diff --git a/api/src/auth/Login.go b/api/src/auth/Login.go
index d1964e8..b8d1bca 100644
--- a/api/src/auth/Login.go
+++ b/api/src/auth/Login.go
@@ -22,7 +22,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	}
 	// check user
 	var user models.User
-	if result := psql.PSQL_GORM_DB.Where("username = ?", creds.Email).First(&user); result.Error != nil || !checkPasswordHash(creds.Password, user.Password) {
+	if result := psql.PSQL_GORM_DB.Where("email = ?", creds.Email).First(&user); result.Error != nil || !checkPasswordHash(creds.Password, user.Password) {
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
diff --git a/api/src/auth/authMiddleware.go b/api/src/auth/authMiddleware.go
index a972dd8..b8c75fc 100644
--- a/api/src/auth/authMiddleware.go
+++ b/api/src/auth/authMiddleware.go
@@ -39,7 +39,6 @@ func AuthMiddleware(next http.Handler) http.Handler {
 			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
-
 		ctx := context.WithValue(r.Context(), "email", claims.Email)
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
diff --git a/api/src/initializers/Routing.go b/api/src/initializers/Routing.go
index 89b5eb2..86b664e 100644
--- a/api/src/initializers/Routing.go
+++ b/api/src/initializers/Routing.go
@@ -27,19 +27,26 @@ func InitChiRouting() {
 	r.Use(middleware.Heartbeat("/ping"))
 	r.Use(middleware.NoCache)
 	r.Use(middleware.Recoverer)
-
-	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte("welcome developer! Cool."))
+	r.NotFound(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(404)
+		w.Write([]byte("route does not exist"))
+	})
+	r.MethodNotAllowed(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(405)
+		w.Write([]byte("method is not valid"))
 	})
 
-	r.Post("/signin", auth.Register)
-	r.Get("/allusers", admin.GetAllUser)
+	// public Routes
+	r.Group(func(r chi.Router) {
+		r.Post("/signup", auth.Register) // register
+		r.Post("/signin", auth.Login)     // signin
+	})
 
-	r.Route("/auth", func(r chi.Router) {
-		r.Route("/admin", func(r chi.Router) {
-			r.Get("/allUsers", admin.GetAllUser)
-		})
-		r.Post("/login", auth.Login)
+	// Private Routes
+	// Require Authentication
+	r.Group(func(r chi.Router) {
+		r.Use(auth.AuthMiddleware)
+		r.Get("/allUsers", admin.GetAllUser) // all users get
 	})
 
 	// up server on os.Getenv("SERVER_PORT") port on gorutin