diff --git a/controllers/tokenController.js b/controllers/tokenController.js
index 54c2a1f..91cc292 100644
--- a/controllers/tokenController.js
+++ b/controllers/tokenController.js
@@ -24,4 +24,37 @@ tokenController.verify = function(req, res, next){
 	return res.json({ success: false, description: '(╯°□°）╯︵ ┻━┻' })
 }
 
+tokenController.list = function(req, res, next){
+	if(req.headers.auth !== config.adminToken)
+		return res.status(401).send('not-authorized')
+
+	return res.json({
+		clientToken: config.clientToken,
+		adminToken: config.adminToken
+	})
+}
+
+tokenController.change = function(req, res, next){
+	if(req.headers.auth !== config.adminToken)
+		return res.status(401).send('not-authorized')
+
+	let type = req.headers.type
+	let token = req.headers.token
+
+	if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
+	if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
+	if(type !== 'client' && type !== 'admin') return res.json({ success: false, description: 'Wrong type provided.' })
+
+	db.table('tokens').where('name', type).update({ value: token, timestamp: Math.floor(Date.now() / 1000) })
+	.then(() => {
+
+		if(type === 'client')
+			config.clientToken = token
+		else if(type === 'admin')
+			config.adminToken = token
+		
+		res.json({ success: true }) 
+	})
+}
+
 module.exports = tokenController
\ No newline at end of file
diff --git a/pages/panel.html b/pages/panel.html
index 3a4dbf5..641b372 100644
--- a/pages/panel.html
+++ b/pages/panel.html
@@ -25,7 +25,7 @@
                     </h2>
                 </div>
             </div>
-            
+
         </section>
 
         <section id='dashboard' class="section">
@@ -51,7 +51,7 @@
                             </ul>
                             <p class="menu-label">Administration</p>
                             <ul class="menu-list">
-                                <li><a>Change your tokens</a></li>
+                                <li><a id="itemTokens">Change your tokens</a></li>
                             </ul>
                         </aside>
                     </div>
diff --git a/public/js/panel.js b/public/js/panel.js
index 8857d9c..3f99ef0 100644
--- a/public/js/panel.js
+++ b/public/js/panel.js
@@ -43,7 +43,7 @@ panel.verifyToken = function(token, reloadOnError = false){
 
 		}
 	}
-	xhr.open('GET', '/api/token/verify', true);
+	xhr.open('GET', '/api/tokens/verify', true);
 	xhr.setRequestHeader('type', 'admin');
 	xhr.setRequestHeader('token', token);
 	xhr.send(null);
@@ -62,6 +62,10 @@ panel.prepareDashboard = function(){
 		panel.getAlbums();
 	});
 
+	document.getElementById('itemTokens').addEventListener('click', function(){
+		panel.changeTokens();
+	});
+
 	panel.getAlbumsSidebar();
 }
 
@@ -76,7 +80,7 @@ panel.getUploads = function(album = undefined){
 				return panel.verifyToken(panel.token);
 
 			var json = JSON.parse(xhr.responseText);
-			console.log(json);
+
 			if(json.success === false)
 				return swal("An error ocurred", json.description, "error");
 			
@@ -155,7 +159,7 @@ panel.getAlbums = function(){
 				return panel.verifyToken(panel.token);
 
 			var json = JSON.parse(xhr.responseText);
-			console.log(json);
+
 			if(json.success === false)
 				return swal("An error ocurred", json.description, "error");
 
@@ -261,6 +265,102 @@ panel.getAlbum = function(item){
 	panel.getUploads(item.id);
 }
 
