diff --git a/authentication/auth-bundle/AuthBundle.php b/authentication/auth-bundle/AuthBundle.php
new file mode 100644
index 00000000..022e5f0b
--- /dev/null
+++ b/authentication/auth-bundle/AuthBundle.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Authentication\AuthBundle;
+
+use Symfony\Component\HttpKernel\Bundle\Bundle;
+
+class AuthBundle extends Bundle
diff --git a/authentication/auth-bundle/Entity/APIRole.php b/authentication/auth-bundle/Entity/APIRole.php
new file mode 100644
index 00000000..7b2ae5bc
--- /dev/null
+++ b/authentication/auth-bundle/Entity/APIRole.php
@@ -0,0 +1,120 @@
+<?php
+
+namespace Authentication\AuthBundle\Entity;
+
+use Doctrine\ORM\Mapping as ORM;
+use Doctrine\Common\Collections\ArrayCollection;
+use Symfony\Component\Validator\Constraints as Assert;
+use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
+
+/**
+ * @ORM\Entity
+ * @ORM\Table(name="api_role")
+ * @UniqueEntity("id")
+ * @UniqueEntity("name")
+ */
+class APIRole
+{
+    const SUPER_ADMIN = 'ROLE_SUPER_ADMIN';
+
+    /**
+     * @ORM\Id
+     * @ORM\Column(type="string", length=80)
+     * @Assert\NotBlank()
+     */
+    protected $id;
+
+    /**
+     * @ORM\Column(type="string", length=80)
+     * @Assert\NotBlank()
+     */
+    protected $name;
+
+    /**
+     * @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY")
+     */
+    protected $users;
+
+    /**
+     * @ORM\Column(type="json_array")
+     */
+    protected $acl_attributes;
+
+    public function __construct()
+    {
+        $this->users = new ArrayCollection();
+        $this->acl_attributes = [];
+    }
+
+    public function setID($id)
+    {
+        // example ROLE_SUPER_ADMIN, ROLE_CASHIER, etc
+        $this->id = $id;
+        return $this;
+    }
+
+    public function getID()
+    {
+        return $this->id;
+    }
+
+    public function setName($name)
+    {
+        $this->name = $name;
+        return $this;
+    }
+
+    public function getName()
+    {
+        return $this->name;
+    }
+
+    public function getUsers()
+    {
+        return $this->users;
+    }
+
+    public function getUsersCount()
+    {
+        return $this->users->count();
+    }
+
+    public function isSuperAdmin()
+    {
+        if ($this->id == self::SUPER_ADMIN)
+            return true;
+
+        return false;
+    }
+
+    // TODO: shift out ACL stuff to its own class
+    public function clearACLAttributes()
+    {
+        $this->acl_attributes = [];
+        return $this;
+    }
+
+    public function getACLAttributes()
+    {
+        return $this->acl_attributes;
+    }
+
+    public function addACLAccess($attribute)
+    {
+        $this->acl_attributes[$attribute] = true;
+        return $this;
+    }
+
+    public function hasACLAccess($attribute)
+    {
+        // if it's super admin, they always have access
+        if ($this->isSuperAdmin())
+            return true;
+
+        // check ACL attributes
+        if (isset($this->acl_attributes[$attribute]) && $this->acl_attributes[$attribute])
+            return true;
+
+        return false;
+    }
+}
diff --git a/authentication/auth-bundle/Entity/APIUser.php b/authentication/auth-bundle/Entity/APIUser.php
new file mode 100644
index 00000000..1cfc3291
--- /dev/null
+++ b/authentication/auth-bundle/Entity/APIUser.php
@@ -0,0 +1,156 @@
+<?php
+
+namespace Catalyst\APIBundle\Entity;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+use Doctrine\ORM\Mapping as ORM;
+use Doctrine\ORM\Mapping\JoinColumn;
+use Doctrine\Common\Collections\ArrayCollection;
+use DateTime;
+
+/**
+ * @ORM\Entity
+ * @ORM\Table(name="api_user")
+ */
+class APIUser implements UserInterface
+{
+    // api key 
+    /**
+     * @ORM\Id
+     * @ORM\Column(type="string", length=32)
+     */
+    protected $api_key;
+
+    // secret key
+    /**
+     * @ORM\Column(type="string", length=32)
+     */
+    protected $secret_key;
+
+    /**
+     * @ORM\Column(type="string", length=80)
+     */
+    protected $name;
+
+    // date created
+    /**
+     * @ORM\Column(type="datetime")
+     */
+    protected $date_create;
+
+    // roles
+    /**
+     * @ORM\ManyToMany(targetEntity="Role", inversedBy="users")
