diff --git a/authserver/authserver/api/models.py b/authserver/authserver/api/models.py
index b796b25..997aa82 100644
--- a/authserver/authserver/api/models.py
+++ b/authserver/authserver/api/models.py
@@ -22,6 +22,9 @@ class Tool(models.Model):
         return self.name
 
 class Profile(models.Model):
-    user = models.OneToOneField(User, on_delete=models.CASCADE)
+    user = models.OneToOneField(User, on_delete=models.CASCADE, editable=False)
     lockout_admin = models.BooleanField(default=False)
     authorized_tools = models.ManyToManyField(Tool)
+
+    def __str__(self):
+        return self.user.username
diff --git a/authserver/authserver/api/serializers.py b/authserver/authserver/api/serializers.py
index aad5707..f00e1a6 100644
--- a/authserver/authserver/api/serializers.py
+++ b/authserver/authserver/api/serializers.py
@@ -3,24 +3,41 @@ from rest_framework import serializers
 
 from . import models
 
-class CategorySerializer(serializers.ModelSerializer):
+class CategorySerializer(serializers.HyperlinkedModelSerializer):
+    url = serializers.HyperlinkedIdentityField(view_name='category-detail', lookup_field='slug')
+
     class Meta:
         model = models.Category
         fields = '__all__'
 
-class ToolSerializer(serializers.ModelSerializer):
+class ToolSerializer(serializers.HyperlinkedModelSerializer):
+    url = serializers.HyperlinkedIdentityField(view_name='tool-detail', lookup_field='slug')
+    category = serializers.HyperlinkedRelatedField(
+            view_name='category-detail',
+            lookup_field='slug',
+            queryset=models.Category.objects.all()
+        )
+
     class Meta:
         model = models.Tool
         fields = '__all__'
 
-class ToolDataSerializer(serializers.ModelSerializer):
+class ToolDataSerializer(serializers.HyperlinkedModelSerializer):
+    url = serializers.HyperlinkedIdentityField(view_name='category-detail', lookup_field='slug')
     tools = ToolSerializer(many=True)
 
     class Meta:
         model = models.Category
         fields = '__all__'
 
-class ProfileSerializer(serializers.ModelSerializer):
+class ProfileSerializer(serializers.HyperlinkedModelSerializer):
+    user = serializers.StringRelatedField()
+    authorized_tools = serializers.SlugRelatedField(
+            many=True,
+            slug_field='slug',
+            queryset=models.Tool.objects.all()
+        )
+
     class Meta:
         model = models.Profile
         fields = '__all__'
diff --git a/authserver/authserver/api/views.py b/authserver/authserver/api/views.py
index faa5f3f..15eb586 100644
--- a/authserver/authserver/api/views.py
+++ b/authserver/authserver/api/views.py
@@ -1,5 +1,7 @@
 from django.contrib.auth.models import User
-from rest_framework import viewsets, permissions
+from rest_framework import mixins, permissions, viewsets
+
+from rest_framework.response import Response
 
 from . import models, serializers
 
@@ -14,20 +16,31 @@ class CategoryViewSet(viewsets.ModelViewSet):
     queryset = models.Category.objects.all().order_by('id')
     serializer_class = serializers.CategorySerializer
     permission_classes = (IsLockoutAdmin,)
+    lookup_field='slug'
 
 class ToolViewSet(viewsets.ModelViewSet):
     queryset = models.Tool.objects.all().order_by('id')
     serializer_class = serializers.ToolSerializer
     permission_classes = (IsLockoutAdmin,)
+    lookup_field='slug'
 
-class ToolDataViewSet(viewsets.ReadOnlyModelViewSet):
-    queryset = models.Category.objects.all().order_by('id')
-    serializer_class = serializers.ToolDataSerializer
+class ToolDataViewSet(viewsets.ViewSet):
+    def list(self, request):
+        objects = models.Category.objects.all().order_by('id')
+        serializer = serializers.ToolDataSerializer(objects, many=True, context={'request': request})
+        return Response({'categories': serializer.data})
 
-class ProfileViewSet(viewsets.ModelViewSet):
+class ProfileViewSet(
+        mixins.RetrieveModelMixin,
+        mixins.UpdateModelMixin,
+        mixins.ListModelMixin,
+        viewsets.GenericViewSet):
     queryset = models.Profile.objects.all().order_by('-user__date_joined')
     serializer_class = serializers.ProfileSerializer
+    permission_classes = (IsLockoutAdmin,)
 
-class UserViewSet(viewsets.ModelViewSet):
-    queryset = models.User.objects.all().order_by('-date_joined')
+class UserViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = serializers.UserSerializer
+
+    def get_queryset(self):
+        return User.objects.filter(username=self.request.user)
diff --git a/authserver/authserver/urls.py b/authserver/authserver/urls.py
index acbb044..948e89f 100644
--- a/authserver/authserver/urls.py
+++ b/authserver/authserver/urls.py
@@ -23,10 +23,10 @@ from rest_framework import routers
 from .api import views
 
 router = routers.DefaultRouter()
-router.register(r'tool', views.ToolViewSet, 'tool')
+router.register(r'tool', views.ToolViewSet)
 router.register(r'category', views.CategoryViewSet, 'category')
 router.register(r'tooldata', views.ToolDataViewSet, 'tooldata')
-router.register(r'profile', views.ProfileViewSet, 'profile')
+router.register(r'profile', views.ProfileViewSet)
 router.register(r'user', views.UserViewSet, 'user')
 
 urlpatterns = [