diff --git a/config/routes.php b/config/routes.php
index 453012d06..b0b906513 100644
--- a/config/routes.php
+++ b/config/routes.php
@@ -22,6 +22,8 @@ use Cake\Routing\RouteBuilder;
 use Cake\Routing\Router;
 use Cake\Routing\Route\DashedRoute;
 
+use Cake\Core\Configure;
+
 /**
  * The default class to use for all routes
  *
@@ -58,7 +60,18 @@ Router::scope('/', function (RouteBuilder $routes) {
         $whitelist = ['JsonRequestHandler', 'ElopageWebhook'];
         foreach($whitelist as $entry) {
           if($request->getParam('controller') === $entry) {
+            if($entry == 'ElopageWebhook') {
               return true;
+            }
+            if($request->clientIp() == '127.0.0.1' || $request->clientIp() == 'localhost') {
+              return true;
+            }
+            $allowedCaller = Configure::read('API.allowedCaller');
+              $callerIp = $request->clientIp();
+              foreach($allowedCaller as $allowed) {
+                $ip = gethostbyname($allowed);
+                if($ip === $callerIp) return true;
+              }
           }
         }
     });
diff --git a/src/Controller/JsonRequestHandlerController.php b/src/Controller/JsonRequestHandlerController.php
index acc4d0fa9..0b57c6089 100644
--- a/src/Controller/JsonRequestHandlerController.php
+++ b/src/Controller/JsonRequestHandlerController.php
@@ -57,6 +57,7 @@ class JsonRequestHandlerController extends AppController {
             case 'moveTransaction': return $this->moveTransaction($jsonData->pubkeys, $jsonData->memo, $jsonData->session_id);
             case 'checkUser': return $this->checkUser($jsonData->email, $jsonData->last_name);
             case 'getUsers' : return $this->getUsers($jsonData->page, $jsonData->limit);
+            case 'getUserBalance': return $this->getUserBalance($jsonData->email, $jsonData->last_name);
           }
           return $this->returnJson(['state' => 'error', 'msg' => 'unknown method for post', 'details' => $method]);
         }
@@ -163,6 +164,24 @@ class JsonRequestHandlerController extends AppController {
       return $this->returnJson(['state' => 'not identical', 'user' => $user->toArray()]);
     }
     
+    private function getUserBalance($email, $last_name) {
+      $stateUserTable = TableRegistry::getTableLocator()->get('StateUsers');
+      $stateUsers = $stateUserTable->find('all')->where(['OR' => ['email' => $email, 'last_name' => $last_name]])->contain(['StateBalances']);
+      $gdds  = [];
+      foreach($stateUsers as $stateUser) {
+        foreach($stateUser->StateBalances as $stateBalance) {
+          if(!isset($gdds[$stateBalance->email])) {
+            $gdds[$stateBalance->email];
+          }
+          if(!isset($gdds[$stateBalance->email][$stateBalance->last_name])) {
+            $gdds[$stateBalance->email][$stateBalance->last_name] = 0;
+          }
+          $gdds[$stateBalance->email][$stateBalance->last_name] += $stateBalance->amount;
+        }
+      }
+      return $this->returnJson(['state' => 'success', 'gdds' => $gdds, 'stateUsers' => $stateUsers]);
+    }
+    
     private function getUsers($page, $count) {
       
       $userTable = TableRegistry::getTableLocator()->get('Users');