccount
          */
         $user = CreateUser::dispatchNow($this->request, $account, $company);
 
+        /*
+         * Create token
+         */
+        CreateCompanyToken::dispatchNow($company, $account);
+
         /*
          * Set current company
          */
diff --git a/app/Jobs/Company/CreateCompanyToken.php b/app/Jobs/Company/CreateCompanyToken.php
new file mode 100644
index 000000000000..96838f648573
--- /dev/null
+++ b/app/Jobs/Company/CreateCompanyToken.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Jobs\Company;
+
+use App\Models\Company;
+use App\Models\User;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Queue\SerializesModels;
+
+class CreateCompanyToken implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+    protected $company;
+
+    protected $user;
+
+    /**
+     * Create a new job instance.
+     *
+     * @return void
+     */
+    public function __construct(Company $company, User $user)
+    {
+        $this->company = $company;
+        
+        $this->user = $user;
+    }
+
+    /**
+     * Execute the job.
+     *
+     * @return void
+     */
+    public function handle() : void
+    {
+        $company_token = [
+            'user_id' => $this->user->id,
+            'account_id' => $company->account->id,
+            'token' => str_random(64),
+            'name' => $user->first_name. ' '. $user->last_name;
+        ];
+
+        $this->company->tokens()->attach($company->id, $company_token);
+    }
+}
diff --git a/app/Jobs/User/CreateUser.php b/app/Jobs/User/CreateUser.php
index c9eb5d9a5834..fc9c43c587fa 100644
--- a/app/Jobs/User/CreateUser.php
+++ b/app/Jobs/User/CreateUser.php
@@ -60,7 +60,6 @@ class CreateUser
             'settings' => json_encode(DefaultSettings::userSettings()),
         ]);
 
-
         event(new UserCreated($user));
 
 
diff --git a/app/Models/Company.php b/app/Models/Company.php
index c46bfcff402a..ae2eb41c8383 100644
--- a/app/Models/Company.php
+++ b/app/Models/Company.php
@@ -180,4 +180,9 @@ class Company extends BaseModel
         return $this->hasMany(Payment::class, 'account_id', 'id')->withTrashed();
     }
 
+    public function tokens()
+    {
+        return $this->hasMany(CompanyToken::class);
+    }
+
 }
diff --git a/app/Models/CompanyToken.php b/app/Models/CompanyToken.php
new file mode 100644
index 000000000000..be963bb69df5
--- /dev/null
+++ b/app/Models/CompanyToken.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Model;
+
+class CompanyToken extends BaseModel
+{
+    /**
+     * @var bool
+     */
+    public $timestamps = false;
+
+
+    public function account()
+    {
+        return $this->belongsTo(Account::class);
+    }
+
+    public function user()
+    {
+    	return $this->belongsTo(User::class);
+    }
+
+    public function company()
+    {
+    	return $this->belongsTo(Company::class);
+    }
+}
diff --git a/database/migrations/2014_10_13_000000_create_users_table.php b/database/migrations/2014_10_13_000000_create_users_table.php
index bb6b4cf48b55..b6d315ebf4bb 100644
--- a/database/migrations/2014_10_13_000000_create_users_table.php
+++ b/database/migrations/2014_10_13_000000_create_users_table.php
@@ -179,7 +179,19 @@ class CreateUsersTable extends Migration
 
             $table->index(['account_id', 'company_id']);
 
+        });
 
+        Schema::create('company_tokens', function (Blueprint $table) {
+            $table->increments('id');
+            $table->unsignedInteger('company_id');
+            $table->unsignedInteger('account_id');
+            $table->unsignedInteger('user_id')->index();
+            $table->string('token')->nullable();
+            $table->string('name')->nullable();
+
+            $table->foreign('company_id')->references('id')->on('companies')->onDelete('cascade');
+            $table->foreign('account_id')->references('id')->on('accounts')->onDelete('cascade');
+            $table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');
         });
         
         Schema::create('users', function (Blueprint $table) {
diff --git a/docs/api.rst b/docs/api.rst
index aea1bd4932ed..602ee4826c63 100644
--- a/docs/api.rst
+++ b/docs/api.rst
@@ -5,12 +5,7 @@ Invoice Ninja provides a RESTful API, `click here <https://app.invoiceninja.com/
 
 To access the API you first need to create a token using the "API Tokens” page under "Advanced Settings”.
 
