diff --git a/pkg/api/openapi.go b/pkg/api/openapi.go
new file mode 100755
index 0000000..43c7ccb
--- /dev/null
+++ b/pkg/api/openapi.go
@@ -0,0 +1,70 @@
+package api
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/gorilla/mux"
+	"github.com/luscis/openlan/pkg/cache"
+)
+
+type OpenAPI struct {
+}
+
+func (h OpenAPI) Router(router *mux.Router) {
+	router.HandleFunc("/openvpn-api/profile", h.Get).Methods("HEAD")
+	router.HandleFunc("/rest/{action}", h.Rest).Methods("GET")
+}
+
+func (h OpenAPI) Get(w http.ResponseWriter, r *http.Request) {
+	w.Write([]byte("TODO"))
+}
+
+func GetNetwork(name string) string {
+	values := strings.SplitN(name, "@", 2)
+	if len(values) < 2 {
+		return "default"
+	}
+	return values[1]
+}
+
+func (h OpenAPI) Error(w http.ResponseWriter, kind, message string) {
+	w.Header().Set("Content-Type", "text/xml")
+	context := fmt.Sprintf(`<?xml version="1.0" encoding="UTF-8"?>
+<Error>
+	<Type>%s</Type>
+	<Synopsis>REST method failed</Synopsis>
+	<Message>%s</Message>
+</Error>
+`, kind, message)
+	_, _ = w.Write([]byte(context))
+}
+
+func (h OpenAPI) Rest(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+
+	user, pass, ok := r.BasicAuth()
+	if !ok {
+		h.Error(w, "Authorization Required", "AUTH: not have auth")
+		return
+	}
+	if UserCheck(user, pass) != nil {
+		h.Error(w, "Authorization Required", "AUTH: wrong username or password")
+		return
+	}
+
+	name := GetNetwork(user)
+	server := strings.SplitN(r.Host, ":", 2)[0]
+
+	data, _ := cache.VPNClient.GetClientProfile(name, server)
+
+	action := vars["action"]
+	if action == "GetUserlogin" {
+		w.Header().Set("Content-Type", "text/plain")
+		_, _ = w.Write([]byte(data))
+	} else {
+		h.Error(w, "Internal Server Error", "ACTION: not support "+action)
+		return
+	}
+}
diff --git a/pkg/api/url.go b/pkg/api/url.go
index 9c964be..ac3e960 100755
--- a/pkg/api/url.go
+++ b/pkg/api/url.go
@@ -21,4 +21,5 @@ func Add(router *mux.Router, switcher Switcher) {
 	Config{Switcher: switcher}.Router(router)
 	Version{}.Router(router)
 	Log{}.Router(router)
+	OpenAPI{}.Router(router)
 }
diff --git a/pkg/switch/http.go b/pkg/switch/http.go
index d6de67e..133d591 100755
--- a/pkg/switch/http.go
+++ b/pkg/switch/http.go
@@ -22,6 +22,16 @@ import (
 	"github.com/luscis/openlan/pkg/schema"
 )
 
+func NotFound(w http.ResponseWriter, r *http.Request) {
+	libol.Info("NotFound %s %s", r.Method, r.URL.Path)
+	http.Error(w, "oops!!!", http.StatusNotFound)
+}
+
+func NotAllowed(w http.ResponseWriter, r *http.Request) {
+	libol.Info("NotAllowed %s %s", r.Method, r.URL.Path)
+	http.Error(w, "oops!!!", http.StatusMethodNotAllowed)
+}
+
 type Http struct {
 	switcher   api.Switcher
 	listen     string
@@ -89,6 +99,8 @@ func (h *Http) Middleware(next http.Handler) http.Handler {
 func (h *Http) Router() *mux.Router {
 	if h.router == nil {
 		h.router = mux.NewRouter()
+		h.router.NotFoundHandler = http.HandlerFunc(NotFound)
+		h.router.MethodNotAllowedHandler = http.HandlerFunc(NotAllowed)
 		h.router.Use(h.Middleware)
 	}
 
@@ -197,6 +209,9 @@ func (h *Http) IsAuth(w http.ResponseWriter, r *http.Request) bool {
 			}
 		}
 	}
+	if elements[1] == "openvpn-api" || elements[1] == "rest" {
+		return true
+	}
 
 	return false
 }