diff --git a/api.http b/api.http
index c122e9a..79fbf82 100644
--- a/api.http
+++ b/api.http
@@ -93,46 +93,6 @@ Authorization: {{auth-token}}
 DELETE  http://localhost:9001/api/vehicle/KA01HD6667
 Authorization: {{auth-token}}
 
-### get products
-GET  http://localhost:9001/api/vendor/product
-Authorization: {{auth-token}}
-
-### create excel for products
-POST  http://localhost:9001/api/vendor/product/product-excel
-Authorization: {{auth-token}}
-
-### get
-GET http://localhost:9001/api/vendor/product/product-import
-Authorization: Bearer {{auth-token}}
-
-### create product
-POST http://localhost:9001/api/vendor/product
-Content-Type: application/json
-Authorization: {{auth-token}}
-
-{
-    "name": "Shirt",
-    "description": "Black Shirt",
-    "hsnCode": "BSM1XL"
-
-}
-
-### update field
-PATCH http://localhost:9001/api/vendor/product/11
-Content-Type: application/json
-Authorization: {{auth-token}}
-
-
-### upate a row
-PUT http://localhost:9001/api/vendor/product/11
-Content-Type: application/json
-Authorization: {{auth-token}}
-
-
-### delete a row
-DELETE  http://localhost:9001/api/vendor/product/2
-Authorization: {{auth-token}}
-
 ### create vendor
 POST http://localhost:9001/api/vendor/
 Content-Type: application/json
@@ -359,6 +319,38 @@ Authorization: {{auth-token}}
   "quoteFilters": {}
 }
 
-###
-POST http://localhost:9001/api/vendor/product/excelDb
+### CREATE PRODUCT
+POST http://localhost:9001/api/vendor/product/create
+Content-Type: application/json
 Authorization: {{auth-token}}
+
+{
+  "name" : "aa",
+  "description": "aa",
+  "hsnCode" : "aa",
+  "uom": "NOS"
+}
+
+### GET ALL PRODUCTS
+GET http://localhost:9001/api/vendor/product/getAll
+Authorization: {{auth-token}}
+
+### GET PRODUCT BY KEY
+GET http://localhost:9001/api/vendor/product/of/6
+Authorization: {{auth-token}}
+
+### GET PRODUCT BY HSNCODE
+DELETE http://localhost:9001/api/vendor/product/3
+Authorization: {{auth-token}}
+
+### PRODUCT EXCEl
+GET http://localhost:9001/api/vendor/product/to/excel
+Authorization: {{auth-token}}
+
+### EXCEL VALIDATE
+GET http://localhost:9001/api/vendor/product/valid/excel
+Authorization: {{auth-token}}
+
+### EXCEL TO DB (IMPORT)
+POST http://localhost:9001/api/vendor/product/excelToDb
+Authorization: {{auth-token}}
\ No newline at end of file
diff --git a/src/main/kotlin/com/restapi/Main.kt b/src/main/kotlin/com/restapi/Main.kt
index 5576b34..f0261d8 100644
--- a/src/main/kotlin/com/restapi/Main.kt
+++ b/src/main/kotlin/com/restapi/Main.kt
@@ -19,6 +19,7 @@ import io.javalin.Javalin
 import io.javalin.apibuilder.ApiBuilder.*
 import io.javalin.http.ContentType
 import io.javalin.http.Context
+import io.javalin.http.HandlerType
 import io.javalin.http.UnauthorizedResponse
 import io.javalin.http.util.NaiveRateLimit
 import io.javalin.http.util.RateLimitUtil
@@ -32,7 +33,6 @@ import java.util.*
 import java.util.concurrent.TimeUnit
 import kotlin.jvm.optionals.getOrDefault
 
-
 fun main(args: Array<String>) {
     val logger = LoggerFactory.getLogger("api")
     val adminRole = Role.Standard(Action.ADMIN)
@@ -80,6 +80,8 @@ fun main(args: Array<String>) {
                     TimeUnit.MINUTES
                 )
 
+                if(ctx.method() == HandlerType.OPTIONS) return@before
+
                 val authToken = ctx.getAuthHeader() ?: throw UnauthorizedResponse()
 
