diff --git a/appinfo/app.php b/appinfo/app.php
index 33a0147..172e0a4 100644
--- a/appinfo/app.php
+++ b/appinfo/app.php
@@ -18,5 +18,7 @@ namespace OCA\Registration\AppInfo;
 
 \OCP\App::registerAdmin('registration', 'admin');
 
-$app = new \OCP\AppFramework\App('registration');
-$app->getContainer()->registerCapability(\OCA\Registration\Capabilities::class);
+if(interface_exists('\OCP\Capabilities\IPublicCapability')) {
+	$app = new \OCP\AppFramework\App('registration');
+	$app->getContainer()->registerCapability(\OCA\Registration\Capabilities::class);
+}
\ No newline at end of file
diff --git a/appinfo/database.xml b/appinfo/database.xml
index ff4d751..572c9aa 100644
--- a/appinfo/database.xml
+++ b/appinfo/database.xml
@@ -42,10 +42,12 @@
 				<name>token</name>
 				<type>text</type>
 				<notnull>true</notnull>
+				<unique>true</unique>
 			</field>
 			<field>
 				<name>client_secret</name>
 				<type>text</type>
+				<unique>true</unique>
 			</field>
 			<field>
 				<name>requested</name>
diff --git a/capabilities.php b/capabilities.php
index 58021e5..a97f56e 100644
--- a/capabilities.php
+++ b/capabilities.php
@@ -24,9 +24,10 @@
 namespace OCA\Registration;
 
 use OCP\Capabilities\ICapability;
+use OCP\Capabilities\IPublicCapability;
 use OCP\IURLGenerator;
 
-class Capabilities implements ICapability {
+class Capabilities implements IPublicCapability {
 
 	/** @var IURLGenerator */
 	private $urlGenerator;
diff --git a/controller/apicontroller.php b/controller/apicontroller.php
index bd04ca1..4ddba0c 100644
--- a/controller/apicontroller.php
+++ b/controller/apicontroller.php
@@ -49,8 +49,8 @@ class ApiController extends OCSController {
 	/** @var Defaults */
 	private $defaults;
 
-	const OCS_STATUS_PENDING = 101;
-	const OCS_STATUS_RESENT = 102;
+	const OCS_STATUS_PENDING = 403;
+	const OCS_STATUS_RESENT = 403;
 
 	public function __construct($appName,
 								IRequest $request,
@@ -95,18 +95,19 @@ class ApiController extends OCSController {
 	 * @PublicPage
 	 * @AnonRateThrottle(limit=10, period=1)
 	 *
-	 * @param string $registrationToken
 	 * @param string $clientSecret
 	 * @throws OCSException
 	 * @return DataResponse
 	 */
-	public function status($registrationToken, $clientSecret=null) {
-		$data = [];
+	public function status($clientSecret) {
 		try {
 			/** @var Registration $registration */
-			$registration = $this->registrationService->getRegistrationForToken($registrationToken);
+			$registration = $this->registrationService->getRegistrationForSecret($clientSecret);
 			if(!$registration->getEmailConfirmed()) {
-				throw new OCSException($this->l10n->t('Your registration is pending. Please confirm your email address.'), self::OCS_STATUS_PENDING);
+				throw new OCSException(
+					$this->l10n->t('Your registration is pending. Please confirm your email address.'),
+					self::OCS_STATUS_PENDING
+				);
 			} else {
 				// create account if email confirmed and not already created
 				$user = $this->registrationService->getUserAccount($registration);
@@ -115,16 +116,13 @@ class ApiController extends OCSController {
 				}
 				$this->registrationService->loginUser($user->getUID(), $registration->getUsername(), $registration->getPassword(), true);
 				$appPassword = $this->registrationService->generateAppPassword($user->getUID());
-				if ($clientSecret === $registration->getClientSecret()) {
-					$data = [
-						'status' => Registration::STATUS_FINISHED,
-						'appPassword' => $appPassword,
-						'cloudUrl' => $this->defaults->getBaseUrl()
-					];
-					$this->registrationService->deleteRegistration($registration);
-				}
+				$data = [
+					'appPassword' => $appPassword,
+					'cloudUrl' => $this->defaults->getBaseUrl()
+				];
+				$this->registrationService->deleteRegistration($registration);
+				return new DataResponse($data, Http::STATUS_OK);
 			}
-			return new DataResponse($data, Http::STATUS_OK);
 		} catch (DoesNotExistException $e) {
 			throw new OCSNotFoundException('No pending registration.');
 		}
@@ -158,7 +156,6 @@ class ApiController extends OCSController {
 			}
 
 			$data['message'] = $this->l10n->t('Your registration is pending. Please confirm your email address.');
-			$data['token'] = $registration->getToken();
 			$data['status'] = Registration::STATUS_PENDING;
 			if($secret !== null) {
 				$data['secret'] = $secret;
diff --git a/db/registrationmapper.php b/db/registrationmapper.php
index 21e670a..8ebd54c 100644
--- a/db/registrationmapper.php
+++ b/db/registrationmapper.php
@@ -46,6 +46,11 @@ class RegistrationMapper extends Mapper {
 		return $this->findEntity('SELECT * FROM `*PREFIX*registration` WHERE `token` = ? ', [$token]);
 	}
 
+	public function findBySecret($secret) {
+		return $this->findEntity('SELECT * FROM `*PREFIX*registration` WHERE `client_secret` = ? ', [$secret]);
+
+	}
+
 	/**
 	 * @param $email
 	 * @return Registration|Entity
diff --git a/service/registrationservice.php b/service/registrationservice.php
index d9e2398..4131f7e 100644
--- a/service/registrationservice.php
+++ b/service/registrationservice.php
@@ -309,6 +309,14 @@ class RegistrationService {
 		return $this->registrationMapper->findByToken($token);
 	}
 
+	/**
+	 * @param $secret
+	 * @return Registration
+	 */
+	public function getRegistrationForSecret($secret) {
+		return $this->registrationMapper->findBySecret($secret);
+	}
+
 	/**
 	 * @param Registration $registation
 	 * @return null|\OCP\IUser