diff --git a/src/Controller/PollController.php b/src/Controller/PollController.php
index c7665b2..b4b8df5 100644
--- a/src/Controller/PollController.php
+++ b/src/Controller/PollController.php
@@ -106,7 +106,7 @@ class PollController extends FramadateController {
 
 	/**
 	 * @Put(
-	 *     path = "/{id}",
+	 *     path = "/{id}/{token}",
 	 *     name = "update_poll",
 	 *     requirements = {"content"="\w+",  "poll_id"="\d+"}
 	 * )
@@ -114,8 +114,15 @@ class PollController extends FramadateController {
 	public
 	function updatePollConfig(
 		Poll $poll,
+		string $token,
 		Request $request
 	) {
+		if ( $poll->getAdminKey() !== $token ) {
+			return $this->json( [
+				'message' => 'you are NOT allowed to update the poll ' . $poll->getTitle(),
+			],
+				403 );
+		}
 
 		// TODO check validity of request
 		// update only if we have the admin key
@@ -347,13 +354,13 @@ class PollController extends FramadateController {
 	}
 
 	/**
-	 * Delete all expired polls and their children
+	 * Check is a slug is already taken by a poll
 	 * @Get(
 	 *     path = "/check-slug-is-unique/{slug}",
 	 *     name = "check_slug_is_unique",
 	 * )
 	 */
-	public function checkSlugIsUnique( $slug ) {
+	public function checkSlugIsUniqueAction( $slug ) {
 		$emPoll = $this->getDoctrine()->getRepository( Poll::class );
 		$found  = $emPoll->findOneBySlug( $slug );
 		if ( $found ) {
@@ -377,4 +384,56 @@ class PollController extends FramadateController {
 
 	}
 
+
+	/**
+	 * Delete all expired polls and their children
+	 * @Get(
+	 *     path = "/admin/{token}",
+	 *     name = "check_slug_is_unique",
+	 * )
+	 */
+	public function getAdministrationConfig( $token ) {
+		$emPoll    = $this->getDoctrine()->getRepository( Poll::class );
+		$pollFound = $emPoll->findOneByAdminKey( $token );
+		if ( $pollFound ) {
+
+			$poll     = $pollFound;
+			$comments = [];
+			$stacks   = [];
+			$choices  = [];
+			foreach ( $poll->getComments() as $c ) {
+				$comments[] = $c->display();
+			}
+			foreach ( $poll->getStacksOfVotes() as $c ) {
+				$stacks[] = $c->display();
+			}
+			foreach ( $poll->getChoices() as $c ) {
+				$choices[] = $c->display();
+			}
+			$returnedPoll = [
+				'message'        => 'your poll config',
+				'poll'           => $poll,
+				'stacks_count'   => count( $poll->getStacksOfVotes() ),
+				'stacks'         => $stacks,
+				'choices_count'  => $poll->computeAnswers(),
+				'choices'        => $choices,
+				'comments'       => $comments,
+				'comments_count' => count( $comments ),
+				'token'          => $token,
+			];
+
+			return $this->json( $returnedPoll,
+				200 );
+		}
+
+		return $this->json( [
+			'message' => 'You are not allowed to do anything with this token',
+			'data'    => [
+				'token' => $token,
+			],
+		],
+			403 );
+
+	}
+
 }