diff --git a/bl-kernel/admin/themes/booty/html/media.php b/bl-kernel/admin/themes/booty/html/media.php
index ed523f77..13ba1c5b 100644
--- a/bl-kernel/admin/themes/booty/html/media.php
+++ b/bl-kernel/admin/themes/booty/html/media.php
@@ -111,7 +111,7 @@ function getFiles(pageNumber) {
 	$.post("<?php echo HTML_PATH_ADMIN_ROOT ?>ajax/list-files",
 		{ 	tokenCSRF: tokenCSRF,
 			pageNumber: pageNumber,
-			path: "<?php echo PATH_UPLOADS_THUMBNAILS ?>"
+			path: "thumbnails" // the path are defined in the list-files
 		},
 		function(data) {
 			displayFiles(data.files);
diff --git a/bl-kernel/ajax/list-files.php b/bl-kernel/ajax/list-files.php
index 7aa93596..bc5ef1b3 100644
--- a/bl-kernel/ajax/list-files.php
+++ b/bl-kernel/ajax/list-files.php
@@ -10,8 +10,9 @@ $pageNumber = $pageNumber - 1;
 // (string) $_POST['path']
 $path = isset($_POST['path']) ? $_POST['path'] : false;
 // ----------------------------------------------------------------------------
-
-if ($path==false) {
+if ($path=='thumbnails') {
+	$path = PATH_UPLOADS_THUMBNAILS;
+} else {
 	exit (json_encode(array(
 		'status'=>1,
 		'files'=>'Invalid path.'
diff --git a/bl-kernel/pages.class.php b/bl-kernel/pages.class.php
index 3112a35f..63531028 100644
--- a/bl-kernel/pages.class.php
+++ b/bl-kernel/pages.class.php
@@ -58,9 +58,11 @@ class Pages extends dbJSON {
 		// Check values on args and set default values if not exists
 		foreach ($this->dbFields as $field=>$value) {
 			if ($field=='tags') {
-				if (!empty($args['tags'])) {
-					$finalValue = $this->generateTags($args['tags']);
+				$tags = '';
+				if (isset($args['tags'])) {
+					$tags = $args['tags'];
 				}
+				$finalValue = $this->generateTags($tags);
 			} elseif (isset($args[$field])) {
 				// Sanitize if will be stored on database
 				$finalValue = Sanitize::html($args[$field]);
@@ -150,7 +152,11 @@ class Pages extends dbJSON {
 		// Check values on args or set default values
 		foreach ($this->dbFields as $field=>$value) {
 			if ($field=='tags') {
-				$finalValue = $this->generateTags($args['tags']);
+				$tags = '';
+				if (isset($args['tags'])) {
+					$tags = $args['tags'];
+				}
+				$finalValue = $this->generateTags($tags);
 			} elseif (isset($args[$field])) {
 				// Sanitize if will be stored on database
 				$finalValue = Sanitize::html($args[$field]);
diff --git a/bl-plugins/api/plugin.php b/bl-plugins/api/plugin.php
index eea151a4..8cdf4401 100644
--- a/bl-plugins/api/plugin.php
+++ b/bl-plugins/api/plugin.php
@@ -98,20 +98,22 @@ class pluginAPI extends Plugin {
 		// AUTHENTICATION TOKEN
 		// ------------------------------------------------------------
 		$writePermissions = false;
-		if ( !empty($inputs['authentication']) ) {
+		if (!empty($inputs['authentication'])) {
 
 			// Get the user with the authentication token, FALSE if doesn't exit
 			$username = $users->getByAuthToken($inputs['authentication']);
 			if ($username!==false) {
-
-				// Get the object user to check the role
-				$user = $users->getUser($username);
-				if (($user->role()=='admin') && ($user->enabled())) {
-					// Loggin the user to create the session
-					$login = new Login();
-					$login->setLogin($username, 'admin');
-					// Enable write permissions
-					$writePermissions = true;
+				try {
+					$user = new User($username);
+					if (($user->role()=='admin') && ($user->enabled())) {
+						// Loggin the user to create the session
+						$login = new Login();
+						$login->setLogin($username, 'admin');
+						// Enable write permissions
+						$writePermissions = true;
+					}
+				} catch (Exception $e) {
+					// Continue without permissions
 				}
 			}
 		}
@@ -249,7 +251,7 @@ class pluginAPI extends Plugin {
 
 		$tmp = array(
 			'status'=>'0',
-			'message'=>'List of pages, amount of items: '.$numberOfItems,
+			'message'=>'List of pages, number of items: '.$numberOfItems,
 			'data'=>array()
 		);
 
@@ -293,7 +295,6 @@ class pluginAPI extends Plugin {
 
 		// This function is defined on functions.php
 		$key = createPage($args);
-
 		if ($key===false) {
 			return array(
 				'status'=>'1',
@@ -312,7 +313,7 @@ class pluginAPI extends Plugin {
 	{
 		// Unsanitize content because all values are sanitized
 		if (isset($args['content'])) {
-			$args['content'] = Text::htmlDecode($args['content']);
+			$args['content'] = Sanitize::htmlDecode($args['content']);
 		}
 
 		$args['key'] = $key;
diff --git a/things-to-do b/things-to-do
index 98e85ad5..22aa365f 100644
--- a/things-to-do
+++ b/things-to-do
@@ -37,7 +37,18 @@ Things to do:
 
 ----
 
-curl -vvv \
-    -X GET \
+curl -X GET \
     -G "http://localhost:8000/api/pages" \
-    -d "token=80a09ba055b73f68e3c9e7c9ea12b432"
\ No newline at end of file
+    -d "token=58b1419d05ffb9dcfb299e515985c33a"
+
+{
+    "token": "58b1419d05ffb9dcfb299e515985c33a",
+    "authentication": "0adaa7af50d40b459cd5c4376aab0d67",
+    "title": "My dog",
+    "content": "Content of the page here, support Markdown code and HTML code."
+}
+
+curl -X PUT \
+	-H "Content-Type: application/json" \
+    	-d @data.json \
+   	"http://localhost:8000/api/pages"
\ No newline at end of file