diff --git a/app/main.py b/app/main.py
index 80a2e1d..ffbef7d 100644
--- a/app/main.py
+++ b/app/main.py
@@ -5,10 +5,11 @@ from fastapi import Depends, FastAPI, HTTPException
 from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from jwt import PyJWTError
 from passlib.context import CryptContext
-from starlette.status import HTTP_401_UNAUTHORIZED
+from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_400_BAD_REQUEST, HTTP_404_NOT_FOUND
 
-from .models import Token, TokenData, TicketCollection, User, UserInDB, NewCollection, NewUser, TicketCollectionDB
+from .models import Token, TokenData, TicketCollection, User, UserInDB, NewCollection, NewUser, TicketCollectionDB, Ticket, TicketDB, NewTicket
 from typing import List
+from ormantic.exceptions import NoMatch
 
 # to get a string like this run:
 # openssl rand -hex 32
@@ -16,6 +17,15 @@ SECRET_KEY = "da06994dd99d0c3a01df358c9e9bcec40db567378c3bbd47e10661d5fd8d7359"
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 30
 
+
+def bad_request(reason: str = ""):
+    return HTTPException(HTTP_400_BAD_REQUEST, reason)
+
+
+def not_found(reason: str = ""):
+    return HTTPException(HTTP_404_NOT_FOUND, reason)
+
+
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token")
@@ -128,6 +138,26 @@ async def get_all_collections(current_user: User = Depends(get_current_active_us
     return await TicketCollectionDB.objects.filter(user=current_user).all()
 
 
+@app.get("/tickets/{id}", response_model=List[Ticket])
+async def get_tickets_for_collection(id: int, current_user: User = Depends(get_current_active_user)):
+    coll = await TicketCollectionDB.objects.get(user=current_user, id=id)
+
+    return await TicketDB.objects.filter(collection=coll).all()
+
+
+@app.post("/tickets/{id}", response_model=Ticket)
+async def add_ticket_to_collection(id: int, ticket: NewTicket, current_user: User = Depends(get_current_active_user)):
+    try:
+        coll = await TicketCollectionDB.objects.get(user=current_user, id=id)
+    except:
+        raise not_found("something went to shit")
+    if (coll.requires_student and ticket.owner.isdigit()) or not coll.requires_student:
+        return await TicketDB.objects.create(owner=ticket.owner, email=ticket.email, collection=coll, validated=True)
+    else:
+        raise bad_request(
+            "The owner is not a number, and requires_student is True!")
+
+
 @app.on_event("startup")
 async def start():
     try:
diff --git a/app/models.py b/app/models.py
index 3da9b45..18884b0 100644
--- a/app/models.py
+++ b/app/models.py
@@ -57,18 +57,22 @@ class Ticket(orm.Model):
     owner: orm.String(max_length=100)
     email: orm.String(max_length=100, allow_null=True) = None
     validated: orm.Boolean() = False
-    
 
 
 class TicketDB(Ticket):
     collection: orm.ForeignKey(TicketCollectionDB)
-    
+
     class Mapping:
         table_name = "Tickets"
         metadata = metadata
         database = database
 
 
+class NewTicket(BaseModel):
+    owner: str
+    email: EmailStr = None
+
+
 class NewCollection(BaseModel):
     name: str
     price: float