diff --git a/lib/Alternc/Api/Request.php b/lib/Alternc/Api/Request.php
index 66783d7d..5ee1e7c5 100644
--- a/lib/Alternc/Api/Request.php
+++ b/lib/Alternc/Api/Request.php
@@ -9,9 +9,15 @@ class Alternc_Api_Request {
 
     /**
      *
-     * @var Alternc_Api_Token
+     * @var Alternc_Api_Token object
      */
     public $token;
+
+    /**
+     *
+     * @var string a token hash (to be authenticated)
+     */
+    public $token_hash;
     
     /**
      * must link to a Alternc_Api_Object_Interface
@@ -44,36 +50,49 @@ class Alternc_Api_Request {
     
     function __construct($options) {
         
-       
+      
         // Attempts to retrieve object
-        if (isset($options["object"]) && !is_null($options["object"])) {
+        if (isset($options["object"]) && is_string($options["object"])) {
             $this->object = $options["object"];
         } else {
             throw new \Exception("Missing parameter object", self::ERR_MISSING_PARAMETER);
         }
         
-        // Attempts to retrieve token
-        if (isset($options["token"]) && is_a( $options["token"], Alternc_Api_Token)) {
-            $this->token = $options["token"];
-        } else {
-            throw new \Exception("Missing parameter token", self::ERR_MISSING_PARAMETER);
-        }
-
         // Attempts to retrieve action
-        if (isset($options["action"]) && $var ) {
+        if (isset($options["action"]) && is_string($options["action"])) {
             $this->action = $options["action"];
         } else {
             throw new \Exception("Missing parameter action", self::ERR_MISSING_PARAMETER);
         }
         
         // Attempts to retrieve options
-        if (isset($options["options"]) && is_array($options)) {
+        if (isset($options["options"])) {
+	  if (is_array($options)) {
             $this->options = $options["options"];
-        } else {
+	  } else {
             throw new \Exception("Missing parameter options", self::ERR_MISSING_PARAMETER);
-        }
+	  }
+	} else {
+	  $this->options=array();
+	}
         
-        // Attempts to retrieve metadata
+        // Attempts to retrieve token
+        if (isset($options["token"])) {
+	  if (is_a( $options["token"], Alternc_Api_Token)) {
+            $this->token = $options["token"];
+	  } else {
+            throw new \Exception("Bad parameter token", self::ERR_MISSING_PARAMETER);
+	  }
+	} else {
+	  // Attempts to retrieve token_hash then
+	  if (isset($options["token_hash"]) && is_string( $options["token_hash"])) {
+	    $this->token_hash = $options["token_hash"];
+	  } else {
+            throw new \Exception("Missing parameter token OR token_hash", self::ERR_MISSING_PARAMETER);
+	  }
+	}
+
+        // Attempts to retrieve metadata (eg: API version)
         if (isset($options["metadata"])) {
             $this->metadata = $options["metadata"];
         } 
diff --git a/lib/Alternc/Api/Service.php b/lib/Alternc/Api/Service.php
index a7473aa5..4eb1f8e0 100644
--- a/lib/Alternc/Api/Service.php
+++ b/lib/Alternc/Api/Service.php
@@ -18,6 +18,9 @@ class Alternc_Api_Service {
   const ERR_INVALID_ANSWER = 111803;
   const ERR_SETUID_FORBIDDEN = 111804;
   const ERR_SETUID_USER_NOT_FOUND = 111805;
+  const ERR_OBJECT_NOT_FOUND = 111806;
+  const ERR_ACTION_NOT_FOUND = 111807;
+  const ERR_INVALID_TOKEN = 111808;
 
   /**
    * Constructor of the Api Service Wrapper
@@ -119,11 +122,33 @@ class Alternc_Api_Service {
   /** 
    * Manage an API Call
    * @param Alternc_Api_Request $request The API call
+   *   the request must have "object" and "action" elements, and a "token" to authenticate
+   *   "options" are sent as it is to the Api Call. 
    * @return Alternc_Api_Response an API response
    */
   function call($request) {
+    if (!$request instanceof Alternc_Api_Request) 
+      throw new \Exception("request must be an Alternc_Api_Request object", self::ERR_INVALID_ARGUMENT);
+
+
+    $token = Alternc_Api_Token::tokenGet($request->token_hash,$this->db);
+    if ($token instanceof Alternc_Api_Response)  // bad token
+      return $token;
+
+    $className = "Alternc_Api_Object_".ucfirst(strtolower($request->object));
+    if (!class_exists($className)) 
+      return new Alternc_Api_Response( array("code" => self::ERR_OBJECT_NOT_FOUND, "message" => "Object not found in this AlternC's instance") );
     
-    return new Alternc_Api_Response();
+    $object = new $className($this);
+
+    $action=$request->action;
+    if (!method_exists($object, $action)) 
+      return new Alternc_Api_Response( array("code" => self::ERR_ACTiON_NOT_FOUND, "message" => "Action not found for this object in this AlternC's instance") );
+
+    $request->token=$token; // we receive $request->token_hash as a STRING, but we transmit its object as an Alternc_Api_Token.
+
+    // TODO: log this Api Call
+    return $object->$action($request);
   }
 
 
diff --git a/lib/Alternc/Api/Token.php b/lib/Alternc/Api/Token.php
index 06c376c6..79f29220 100644
--- a/lib/Alternc/Api/Token.php
+++ b/lib/Alternc/Api/Token.php
@@ -10,6 +10,7 @@ class Alternc_Api_Token {
   const ERR_DATABASE_ERROR=112001;
   const ERR_INVALID_ARGUMENT=112002;
   const ERR_MISSING_ARGUMENT=112003;
+  const ERR_INVALID_TOKEN=112004;
   
     /**
      * AlternC User-Id
@@ -110,7 +111,7 @@ class Alternc_Api_Token {
 	throw new \Exception("No DB Object, can't create",self::ERR_DATABASE_ERROR);
       }
       if (!is_string($token) || !preg_match("#^[a-zA-Z0-9]{32}$#",$token)) {
-	throw new \Exception("Invalid argument (token)",self::ERR_INVALID_ARGUMENT);
+	return new Alternc_Api_Response( array("code" => self::ERR_INVALID_TOKEN, "message" => "Invalid token") );
       }
       
       foreach($db->query("SELECT * FROM token WHERE token=?", array($token)) as $tok) {