diff --git a/api/v1/assets/create.php b/api/v1/assets/create.php
new file mode 100644
index 00000000..6969f176
--- /dev/null
+++ b/api/v1/assets/create.php
@@ -0,0 +1,55 @@
+<?php
+require('../validate_api_key.php');
+
+if($_SERVER['REQUEST_METHOD'] !== "POST"){
+  header("HTTP/1.1 405 Method Not Allowed");
+  $return_arr['success'] = "False";
+  $return_arr['message'] = "Can only send POST requests to this endpoint.";
+  echo json_encode($return_arr);
+  exit();
+}
+
+// Parse info
+$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
+$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
+$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
+$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
+$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
+$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
+$ip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
+$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
+$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
+if(empty($purchase_date)){
+  $purchase_date = "0000-00-00";
+}
+$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
+if(empty($warranty_expire)){
+  $warranty_expire = "0000-00-00";
+}
+$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['install_date'])));
+if(empty($install_date)){
+  $install_date = "0000-00-00";
+}
+$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
+$meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
+$location = intval($_POST['location']);
+$vendor = intval($_POST['vendor']);
+$contact = intval($_POST['contact']);
+$network = intval($_POST['network']);
+$client_id = intval(json_decode($_POST['client_id']));
+
+if(!empty($name)){
+  // Insert into Database
+  $insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
+  if($insert_sql){
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API', log_created_at = NOW(), company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API', log_created_at = NOW(), company_id = $company_id");
+  }
+}
+else{
+  $insert_sql = FALSE;
+}
+
+// Output
+include('../create_output.php');
\ No newline at end of file
diff --git a/api/v1/create_output.php b/api/v1/create_output.php
new file mode 100644
index 00000000..ac5c504b
--- /dev/null
+++ b/api/v1/create_output.php
@@ -0,0 +1,34 @@
+<?php
+/*
+ * API - create_output.php
+ * Included on calls to create.php endpoints
+ * Checks the status of the insert SQL query ($insert_sql)
+ * Returns success data / fail messages
+ */
+
+// Check if the insert query was successful
+if($insert_sql){
+  $insert_id = $mysqli->insert_id;
+  if(isset($insert_id) && is_numeric($insert_id)){
+    // Insert successful
+    $return_arr['success'] = "True";
+    $return_arr['count'] = '1';
+    $return_arr['data'][] = [
+      'insert_id' => $insert_id
+    ];
+  }
+  // We shouldn't get here
+  else{
+    $return_arr['success'] = "False";
+    $return_arr['message'] = "Auth success but insert failed, possibly database connection. Seek support if this error continues.";
+  }
+}
+
+// Query returned false, something went wrong or it was declined due to required variables missing
+else{
+  $return_arr['success'] = "False";
+  $return_arr['message'] = "Auth success but insert query failed, ensure required variables are provided and database schema is up-to-date.";
+}
+
+echo json_encode($return_arr);
+exit();
\ No newline at end of file
diff --git a/api/v1/read_output.php b/api/v1/read_output.php
index f2477180..0bb69ed6 100644
--- a/api/v1/read_output.php
+++ b/api/v1/read_output.php
@@ -1,21 +1,26 @@
 <?php
 
-// Output (to be included)
+/*
+ * API - read_output.php
+ * Included on calls to read.php endpoints
+ * Returns success & data messages
+ */
+
 if($sql && mysqli_num_rows($sql) > 0){
-    $return_arr['success'] = "True";
-    $return_arr['count'] = mysqli_num_rows($sql);
+  $return_arr['success'] = "True";
+  $return_arr['count'] = mysqli_num_rows($sql);
 
-    $row = array();
-    while($row = mysqli_fetch_array($sql)){
-        $return_arr['data'][] = $row;
-    }
+  $row = array();
+  while($row = mysqli_fetch_array($sql)){
+    $return_arr['data'][] = $row;
+  }
 
-    echo json_encode($return_arr);
-    exit();
+  echo json_encode($return_arr);
+  exit();
 }
 else{
-    $return_arr['success'] = "False";
-    $return_arr['message'] = "No resource for this company with the specified parameter(s).";
-    echo json_encode($return_arr);
-    exit();
+  $return_arr['success'] = "False";
+  $return_arr['message'] = "No resource (for this company) with the specified parameter(s).";
+  echo json_encode($return_arr);
+  exit();
 }
\ No newline at end of file
diff --git a/api/v1/tickets/read.php b/api/v1/tickets/read.php
index 3470b32d..7366dd99 100644
--- a/api/v1/tickets/read.php
+++ b/api/v1/tickets/read.php
@@ -2,22 +2,22 @@
 require('../validate_api_key.php');
 
 if($_SERVER['REQUEST_METHOD'] !== "GET"){
-    header("HTTP/1.1 405 Method Not Allowed");
-    $return_arr['success'] = "False";
-    $return_arr['message'] = "Can only send GET requests to this endpoint.";
-    echo json_encode($return_arr);
-    exit();
+  header("HTTP/1.1 405 Method Not Allowed");
+  $return_arr['success'] = "False";
+  $return_arr['message'] = "Can only send GET requests to this endpoint.";
+  echo json_encode($return_arr);
+  exit();
 }
 