+panel.changeTokens = function(){
+	panel.page.innerHTML = '';
+	var xhr = new XMLHttpRequest();
+
+	var container = document.createElement('div');
+	container.className = "container";
+	container.innerHTML = `
+		<h2 class="subtitle">Manage your tokens</h2>
+
+		<label class="label">Client token:</label>
+		<p class="control has-addons">
+		  	<input id="clientToken" class="input is-expanded" type="text" placeholder="Your client token">
+		  	<a id="submitClientToken" class="button is-primary">Save</a>
+		</p>
+
+		<label class="label">Admin token:</label>
+		<p class="control has-addons">
+		  	<input id="adminToken" class="input is-expanded" type="text" placeholder="Your admin token">
+		  	<a id="submitAdminToken" class="button is-primary">Save</a>
+		</p>
+	`;
+
+	xhr.onreadystatechange = function() {
+		if (xhr.readyState == XMLHttpRequest.DONE) {
+			
+			if(xhr.responseText === 'not-authorized')
+				return panel.verifyToken(panel.token);
+
+			var json = JSON.parse(xhr.responseText);
+
+			console.log(json);
+
+			if(json.success === false)
+				return swal("An error ocurred", json.description, "error");
+
+			panel.page.appendChild(container);
+
+			document.getElementById('clientToken').value = json.clientToken;
+			document.getElementById('adminToken').value = json.adminToken;
+
+			document.getElementById('submitClientToken').addEventListener('click', function(){
+				panel.submitToken('client', document.getElementById('clientToken').value);
+			});
+
+			document.getElementById('submitAdminToken').addEventListener('click', function(){
+				panel.submitToken('admin', document.getElementById('adminToken').value);
+			});
+		}
+	}
+
+	xhr.open('GET', '/api/tokens', true);
+	xhr.setRequestHeader('auth', panel.token);
+	xhr.send(null);
+}
+
+panel.submitToken = function(type, token){
+
+	var xhr = new XMLHttpRequest();
+	xhr.onreadystatechange = function() {
+		if (xhr.readyState == XMLHttpRequest.DONE) {
+			
+			if(xhr.responseText === 'not-authorized')
+				return panel.verifyToken(panel.token);
+
+			var json = JSON.parse(xhr.responseText);
+
+			console.log(json);
+
+			if(json.success === false)
+				return swal("An error ocurred", json.description, "error");
+
+			swal({
+				title: "Woohoo!", 
+				text: 'Your token was changed successfully.', 
+				type: "success"
+			}, function(){
+				
+				if(type === 'client')
+					localStorage.token = token;
+				else if(type === 'admin')
+					localStorage.admintoken = token
+
+				location.reload();
+					
+			})
+
+		}
+	}
+
+	xhr.open('POST', '/api/tokens/change', true);
+	xhr.setRequestHeader('auth', panel.token);
+	xhr.setRequestHeader('type', type);
+	xhr.setRequestHeader('token', token);
+	xhr.send(null);
+}
+
 window.onload = function () {
 	panel.preparePage();
 }
diff --git a/public/js/upload.js b/public/js/upload.js
index 0341ecc..2638ef8 100644
--- a/public/js/upload.js
+++ b/public/js/upload.js
@@ -58,7 +58,7 @@ upload.verifyToken = function(token, reloadOnError = false){
 
 		}
 	}
-	xhr.open('GET', '/api/token/verify', true);
+	xhr.open('GET', '/api/tokens/verify', true);
 	xhr.setRequestHeader('type', 'client');
 	xhr.setRequestHeader('token', token);
 	xhr.send(null);
diff --git a/routes/api.js b/routes/api.js
index 523af72..4a1e36f 100644
--- a/routes/api.js
+++ b/routes/api.js
@@ -16,6 +16,8 @@ routes.post ('/upload', (req, res, next) => uploadController.upload(req, res, ne
 routes.get  ('/albums', (req, res, next) => albumsController.list(req, res, next))
 routes.post ('/albums', (req, res, next) => albumsController.create(req, res, next))
 routes.get  ('/albums/test', (req, res, next) => albumsController.test(req, res, next))
-routes.get  ('/token/verify', (req, res, next) => tokenController.verify(req, res))
+routes.get  ('/tokens/verify', (req, res, next) => tokenController.verify(req, res))
+routes.get  ('/tokens', (req, res, next) => tokenController.list(req, res))
+routes.post ('/tokens/change', (req, res, next) => tokenController.change(req, res))
 
 module.exports = routes