diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..62e5008
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+webroot
+config.yml
diff --git a/config.yml.example b/config.yml.example
new file mode 100644
index 0000000..00e5821
--- /dev/null
+++ b/config.yml.example
@@ -0,0 +1,6 @@
+---
+api:
+  address: ::1
+  port: 8080
+webroot: ./webroot
+database: "host=localhost user=warehost dbname=warehost password=hallo sslmode=disable"
diff --git a/config/config.go b/config/config.go
new file mode 100644
index 0000000..bcbdca2
--- /dev/null
+++ b/config/config.go
@@ -0,0 +1,33 @@
+package config
+
+import (
+	"io/ioutil"
+	"log"
+
+	"gopkg.in/yaml.v2"
+)
+
+// Config is the struct of the api
+type Config struct {
+	API struct {
+		Address string `yaml:"address"`
+		Port    string `yaml:"port"`
+	} `yaml:"api"`
+	Webroot  string `yaml:"webroot"`
+	Database string `yaml:"database"`
+	Modules  []struct {
+		Name     string `yaml:"name"`
+		Database string `yaml:"database"`
+	} `yaml:"modules"`
+}
+
+// ReadConfigFile reads a config models by path to a yml file
+func ReadConfigFile(path string) *Config {
+	config := &Config{}
+	file, _ := ioutil.ReadFile(path)
+	err := yaml.Unmarshal(file, &config)
+	if err != nil {
+		log.Fatal(err)
+	}
+	return config
+}
diff --git a/lib/api/main.go b/lib/api/main.go
new file mode 100644
index 0000000..f8c8e95
--- /dev/null
+++ b/lib/api/main.go
@@ -0,0 +1,73 @@
+package api
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"github.com/astaxie/session"
+	"github.com/julienschmidt/httprouter"
+)
+
+type JsonResult struct {
+	Data    interface{} `json:"data"`
+	Session struct {
+		Login  interface{}            `json:"login"`
+		Profil map[string]interface{} `json:"profil"`
+	} `json:"session"`
+}
+
+func JsonOutput(sessions *session.Manager, w http.ResponseWriter, r *http.Request, data interface{}) {
+	sess := sessions.SessionStart(w, r)
+	result := JsonResult{Data: data}
+	result.Session.Login = sess.Get("login")
+	js, err := json.Marshal(result)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if origin := r.Header.Get("Origin"); origin != "" {
+		w.Header().Set("Access-Control-Allow-Origin", origin)
+	}
+	w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
+	w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	w.Write(js)
+}
+func BasicAuth(h httprouter.Handle, pass []byte) httprouter.Handle {
+	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+		if origin := r.Header.Get("Origin"); origin != "" {
+			w.Header().Set("Access-Control-Allow-Origin", origin)
+		}
+		w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
+		w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
+		w.Header().Set("Access-Control-Allow-Credentials", "true")
+
+		const basicAuthPrefix string = "Basic "
+
+		// Get the Basic Authentication credentials
+		auth := r.Header.Get("Authorization")
+		if strings.HasPrefix(auth, basicAuthPrefix) {
+			// Check credentials
+			payload, err := base64.StdEncoding.DecodeString(auth[len(basicAuthPrefix):])
+			if err == nil {
+				pair := bytes.SplitN(payload, []byte(":"), 2)
+				if len(pair) == 2 &&
+					bytes.Equal(pair[1], pass) {
+
+					// Delegate request to the given handle
+					h(w, r, ps)
+					return
+				}
+			}
+		}
+
+		// Request Basic Authentication otherwise
+		w.Header().Set("WWW-Authenticate", "Basic realm=Restricted")
+		http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+	}
+}
diff --git a/lib_password/check_login.go b/lib/password/check_login.go
similarity index 100%
rename from lib_password/check_login.go
rename to lib/password/check_login.go
diff --git a/lib_password/password.go b/lib/password/password.go
similarity index 100%
rename from lib_password/password.go
rename to lib/password/password.go
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..f9673ff
--- /dev/null
+++ b/main.go
@@ -0,0 +1,53 @@
+package main
+
+import (
+	"flag"
+	"log"
+	"net"
+	"net/http"
+
+	"github.com/NYTimes/gziphandler"
+	"github.com/astaxie/session"
+	_ "github.com/astaxie/session/providers/memory"
+	"github.com/go-xorm/xorm"
+	"github.com/julienschmidt/httprouter"
+	_ "github.com/lib/pq"
+
+	libconfig "dev.sum7.de/sum7/warehost/config"
+	"dev.sum7.de/sum7/warehost/system"
+)
+
+var (
+	configFile   string
+	config       *libconfig.Config
+	dbconnection *xorm.Engine
+	sessions     *session.Manager
+)
+
+func main() {
+	var err error
+	flag.StringVar(&configFile, "c", "config.yml", "path of configuration file")
+	flag.Parse()
+	config = libconfig.ReadConfigFile(configFile)
+
+	sessions, _ = session.NewManager("memory", "session", 3600)
+	go sessions.GC()
+
+	dbconnection, err = xorm.NewEngine("postgres", config.Database)
+	if err != nil {
+		log.Fatal("[system] Error database connection: ", err)
+	}
+	defer dbconnection.Close()
+	system.SyncModels(dbconnection)
+
+	router := httprouter.New()
+	system.NewAPI(config, sessions, dbconnection, router, "")
+
+	if config.Webroot != "" {
+		router.NotFound = gziphandler.GzipHandler(http.FileServer(http.Dir(config.Webroot)))
+	}
