diff --git a/src/api/session.js b/src/api/session.js
new file mode 100644
index 0000000..fd63197
--- /dev/null
+++ b/src/api/session.js
@@ -0,0 +1,73 @@
+import * as dotenv from "dotenv";
+import { Router } from "express";
+import { authorize } from "../lib/authorize.js";
+import { summarize } from "../lib/chat.js";
+import { db } from "../lib/db.js";
+import { getMessages, getMessagesBySession } from "../lib/session.js";
+dotenv.config();
+
+const app = Router();
+
+app.get('/', async (req, res) => {
+  const b = req.query.open
+  let sessions = [];
+  if (b == "true") {
+    sessions = await db.session.findMany({
+      where: {
+        operator: undefined
+      }
+    })
+  } else if(b == "false") {
+    sessions = await db.session.findMany({
+      where: {
+        none: {
+          operator: undefined
+        }
+      }
+    })
+  } else {
+    sessions = await db.session.findMany()
+  }
+
+  return res.status(200).json({
+    sessions
+  })
+})
+
+app.get("/message", async (req, res) => {
+  const messages = await getMessagesBySession(req.body.sessionId)
+  return res.status(200).json({
+    messages
+  })
+})
+
+app.get("/summary", async (req, res) => {
+  const summary = await summarize(req.body.sessionId)
+  return res.status(200).json({
+    summary
+  })
+})
+
+app.get('/transfer', async (req, res) => {
+  const {authorized, webSession} = authorize(req, res)
+  if(!authorized) return res.status(401).send(null)
+  
+  const operator = await db.operator.findUnique({
+    where: { id: webSession.operatorId}
+  })
+  const session = await db.session.update({
+    where: {
+      id: req.body.sessionId
+    },
+    data: {
+      operatorPhone: operator.phoneNumber
+    }
+  })
+
+  return res.status(200).json({
+    session,
+    operator
+  })
+})
+
+export default app
\ No newline at end of file
diff --git a/src/index.js b/src/index.js
index ab89774..1e1632f 100644
--- a/src/index.js
+++ b/src/index.js
@@ -1,6 +1,7 @@
 import express from "express";
 import call from "./api/call.js";
 import operator from "./api/operator.js"
+import session from "./api/session.js"
 import cors from "cors"
 
 const app = express();
@@ -10,6 +11,7 @@ app.use(cors())
 
 app.use('/call', call)
 app.use('/operator', operator)
+app.use('/session', session)
 
 // Create an HTTP server and listen for requests on port 3000
 app.listen(8080, () => {
diff --git a/src/lib/authorize.js b/src/lib/authorize.js
index e460489..b22e2f5 100644
--- a/src/lib/authorize.js
+++ b/src/lib/authorize.js
@@ -1,7 +1,7 @@
 import { PrismaClient } from '@prisma/client';
 import {db} from './db.js'
 
-export const authorize = async (req, res, admin=false) => {
+export const authorize = async (req, res) => {
   let authorization = null
   if(!authorization) authorization = req.headers.authorization
   if(!authorization && req.cookies.auth) {