diff --git a/rowers/permissions.py b/rowers/permissions.py
index b3872796..67afe16c 100644
--- a/rowers/permissions.py
+++ b/rowers/permissions.py
@@ -16,6 +16,7 @@ class IsOwnerOrReadOnly(permissions.BasePermission):
         return obj.user == request.user
 
 class IsOwnerOrNot(permissions.BasePermission):
+    
     def has_object_permission(self, request, view, obj):
         r = Rower.objects.get(user=request.user)
         return (obj.user == r)
diff --git a/rowers/serializers.py b/rowers/serializers.py
index b0890f54..e0c8b560 100644
--- a/rowers/serializers.py
+++ b/rowers/serializers.py
@@ -1,5 +1,5 @@
 from rest_framework import serializers
-from rowers.models import Workout,Rower
+from rowers.models import Workout,Rower,StrokeData
 
 import datetime
 
@@ -93,8 +93,8 @@ class WorkoutSerializer(serializers.ModelSerializer):
 class StrokeDataSerializer(serializers.Serializer):
     workoutid = serializers.IntegerField
     strokedata = serializers.JSONField
-
-    def create(self, validated_data):
+    
+    def create(self, workoutid, strokedata):
         """
         Create and enter a new set of stroke data  into the DB
         """
@@ -103,3 +103,5 @@ class StrokeDataSerializer(serializers.Serializer):
         print "fake serializer"
         return 1
 
+    
+
diff --git a/rowers/templates/base.html b/rowers/templates/base.html
index ed06f76e..4c5678a4 100644
--- a/rowers/templates/base.html
+++ b/rowers/templates/base.html
@@ -17,7 +17,6 @@
 	<link rel="stylesheet" href="/static/css/text.css" />
 	<link rel="stylesheet" href="/static/css/960_12_col.css" />
 	<link rel="stylesheet" href="/static/css/rowsandall.css" />
-        <link rel="stylesheet" href="static/css/cookiecuttr.css" />
 	{% block meta %} {% endblock %}
     {% analytical_head_bottom %}
 </head>
diff --git a/rowers/urls.py b/rowers/urls.py
index f6b9beb5..10ca4c4a 100644
--- a/rowers/urls.py
+++ b/rowers/urls.py
@@ -2,11 +2,11 @@ from django.conf import settings
 from django.conf.urls import url, include
 from django.contrib.auth.models import User
 
-from models import Workout,Rower
+from models import Workout,Rower,StrokeData
 
 from rest_framework import routers, serializers, viewsets,permissions
 from rest_framework.urlpatterns import format_suffix_patterns
-
+from rest_framework.permissions import *
 from . import views
 from django.contrib.auth import views as auth_views
 from django.views.generic.base import TemplateView
@@ -15,18 +15,34 @@ from django.conf.urls import (
     )
 
 from rowers.permissions import IsOwnerOrNot,IsOwnerOrReadOnly
-from rowers.serializers import WorkoutSerializer,RowerSerializer
+from rowers.serializers import (
+    WorkoutSerializer,
+    RowerSerializer,
+    StrokeDataSerializer,
+    )
         
 class WorkoutViewSet(viewsets.ModelViewSet):
-    queryset = Workout.objects.all().order_by("-date", "-starttime")
+    model = Workout
+    #queryset = Workout.objects.all().order_by("-date", "-starttime")
     serializer_class = WorkoutSerializer
-    permission_classes = (IsOwnerOrNot,)
 
+    def get_queryset(self):
+        r = Rower.objects.get(user=self.request.user)
+        return Workout.objects.filter(user=r).order_by("-date","-starttime")
+    
+    
+    permission_classes = (
+        #DjangoModelPermissions,
+        IsOwnerOrNot,
+    )
+
+class StrokeDataViewSet(viewsets.ModelViewSet):
+    serializer_class = StrokeDataSerializer
     
