diff --git a/quovadis/quovadis.php b/quovadis/quovadis.php
index 39141acd144f030e7d98a52eebd9ada4d7a7e0ab..e69b0f14518a922b8a36e3abb29fc43d6ca6c7af 100644
--- a/quovadis/quovadis.php
+++ b/quovadis/quovadis.php
@@ -220,21 +220,35 @@ $leaf->post('/update-api-key', function () use($leaf) {
 // Will update API key
 // 
 // Will email to your UCC email address noting that the API key has been updated
+    $config=get_config();
+
     $username = $leaf->request->get('username');
     $api_key = $leaf->request->get('api_key');
     $new_api_key = $leaf->request->get('new_api_key');
     
     // Check username is valid
-    
+    if ( !check_username($username) ) {
+        $leaf->response->json(["message" => $username." not valid"],200);
+	return;
+    }
+
     // Check API key
+    if ( !check_api_key($config, $username, $api_key) ) {
+        $leaf->response->json(["message" => "API key for " .$username." not valid"],200);
+	return;
+    }
     
     
     // Encrypt API key
-    
     // Stick API key encrypted into the DNS
+    $u = update_desec_txt($config, $username, encrypt_api_key($new_api_key));
+    
+    
+    $leaf->response->json(["message" => $username." API key has been updated"],200);
     
     // Email user to let them know API key has updated
-
+    // Email API key
+    email_api_key($username, "(REDACTED, set by user)");
 });
 
 $leaf->post('/update-challenge', function () use($leaf) {