diff --git a/server.py b/server.py
index 9469a28..e7c927c 100644
--- a/server.py
+++ b/server.py
@@ -31,9 +31,10 @@
 from jose import jwt  
 import boto3
 import botocore
-from msal import ConfidentialClientApplication
 import httpx
 import couchdb 
+import json
+import msal
 
 load_dotenv(".env")
 
@@ -66,6 +67,8 @@
 PRES_API_CLIENT_ID = os.getenv("PRES_API_CLIENT_ID")
 PRES_API_TENANT_ID = os.getenv("PRES_API_TENANT_ID")
 PRES_API_CLIENT_SECRET = os.getenv("PRES_API_CLIENT_SECRET")
+PRES_API_API_SCOPE = f'api://{PRES_API_CLIENT_ID}/.default'  # This is the scope for your API's application permissions
+PRES_API_AUTHORITY = f'https://login.microsoftonline.com/{PRES_API_TENANT_ID}'
 
 image_api_url = "https://image-tor.canadiana.ca"
 presentation_api_url = "https://crkn-iiif-presentation-api.azurewebsites.net"
@@ -97,7 +100,6 @@ def mint_noid(noid_type):
     noid_id = response_data["ids"][0]
     return noid_id
 
-
 def convert_image(source_file, output_path):
     original = Image.open(source_file)
     original.save(output_path, quality=80)
@@ -276,33 +278,70 @@ async def protected_endpoint(authorized: bool = Depends(verify_token)):
     return message
 
 @app.post("/savemanifest")
-async def create_files(file: UploadFile, authorized: bool = Depends(verify_token)):
-    if not authorized:
-        return {
-            "message" : "You are not authorized to make this request."
+async def create_files(request: Request): #, authorized: bool = Depends(verify_token)):
+    #if not authorized:
+    #    return {
+    #        "message" : "You are not authorized to make this request."
+    #    }
+    try:
+        data = await request.json()  # This will give you a Python dictionary
+        # Step 2: Write the map to a JSON file
+        json_filename = 'data.json'
+        with open(json_filename, 'w', encoding='utf-8') as json_file:
+            json.dump(data, json_file, ensure_ascii=False, indent=4)
+    except:
+        return { 
+            "success" : False,
+            "message" : "Invalid data sent"
         }
-    auth_url = f"https://login.microsoftonline.com/{PRES_API_TENANT_ID}"
-    app = ConfidentialClientApplication(
-        client_id=PRES_API_CLIENT_ID,
-        client_credential=PRES_API_CLIENT_SECRET,
-        authority=auth_url
-    )
-    scope_url = f"https://api.{PRES_API_HOST}/.default"
-    result = app.acquire_token_for_client(scopes=scope_url)
-    access_token = result.get("access_token")
-    url = f"https://{PRES_API_HOST}/admin/file"
-    headers = {
-        "Authorization": f"Bearer {access_token}",
-        "Content-Type": "application/json",
-    }
-    with httpx.Client() as client:
-        response = client.post(f"https://{PRES_API_HOST}/admin/file", files={'file': (file.filename, file.file)}, headers=headers)
-    return {
-        "status_code": response.status_code,
-        "response_body": response.json()
+    
+    with open(json_filename, 'rb') as file:
+        files = {'file': (json_filename, file, 'application/json')}
+        with httpx.Client() as client:
+            # Send POST request to Azure AD token endpoint
+            azure_response = client.post(
+                url=f'https://login.microsoftonline.com/{PRES_API_TENANT_ID}/oauth2/v2.0/token',
+                data={
+                    'grant_type': 'client_credentials',
+                    'client_id': PRES_API_CLIENT_ID,  # The client ID of your registered app
+                    'client_secret': PRES_API_CLIENT_SECRET,  # The secret you created for the app
+                    'scope': f'api://{PRES_API_CLIENT_ID}/.default',  # API permission scope (app-to-app)
+                }
+            )
+            # Check for successful response
+            if azure_response.status_code == 200:
+                # Extract access token from the response
+                token = azure_response.json().get('access_token')
+                print(token)
+                if token:
+                    print("Access token successfully acquired.")
+                    # Step 3: Use the access token to call the protected API
+                    url = f"https://{PRES_API_HOST}/admin/file"
+                    headers = {
+                        "Authorization": f"Bearer {token}",
+                        "Content-Type": "application/json",
+                    }
+                    response = client.put(url, files=files, headers=headers)
+                    return {
+                        "status_code": response.status_code,
+                        "response_body": response.json()
+                    }
+                else:
+                   return { 
+                        "success" : False,
+                        "message" : "No access token in the response."
+                    }
+            else:
+                # If the response status is not 200, print the error
+                return { 
+                    "success" : False,
+                    "message" : f"Error: {azure_response.status_code} - {azure_response.text}"
+                }
+    return { 
+        "success" : False,
+        "message" : f"Oops - this shouldn't happen. Your manifest was not saved."
     }
 
-
 @app.post("/uploadfiles/{prefix}/{noid}")
 async def create_files(
     prefix,