diff --git a/src/document/serializers.py b/src/document/serializers.py
new file mode 100644
index 0000000000000000000000000000000000000000..47e0e1cd73d13b5e0bc22bd79aba3535a9e8002e
--- /dev/null
+++ b/src/document/serializers.py
@@ -0,0 +1,13 @@
+from rest_framework import serializers
+
+from common.serializers import CurrentUserProfileDefault
+from . import models
+
+
+class DocumentSerializer(serializers.ModelSerializer):
+    uploaded_at = serializers.DateTimeField(read_only=True)
+    uploaded_by = serializers.HiddenField(default=CurrentUserProfileDefault())
+
+    class Meta:
+        model = models.Document
+        fields = ('uploaded_by', 'uploaded_at', 'name', 'description', 'file')
diff --git a/src/document/urls.py b/src/document/urls.py
new file mode 100644
index 0000000000000000000000000000000000000000..1a4dc2be88754f0005a61974d201f0025f3bcbf4
--- /dev/null
+++ b/src/document/urls.py
@@ -0,0 +1,7 @@
+from rest_framework import routers
+from . import views
+
+router = routers.DefaultRouter()
+router.register(r'documents', views.DocumentViewSet, base_name='documents')
+
+urlpatterns = router.urls
diff --git a/src/document/views.py b/src/document/views.py
index 91ea44a218fbd2f408430959283f0419c921093e..70e78a074604bb240aca2930d9325ac31f60d8bc 100644
--- a/src/document/views.py
+++ b/src/document/views.py
@@ -1,3 +1,11 @@
-from django.shortcuts import render
+from rest_framework import viewsets
 
-# Create your views here.
+from common import permissions
+from . import models
+from . import serializers
+
+
+class DocumentViewSet(viewsets.ModelViewSet):
+    queryset = models.Document.objects.all()
+    serializer_class = serializers.DocumentSerializer
+    permission_classes = (permissions.IsStaffOrReadOnly, )
diff --git a/src/kszkepzes/urls.py b/src/kszkepzes/urls.py
index 3b249d5dcce89907087234475c1d014328c81e3b..f5e414edc9604b99a6d4118130f32b1e4b25b724 100644
--- a/src/kszkepzes/urls.py
+++ b/src/kszkepzes/urls.py
@@ -11,6 +11,7 @@ urlpatterns = [
     url(r'^api/v1/', include('stats.urls')),
     url(r'^api/v1/', include('account.urls')),
     url(r'^api/v1/', include('news.urls')),
+    url(r'^api/v1/', include('document.urls')),
     url(r'^api/v1/logout/$', auth_views.LogoutView.as_view(), name='logout'),
 ]