+     * @ORM\JoinTable(name="api_user_role",
+     *           joinColumns={@JoinColumn(name="user_api_key", referencedColumnName="api_key")},
+     *           inverseJoinColumns={@JoinColumn(name="role_id", referencedColumnName="id")})
+     */
+    protected $roles;
+
+    public function __construct()
+    {
+        // generate keys
+        $this->setAPIKey($this->generateAPIKey())
+            ->setSecretKey($this->generateSecretKey());
+
+        // set date created
+        $this->date_create = new DateTime();
+
+        $this->roles = new ArrayCollection();
+    }
+
+    public function getID()
+    {
+        return $this->id;
+    }
+
+    public function setAPIKey($api_key)
+    {
+        $this->api_key = $api_key;
+        return $this;
+    }
+
+    public function getAPIKey()
+    {
+        return $this->api_key;
+    }
+
+    public function setSecretKey($key)
+    {
+        $this->secret_key = $key;
+        return $this;
+    }
+
+    public function getSecretKey()
+    {
+        return $this->secret_key;
+    }
+
+    public function setName($name)
+    {
+        $this->name = $name;
+        return $this;
+    }
+
+    public function getName()
+    {
+        return $this->name;
+    }
+
+    public function getRoles()
+    {
+        $str_roles = [];
+        foreach ($this->roles as $role)
+            $str_roles[] = $role->getID();
+
+        return $str_roles;
+    }
+
+    public function getRoleObjects()
+    {
+        return $this->roles;
+    }
+
+    public function getDateCreate()
+    {
+        return $this->date_create;
+    }
+
+    public function getPassword()
+    {
+        // we don't need this for API
+        return 'notneeded';
+    }
+
+    public function getSalt()
+    {
+        return null;
+    }
+
+    public function getUsername()
+    {
+        // since it's an api, the api key IS the username
+        return $this->api_key;
+    }
+
+    public function eraseCredentials()
+    {
+        return;
+    }
+
+    public function generateAPIKey()
+    {
+        return $this->generateKey('api');
+    }
+
+    public function generateSecretKey()
+    {
+        return $this->generateKey('secret');
+    }
+
+    protected function generateKey($prefix = '')
+    {
+        return md5(uniqid($prefix, true));
+    }
+}
+
diff --git a/authentication/auth-bundle/Entity/Role.php b/authentication/auth-bundle/Entity/Role.php
new file mode 100644
index 00000000..168b127d
--- /dev/null
+++ b/authentication/auth-bundle/Entity/Role.php
@@ -0,0 +1,120 @@
+<?php
+
+namespace App\Entity;
+
+use Doctrine\ORM\Mapping as ORM;
+use Doctrine\Common\Collections\ArrayCollection;
+use Symfony\Component\Validator\Constraints as Assert;
+use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
+
+/**
+ * @ORM\Entity
+ * @ORM\Table(name="role")
+ * @UniqueEntity("id")
+ * @UniqueEntity("name")
+ */
+class Role
+{
+    const SUPER_ADMIN = 'ROLE_SUPER_ADMIN';
+
+    /**
+     * @ORM\Id
+     * @ORM\Column(type="string", length=80)
+     * @Assert\NotBlank()
+     */
+    protected $id;
+
+    /**
+     * @ORM\Column(type="string", length=80)
+     * @Assert\NotBlank()
+     */
+    protected $name;
+
+    /**
+     * @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY")
+     */
+    protected $users;
+
+    /**
+     * @ORM\Column(type="json_array")
+     */
+    protected $acl_attributes;
+
+    public function __construct()
+    {
+        $this->users = new ArrayCollection();
+        $this->acl_attributes = [];
+    }
+
+    public function setID($id)
+    {
+        // example ROLE_SUPER_ADMIN, ROLE_CASHIER, etc
+        $this->id = $id;
+        return $this;
+    }
+
+    public function getID()
+    {
+        return $this->id;
+    }
+
+    public function setName($name)
+    {
+        $this->name = $name;
+        return $this;
+    }
+
+    public function getName()
+    {
+        return $this->name;
+    }
+
+    public function getUsers()
+    {
+        return $this->users;
+    }
+
+    public function getUsersCount()
+    {
+        return $this->users->count();
+    }
+
+    public function isSuperAdmin()
+    {
+        if ($this->id == self::SUPER_ADMIN)
+            return true;
+
