diff --git a/requirements.txt b/requirements.txt
index 906b98f..95e08be 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,4 @@
-setuptools~=40.8.0
+setuptools~=56.0.0
 django~=2.2.13
-djangorestframework~=3.9.0
\ No newline at end of file
+djangorestframework~=3.12.4
+djoser~=2.1.0
diff --git a/src/api.ts b/src/api.ts
index ef72ad6..d8a33ce 100644
--- a/src/api.ts
+++ b/src/api.ts
@@ -2,7 +2,7 @@ import Cookies from "js-cookie";
 
 type HTTPMethod = "GET" | "POST" | "PUT" | "PATCH";
 
-export class APIError extends Error {
+class APIError extends Error {
   constructor(message: string, public readonly errors: unknown) {
     super(message);
   }
@@ -29,7 +29,7 @@ async function request(
   }
   init.headers.set("Accept", "application/json");
   init.headers.set("Content-Type", "application/json");
-  const response = await fetch(`/${endpoint}/`, init);
+  const response = await fetch(`/api/${endpoint}/`, init);
   if (response.status !== 204) {
     if (response.status === successStatus) {
       return await response.json();
@@ -39,69 +39,41 @@ async function request(
   }
 }
 
-async function api_request(
-  method: HTTPMethod,
-  endpoint: string,
-  successStatus: number,
-  data: any,
-  authToken?: string
-) {
-  return request(method, `api/${endpoint}`, successStatus, data, authToken);
-}
-
 export class User {
   email: string | undefined;
   password: string | undefined;
-  username: string | null = null;
-  confidantEmail: string | null = null;
+  private username: string | null = null;
+  private confidantEmail: string | null = null;
   isAuthenticated = false;
   private token = "";
 
   static async confirm(uid: string, token: string): Promise<void> {
-    await api_request("POST", "users/activation", 204, { uid, token });
+    await request("POST", "users/activation", 204, { uid, token });
   }
 
   async login(): Promise<void> {
-    if (!this.email || !this.password) throw new APIError("", "");
-
-    // logout any existing sessions
-    //await logout()
-    // fetch the login endpoint we use for authentication
-    const loginEndpoint = "/api-auth/login/";
-    // fetch the login page, so it sets csrf cookies
-    await window.fetch(loginEndpoint);
-
-    // authenticate us
-    const body = new window.FormData();
-    body.append("username", this.email);
-    body.append("password", this.password);
-    const csrf_token = Cookies.get("csrftoken");
-    if (csrf_token) body.append("csrfmiddlewaretoken", csrf_token);
-    const res = await window.fetch(loginEndpoint, { method: "post", body });
-
-    // successful logins are followed by a redirect
-    if (res.redirected && res.status === 200) {
-      this.isAuthenticated = true;
-    } else {
-      throw new APIError("", "");
-    }
+    const response = await request("POST", "token/login", 200, {
+      email: this.email,
+      password: this.password,
+    });
+    this.token = response.auth_token;
+    this.isAuthenticated = true;
   }
 
   async save(): Promise<void> {
-    await api_request(
+    await request(
       "PATCH",
       "users/me",
       200,
       {
         username: this.username,
-        confidant_email: this.confidantEmail,
       },
       this.token
     );
   }
 
