diff --git a/pinry/urls.py b/pinry/urls.py
index 4d7c461..e7054ed 100644
--- a/pinry/urls.py
+++ b/pinry/urls.py
@@ -20,7 +20,7 @@ urlpatterns = [
     # old api and views
     url(r'^admin/', include(admin.site.urls)),
     url(r'', include('core.urls', namespace='core')),
-    url(r'', include('users.urls', namespace='users')),
+    url(r'^api/v2/profile/', include('users.urls', namespace='users')),
 ]
 
 
diff --git a/users/urls.py b/users/urls.py
index 2ea7024..6b7aa5b 100644
--- a/users/urls.py
+++ b/users/urls.py
@@ -1,12 +1,11 @@
 from django.conf.urls import url
-from django.contrib.auth.views import login
 
+from users.views import login_user
 from . import views
 
 urlpatterns = [
     url(r'^private/$', views.private, name='private'),
     url(r'^register/$', views.CreateUser.as_view(), name='register'),
-    url(r'^login/$', login,
-        {'template_name': 'users/login.html'}, name='login'),
+    url(r'^login/$', login_user, name='login'),
     url(r'^logout/$', views.logout_user, name='logout'),
 ]
diff --git a/users/views.py b/users/views.py
index bbfb9a2..f4d5a8a 100644
--- a/users/views.py
+++ b/users/views.py
@@ -1,14 +1,18 @@
+import json
+
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.models import Permission
 from django.core.urlresolvers import reverse
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponseBadRequest, HttpResponse
 from django.template.response import TemplateResponse
 from django.utils.functional import lazy
 from django.views.generic import CreateView
+from rest_framework.renderers import JSONRenderer
 
+from core.serializers import UserSerializer
 from .forms import UserCreationForm
 from users.models import User
 
@@ -39,6 +43,39 @@ class CreateUser(CreateView):
         return redirect
 
 
+def login_user(request):
+    try:
+        data = json.loads(request.body)
+    except json.JSONDecodeError:
+        return HttpResponseBadRequest()
+    if 'username' not in data:
+        return HttpResponseBadRequest(
+            json.dumps({"username": "this field is required"})
+        )
+    if 'password' not in data:
+        return HttpResponseBadRequest(
+            json.dumps({"password": "this field is required"})
+        )
+    user = authenticate(
+        request,
+        username=data['username'],
+        password=data['password']
+    )
+    if not user:
+        return HttpResponseBadRequest(
+            json.dumps({"password": "username and password doesn't match"})
+        )
+    login(request, user)
+    data = UserSerializer(
+        user,
+        context={'request': request},
+    ).data
+    return HttpResponse(
+        JSONRenderer().render(data),
+        content_type="application/json"
+    )
+
+
 @login_required
 def logout_user(request):
     logout(request)