diff --git a/src/handlers/products.ts b/src/handlers/products.ts
index 0aef9f6..6dc6c8a 100644
--- a/src/handlers/products.ts
+++ b/src/handlers/products.ts
@@ -5,9 +5,9 @@ import { verifyAuthToken } from './utils'
 const productRoutes = (app: express.Application) => {
     app.get('/products', index)
     app.get('/products/:id', read)
-    app.post('/products/create', verifyAuthToken, create)
-    app.put('/products/:id', verifyAuthToken, update)
-    app.delete('/products/:id', verifyAuthToken, destroy)
+    app.post('/products', create)
+    app.put('/products/:id', update)
+    app.delete('/products/:id', destroy)
 }
 
 const store = new ProductStore()
@@ -41,7 +41,6 @@ const create = async (req: Request, res: Response) => {
             name: req.body.name,
             price: req.body.price,
         }
-    
         const newProduct = await store.create(productInfo)
         res.json(newProduct)
     } catch (err) {
@@ -53,11 +52,13 @@ const create = async (req: Request, res: Response) => {
 
 const update = async (req: Request, res: Response) => {
     try {
-        const product = await store.update(req.body)
-        res.json({
+        const productInfo: Product = {
+            id: parseInt(req.params.id),
             name: req.body.name,
-            price: req.body.price, 
-        })
+            price: req.body.price,
+        }
+        const updatedProduct = await store.update(productInfo)
+        res.json(updatedProduct)
     } catch (err) {
         res.status(400)
         res.json(err)
@@ -66,7 +67,7 @@ const update = async (req: Request, res: Response) => {
 
 const destroy = async (req: Request, res: Response) => {
     try {
-        const deleted = await store.delete(req.body.id)
+        const deleted = await store.delete(parseInt(req.params.id))
         res.json(deleted)
     } catch (err) {
         res.status(400)
diff --git a/src/handlers/users.ts b/src/handlers/users.ts
index fd2aa1b..53e3d01 100644
--- a/src/handlers/users.ts
+++ b/src/handlers/users.ts
@@ -6,7 +6,7 @@ import { verifyAuthToken, verifyUserToken} from './utils'
 const userRoutes = (app: express.Application) => {
     app.get('/users', index)
     app.get('/users/:id', read)
-    app.post('/users/create', create)
+    app.post('/users', create)
     app.put('/users/:id', verifyAuthToken, update)
     app.delete('/users/:id', verifyAuthToken, destroy)
     app.post("/users/auth", authenticate)
@@ -61,13 +61,15 @@ const create = async (req: Request, res: Response) => {
 
 const update = async (req: Request, res: Response) => {
     try {
-        const user = await store.update(req.body)
-        res.json({
+        const userInfo: User = {
+            id: parseInt(req.params.id),
             firstname: req.body.firstname,
             lastname: req.body.lastname,
             username: req.body.username,
             password: req.body.password
-        })
+        }
+        const updatedUser = await store.update(userInfo)
+        res.json(updatedUser)
     } catch (err) {
         res.status(400)
         res.json(err)
@@ -104,7 +106,7 @@ const authenticate = async (req: Request, res: Response) => {
             res.status(401)
             res.send("Password is incorrect")
         }
-
+        console.log(userInfo)
         res.json(verifyUserToken(authUser))
     } catch(err) {
         res.status(401)
diff --git a/src/handlers/utils.ts b/src/handlers/utils.ts
index 6d0aca5..8af9ffc 100644
--- a/src/handlers/utils.ts
+++ b/src/handlers/utils.ts
@@ -7,13 +7,16 @@ const SECRET = process.env.TOKEN_SECRET as Secret
 export const verifyAuthToken = (req: Request, res: Response, next: NextFunction) => {
     if (!req.headers.authorization) {
         res.status(401)
-        res.json("Access denied, invalid token")
+        res.json("Missing authorization header")
 
         return false
     }
 
     try {
-        const token = req.headers.authorization.split(" ")[1]
+        console.log("req.headers.authorization", req.headers.authorization)
+        console.log(typeof(req.headers.authorization))
+        const token = req.headers.authorization.split(' ')[1]
+        console.log("token", token)
         jwt.verify(token, SECRET)
         next()
     } catch (err) {
diff --git a/src/models/user.ts b/src/models/user.ts
index 00fafdf..5a0e5a9 100644
--- a/src/models/user.ts
+++ b/src/models/user.ts
@@ -76,8 +76,12 @@ export class UserStore {
 
             const conn = await client.connect()
             const sql = 'UPDATE users SET firstname=$1, lastName=$2, username=$3, password_digest=$4 WHERE id=$5 RETURNING *'
+            const hash = bcrypt.hashSync(
+                u.password + pepper,
+                parseInt(saltRounds as string, 10)
+            )
 
-            const result = await conn.query(sql, [u.firstname, u.lastname, u.username, u.password, u.id])
+            const result = await conn.query(sql, [u.firstname, u.lastname, u.username, hash, u.id])
             const user = result.rows[0]
 
             conn.release()