   async signup(): Promise<void> {
-    await api_request("POST", "users", 201, {
+    await request("POST", "users", 201, {
       email: this.email,
       password: this.password,
     });
diff --git a/src/components/UserTable.vue b/src/components/UserTable.vue
index 51e9491..696c59a 100644
--- a/src/components/UserTable.vue
+++ b/src/components/UserTable.vue
@@ -24,15 +24,11 @@
         </tr>
         <tr>
           <td>Benutzername</td>
-          <td>
-            <InlineEditor v-model="user.username" @input="user.save()" />
-          </td>
+          <td><InlineEditor v-model="user.username" @input="user.save()" /></td>
         </tr>
         <tr>
           <td>Vertrauensperson</td>
-          <td>
-            <inline-editor v-model="user.confidantEmail" @input="user.save()" />
-          </td>
+          <td><inline-editor v-model="user.confidant_email" /></td>
         </tr>
         <tr>
           <td>E-Mail-Adresse</td>
diff --git a/src/mixins.ts b/src/mixins.ts
deleted file mode 100644
index 56575a2..0000000
--- a/src/mixins.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-import Component from "vue-class-component";
-import Vue from "vue";
-
-@Component
-export class NotifyMixin extends Vue {
-  showError(): void {
-    this.$buefy.toast.open({
-      message: "Es ist leider ein Fehler aufgetreten.",
-      type: "is-danger",
-    });
-  }
-
-  showSuccess(message: string): void {
-    this.$buefy.toast.open({
-      message,
-      type: "is-success",
-    });
-  }
-}
diff --git a/src/views/MainPage.vue b/src/views/MainPage.vue
index 7bd39ea..311ded9 100644
--- a/src/views/MainPage.vue
+++ b/src/views/MainPage.vue
@@ -15,34 +15,24 @@
 </template>
 
 <script lang="ts">
-import { Component } from "vue-property-decorator";
+import { Component, Vue } from "vue-property-decorator";
 import LoginForm from "@/components/LoginForm.vue";
-import { mixins } from "vue-class-component";
 import { User } from "@/api";
 import UserTable from "@/components/UserTable.vue";
-import { NotifyMixin } from "@/mixins";
 
 @Component({ components: { UserTable, LoginForm } })
-export default class Home extends mixins(NotifyMixin) {
+export default class Home extends Vue {
   private user = new User();
 
   public async created(): Promise<void> {
     if (this.$route.name === "confirm") {
-      await this.doConfirm();
-    } else if (!this.user.isAuthenticated) {
-      this.$router.push({ name: "login" });
-    }
-  }
-
-  private async doConfirm() {
-    try {
       await User.confirm(this.$route.params.uid, this.$route.params.token);
       this.$router.push({ name: "login" });
-      this.showSuccess(
-        "Deine E-Mail-Adresse wurde bestätigt. Du kannst dich nun anmelden."
-      );
-    } catch {
-      this.showError();
+      this.$buefy.toast.open({
+        message:
+          "Deine E-Mail-Adresse wurde bestätigt. Du kannst dich nun anmelden.",
+        type: "is-success",
+      });
     }
   }
 }
diff --git a/userausfall/migrations/0004_user_confidant.py b/userausfall/migrations/0004_user_confidant.py
deleted file mode 100644
index a933528..0000000
--- a/userausfall/migrations/0004_user_confidant.py
+++ /dev/null
@@ -1,20 +0,0 @@
-# Generated by Django 2.2.20 on 2021-05-18 08:09
-
-from django.conf import settings
-from django.db import migrations, models
-import django.db.models.deletion
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('userausfall', '0003_auto_20210414_0827'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='user',
-            name='confidant',
-            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to=settings.AUTH_USER_MODEL),
-        ),
-    ]
diff --git a/userausfall/models.py b/userausfall/models.py
index 55efac2..62c38bf 100644
--- a/userausfall/models.py
+++ b/userausfall/models.py
@@ -68,7 +68,6 @@ class User(AbstractBaseUser, PermissionsMixin):
         ),
     )
     date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
-    confidant = models.ForeignKey("User", on_delete=models.SET_NULL, null=True)
 
     objects = UserManager()
 
@@ -84,9 +83,6 @@ class User(AbstractBaseUser, PermissionsMixin):
         super().clean()
         self.email = self.__class__.objects.normalize_email(self.email)
 
-    def get_confidant_email(self):
-        return ""
-
     def get_full_name(self):
         """
         Return the first_name plus the last_name, with a space in between.
diff --git a/userausfall/rest_api/serializers.py b/userausfall/rest_api/serializers.py
index 97ced7b..b35dc1a 100644
--- a/userausfall/rest_api/serializers.py
+++ b/userausfall/rest_api/serializers.py
@@ -1,19 +1,15 @@
+from djoser.serializers import UserSerializer as BaseUserSerializer
 from rest_framework import serializers
 
-from userausfall.models import AccountRequest, User
+from userausfall.models import AccountRequest
 
