diff --git a/apps/api/urls.py b/apps/api/urls.py
new file mode 100644
index 00000000..39d795ea
--- /dev/null
+++ b/apps/api/urls.py
@@ -0,0 +1,29 @@
+# -*- mode: python; coding: utf-8 -*-
+# Copyright (C) 2018-2019 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.conf.urls import url, include
+from django.contrib.auth.models import User
+from rest_framework import routers, serializers, viewsets
+
+# Serializers define the API representation.
+class UserSerializer(serializers.HyperlinkedModelSerializer):
+    class Meta:
+        model = User
+        fields = ['url', 'username', 'email', 'is_staff']
+
+# ViewSets define the view behavior.
+class UserViewSet(viewsets.ModelViewSet):
+    queryset = User.objects.all()
+    serializer_class = UserSerializer
+
+# Routers provide an easy way of automatically determining the URL conf.
+router = routers.DefaultRouter()
+router.register(r'users', UserViewSet)
+
+# Wire up our API using automatic URL routing.
+# Additionally, we include login URLs for the browsable API.
+urlpatterns = [
+    url(r'^', include(router.urls)),
+    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework'))
+]
\ No newline at end of file
diff --git a/note_kfet/settings/base.py b/note_kfet/settings/base.py
index af1f474b..17283a95 100644
--- a/note_kfet/settings/base.py
+++ b/note_kfet/settings/base.py
@@ -50,6 +50,8 @@ INSTALLED_APPS = [
     'django.contrib.sites',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    # API
+    'rest_framework',
 
     # Note apps
     'activity',
@@ -117,6 +119,14 @@ AUTHENTICATION_BACKENDS = (
     'guardian.backends.ObjectPermissionBackend',
 )
 
+REST_FRAMEWORK = {
+    # Use Django's standard `django.contrib.auth` permissions,
+    # or allow read-only access for unauthenticated users.
+    'DEFAULT_PERMISSION_CLASSES': [
+        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
+    ]
+}
+
 ANONYMOUS_USER_NAME = None  # Disable guardian anonymous user
 
 GUARDIAN_GET_CONTENT_TYPE = 'polymorphic.contrib.guardian.get_polymorphic_base_content_type'
diff --git a/note_kfet/urls.py b/note_kfet/urls.py
index 88bb6bb9..9fd63eef 100644
--- a/note_kfet/urls.py
+++ b/note_kfet/urls.py
@@ -19,4 +19,7 @@ urlpatterns = [
     path('accounts/', include('django.contrib.auth.urls')),
     path('admin/doc/', include('django.contrib.admindocs.urls')),
     path('admin/', admin.site.urls),
+
+    # Include Django REST API
+    path('api/', include('api.urls')),
 ]
diff --git a/requirements.txt b/requirements.txt
index 39b32fdf..2f1aaf34 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -21,3 +21,4 @@ requests-oauthlib==1.2.0
 six==1.12.0
 sqlparse==0.3.0
 urllib3==1.25.3
+djangorestframework==3.11.0