diff --git a/app/Http/Controllers/MicropubController.php b/app/Http/Controllers/MicropubController.php
index 7c78111f..5c4503a7 100644
--- a/app/Http/Controllers/MicropubController.php
+++ b/app/Http/Controllers/MicropubController.php
@@ -3,11 +3,13 @@
 namespace App\Http\Controllers;
 
 use App\Place;
+use Ramsey\Uuid\Uuid;
 use Illuminate\Http\Request;
 use App\Services\NoteService;
 use Illuminate\Http\Response;
 use App\Services\PlaceService;
 use App\Services\TokenService;
+use Ramsey\Uuid\Exception\UnsatisfiedDependencyException;
 
 class MicropubController extends Controller
 {
@@ -238,9 +240,9 @@ class MicropubController extends Controller
         $httpAuth = $request->header('Authorization');
         if (preg_match('/Bearer (.+)/', $httpAuth, $match)) {
             $token = $match[1];
-            $valid = $this->tokenService->validateToken($token);
+            $tokenData = $this->tokenService->validateToken($token);
 
-            if ($valid === null) {
+            if ($tokenData === null) {
                 return response()->json([
                     'response' => 'error',
                     'error' => 'invalid_token',
@@ -249,10 +251,33 @@ class MicropubController extends Controller
             }
 
             //check post scope
+            if ($tokenData->hasClaim('scope')) {
+                $scopes = explode(' ', $tokenData->getClaim('scope'));
+                if (array_search('post', $scopes) !== false) {
+                    //check media valid
+                    if ($request->file('file')->isValid()) {
+                        //save media
+                        try {
+                            $filename = Uuid::uuid4() . $request->file->extension();
+                        } catch (UnsatisfiedDependencyException $e) {
+                            return response()->json([
+                                'response' => 'error',
+                                'error' => 'internal_server_error',
+                                'error_description' => 'A problem occured handling your request'
+                            ], 500)
+                        }
+                        try {
+                            $path = $request->file->storeAs('media', $filename, 's3');
+                        } catch(Excetion $e) { // which exception?
+                            return response()->json([
+                                'response' => 'error',
+                                'error' => 'service_unavailable',
+                                'error_description' => 'Unable to save media to S3'
+                            ], 503)
+                        }
 
-            //check media valid
-
-            //save media
+                        return $path;
+                    }
 
             //return URL for media
         }
diff --git a/app/Media.php b/app/Media.php
new file mode 100644
index 00000000..61f94160
--- /dev/null
+++ b/app/Media.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App;
+
+use Illuminate\Database\Eloquent\Model;
+
+class Media extends Model
+{
+    /**
+     * The table associated with the model.
+     *
+     * @var string
+     */
+    protected $table = 'media_endpoint';
+
+    /**
+     * Our primaru key is a UUID value, therefore not incrementing.
+     *
+     * @var boolean
+     */
+    protected $incrementing = false;
+
+    /**
+     * Get the note that owns this media.
+     */
+    public function note()
+    {
+        return $this->belongsTo('App\Note');
+    }
+}
diff --git a/app/Note.php b/app/Note.php
index 6ee5e2ff..6a51a896 100644
--- a/app/Note.php
+++ b/app/Note.php
@@ -53,6 +53,16 @@ class Note extends Model
         return $this->belongsTo('App\Place');
     }
 
+    /**
+     * Define the relationship with media.
+     *
+     * @return void
+     */
+    public function media()
+    {
+        return $this->hasMany('App\Media');
+    }
+
     /**
      * We shall set a blacklist of non-modifiable model attributes.
      *
diff --git a/composer.json b/composer.json
index 6b281798..0c57c02e 100644
--- a/composer.json
+++ b/composer.json
@@ -6,25 +6,26 @@
     "type": "project",
     "require": {
         "php": ">=7.1.0",
-        "laravel/framework": "5.4.*",
+        "ezyang/htmlpurifier": "~4.6",
+        "guzzlehttp/guzzle": "~6.0",
+        "indieauth/client": "~0.1",
+        "jonnybarnes/emoji-a11y": "^0.2",
         "jonnybarnes/indieweb": "dev-master",
         "jonnybarnes/webmentions-parser": "0.4.*",
-        "guzzlehttp/guzzle": "~6.0",
-        "predis/predis": "~1.0",
-        "thujohn/twitter": "~2.0",
-        "mf2/mf2": "~0.3",
-        "martinbean/laravel-sluggable-trait": "0.2.*",
-        "indieauth/client": "~0.1",
-        "ezyang/htmlpurifier": "~4.6",
+        "laravel/framework": "5.4.*",
+        "laravel/scout": "^3.0",
+        "laravel/tinker": "^1.0",
+        "lcobucci/jwt": "^3.1",
         "league/commonmark": "^0.15.0",
         "league/flysystem-aws-s3-v3": "^1.0",
+        "martinbean/laravel-sluggable-trait": "0.2.*",
+        "mf2/mf2": "~0.3",
         "phaza/laravel-postgis": "~3.1",
-        "lcobucci/jwt": "^3.1",
-        "sensiolabs/security-checker": "^4.0",
-        "laravel/scout": "^3.0",
         "pmatseykanets/laravel-scout-postgres": "^0.5.0",
-        "jonnybarnes/emoji-a11y": "^0.2",
-        "laravel/tinker": "^1.0"
+        "predis/predis": "~1.0",
+        "ramsey/uuid": "^3.5",
+        "sensiolabs/security-checker": "^4.0",
+        "thujohn/twitter": "~2.0"
     },
     "require-dev": {
         "barryvdh/laravel-debugbar": "~2.0",
diff --git a/composer.lock b/composer.lock
index 3b259129..95aa6499 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "601dc56ebae7a60465cb336957ea4e38",
+    "content-hash": "3a440750c3e5403668fd82dbe7c54de0",
     "packages": [
         {
             "name": "aws/aws-sdk-php",
diff --git a/database/migrations/2017_03_09_155908_create_media_endpoint_table.php b/database/migrations/2017_03_09_155908_create_media_endpoint_table.php
new file mode 100644
index 00000000..92789dc0
--- /dev/null
+++ b/database/migrations/2017_03_09_155908_create_media_endpoint_table.php
@@ -0,0 +1,40 @@
+<?php
+
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class CreateMediaEndpointTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('media_endpoint', function (Blueprint $table) {
+            $table->uuid('id');
+            $table->varchar('client_id')->nullable();
+            $table->varchar('filetype');
+            $table->unsignedInteger('note_id')->nullable();
+            $table->timestamps();
+
+            $table->primary('id');
+            $table->foreign('note_id')->references('id')->on('notes');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Scheme::table('media_endpoint', function (Blueprint $table) {
+            $table->dropForeign(['note_id']);
+        });
+        Schema::dropIfExists('media_endpoint');
+    }
+}