 
@@ -142,15 +144,15 @@ fun main(args: Array<String>) {
                         delete("/{id}", QuotationCtrl::delete, Roles(Role.Explicit(listOf("ROLE_QUOTE_CREATE", "ROLE_ADMIN"))))
                     }
                     path("/product") {
-                        post("", ProductCtrl::create, Roles(Role.Explicit(listOf("ROLE_PRODUCT_CREATE", "ROLE_ADMIN"))))
-                        get("/{hsnCode}", ProductCtrl::get, Roles(Role.Explicit(listOf("ROLE_PRODUCT_VIEW", "ROLE_ADMIN"))))
+                        post("/create", ProductCtrl::create, Roles(Role.Explicit(listOf("ROLE_PRODUCT_CREATE", "ROLE_ADMIN"))))
+                        get("/getAll", ProductCtrl::getAll, Roles(Role.Explicit(listOf("ROLE_PRODUCT_VIEW", "ROLE_ADMIN"))))
+                        get("/of/{key}", ProductCtrl::get, Roles(Role.Explicit(listOf("ROLE_PRODUCT_VIEW", "ROLE_ADMIN"))))
                         put("/{id}", ProductCtrl::update, Roles(Role.Explicit(listOf("ROLE_PRODUCT_UPDATE", "ROLE_ADMIN"))))
                         patch("/{id}", ProductCtrl::patch, Roles(Role.Explicit(listOf("ROLE_PRODUCT_UPDATE", "ROLE_ADMIN"))))
                         delete("/{id}", ProductCtrl::delete, Roles(Role.Explicit(listOf("ROLE_PRODUCT_DELETE", "ROLE_ADMIN"))))
-                        get("", ProductCtrl::getAll, Roles(Role.Explicit(listOf("ROLE_PRODUCT_VIEW", "ROLE_ADMIN"))))
-                        post("/product-excel", ProductCtrl::prodExcel)
-                        get("/product-import") { ctx -> ctx.json(ExcelRead()) }
-                        post("/excelDb") {ctx -> ctx.json(excelToDb())}
+                        get("/to/excel", ProductCtrl::prodExcel)
+                        get("/valid/excel") { ctx -> ctx.json(ExcelRead()) }
+                        post("/excelToDb") {ctx -> ctx.json(excelToDb())}
                     }
                     path("/doc"){
                         post("", Document::create, Roles(Role.Explicit(listOf("ROLE_DOC_CREATE", "ROLE_ADMIN"))))
diff --git a/src/main/kotlin/com/restapi/controllers/Entities.kt b/src/main/kotlin/com/restapi/controllers/Entities.kt
index 25aa06c..228c367 100644
--- a/src/main/kotlin/com/restapi/controllers/Entities.kt
+++ b/src/main/kotlin/com/restapi/controllers/Entities.kt
@@ -444,15 +444,15 @@ data class ProductSearch(
 
 object ProductCtrl {
     fun get(ctx :Context){
-        val hsnCode = ctx.pathParam("hsnCode")
-        val product = database.find(Product::class.java, hsnCode) ?: throw NotFoundResponse("Product not found for $hsnCode")
+        val key = ctx.pathParam("key")
+        val product = database.find(Product::class.java, key) ?: throw NotFoundResponse("Product not found for $key")
 
         ctx.json(product)
     }
     fun getAll(ctx: Context){
-        val productList = Session.database.find(Product::class.java)
+        val productList = database.find(Product::class.java)
             .findList()
-            //.sortedBy { it.hsnCode }
+            //.removeAt(4)
 
         ctx.json(productList)
     }
@@ -464,7 +464,7 @@ object ProductCtrl {
 
     fun delete(ctx: Context) {
         val id = ctx.pathParam("id")
-        val product = database.delete(Product::class.java, id)
+        val product = database.deletePermanent(Product::class.java,id)
     }
 
     fun patch(ctx: Context) {
@@ -472,7 +472,7 @@ object ProductCtrl {
     }
 
     fun update(ctx: Context) {
-
+        //have to implement
     }
     fun prodExcel(it: Context) {
         val product = database.find(Product::class.java).findList()