 
-class UserSerializer(serializers.ModelSerializer):
-    confidant_email = serializers.EmailField(source="get_confidant_email")
-
+class AccountRequestSerializer(serializers.HyperlinkedModelSerializer):
     class Meta:
-        model = User
-        fields = ("email", "username", "confidant_email")
+        model = AccountRequest
+        fields = ('url', 'email', 'confidant_email', 'username', 'is_verified', 'is_trustable')
 
-    def get_confidant_email(self):
-        return ""
 
-    def update(self, instance, validated_data):
-        print(validated_data)
-        confidant = validated_data.pop("get_confidant_email")
-        return super().update(instance, validated_data)
+class UserSerializer(BaseUserSerializer):
+    class Meta(BaseUserSerializer.Meta):
+        fields = ('email', 'username')
diff --git a/userausfall/rest_api/urls.py b/userausfall/rest_api/urls.py
index 3094cd0..4c9629f 100644
--- a/userausfall/rest_api/urls.py
+++ b/userausfall/rest_api/urls.py
@@ -1,6 +1,6 @@
 from rest_framework import routers
 
-from userausfall.rest_api.views import UserViewSet
+from userausfall.rest_api.views import AccountRequestViewSet
 
 router = routers.DefaultRouter(trailing_slash=True)
-router.register(r'users', UserViewSet, basename="user")
+router.register(r'account_requests', AccountRequestViewSet)
diff --git a/userausfall/rest_api/views.py b/userausfall/rest_api/views.py
index c2ff3d6..7a269f7 100644
--- a/userausfall/rest_api/views.py
+++ b/userausfall/rest_api/views.py
@@ -1,19 +1,9 @@
 from rest_framework import viewsets
-from rest_framework.decorators import action
-from rest_framework.response import Response
 
-from userausfall.models import User
-from userausfall.rest_api.serializers import UserSerializer
+from userausfall.models import AccountRequest
+from userausfall.rest_api.serializers import AccountRequestSerializer
 
 
-class UserViewSet(viewsets.ModelViewSet):
-    class Meta:
-        queryset = User.objects.all()
-
-    @action(detail=False, methods=["PATCH"])
-    def me(self, request):
-        return Response(
-            UserSerializer(
-                instance=request.user, context={"request": request}
-            ).data
-        )
+class AccountRequestViewSet(viewsets.ModelViewSet):
+    serializer_class = AccountRequestSerializer
+    queryset = AccountRequest.objects.all()
diff --git a/userausfall/settings.py b/userausfall/settings.py
index 1815e91..c23b8bf 100644
--- a/userausfall/settings.py
+++ b/userausfall/settings.py
@@ -38,6 +38,8 @@ INSTALLED_APPS = [
     'django.contrib.staticfiles',
     'userausfall',
     'rest_framework',
+    'rest_framework.authtoken',
+    'djoser',
 ]
 
 MIDDLEWARE = [
@@ -135,6 +137,18 @@ MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
 MEDIA_URL = '/media/'
 
 
+# Djoser settings
+# https://djoser.readthedocs.io/en/2.1.0/settings.html
+
+DJOSER = {
+    "ACTIVATION_URL": "confirm/{uid}/{token}",
+    "SEND_ACTIVATION_EMAIL": True,
+    "SERIALIZERS": {
+        "current_user": "userausfall.rest_api.serializers.UserSerializer",
+    }
+}
+
+
 # Sending email
 # https://docs.djangoproject.com/en/3.2/topics/email/
 
@@ -146,6 +160,6 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
-        'rest_framework.authentication.SessionAuthentication',
+        'rest_framework.authentication.TokenAuthentication',
     ),
 }
diff --git a/userausfall/urls.py b/userausfall/urls.py
index 0175b96..b353d4b 100644
--- a/userausfall/urls.py
+++ b/userausfall/urls.py
@@ -6,5 +6,6 @@ from userausfall.rest_api import urls as rest_api_urls
 urlpatterns = [
     path('admin/', admin.site.urls),
     path('api/', include(rest_api_urls.router.urls)),
-    path("api-auth/", include("rest_framework.urls")),
+    path('api/', include('djoser.urls')),
+    path('api/', include('djoser.urls.authtoken')),
 ]