diff --git a/app/api/routes/routes.py b/app/api/routes/routes.py
index c23fc80..bf7e46e 100644
--- a/app/api/routes/routes.py
+++ b/app/api/routes/routes.py
@@ -27,6 +27,7 @@ from flask_jwt_extended import (
     get_jwt_identity,
     create_refresh_token,
 )
+from werkzeug.utils import secure_filename
 
 import requests
 
@@ -107,6 +108,34 @@ def merms_register_complete():
     response = RegisterService.process_complete(data)
     return response
 
+UPLOAD_FOLDER = '/uploads'
+ALLOWED_EXTENSIONS = {'txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif'}
+
+def allowed_file(filename):
+    return '.' in filename and \
+           filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
+
+@api.route('/upload/webfiles', methods=['GET', 'POST'])
+def upload_file():
+    if request.method == 'POST':
+        logger.info('POST CALLED')
+        # check if the post request has the file part
+        if 'file' not in request.files:
+            logger.info('No file part')
+
+        file = request.files['file']
+        # If the user does not select a file, the browser submits an
+        # empty file without a filename.
+        if file.filename == '':
+            logger.info('No selected file')
+
+        if file and allowed_file(file.filename):
+            filename = secure_filename(file.filename)
+            file.save(os.path.join(UPLOAD_FOLDER, filename))
+    if request.method == 'GET':
+        logger.info('GET CALLED')
+
+
 
 @api.route("/panel/account", methods=["POST"])
 @jwt_required()