diff --git a/authentication/__init__.py b/authentication/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/authentication/admin.py b/authentication/admin.py
new file mode 100644
index 0000000..8c38f3f
--- /dev/null
+++ b/authentication/admin.py
@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
diff --git a/authentication/apps.py b/authentication/apps.py
new file mode 100644
index 0000000..8bab8df
--- /dev/null
+++ b/authentication/apps.py
@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AuthenticationConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'authentication'
diff --git a/authentication/migrations/__init__.py b/authentication/migrations/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/authentication/models.py b/authentication/models.py
new file mode 100644
index 0000000..71a8362
--- /dev/null
+++ b/authentication/models.py
@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.
diff --git a/authentication/tests.py b/authentication/tests.py
new file mode 100644
index 0000000..7ce503c
--- /dev/null
+++ b/authentication/tests.py
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
diff --git a/authentication/urls.py b/authentication/urls.py
new file mode 100644
index 0000000..7a4c9b9
--- /dev/null
+++ b/authentication/urls.py
@@ -0,0 +1,9 @@
+from django.urls import path
+from authentication.views import login, logout
+
+app_name = 'authentication'
+
+urlpatterns = [
+    path('login/', login, name='login'),
+    path('logout/', logout, name='logout'),
+]
\ No newline at end of file
diff --git a/authentication/views.py b/authentication/views.py
new file mode 100644
index 0000000..a01cdec
--- /dev/null
+++ b/authentication/views.py
@@ -0,0 +1,49 @@
+from django.shortcuts import render
+from django.contrib.auth import authenticate, login as auth_login
+from django.http import JsonResponse
+from django.views.decorators.csrf import csrf_exempt
+from django.contrib.auth import logout as auth_logout
+
+@csrf_exempt
+def login(request):
+    username = request.POST['username']
+    password = request.POST['password']
+    user = authenticate(username=username, password=password)
+    if user is not None:
+        if user.is_active:
+            auth_login(request, user)
+            # Status login sukses.
+            return JsonResponse({
+                "username": user.username,
+                "status": True,
+                "message": "Login sukses!"
+            }, status=200)
+        else:
+            return JsonResponse({
+                "status": False,
+                "message": "Login gagal, akun dinonaktifkan."
+            }, status=401)
+
+    else:
+        return JsonResponse({
+            "status": False,
+            "message": "Login gagal, periksa kembali email atau kata sandi."
+        }, status=401)
+    
+
+@csrf_exempt
+def logout(request):
+    username = request.user.username
+
+    try:
+        auth_logout(request)
+        return JsonResponse({
+            "username": username,
+            "status": True,
+            "message": "Logout berhasil!"
+        }, status=200)
+    except:
+        return JsonResponse({
+        "status": False,
+        "message": "Logout gagal."
+        }, status=401)
\ No newline at end of file
diff --git a/main/templates/main.html b/main/templates/main.html
index 0cdf496..8e0b2ed 100644
--- a/main/templates/main.html
+++ b/main/templates/main.html
@@ -106,11 +106,11 @@ <h1 class="modal-title fs-5" id="exampleModalLabel">Add New Product</h1>
 <br />
 
 
-<a href="{% url 'main:create_product' %}">
+<!-- <a href="{% url 'main:create_product' %}">
     <button>
         Add New Product
     </button>
-</a>
+</a> -->
 
 <h5>Sesi terakhir login: {{ last_login }}</h5>
 
diff --git a/main/urls.py b/main/urls.py
index a328b0f..718eddb 100644
--- a/main/urls.py
+++ b/main/urls.py
@@ -1,5 +1,5 @@
 from django.urls import path
-from main.views import show_main, create_product, show_xml, show_json, show_xml_by_id, show_json_by_id, register, login_user, logout_user, edit_product, delete_product, \
+from main.views import create_product_flutter, show_main, create_product, show_xml, show_json, show_xml_by_id, show_json_by_id, register, login_user, logout_user, edit_product, delete_product, \
                         get_product_json, add_product_ajax
 
 app_name = 'main'
@@ -17,5 +17,6 @@
     path('json/<int:id>/', show_json_by_id, name='show_json_by_id'),
     path('', show_main, name='show_main'),
     path('get-product/', get_product_json, name='get_product_json'),
-    path('create-product-ajax/', add_product_ajax, name='add_product_ajax')
+    path('create-product-ajax/', add_product_ajax, name='add_product_ajax'),
+    path('create-flutter/', create_product_flutter, name='create_product_flutter'),
 ]
\ No newline at end of file
diff --git a/main/views.py b/main/views.py
index e844f31..f64c569 100644
--- a/main/views.py
+++ b/main/views.py
@@ -1,6 +1,7 @@
 import datetime
+import json
 from django.shortcuts import render
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseNotFound, HttpResponseRedirect, JsonResponse
 from main.forms import ProductForm
 from django.urls import reverse
 from main.models import Product
@@ -127,4 +128,23 @@ def add_product_ajax(request):
 
         return HttpResponse(b"CREATED", status=201)
 
-    return HttpResponseNotFound()
\ No newline at end of file
+    return HttpResponseNotFound()
+
+@csrf_exempt
+def create_product_flutter(request):
+    if request.method == 'POST':
+        
+        data = json.loads(request.body)
+
+        new_product = Product.objects.create(
+            user = request.user,
+            name = data["name"],
+            price = int(data["price"]),
+            description = data["description"]
+        )
+
+        new_product.save()
+
+        return JsonResponse({"status": "success"}, status=200)
+    else:
+        return JsonResponse({"status": "error"}, status=401)
\ No newline at end of file
diff --git a/shopping_list/__pycache__/settings.cpython-311.pyc b/shopping_list/__pycache__/settings.cpython-311.pyc
index 9f0de9d..caede6b 100644
Binary files a/shopping_list/__pycache__/settings.cpython-311.pyc and b/shopping_list/__pycache__/settings.cpython-311.pyc differ
diff --git a/shopping_list/__pycache__/urls.cpython-311.pyc b/shopping_list/__pycache__/urls.cpython-311.pyc
index 21bb483..a9217bf 100644
Binary files a/shopping_list/__pycache__/urls.cpython-311.pyc and b/shopping_list/__pycache__/urls.cpython-311.pyc differ
diff --git a/shopping_list/settings.py b/shopping_list/settings.py
index 6eed3df..9e03049 100644
--- a/shopping_list/settings.py
+++ b/shopping_list/settings.py
@@ -43,7 +43,9 @@
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
-    'main'
+    'main',
+    'authentication',
+    'corsheaders',
 ]
 
 MIDDLEWARE = [
@@ -54,6 +56,7 @@
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'corsheaders.middleware.CorsMiddleware'
 ]
 
 ROOT_URLCONF = 'shopping_list.urls'
@@ -137,3 +140,10 @@
 # https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
+
+CORS_ALLOW_ALL_ORIGINS = True
+CORS_ALLOW_CREDENTIALS = True
+CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SAMESITE = 'None'
+SESSION_COOKIE_SAMESITE = 'None'
\ No newline at end of file
diff --git a/shopping_list/urls.py b/shopping_list/urls.py
index 88f607e..f87aaac 100644
--- a/shopping_list/urls.py
+++ b/shopping_list/urls.py
@@ -19,5 +19,6 @@
 
 urlpatterns = [
     path('admin/', admin.site.urls),
-    path('', include('main.urls'))
+    path('', include('main.urls')),
+    path('auth/', include('authentication.urls')),
 ]