diff --git a/dsite/settings.py b/dsite/settings.py
index e6095ae..7c13434 100644
--- a/dsite/settings.py
+++ b/dsite/settings.py
@@ -1 +1,8 @@
 from .settings_default import *
+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'rest_framework.authentication.BasicAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
+    ),
+    'PAGE_SIZE': 10
+}
diff --git a/dsite/settings_default.py b/dsite/settings_default.py
index 404ba94..de5f3fa 100644
--- a/dsite/settings_default.py
+++ b/dsite/settings_default.py
@@ -38,8 +38,10 @@ INSTALLED_APPS = [
     'django.contrib.messages',
     'django.contrib.staticfiles',
 
+
     # third party
     'rest_framework',
+    'rest_framework.authtoken',
 
     # user apps
     'timer',
diff --git a/dsite/urls.py b/dsite/urls.py
index 60ca177..0dfa4f8 100644
--- a/dsite/urls.py
+++ b/dsite/urls.py
@@ -19,12 +19,15 @@ from django.urls import include, path
 from django.conf.urls import url
 
 from rest_framework import routers
+from rest_framework.authtoken import views
 
 router = routers.DefaultRouter()
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.
+
 urlpatterns = [
     path('', include(router.urls)),
     path('api-auth/', include('rest_framework.urls', namespace='rest_framework')),
+    path('api-auth-token/', views.obtain_auth_token, name='api-auth-token'),
     url('timer/', include('timer.urls')),
 ]
diff --git a/timer/urls.py b/timer/urls.py
index b5a0c24..bde11d6 100644
--- a/timer/urls.py
+++ b/timer/urls.py
@@ -7,5 +7,5 @@ from timer import views
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
-    url('office-hours', views.OfficeHoursViewSet.as_view({'get': 'list'}))
+    url('office-hours', views.OfficeHoursAPI.as_view())
 ]
diff --git a/timer/views.py b/timer/views.py
index dc67e21..347e797 100644
--- a/timer/views.py
+++ b/timer/views.py
@@ -1,31 +1,68 @@
 from django.contrib.auth.models import User, Group
 from django.shortcuts import render
-from rest_framework import viewsets
+from rest_framework import authentication, permissions, status, viewsets
+from rest_framework.generics import CreateAPIView
+from rest_framework.response import Response
+from rest_framework.views import APIView
 
 import timer.serializers
 import timer.models
 
-
-class OfficeHoursViewSet(viewsets.ModelViewSet):
-  """
-  API endpoint that allows office hours to be viewed or edited.
-  """
-
-  queryset = timer.models.OfficeHours.objects.order_by('-id')
-  serializer_class = timer.serializers.OfficeHoursSerializer
+import datetime
 
 
-class UserViewSet(viewsets.ModelViewSet):
-  """
-  API endpoint that allows users to be viewed or edited.
-  """
-  queryset = User.objects.all().order_by('-date_joined')
-  serializer_class = timer.serializers.UserSerializer
+# class OfficeHoursViewSet(viewsets.ModelViewSet):
+#   """
+#   API endpoint that allows office hours to be viewed or edited.
+#   """
+
+#   queryset = timer.models.OfficeHours.objects.order_by('-id')
+#   serializer_class = timer.serializers.OfficeHoursSerializer
 
 
-class GroupViewSet(viewsets.ModelViewSet):
-  """
-  API endpoint that allows groups to be viewed or edited.
-  """
-  queryset = Group.objects.all()
-  serializer_class = timer.serializers.GroupSerializer
+# class UserViewSet(viewsets.ModelViewSet):
+#   """
+#   API endpoint that allows users to be viewed or edited.
+#   """
+#   queryset = User.objects.all().order_by('-date_joined')
+#   serializer_class = timer.serializers.UserSerializer
+
+
+# class GroupViewSet(viewsets.ModelViewSet):
+#   """
+#   API endpoint that allows groups to be viewed or edited.
+#   """
+#   queryset = Group.objects.all()
+#   serializer_class = timer.serializers.GroupSerializer
+
+
+class OfficeHoursAPI(CreateAPIView):
+
+  authentication_classes = (authentication.TokenAuthentication,
+                            authentication.SessionAuthentication,
+                            authentication.BasicAuthentication)
+  permission_classes = (permissions.IsAuthenticated,)
+
+  queryset = timer.models.OfficeHours.objects.all()
+
+  def create(self, request, *args, **kwargs):
+    begins_at = request.data.get('begins_at')
+    if not begins_at:
+      raise
+    try:
+      begins_at = datetime.datetime.strptime(begins_at, '%Y-%m-%d %H:%M')
+      ends_at = begins_at + datetime.timedelta(hours=9.5)
+      oh, __ = timer.models.OfficeHours.objects.get_or_create(
+        begins_at=begins_at,
+        ends_at=ends_at,
+        user=request.user)
+    except ValueError:
+      raise
+
+    resp_data = {
+      'begins_at': begins_at.strftime('%Y-%m-%d %H:%M'),
+      'ends_at': ends_at.strftime('%Y-%m-%d %H:%M'),
+    }
+
+    return Response(resp_data, status=status.HTTP_201_CREATED)
+