diff --git a/crates/lox-distributor/src/main.rs b/crates/lox-distributor/src/main.rs
index aa5772c..005a818 100644
--- a/crates/lox-distributor/src/main.rs
+++ b/crates/lox-distributor/src/main.rs
@@ -1,3 +1,4 @@
+use core::slice;
 use std::{
     convert::Infallible,
     net::SocketAddr,
@@ -5,18 +6,20 @@ use std::{
 };
 
 use hyper::{
+    body, body::Bytes,
     header::HeaderValue,
     server::conn::AddrStream,
     service::{make_service_fn, service_fn},
     Body, Method, Request, Response, Server, StatusCode,
 };
-use std::fs;
 use lox::bridge_table::BridgeLine;
+use lox::proto;
 use lox::{BridgeAuth, BridgeDb, OPENINV_LENGTH};
 use rand::RngCore;
 use serde::{Deserialize, Serialize};
 use serde_json;
 use serde_with::serde_as;
+use std::fs;
 use std::fs::File;
 use std::io::Write;
 use std::path::Path;
@@ -81,23 +84,75 @@ async fn handle(
     //   addr: SocketAddr,
     req: Request<Body>,
 ) -> Result<Response<Body>, Infallible> {
-
     println!("Reqs on {}, {}", req.method(), req.uri().path());
-    match (req.method(), req.uri().path()) {
-        (&Method::GET, "/invite") => Ok::<_, Infallible>(generate_invite(context.db)),
-        (&Method::GET, "/pubkeys") => Ok::<_, Infallible>(send_keys(&context.pubkey_filename)),
-        //(&Method::POST, "/json_api") => api_post_response(req).await,
-        //(&Method::GET, "/json_api") => api_get_response().await,
-        _ => {
-            // Return 404 not found response.
-            Ok(Response::builder()
-                .status(StatusCode::NOT_FOUND)
-                .body(Body::from("Not found"))
-                .unwrap())
-        }
+    println!("Whole req: {:?}", req);
+
+    match req.method() {
+        &Method::OPTIONS => Ok(Response::builder()
+            .header("Access-Control-Allow-Origin", HeaderValue::from_static("*"))
+            .header("Access-Control-Allow-Headers", "accept, content-type")
+            .header("Access-Control-Allow-Methods", "POST")
+            .status(200)
+            .body(Body::from("Allow POST"))
+            .unwrap()),
+        _ => match (req.method(), req.uri().path()) {
+            (&Method::GET, "/invite") => Ok::<_, Infallible>(generate_invite(context.db)),
+            (&Method::GET, "/pubkeys") => Ok::<_, Infallible>(send_keys(&context.pubkey_filename)),
+            //TODO: figure out the format of the request and parse it?
+            (&Method::POST, "/openreq") => Ok::<_, Infallible>({
+                let bytes = body::to_bytes(req.into_body()).await.unwrap();
+                verify_and_send_open_cred(bytes, context.ba)
+            }),
+            //(&Method::POST, "/json_api") => api_post_response(req).await,
+            //(&Method::GET, "/json_api") => api_get_response().await,
+            _ => {
+                // Return 404 not found response.
+                Ok(Response::builder()
+                    .status(StatusCode::NOT_FOUND)
+                    .body(Body::from("Not found"))
+                    .unwrap())
+            }
+        },
     }
 }
 
+fn generate_invite(db: Arc<Mutex<lox::BridgeDb>>) -> Response<Body> {
+    let obj = db.lock().unwrap();
+    let invite = Invite {
+        invite: obj.invite(),
+    };
+    let token = serde_json::to_string(&invite).unwrap();
+    let mut resp = Response::new(Body::from(token));
+    resp.headers_mut()
+        .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
+    resp
+}
+
+fn send_keys(pubkeys_filename: &str) -> Response<Body> {
+    let data = fs::read_to_string(pubkeys_filename).expect("Unable to read file");
+    let json_keys = serde_json::to_string(&data).expect("JSON was not well-formatted");
+    let mut resp = Response::new(Body::from(json_keys));
+    resp.headers_mut()
+        .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
+    resp
+}
+fn verify_and_send_open_cred(request: Bytes, ba: Arc<Mutex<BridgeAuth>>) -> Response<Body> {
+    let req: proto::open_invite::Request = serde_json::from_slice(&request).unwrap();
+    let mut ba_obj = ba.lock().unwrap();
+    let response = ba_obj.handle_open_invite(req).unwrap();
+    let open_invite_resp_str = serde_json::to_string(&response).unwrap();
+    let mut resp = Response::new(Body::from(open_invite_resp_str));
+    resp.headers_mut()
+        .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
+    resp
+}
+
+async fn shutdown_signal() {
+    tokio::signal::ctrl_c()
+        .await
+        .expect("failed to listen for ctrl+c signal");
+}
+
 #[tokio::main]
 async fn main() {
     let lox_auth_pubkeys_filename = "lox_auth_pubkeys.json";
@@ -160,30 +215,3 @@ async fn main() {
         eprintln!("server error: {}", e);
     }
 }
-
-async fn shutdown_signal() {
-    tokio::signal::ctrl_c()
-        .await
-        .expect("failed to listen for ctrl+c signal");
-}
-
-fn generate_invite(db: Arc<Mutex<lox::BridgeDb>>) -> Response<Body> {
-    let obj = db.lock().unwrap();
-    let invite = Invite {
-        invite: obj.invite(),
-    };
-    let token = serde_json::to_string(&invite).unwrap();
-    let mut resp = Response::new(Body::from(token));
-    resp.headers_mut()
-        .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
-    resp
-}
-
-fn send_keys(pubkeys_filename: &str) -> Response<Body> {
-    let data = fs::read_to_string(pubkeys_filename).expect("Unable to read file");
-    let json_keys = serde_json::to_string(&data).expect("JSON was not well-formatted");
-    let mut resp = Response::new(Body::from(json_keys));
-    resp.headers_mut()
-        .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
-    resp
-}