diff --git a/src/Controller/api/v1/PollController.php b/src/Controller/api/v1/PollController.php
index e1a0e3d..964efcd 100644
--- a/src/Controller/api/v1/PollController.php
+++ b/src/Controller/api/v1/PollController.php
@@ -148,7 +148,7 @@ class PollController extends EmailsController {
 			// wrong pass
 			return $this->json( [
 				'message' => 'this is protected by a password, your password hash "' . $md5 . '" is wrong, and you should feel bad',
-				'md5'     => md5( $md5 ),
+//				'md5'     => md5( $md5 ),
 				'data'    => null,
 			],
 				403 );
@@ -157,6 +157,35 @@ class PollController extends EmailsController {
 
 	}
 
+
+	/**
+	 * as an administrator of a poll, get a poll config by its custom URL, we do not want polls to be reachable by their numeric id
+	 * @Get(
+	 *     path = "admin/{admin_key}",
+	 *     name = "get_admin_poll",
+	 * )
+	 *
+	 * @param SerializerInterface $serializer
+	 * @param Request $request
+	 *
+	 * @return JsonResponse|Response
+	 */
+	function getAdminPoll( $admin_key, $md5, SerializerInterface $serializer ) {
+		$repository = $this->getDoctrine()->getRepository( Poll::class );
+		$poll       = $repository->findOneByAdminKey( $admin_key );
+
+		if ( ! $poll ) {
+			return $this->notFoundPoll( $admin_key );
+		}
+
+			// good matching pass
+			return $this->json( $poll->displayForAdmin() );
+
+
+
+	}
+
+
 	function returnPollData( $poll, $serializer ) {
 		$jsonResponse = $serializer->serialize( $poll, 'json' );