-- **Zapier** [hosted or self-host]: https://zapier.com/zapbook/invoice-ninja/
-- **Integromat**: https://www.integromat.com/en/integrations/invoiceninja
-- **PHP SDK**: https://github.com/invoiceninja/sdk-php
-- **Zend Framework**: https://github.com/alexz707/InvoiceNinjaModule
-
-.. NOTE:: Replace ninja.test with https://app.invoiceninja.com to access a hosted account.
+.. NOTE:: Replace ninja.test with https://admin.invoiceninja.com to access a hosted account.
 
 Reading Data
 """"""""""""
@@ -75,7 +70,9 @@ Here’s an example of creating a client. Note that email address is a property
 .. code-block:: shell
 
   curl -X POST ninja.test/api/v1/clients -H "Content-Type:application/json" \
-    -d '{"name":"Client","contact":{"email":"test@example.com"}}' -H "X-Ninja-Token: TOKEN"
+    -d '{"name":"Client","contact":{"email":"test@example.com"}}' \
+    -H "X-API-TOKEN: TOKEN" \
+    -H "X-API-SECRET: SECRET"
 
 You can also update a client by specifying a value for ‘id’. Next, here’s an example of creating an invoice.
 
@@ -83,7 +80,8 @@ You can also update a client by specifying a value for ‘id’. Next, here’s
 
   curl -X POST ninja.test/api/v1/invoices -H "Content-Type:application/json" \
     -d '{"client_id":"1", "invoice_items":[{"product_key": "ITEM", "notes":"Test", "cost":10, "qty":1}]}' \
-    -H "X-Ninja-Token: TOKEN"
+    -H "X-Ninja-Token: TOKEN" \
+    -H "X-API-SECRET: SECRET"
 
 If the email field is set we’ll search for a matching client, if no matches are found a new client will be created.
 
@@ -108,14 +106,18 @@ Updating Data
 
   curl -X PUT ninja.test/api/v1/clients/1 -H "Content-Type:application/json" \
     -d '{"name":"test", "contacts":[{"id": 1, "first_name": "test"}]}' \
-    -H "X-Ninja-Token: TOKEN"
+    -H "X-Ninja-Token: TOKEN" \
+    -H "X-API-SECRET: SECRET"
+
 
 You can archive, delete or restore an entity by setting ``action`` in the request
 
 .. code-block:: shell
 
   curl -X PUT ninja.test/api/v1/invoices/1?action=archive \
-    -H "X-Ninja-Token: TOKEN"
+    -H "X-Ninja-Token: TOKEN" \
+    -H "X-API-SECRET: SECRET"
+
 
 .. TIP:: For invoices use `mark_sent` to manually mark the invoice as sent
 
@@ -127,4 +129,6 @@ To email an invoice use the email_invoice command passing the id of the invoice.
 .. code-block:: shell
 
   curl -X POST ninja.test/api/v1/email_invoice -d '{"id":1}' \
-    -H "Content-Type:application/json" -H "X-Ninja-Token: TOKEN"
+    -H "Content-Type:application/json" \
+    -H "X-Ninja-Token: TOKEN" \
+    -H "X-API-SECRET: SECRET"
diff --git a/tests/Unit/DefaultSettingsTest.php b/tests/Unit/DefaultSettingsTest.php
deleted file mode 100644
index 436e2bdf8a57..000000000000
--- a/tests/Unit/DefaultSettingsTest.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-
-namespace Tests\Unit;
-
-use App\DataMapper\DefaultSettings;
-use Tests\TestCase;
-
-/**
- * @test
- * @covers  App\DataMapper\DefaultSettings
- */
-class DefaultSettingsTest extends TestCase
-{
-
-    public function setUp()
-    {
-    
-    parent::setUp();
-	
-	}
-
-	public function testDefaultUserSettings()
-	{
-		$user_settings = DefaultSettings::userSettings();
-		
-		$this->assertEquals($user_settings->Client->datatable->per_page, 25);
-	}
-
-	public function testIsObject()
-	{
-		$user_settings = DefaultSettings::userSettings();
-
-        $this->assertInternalType('object',$user_settings->Client->datatable->column_visibility);
-
-	}
-}
\ No newline at end of file