 // Specific ticket via ID (single)
 if(isset($_GET['ticket_id'])){
-    $id = intval($_GET['ticket_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND company_id = '$company_id'");
+  $id = intval($_GET['ticket_id']);
+  $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND company_id = '$company_id'");
 }
 
 // All tickets
 else{
-    $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
 }
 
 // Output
diff --git a/api/v1/validate_api_key.php b/api/v1/validate_api_key.php
index 01695ae8..45c6e851 100644
--- a/api/v1/validate_api_key.php
+++ b/api/v1/validate_api_key.php
@@ -1,4 +1,11 @@
 <?php
+
+/*
+ * API - validate_api_key.php
+ * Called by API endpoint to validate API key is valid
+ * Allows execution to continue or exits returning errors to the user
+ */
+
 // Includes
 include( __DIR__ . '../../../functions.php');
 include(__DIR__ . "../../../config.php");
@@ -6,6 +13,9 @@ include(__DIR__ . "../../../config.php");
 // JSON header
 header('Content-Type: application/json');
 
+// POST data
+$_POST = json_decode(file_get_contents('php://input'), true);
+
 // Get user IP
 $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
 // Get user agent
@@ -31,72 +41,72 @@ $return_arr = array();
 
 // Decline methods other than GET/POST
 if($_SERVER['REQUEST_METHOD'] !== "GET" AND $_SERVER['REQUEST_METHOD'] !== "POST"){
-    header("HTTP/1.1 405 Method Not Allowed");
-    var_dump($_SERVER['REQUEST_METHOD']);
-    exit();
+  header("HTTP/1.1 405 Method Not Allowed");
+  var_dump($_SERVER['REQUEST_METHOD']);
+  exit();
 }
 
 // Check API key is provided
 if(!isset($_GET['api_key']) AND !isset($_POST['api_key'])){
-    header("HTTP/1.1 401 Unauthorized");
-    exit();
+  header("HTTP/1.1 401 Unauthorized");
+  exit();
 }
 
 // Set API key variable
 if(isset($_GET['api_key'])){
-    $api_key = $_GET['api_key'];
+  $api_key = $_GET['api_key'];
 }
 if(isset($_POST['api_key'])){
-    $api_key = $_POST['api_key'];
+  $api_key = $_POST['api_key'];
 }
 
 // Validate API key
 if(isset($api_key)){
-    $api_key = mysqli_real_escape_string($mysqli,$api_key);
+  $api_key = mysqli_real_escape_string($mysqli,$api_key);
 
-    $sql = mysqli_query($mysqli,"SELECT * FROM api_keys, companies WHERE api_keys.company_id = companies.company_id AND api_key_secret = '$api_key' AND api_key_expire > NOW()");
+  $sql = mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
 
-    // Failed
-    if(mysqli_num_rows($sql) != 1){
-        // Invalid Key
-        header("HTTP/1.1 401 Unauthorized");
-        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
+  // Failed
+  if(mysqli_num_rows($sql) !== 1){
+    // Invalid Key
+    header("HTTP/1.1 401 Unauthorized");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
 
-        $return_arr['success'] = "False";
-        $return_arr['message'] = "API Key authentication failure or expired.";
+    $return_arr['success'] = "False";
+    $return_arr['message'] = "API Key authentication failure or expired.";
 
-        header("HTTP/1.1 401 Unauthorized");
-        echo json_encode($return_arr);
-        exit();
+    header("HTTP/1.1 401 Unauthorized");
+    echo json_encode($return_arr);
+    exit();
+  }
+
+  // Success
+  else{
+
+    // Set company ID
+    $row = mysqli_fetch_array($sql);
+    $company_id = $row['company_id'];
+
+    // Set limit & offset for queries
+    if(isset($_GET['limit'])){
+      $limit = intval($_GET['limit']);
+    }
+    elseif(isset($_POST['limit'])){
+      $limit = intval($_POST['limit']);
     }
-
-    // Success
     else{
-
-        // Set company ID
-        $row = mysqli_fetch_array($sql);
-        $company_id = $row['company_id'];
-
-        // Set limit & offset for queries
-        if(isset($_GET['limit'])){
-            $limit = intval($_GET['limit']);
-        }
-        elseif(isset($_POST['limit'])){
-            $limit = intval($_POST['limit']);
-        }
-        else{
-            $limit = 50;
-        }
-
-        if(isset($_GET['offset'])){
-            $offset = intval($_GET['offset']);
-        }
-        elseif(isset($_POST['offset'])){
-            $offset = intval($_POST['offset']);
-        }
-        else{
-            $offset = 0;
-        }
-
+      $limit = 50;
     }
+
+    if(isset($_GET['offset'])){
+      $offset = intval($_GET['offset']);
+    }
+    elseif(isset($_POST['offset'])){
+      $offset = intval($_POST['offset']);
+    }
+    else{
+      $offset = 0;
+    }
+
+  }
 }
\ No newline at end of file