+        return false;
+    }
+
+    // TODO: shift out ACL stuff to its own class
+    public function clearACLAttributes()
+    {
+        $this->acl_attributes = [];
+        return $this;
+    }
+
+    public function getACLAttributes()
+    {
+        return $this->acl_attributes;
+    }
+
+    public function addACLAccess($attribute)
+    {
+        $this->acl_attributes[$attribute] = true;
+        return $this;
+    }
+
+    public function hasACLAccess($attribute)
+    {
+        // if it's super admin, they always have access
+        if ($this->isSuperAdmin())
+            return true;
+
+        // check ACL attributes
+        if (isset($this->acl_attributes[$attribute]) && $this->acl_attributes[$attribute])
+            return true;
+
+        return false;
+    }
+}
diff --git a/authentication/auth-bundle/Entity/User.php b/authentication/auth-bundle/Entity/User.php
new file mode 100644
index 00000000..88cb8cc9
--- /dev/null
+++ b/authentication/auth-bundle/Entity/User.php
@@ -0,0 +1,337 @@
+<?php
+
+namespace App\Entity;
+
+use Symfony\Component\Security\Core\User\AdvancedUserInterface;
+use Doctrine\ORM\Mapping as ORM;
+use Doctrine\Common\Collections\ArrayCollection;
+use Symfony\Component\Validator\Constraints as Assert;
+use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
+use Serializable;
+
+/**
+ * @ORM\Entity
+ * @ORM\Table(name="user")
+ * @UniqueEntity("username")
+ * @UniqueEntity("email")
+ */
+class User implements AdvancedUserInterface, Serializable
+{
+    /**
+     * @ORM\Id
+     * @ORM\Column(type="integer")
+     * @ORM\GeneratedValue(strategy="AUTO")
+     */
+    protected $id;
+
+    /**
+     * @ORM\Column(type="string", length=80, unique=true)
+     * @Assert\NotBlank()
+     * 
+     */
+    protected $username;
+
+    /**
+     * @ORM\Column(type="string", length=64)
+     */
+    protected $password;
+
+    /**
+     * @ORM\ManyToMany(targetEntity="Role", inversedBy="users")
+     * @ORM\JoinTable(name="user_role")
+     */
+    protected $roles;
+
+    /**
+     * @ORM\ManyToMany(targetEntity="Hub", inversedBy="users")
+     * @ORM\JoinTable(name="user_hubs")
+     */
+    protected $hubs;
+
+    /**
+     * @ORM\Column(type="boolean")
+     */
+    protected $enabled;
+
+    /**
+     * @ORM\Column(type="string", length=50, nullable=true)
+     */
+    protected $first_name;
+
+    /**
+     * @ORM\Column(type="string", length=50, nullable=true)
+     */
+    protected $last_name;
+
+    /**
+     * @ORM\Column(type="string", length=20, nullable=true)
+     */
+    protected $contact_num;
+
+    /**
+     * @ORM\Column(type="string", length=50, unique=true, nullable=true)
+     */
+    protected $email;
+
+    // job orders made by this user
+    /**
+     * @ORM\OneToMany(targetEntity="JobOrder", mappedBy="created_by")
+     */
+    protected $job_orders_created;
+
+    // job orders assigned by this user
+    /**
+     * @ORM\OneToMany(targetEntity="JobOrder", mappedBy="assigned_by")
+     */
+    protected $job_orders_assigned;
+
+    // job orders processed or being processed by this user
+    /**
+     * @ORM\OneToMany(targetEntity="JobOrder", mappedBy="processed_by")
+     */
+    protected $job_orders_processed;
+
+    // tickets made by this user
+    /**
+     * @ORM\OneToMany(targetEntity="Ticket", mappedBy="created_by")
+     */
+    protected $tickets;
+
+    // invoices made by this user
+    /**
+     * @ORM\OneToMany(targetEntity="Invoice", mappedBy="created_by")
+     */
+    protected $invoices;
+
+    public function __construct()
+    {
+        $this->roles = new ArrayCollection();
+        $this->hubs = new ArrayCollection();
+        $this->job_orders_created = new ArrayCollection();
+        $this->job_orders_assigned = new ArrayCollection();
+        $this->tickets = new ArrayCollection();
+        $this->enabled = true;
+    }
+
+    public function getID()
+    {
+        return $this->id;
+    }
+
+    public function setUsername($username)
+    {
+        $this->username = $username;
+        return $this;
+    }
+
+    public function getUsername()
+    {
+        return $this->username;
+    }
+
+    public function setPassword($password)
+    {