+	address := net.JoinHostPort(config.API.Address, config.API.Port)
+	log.Println("starting webserver on", address)
+	// TODO bad
+	log.Fatal(http.ListenAndServe(address, router))
+}
diff --git a/server.go b/server.go
deleted file mode 100644
index d7e1853..0000000
--- a/server.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package main
-
-import "fmt"
-
-func main(){
-	fmt.Println("RunServer")
-}
diff --git a/system/api.go b/system/api.go
new file mode 100644
index 0000000..2a1a47d
--- /dev/null
+++ b/system/api.go
@@ -0,0 +1,97 @@
+package system
+
+import (
+	"encoding/json"
+	"log"
+	"net/http"
+	"strconv"
+
+	"github.com/astaxie/session"
+	"github.com/go-xorm/xorm"
+	"github.com/julienschmidt/httprouter"
+
+	libconfig "dev.sum7.de/sum7/warehost/config"
+	libapi "dev.sum7.de/sum7/warehost/lib/api"
+	libpassword "dev.sum7.de/sum7/warehost/lib/password"
+)
+
+//API keep data in module global
+type API struct {
+	config       *libconfig.Config
+	sessions     *session.Manager
+	dbconnection *xorm.Engine
+}
+
+// NewAPI sets the routes to the api functions
+func NewAPI(config *libconfig.Config, sessions *session.Manager, dbconnection *xorm.Engine, router *httprouter.Router, prefix string) {
+	api := &API{config: config, sessions: sessions, dbconnection: dbconnection}
+	router.GET(prefix+"/status", api.Status)
+	router.GET(prefix+"/login", api.Login)
+	router.GET(prefix+"/login/:id", api.FakeLogin)
+	router.GET(prefix+"/logout", api.Logout)
+}
+
+// Status to get Login and Server status
+func (api *API) Status(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+	result, err := api.dbconnection.Count(new(Login))
+	connection := false
+	if err != nil {
+		log.Print("[error][system]-status: get login count: ", err)
+	} else {
+		if result > 0 {
+			connection = true
+		}
+	}
+	libapi.JsonOutput(api.sessions, w, r, connection)
+}
+
+// Logout current user
+func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+	api.sessions.SessionDestroy(w, r)
+	libapi.JsonOutput(api.sessions, w, r, true)
+}
+
+// Login of system
+func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+	sess := api.sessions.SessionStart(w, r)
+	var requestlogin RequestLogin
+	err := json.NewDecoder(r.Body).Decode(&requestlogin)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		log.Println("[system]-login error fetch request")
+		return
+	}
+	var login = Login{Username: requestlogin.Username}
+	_, err = api.dbconnection.Get(&login)
+	if err != nil {
+		result := false
+		if login.Active {
+			output, _ := libpassword.Validate(login.Password, requestlogin.Password)
+			if output {
+				result = true
+				sess.Set("login", login)
+			}
+		}
+		libapi.JsonOutput(api.sessions, w, r, result)
+	} else {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		log.Println("[system]-login error fetch database")
+		libapi.JsonOutput(api.sessions, w, r, true)
+	}
+}
+
+// FakeLogin is a API test function
+func (api *API) FakeLogin(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
+	id, _ := strconv.ParseInt(params.ByName("id"), 10, 64)
+	sess := api.sessions.SessionStart(w, r)
+	var login = Login{}
+	_, err := api.dbconnection.Id(id).Get(&login)
+	result := false
+	if err != nil {
+		log.Print("[system] Error get login count: ", err)
+	} else {
+		sess.Set("login", login)
+		result = true
+	}
+	libapi.JsonOutput(api.sessions, w, r, result)
+}
diff --git a/system/models.go b/system/models.go
new file mode 100644
index 0000000..ad48e05
--- /dev/null
+++ b/system/models.go
@@ -0,0 +1,53 @@
+package system
+
+import (
+	"log"
+	"time"
+
+	libpassword "dev.sum7.de/sum7/warehost/lib/password"
+
+	"github.com/go-xorm/xorm"
+)
+
+// Login object for request
+type RequestLogin struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+// Login found
+type Login struct {
+	Id          int64     `json:"id"`
+	Username    string    `xorm:"varchar(255) not null unique 'mail'" json:"username"`
+	Password    string    `xorm:"varchar(255) not null 'password'" json:"-"`
+	Active      bool      `xorm:"boolean default false 'active'" json:"active"`
+	Code        string    `xorm:"varchar(255) 'code'" json:"-"`
+	Superadmin  bool      `xorm:"boolean default false 'superadmin'" json:"superadmin"`
+	CreateAt    time.Time `xorm:"timestampz 'createat'" json:"createat"`
+	LastLoginAt time.Time `xorm:"timestampz 'lastloginat'" json:"lastloginat"`
+}
+
+func SyncModels(dbconnection *xorm.Engine) {
+	err := dbconnection.Sync(new(Login))
+	if err != nil {
+		log.Print("[system] Error create table \"login\": ", err)
+	}
+	result, err := dbconnection.Count(new(Login))
+	if err != nil {
+		log.Print("[system] Error get \"login\" count: ", err)
+	}
+	if result <= 0 {
+		login := new(Login)
+		login.Username = "root"
+		login.Password = libpassword.NewHesh("root")
+		login.CreateAt = time.Now()
+		login.Active = true
+		login.Superadmin = true
+		_, err := dbconnection.Insert(login)
+		if err == nil {
+			log.Print("[system] Create user \"root\"")
+		} else {
+			log.Print("[system] Error cound not first user: ", err)
+		}
+	}
+}