diff --git a/lib/api/api.dart b/lib/api/api.dart
index d44b78b..3fc9cbd 100644
--- a/lib/api/api.dart
+++ b/lib/api/api.dart
@@ -59,14 +59,14 @@ class API {
     final body = await bodyToJson(req);
 
     if (await checkRequiredFields(required, body)) {
-      // List<String> twofa = body[required[3]];
       try {
-        await AccountsToPostgres.createAccount(body[required[0]],
-            body[required[1]], body[required[2]] /*, twofa*/);
+        await AccountsToPostgres.createAccount(
+            body[required[0]], body[required[1]], body[required[2]]);
       } catch (e) {
         return Response(409,
             body: 'Account already existing'); // 409 (Conflict)
       }
+      print("✅ Account succesfully created");
       return Response(201,
           body: 'Account successfully created'); // 201 (Created)
     } else {
@@ -81,12 +81,20 @@ class API {
 
     if (await checkRequiredFields(required, body)) {
       try {
-        await AccountsToPostgres.deleteAccount(
-            body[required[0]], body[required[1]]);
-      } catch (e) {
+        if (await checkAuthentication(body[required[0]], body[required[1]])) {
+          await AccountsToPostgres.deleteAccount(body[required[0]]);
+        } else {
+          return Response(403,
+              body:
+                  'You haven\'t provided the good password or mail'); // 403 (Forbidden)
+        }
+      } catch (e, s) {
+        print("Exception $e");
+        print("Stacktrace $s");
         return Response(409,
             body: 'There was a problem with deletion'); // 409 (Conflict)
       }
+      print("✅ Account succesfully deleted");
       return Response(200, body: 'Account successfully deleted'); // 200 (OK)
     } else {
       return Response.badRequest(body: 'Bad request'); // 400 (Bad Request)
@@ -176,6 +184,44 @@ class API {
     return json.decode(tmp);
   }
 
+  static Future<bool> checkAuthentication(
+      String givedMail, String givedPassword) async {
+    try {
+      if (!await checkMail(givedMail)) return false;
+    } catch (e) {
+      // catch if there is nothing in result of checkMail
+      return false;
+    }
+    if (!await checkPassword(givedMail, givedPassword)) return false;
+    print("authentication successed !!!");
+    return true;
+  }
+
+  static Future<bool> checkPassword(
+      String givedMail, String givedPassword) async {
+    print("check hash...");
+    var hash = await AccountsToPostgres.selectHashByMail(givedMail);
+
+    if (hash == givedPassword) {
+      print("hash is good");
+      return true;
+    }
+    print("hash is bad");
+    return false;
+  }
+
+  static Future<bool> checkMail(String givedMail) async {
+    print("check mail...");
+    var mail = await AccountsToPostgres.selectMailByMail(givedMail);
+
+    if (mail == givedMail) {
+      print("mail is good");
+      return true;
+    }
+    print("mail is bad");
+    return false;
+  }
+
   //
   // ADMIN
   //
diff --git a/lib/database/accounts_to_postgres.dart b/lib/database/accounts_to_postgres.dart
index 8e2e7eb..79832b4 100644
--- a/lib/database/accounts_to_postgres.dart
+++ b/lib/database/accounts_to_postgres.dart
@@ -58,28 +58,17 @@ class AccountsToPostgres {
     print("🟦 Account Table Created");
   }
 
-  // TODO: Add support for twoFa if needed
   // Create user account
   static Future<void> createAccount(
-      String mail, String hash, String salt /*, List<String> twoFaStr*/) async {
-    await checkMailAlreadyExist(mail); // TODO: throw execption if != null
+      String mail, String hash, String salt) async {
     await connection.query(
         "INSERT INTO \"Account\" VALUES(nextval('plus1id'),@mail,@hash,@salt)",
-        substitutionValues: {
-          "mail": mail,
-          "hash": hash,
-          "salt": salt /*,
-          "twofa": twoFaStr*/
-        });
-    print("✅ Account succesfully created");
+        substitutionValues: {"mail": mail, "hash": hash, "salt": salt});
   }
 
-  static Future<void> deleteAccount(String mail, String hash) async {
-    await checkMailAlreadyExist(mail); // TODO: throw execption if != null
-    // TODO: check authentication
+  static Future<void> deleteAccount(String mail) async {
     await connection.query("DELETE FROM \"Account\" WHERE mail=@mail",
         substitutionValues: {"mail": mail});
-    print("✅ Account succesfully deleted");
   }
 
   // get user passord hash by mail
@@ -92,13 +81,12 @@ class AccountsToPostgres {
   }
 
   // check if mail is already used in database
-  static Future<void> checkMailAlreadyExist(String mail) async {
+  static Future<String> selectMailByMail(String mail) async {
     List<List<dynamic>> results = await connection.query(
-        "SELECT id FROM \"Account\" WHERE mail=@mail",
+        "SELECT mail FROM \"Account\" WHERE mail=@mail",
         substitutionValues: {"mail": mail});
-    print(results[0][0]);
 
-    return;
+    return results[0][0];
   }
 
   // Update user password