+        $this->password = $password;
+        return $this;
+    }
+
+    public function getPassword()
+    {
+        return $this->password;
+    }
+
+    public function setSalt($salt)
+    {
+        // do nothing
+        return $this;
+    }
+
+    public function getSalt()
+    {
+        return null;
+    }
+
+    public function addRole(Role $role)
+    {
+        $this->roles->add($role);
+        return $this;
+    }
+
+    public function clearRoles()
+    {
+        $this->roles->clear();
+        return $this;
+    }
+
+    public function getRoles()
+    {
+        // has to return set of strings because symfony is trying to move away from role objects
+        $str_roles = [];
+        foreach ($this->roles as $role)
+            $str_roles[] = $role->getID();
+
+        return $str_roles;
+    }
+
+    public function getRoleObjects()
+    {
+        return $this->roles;
+    }
+
+    public function addHub(Hub $hub)
+    {
+        $this->hubs->add($hub);
+        return $this;
+    }
+
+    public function clearHubs()
+    {
+        $this->hubs->clear();
+        return $this;
+    }
+
+    public function getHubs()
+    {
+        $str_hubs = [];
+        foreach ($this->hubs as $hub)
+            $str_hubs[] = $hub->getID();
+
+        return $str_hubs;
+    }
+
+    public function getHubObjects()
+    {
+        return $this->hubs;
+    }
+
+    public function eraseCredentials()
+    {
+        return $this;
+    }
+
+    public function isAccountNonExpired()
+    {
+        return true;
+    }
+
+    public function isAccountNonLocked()
+    {
+        return true;
+    }
+
+    public function isCredentialsNonExpired()
+    {
+        return true;
+    }
+
+    public function setEnabled($enabled = true)
+    {
+        $this->enabled = $enabled;
+        return $this;
+    }
+
+    public function isEnabled()
+    {
+        return $this->enabled;
+    }
+
+    public function serialize()
+    {
+        return serialize([
+            $this->id,
+            $this->username,
+            $this->password,
+            $this->enabled,
+        ]);
+    }
+
+    public function unserialize($serial)
+    {
+        list (
+            $this->id,
+            $this->username,
+            $this->password,
+            $this->enabled,
+        ) = unserialize($serial);
+    }
+
+    public function setFirstName($name)
+    {
+        $this->first_name = $name;
+        return $this;
+    }
+
+    public function getFirstName()
+    {
+        return $this->first_name;
+    }
+
+    public function setLastName($name)
+    {
+        $this->last_name = $name;
+        return $this;
+    }
+
+    public function getLastName()
+    {
+        return $this->last_name;
+    }
+
+    public function getFullName()
+    {
+        return $this->first_name . ' ' . $this->last_name;
+    }
+
+    public function setContactNumber($num)
+    {
+        $this->contact_num = $num;
+        return $this;
+    }
+
+    public function getContactNumber()
+    {
+        return $this->contact_num;
+    }
+
+    public function setEmail($email = null)
+    {
+        $this->email = $email;
+        return $this;
+    }
+
+    public function getEmail()
+    {
+        return $this->email;
+    }
+
+    public function isSuperAdmin()
+    {
+        foreach ($this->roles as $role)
+        {
+            if ($role->isSuperAdmin())
+                return true;
+        }
+
+        return false;
+    }
+
+    public function getJobOrdersCreated()
+    {
+        return $this->job_orders_created;
+    }
+
+    public function getJobOrdersAssigned()
+    {
+        return $this->job_orders_assigned;
+    }
+
+    public function getTickets()
+    {
+        return $this->tickets;
+    }
+
+    public function getInvoices()
+    {
+        return $this->invoices;
+    }
+}
diff --git a/config/bundles.php b/config/bundles.php
index db1fdb73..d05a5a86 100644
--- a/config/bundles.php
+++ b/config/bundles.php
@@ -14,4 +14,5 @@ return [
 
     Catalyst\APIBundle\CatalystAPIBundle::class => ['all' => true],
     // DataDog\AuditBundle\DataDogAuditBundle::class => ['all' => true],
+    Authentication\AuthBundle\Authbundle::class => ['all' => true],
 ];