diff --git a/errors.py b/errors.py
new file mode 100644
index 0000000..0826a60
--- /dev/null
+++ b/errors.py
@@ -0,0 +1,3 @@
+_400 = {"error": "insufficient parameters"}
+_401 = {"error": "invalid token"}
+_404 = {"error": "The quest/side quest doesn't exist"}
diff --git a/server.py b/server.py
index b45b23c..6b9cd66 100644
--- a/server.py
+++ b/server.py
@@ -2,26 +2,47 @@
 
 import questable
 import sqlite3
+import errors
 from flask import Flask, jsonify, request
 
 app = Flask(__name__)
 db = sqlite3.connect("questable.db", check_same_thread=False)
 
 
-# /auth.
-def auth(db):
-    success = jsonify({"success": True})
-    failure = jsonify({"success": False})
+# Returns the player object if valid token
+def get_player(db):
     try:
         token = request.args['token']
     except (AttributeError):
-        return failure
+        return False
     except (KeyError):
-        return failure
-    if questable.get_player_from_token(db, token) is False:
-        return failure
+        return False
+    return questable.get_player_from_token(db, token)
+
+
+# /auth.
+def auth(db):
+    if get_player(db) is False:
+        return jsonify({"success": False})
     else:
-        return success
+        return jsonify({"success": True})
 
 
 app.add_url_rule('/auth', '/auth', lambda: auth(db), methods=['GET'])
+
+
+# /player
+def player(db):
+    player = get_player(db)
+    if player is False:
+        return jsonify(errors._401), 401
+    return jsonify({
+            "xp": player.get_points(),
+            "quests_completed": len(player.get_quests()),
+            "total_quests": len(player.get_quests(None)),
+            "side_quests_completed": len(player.get_side_quests()),
+            "total_side_quests": len(player.get_side_quests(None)),
+            })
+
+
+app.add_url_rule('/player', '/player', lambda: player(db), methods=['GET'])