diff --git a/apiV1BrokerList.go b/apiV1BrokerList.go
index ef02fb6..2da11f6 100644
--- a/apiV1BrokerList.go
+++ b/apiV1BrokerList.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"biukop.com/sfm/loan"
+	"encoding/json"
 	log "github.com/sirupsen/logrus"
 	"net/http"
 )
@@ -27,3 +28,48 @@ func apiV1BrokerGet(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
 	}
 	apiV1SendJson(b, w, r, ss)
 }
+
+func decodeJsonBrokerEdit(r *http.Request) (ret loan.Broker, e error) {
+	decoder := json.NewDecoder(r.Body)
+	//decoder.DisallowUnknownFields()
+	e = decoder.Decode(&ret)
+	if e != nil {
+		log.Error("failed decoding json for Filtering full_loan_summary ", e.Error())
+		return
+	}
+	return
+}
+
+func apiV1BrokerPost(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
+	id := r.URL.Path[len(apiV1Prefix+"broker/"):]
+	b := loan.Broker{}
+	e := b.Read(id)
+	if e != nil {
+		log.Error("cannot find broker by id", id, e.Error())
+		apiV1Client404Error(w, r, ss)
+		return
+	}
+
+	input, e := decodeJsonBrokerEdit(r)
+	if e != nil {
+		log.Error("cannot find broker by id", id, e.Error())
+		apiV1Client404Error(w, r, ss)
+		return
+	}
+	b.BSB = input.BSB
+	b.ACC = input.ACC
+	b.Display = input.Display
+	b.First = input.First
+	b.Last = input.Last
+	b.License = input.License
+	b.Organization = input.Organization
+
+	e = b.Write()
+	if e != nil {
+		log.Error("failed to save broker ", b, e.Error())
+		apiV1Client404Error(w, r, ss)
+		return
+	}
+
+	apiV1SendJson(b, w, r, ss)
+}
diff --git a/apiV1ChangePass.go b/apiV1ChangePass.go
new file mode 100644
index 0000000..a2dfa42
--- /dev/null
+++ b/apiV1ChangePass.go
@@ -0,0 +1,62 @@
+package main
+
+import (
+	"biukop.com/sfm/loan"
+	"encoding/json"
+	log "github.com/sirupsen/logrus"
+	"net/http"
+)
+
+type changePass struct {
+	OldPassword string
+	NewPass     string
+	NewPass1    string
+}
+
+func decodeJsonChangePass(r *http.Request) (ret changePass, e error) {
+	decoder := json.NewDecoder(r.Body)
+	//decoder.DisallowUnknownFields()
+	e = decoder.Decode(&ret)
+	if e != nil {
+		log.Error("failed decoding json change password ", e.Error())
+		return
+	}
+	return
+}
+
+func apiV1ChangePass(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
+	id := r.URL.Path[len(apiV1Prefix+"change-pass/"):]
+
+	u := loan.User{}
+	e := u.Read(id)
+
+	if e != nil {
+		log.Error("cannot change pass for user ", id, e.Error())
+		apiV1Client403Error(w, r, ss)
+		return
+	}
+
+	input, e := decodeJsonChangePass(r)
+	if e != nil {
+		log.Error("cannot decode json for change password ", id, e.Error())
+		apiV1Client403Error(w, r, ss)
+		return
+	}
+
+	e = u.VerifyPass(input.OldPassword)
+	if e != nil {
+		log.Error("wrong old password ", id, e.Error())
+		apiV1Client403Error(w, r, ss)
+		return
+	}
+
+	u.SetPass(input.NewPass)
+	e = u.Write()
+	if e != nil {
+		log.Error("fail to update new pass ", id, e.Error())
+		apiV1Server500Error(w, r)
+		return
+	}
+
+	apiV1SendJson(true, w, r, ss)
+}
diff --git a/apiV1login.go b/apiV1login.go
index b0e2d95..160b8bd 100644
--- a/apiV1login.go
+++ b/apiV1login.go
@@ -14,6 +14,15 @@ type loginForm struct {
 	Pass  string `json:"p"`
 }
 
+type userExtra struct {
+	Enabled      int
+	Login        string
+	BSB          string
+	ACC          string
+	License      string
+	Organization string
+}
+
 func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
 	res := apiV1ResponseBlank()
 
@@ -52,6 +61,24 @@ func apiV1Login(w http.ResponseWriter, r *http.Request, ss *loan.Session) {
 	u, e := ss.GetUser()
 	if e == nil {
 		res.add("user", u.People)
+
+		if ss.GetRole() == "broker" {
+			broker := loan.Broker{}
+			e := broker.Read(ss.User)
+			if e != nil {
+				log.Error("fail to retrieve broker for session ", ss, e.Error())
+			} else {
+				ue := userExtra{
+					Enabled:      broker.Enabled,
+					Login:        broker.Login,
+					BSB:          broker.BSB,
+					ACC:          broker.ACC,
+					License:      broker.License,
+					Organization: broker.Organization,
+				}
+				res.add("userExtra", ue)
+			}
+		}
 	}
 	res.add("Biukop-Session", ss.Id)
 	res.add("Biukop-Mid", ss.Get("Biukop-Mid"))
diff --git a/apiv1.go b/apiv1.go
index 7dfef11..7913f04 100644
--- a/apiv1.go
+++ b/apiv1.go
@@ -40,6 +40,8 @@ func setupApiV1Handler() []apiV1HandlerMap {
 			{"DELETE", "loan/", apiV1LoanSingleDelete},
 			{"GET", "people/", apiV1PeopleGet},
 			{"GET", "broker/", apiV1BrokerGet},
+			{"POST", "broker/", apiV1BrokerPost},
+			{"POST", "change-pass/", apiV1ChangePass},
 			{"POST", "loan/basic/", apiV1LoanSinglePostBasic},
 			{"GET", "avatar/", apiV1Avatar},
 			{"POST", "avatar/", apiV1AvatarPost},
@@ -67,6 +69,8 @@ func setupApiV1Handler() []apiV1HandlerMap {
 			{"DELETE", "loan/", apiV1LoanSingleDelete},
 			{"GET", "people/", apiV1PeopleGet},
 			{"GET", "broker/", apiV1BrokerGet},
+			{"POST", "broker/", apiV1BrokerPost},
+			{"POST", "change-pass/", apiV1ChangePass},
 			{"POST", "loan/basic/", apiV1LoanSinglePostBasic},
 			{"GET", "avatar/", apiV1Avatar},
 			{"POST", "avatar/", apiV1AvatarPost},