diff --git a/extend.php b/extend.php
index bad30c4..926568e 100644
--- a/extend.php
+++ b/extend.php
@@ -27,8 +27,12 @@ return [
 
     (new Extend\Routes('forum'))
         ->post('/oauth/authorize', 'oauth.authorize.post', Controllers\AuthorizeController::class),
+
     (new Extend\Routes('api'))
-        ->get('/oauth-clients', 'oauth.clients.list', Api\Controller\ListClientController::class),
+        ->get('/oauth-clients', 'oauth.clients.list', Api\Controller\ListClientController::class)
+        ->post('/oauth-clients', 'oauth.clients.create', Api\Controller\CreateClientController::class)
+        ->patch('/oauth-clients/{id}', 'oauth.clients.update', Api\Controller\UpdateClientController::class)
+        ->delete('/oauth-clients/{id}', 'oauth.clients.delete', Api\Controller\DeleteClientController::class),
 
     (new Extend\Middleware('api'))->add(ResourceScopeMiddleware::class),
 ];
diff --git a/js/dist/admin.js b/js/dist/admin.js
index 589a21a..4459328 100644
Binary files a/js/dist/admin.js and b/js/dist/admin.js differ
diff --git a/js/dist/admin.js.map b/js/dist/admin.js.map
index a4d7b3a..8aae698 100644
Binary files a/js/dist/admin.js.map and b/js/dist/admin.js.map differ
diff --git a/js/src/admin/pages/ClientsPage.js b/js/src/admin/pages/ClientsPage.js
index 594f0a1..ea80fe8 100644
--- a/js/src/admin/pages/ClientsPage.js
+++ b/js/src/admin/pages/ClientsPage.js
@@ -46,7 +46,7 @@ export default class ClientsPage extends Page {
                       type: 'text',
                       value: client[key]() || '',
                       onchange: (event) => {
-                        this.saveClientInfo(client.id(), key, event.target.value);
+                        this.saveClientInfo(index, key, event.target.value);
                       },
                     }))
                   ),
@@ -98,7 +98,10 @@ export default class ClientsPage extends Page {
     return pwd;
   }
 
-  saveClientInfo(id, key, value) {
-    console.log(id, key, value);
+  saveClientInfo(index, key, value) {
+    console.log(index, key, value);
+    this.clients[index].save({
+      [key]: value,
+    });
   }
 }
diff --git a/src/Api/Controller/CreateClientController.php b/src/Api/Controller/CreateClientController.php
new file mode 100644
index 0000000..5093c0c
--- /dev/null
+++ b/src/Api/Controller/CreateClientController.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace FoskyM\OAuthCenter\Api\Controller;
+
+use Flarum\Api\Controller\AbstractListController;
+use Flarum\Http\RequestUtil;
+use Illuminate\Support\Arr;
+use Psr\Http\Message\ServerRequestInterface;
+use Tobscure\JsonApi\Document;
+use FoskyM\OAuthCenter\Models\Client;
+use FoskyM\OAuthCenter\Api\Serializer\ClientSerializer;
+
+class CreateClientController extends AbstractListController
+{
+    public $serializer = ClientSerializer::class;
+    protected function data(ServerRequestInterface $request, Document $document)
+    {
+        $actor = RequestUtil::getActor($request);
+        $actor->assertAdmin();
+
+        $data = Arr::get($request->getParsedBody(), 'data', []);
+
+        $client = Client::build(
+            Arr::get($data, 'attributes.name'),
+            $actor->id,
+            Arr::get($data, 'attributes.icon'),
+            Arr::get($data, 'attributes.description'),
+            Arr::get($data, 'attributes.actions'),
+            Arr::get($data, 'attributes.metrics'),
+            Arr::get($data, 'attributes.requirements'),
+
+        );
+
+
+        $client->save();
+
+        return $client;
+    }
+}
diff --git a/src/Api/Controller/DeleteClientController.php b/src/Api/Controller/DeleteClientController.php
new file mode 100644
index 0000000..17907d0
--- /dev/null
+++ b/src/Api/Controller/DeleteClientController.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace FoskyM\OAuthCenter\Api\Controller;
+
+use Flarum\Api\Controller\AbstractListController;
+use Flarum\Http\RequestUtil;
+use Illuminate\Support\Arr;
+use Psr\Http\Message\ServerRequestInterface;
+use Tobscure\JsonApi\Document;
+use FoskyM\OAuthCenter\Models\Client;
+use FoskyM\OAuthCenter\Api\Serializer\ClientSerializer;
+
+class DeleteClientController extends AbstractListController
+{
+    public $serializer = ClientSerializer::class;
+    protected function data(ServerRequestInterface $request, Document $document)
+    {
+        $id = Arr::get($request->getQueryParams(), 'id');
+        RequestUtil::getActor($request)
+            ->assertAdmin();
+
+        $client = Client::find($id);
+
+        $client->delete();
+
+        return $client;
+    }
+}
diff --git a/src/Api/Controller/ListClientController.php b/src/Api/Controller/ListClientController.php
index caa3307..b0e10bf 100644
--- a/src/Api/Controller/ListClientController.php
+++ b/src/Api/Controller/ListClientController.php
@@ -16,9 +16,7 @@ class ListClientController extends AbstractListController
     protected function data(ServerRequestInterface $request, Document $document)
     {
         $actor = RequestUtil::getActor($request);
-        if (!$actor->isAdmin()) {
-            return [];
-        }
+        $actor->assertAdmin();
 
         return Client::get();
     }
diff --git a/src/Api/Controller/UpdateClientController.php b/src/Api/Controller/UpdateClientController.php
new file mode 100644
index 0000000..1bc2478
--- /dev/null
+++ b/src/Api/Controller/UpdateClientController.php
@@ -0,0 +1,37 @@
+<?php
+
+namespace FoskyM\OAuthCenter\Api\Controller;
+
+use Flarum\Api\Controller\AbstractListController;
+use Flarum\Http\RequestUtil;
+use Illuminate\Support\Arr;
+use Psr\Http\Message\ServerRequestInterface;
+use Tobscure\JsonApi\Document;
+use FoskyM\OAuthCenter\Models\Client;
+use FoskyM\OAuthCenter\Api\Serializer\ClientSerializer;
+
+class UpdateClientController extends AbstractListController
+{
+    public $serializer = ClientSerializer::class;
+    protected function data(ServerRequestInterface $request, Document $document)
+    {
+        $actor = RequestUtil::getActor($request);
+        $actor->assertAdmin();
+
+        $id = Arr::get($request->getQueryParams(), 'id');
+        $client = Client::find($id);
+
+        $data = Arr::get($request->getParsedBody(), 'data', []);
+
+        collect(['client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'client_name', 'client_desc', 'client_icon', 'client_home'])
+            ->each(function (string $attribute) use ($client, $data) {
+                if (($val = Arr::get($data, "attributes.$attribute")) !== null) {
+                    $client->$attribute = $val;
+                }
+            });
+
+        $client->save();
+
+        return $client;
+    }
+}