diff --git a/api/src/index.js b/api/src/index.js
index 94af1b4..c15aae9 100644
--- a/api/src/index.js
+++ b/api/src/index.js
@@ -76,6 +76,9 @@ app.use('/storage', storageRoutes)
 const paramsRoutes = require('./routes/params')
 app.use('/params', paramsRoutes)
 
+const settingsRoutes = require('./routes/settings')
+app.use('/settings', settingsRoutes)
+
 // Avvio del server
 app.listen(PORT, '0.0.0.0', () => {
     console.log(`Started on port ${PORT}`);
diff --git a/api/src/routes/settings.js b/api/src/routes/settings.js
new file mode 100644
index 0000000..80f3f02
--- /dev/null
+++ b/api/src/routes/settings.js
@@ -0,0 +1,9 @@
+// api.mebboat.it/settings
+
+const express = require('express');
+const router = express.Router();
+
+
+
+
+module.exports = router
\ No newline at end of file
diff --git a/auth/src/index.js b/auth/src/index.js
index 93af68a..bb74876 100644
--- a/auth/src/index.js
+++ b/auth/src/index.js
@@ -33,7 +33,9 @@ app.set('view engine', 'html');
 
 // Routes
 const authRoutes = require('./routes/auth');
+const usersRoutes = require('./routes/users');
 app.use('/', authRoutes);
+app.use('/users', usersRoutes);
 
 app.get('/health', async (req, res) => {
     const dbConnected = await database.checkPostgres();
diff --git a/auth/src/routes/users.js b/auth/src/routes/users.js
index 0651f20..0d53be8 100644
--- a/auth/src/routes/users.js
+++ b/auth/src/routes/users.js
@@ -1,2 +1,113 @@
-const router = require('express').Router();
+// api.mebboat.it/users
 
+const router = require('express').Router();
+const jwt = require('../tools/jwt');
+const { query } = require('../storage/database');
+
+// Middleware di autenticazione: estrae l'utente dal token JWT
+const requireAuth = (req, res, next) => {
+    // Estraiamo il token dai cookies (inserito al login) o dall'header "Authorization"
+    const token = (req.cookies && req.cookies.auth_token) || jwt.getToken(req.headers['authorization']);
+
+    if (!token) {
+        return res.status(401).json({ error: 'Non autorizzato: token mancante' });
+    }
+
+    const verified = jwt.verifyToken(token);
+    if (!verified.valid) {
+        return res.status(401).json({ error: 'Non autorizzato: token scaduto o non valido', reason: verified.reason });
+    }
+
+    // Il riferimento all'identità dell'utente viene agganciato all'oggetto `req`
+    // (payload conterrà { user_id, username, session_id })
+    req.user = verified.payload;
+    next();
+};
+
+router.use(requireAuth);
+
+router.get('/', async (req, res) => {
+    try {
+        const result = await query(
+            'SELECT id, username, is_active, created_at, telegram_id FROM users'
+        );
+        res.json(result.rows);
+    } catch (err) {
+        res.status(500).json({ error: 'Errore interno del server ' + err });
+    }
+})
+
+router.get('/tonotify/', async (req, res) => {
+    try {
+        const result = await query(
+            'SELECT telegram_id FROM users WHERE telegram_id IS NOT NULL'
+        );
+        res.json(result.rows);
+    } catch (err) {
+        res.status(500).json({ error: 'Errore interno del server ' + err });
+    }
+})
+
+router.get('/me', async (req, res) => {
+    try {
+        const result = await query(
+            'SELECT id, username, is_active, created_at, telegram_id FROM users WHERE id = $1',
+            [req.user.user_id]
+        );
+
+        if (result.rows.length === 0) {
+            return res.status(404).json({ error: 'Utente non trovato' });
+        }
+
+        res.json(result.rows[0]);
+    } catch (err) {
+        console.error('[USERS] Errore recupero utente:', err);
+        res.status(500).json({ error: 'Errore interno del server' });
+    }
+});
+
+// 2. Modificare l'username dell'utente
+router.put('/me/username', async (req, res) => {
+    // Si aspetta il nuovo parametro via query (?newUsername=Mario) o body se preferibile
+    const newUsername = req.query.newUsername || req.body?.newUsername;
+
+    if (!newUsername) {
+        return res.status(400).json({ error: 'Nuovo username richiesto' });
+    }
+
+    try {
+        await query(
+            'UPDATE users SET username = $1 WHERE id = $2',
+            [newUsername, req.user.user_id] // Nessuna informazione identitaria prelevata dal body
+        );
+        res.json({ success: true, message: 'Username aggiornato con successo' });
+    } catch (err) {
+        if (err.code === '23505') { // UNIQUE constraint violation PostgreSQL
+            return res.status(409).json({ error: 'Questo username è già in uso' });
+        }
+        console.error('[USERS] Errore aggiornamento username:', err);
+        res.status(500).json({ error: 'Errore interno del server' });
+    }
+});
+
+// 3. Modificare altri parametri (es. telegram_id)
+router.put('/me/telegram', async (req, res) => {
+    const telegramId = req.query.telegramId || req.body?.telegramId;
+
+    if (!telegramId) {
+        return res.status(400).json({ error: 'Telegram ID richiesto' });
+    }
+
+    try {
+        await query(
+            'UPDATE users SET telegram_id = $1 WHERE id = $2',
+            [telegramId, req.user.user_id]
+        );
+        res.json({ success: true, message: 'Telegram ID aggiornato con successo' });
+    } catch (err) {
+        console.error('[USERS] Errore aggiornamento parametro:', err);
+        res.status(500).json({ error: 'Errore interno del server' });
+    }
+});
+
+module.exports = router;