 # Routers provide an easy way of automatically determining the URL conf.
 router = routers.DefaultRouter()
-router.register(r'api/workouts',WorkoutViewSet)
-#router.register(r'api/rower',RowerViewSet)
+router.register(r'api/workouts',WorkoutViewSet, 'workout')
+
 
 handler500 = 'views.error500_view'
 handler404 = 'views.error404_view'
@@ -40,7 +56,7 @@ urlpatterns = [
     url(r'^', include(router.urls)),
     url(r'^api-docs$', views.schema_view),
     url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
-    url(r'^api/workouts/(\d+)/strokedata$',views.strokedatajson),
+    url(r'^api/workouts/(?P<id>\d+)/strokedata$',views.strokedatajson),
     url(r'^testbokeh$',views.testbokeh),
     url(r'^500/$', TemplateView.as_view(template_name='500.html'),name='500'),
     url(r'^404/$', TemplateView.as_view(template_name='404.html'),name='404'),
diff --git a/rowers/views.py b/rowers/views.py
index f9ba1e97..d13289c5 100644
--- a/rowers/views.py
+++ b/rowers/views.py
@@ -86,7 +86,7 @@ from rest_framework.parsers import JSONParser
 from rest_framework.response import Response
 from rowers.serializers import RowerSerializer,WorkoutSerializer
 from rest_framework import status,permissions,generics
-from rest_framework.decorators import api_view
+from rest_framework.decorators import api_view, renderer_classes
 
 from permissions import IsOwnerOrNot
 
@@ -105,8 +105,6 @@ from interactiveplots import *
 
 schema_view = get_swagger_view(title='Rowsandall API (Unstable)')
 
-
-        
 def error500_view(request):
     response = render_to_response('500.html', {},
 				  context_instance = RequestContext(request))
@@ -4813,10 +4811,16 @@ def strokedataform(request,id=0):
 		  })
 
 
+from rest_framework_swagger.renderers import OpenAPIRenderer, SwaggerUIRenderer
 from django.views.decorators.csrf import csrf_exempt
 @csrf_exempt
 @login_required()
+@api_view(['GET','POST'])
 def strokedatajson(request,id):
+    """
+    POST: Add Stroke data to workout
+    GET: Get stroke data of workout
+    """
     try:
 	row = Workout.objects.get(id=id)
 	if (checkworkoutuser(request.user,row)==False):
@@ -4839,11 +4843,9 @@ def strokedatajson(request,id):
         if not checkdata.empty:
             return HttpResponse("Duplicate Error",409)
         # strokedata = request.POST['strokedata']
-        print request.body
-        received_json_data = json.loads(request.body)
         # checking/validating and cleaning
         try:
-            strokedata = json.loads(received_json_data['strokedata'])
+            strokedata = json.loads(request.POST['strokedata'])
         except:
             return HttpResponse("No JSON object could be decoded",400)
 
@@ -4851,9 +4853,9 @@ def strokedatajson(request,id):
         df.index = df.index.astype(int)
         df.sort_index(inplace=True)
         # time, hr, pace, spm, power, drivelength, distance, drivespeed, dragfactor, strokerecoverytime, averagedriveforce, peakdriveforce, lapidx
-        time = df['timesecs']
+        time = df['time']/1.e3
         aantal = len(time)
-        pace = df['pseconds']
+        pace = df['pace']/1.e3
         if len(pace) != aantal:
             return HttpResponse("Pace array has incorrect length",status=400)
         distance = df['distance']
diff --git a/rowsandall_app/settings.py b/rowsandall_app/settings.py
index a0b4513d..c7af4887 100644
--- a/rowsandall_app/settings.py
+++ b/rowsandall_app/settings.py
@@ -273,6 +273,7 @@ REST_FRAMEWORK = {
     # or allow read-only access for unauthenticated users.
     'DEFAULT_PERMISSION_CLASSES': [
         'rest_framework.permissions.IsAuthenticated'
+#        'rest_framework.permissions.DjangoModelPermissions'
     ],
     'DEFAULT_AUTHENTICATION_CLASSES': (
         'rest_framework.authentication.BasicAuthentication',
@@ -286,6 +287,11 @@ SWAGGER_SETTINGS = {
     'SECURITY_DEFINITION': {
         'basic': {
             'type':'basic'
+            },
+        'oauth2': {
+            'type':'oauth2',
+            'authorizationUrl':'/rowers/o/authorize',
+            'flow': 'implicit',
             }
         },
     'SHOW_REQUEST_HEADERS': True,