diff --git a/api/routes/session.ts b/api/routes/session.ts
new file mode 100644
index 0000000..b82c9c7
--- /dev/null
+++ b/api/routes/session.ts
@@ -0,0 +1,40 @@
+import Router, {Request, Response} from 'express';
+import {createTokenByCode, getUser} from "../../controller/discord";
+import {User} from "../../models/User";
+import {Token} from "../../models/Token";
+
+const app = Router();
+
+app.post("/create", async (req: Request, res: Response) => {
+    // Check if a code has been provided
+    if (!req.body.code) return res.status(400).json({message: "You need to provide a code"});
+
+    // Check if the provided token is valid
+    const token = await createTokenByCode(req.body.code).catch(() => undefined);
+    if (!token) return res.status(400).json({message: "The provided token is wrong"});
+
+    // Check if all scopes have been provided
+    const scopes = token.scope.split(" ");
+    if (!(scopes.includes("identify") && scopes.includes("guilds"))) return res.status(400).json({message: "The provided token is wrong"});
+
+    // Get user data
+    const userData = await getUser(token.access_token).catch(() => undefined);
+    if (!userData) return res.status(400).json({message: "The provided token is wrong"});
+
+    // Update or insert user
+    await User.updateOne({clientId: userData.id}, {
+        username: userData.username + "#" + userData.discriminator,
+        avatarId: userData.avatar, locale: userData.locale,
+        accessToken: token.access_token, refreshToken: token.refresh_token,
+    }, {upsert: true});
+
+    // Create token
+    const appToken = await Token.create({clientId: userData.id, userAgent: req.headers['user-agent']});
+
+    // Return token
+    res.json({token: appToken.token});
+});
+
+// TODO: Route to delete a session & list all current sessions
+
+module.exports = app;
\ No newline at end of file