diff --git a/app/Http/Controllers/MicropubMediaController.php b/app/Http/Controllers/MicropubMediaController.php
index 4998bc17..c965167e 100644
--- a/app/Http/Controllers/MicropubMediaController.php
+++ b/app/Http/Controllers/MicropubMediaController.php
@@ -63,6 +63,30 @@ class MicropubMediaController extends Controller
 
             return response()->json(['url' => $media->url]);
         }
+
+        if (request()->input('q') === 'source') {
+            $limit = request()->input('limit', 10);
+            $offset = request()->input('offset', 0);
+
+            $media = Media::latest()->offset($offset)->limit($limit)->get();
+
+            $media->transform(function ($mediaItem) {
+                return [
+                    'url' => $mediaItem->url,
+                ];
+            });
+
+            return response()->json(['items' => $media]);
+        }
+
+        if (request()->has('q')) {
+            return response()->json([
+                'error' => 'invalid_request',
+                'error_description' => 'This server does not know how to handle this q parameter (' . request()->input('q') . ')',
+            ], 400);
+        }
+
+        return response()->json(['status' => 'OK']);
     }
 
     /**
diff --git a/tests/Feature/MicropubMediaTest.php b/tests/Feature/MicropubMediaTest.php
index 7fdcd30b..5b507d94 100644
--- a/tests/Feature/MicropubMediaTest.php
+++ b/tests/Feature/MicropubMediaTest.php
@@ -60,6 +60,79 @@ class MicropubMediaTest extends TestCase
         unlink(storage_path('app/') . $filename);
     }
 
+    /** @test */
+    public function clientCanSourceUploads()
+    {
+        Queue::fake();
+        Storage::fake('s3');
+        $file = __DIR__ . '/../aaron.png';
+
+        $response = $this->post(
+            '/api/media',
+            [
+                'file' => new UploadedFile($file, 'aaron.png', 'image/png', null, true),
+            ],
+            ['HTTP_Authorization' => 'Bearer ' . $this->getToken()]
+        );
+
+        $path = parse_url($response->getData()->location, PHP_URL_PATH);
+        $filename = substr($path, 7);
+
+        $sourceUploadResponse = $this->get(
+            '/api/media?q=source',
+            ['HTTP_Authorization' => 'Bearer ' . $this->getToken()]
+        );
+        $sourceUploadResponse->assertJson(['items' => [[
+            'url' => $response->getData()->location,
+        ]]]);
+
+        // now remove file
+        unlink(storage_path('app/') . $filename);
+    }
+
+    /** @test */
+    public function clientCanSourceUploadsWithLimit()
+    {
+        Queue::fake();
+        Storage::fake('s3');
+        $file = __DIR__ . '/../aaron.png';
+
+        $response = $this->post(
+            '/api/media',
+            [
+                'file' => new UploadedFile($file, 'aaron.png', 'image/png', null, true),
+            ],
+            ['HTTP_Authorization' => 'Bearer ' . $this->getToken()]
+        );
+
+        $path = parse_url($response->getData()->location, PHP_URL_PATH);
+        $filename = substr($path, 7);
+
+        $sourceUploadResponse = $this->get(
+            '/api/media?q=source&limit=1',
+            ['HTTP_Authorization' => 'Bearer ' . $this->getToken()]
+        );
+        $sourceUploadResponse->assertJson(['items' => [[
+            'url' => $response->getData()->location,
+        ]]]);
+        // And given our limit of 1 there should only be one result
+        $this->assertCount(1, json_decode($sourceUploadResponse->getContent(), true)['items']);
+
+        // now remove file
+        unlink(storage_path('app/') . $filename);
+    }
+
+    /** @test */
+    public function errorResponseForUnknownQValue()
+    {
+        $response = $this->get(
+            '/api/media?q=unknown',
+            ['HTTP_Authorization' => 'Bearer ' . $this->getToken()]
+        );
+        $response->assertStatus(400);
+        $response->assertJson(['error' => 'invalid_request']);
+    }
+
     /** @test */
     public function optionsRequestReturnsCorsResponse()
     {