diff --git a/app/controllers/api.py b/app/controllers/api.py
index 52a01d7..287712f 100644
--- a/app/controllers/api.py
+++ b/app/controllers/api.py
@@ -3,28 +3,43 @@
 
 import logging
 from flask import request, jsonify
-from playhouse.shortcuts import model_to_dict
 from app import app
 from app.models.site import Site
 from app.models.comment import Comment
+from app.helpers.hashing import md5
 
 logger = logging.getLogger(__name__)
 
 
-@app.route("/comments", methods=['POST'])
+@app.route("/comments", methods=['GET', 'POST'])
 def query_comments():
 
-    query = request.json
-    token = query['token']
-    url = query['url']
-    logger.info('token=%s url=%s' % (token, url))
-
     comments = []
-    for comment in Comment.select(Comment).join(Site).where(
-           (Comment.url == url) &
-           (Site.token == token)).order_by(Comment.published):
-        comments.append(model_to_dict(comment))
+    try:
+        if request.method == 'POST':
+            token = request.json['token']
+            url = request.json['url']
+        else:
+            token = request.args.get('token', '')
+            url = request.args.get('url', '')
 
-    r = jsonify({'data': comments})
-    r.status_code = 200
+        logger.info('retrieve comments for token %s, url %s' % (token, url))
+        for comment in Comment.select(Comment).join(Site).where(
+               (Comment.url == url) &
+               (Site.token == token)).order_by(Comment.published):
+            d = {}
+            d['author'] = comment.author_name
+            d['content'] = comment.content
+            if comment.author_site:
+                d['site'] = comment.author_site
+            if comment.author_email:
+                d['avatar'] = md5(comment.author_email.strip().lower())
+            d['date'] = comment.published.strftime("%Y-%m-%d %H:%M:%S")
+            comments.append(d)
+        r = jsonify({'data': comments})
+        r.status_code = 200
+    except:
+        logger.warn('bad request')
+        r = jsonify({'data': []})
+        r.status_code = 400
     return r
diff --git a/app/helpers/hashing.py b/app/helpers/hashing.py
new file mode 100644
index 0000000..2d91635
--- /dev/null
+++ b/app/helpers/hashing.py
@@ -0,0 +1,16 @@
+#!/usr/bin/python
+# -*- coding: UTF-8 -*-
+
+import hashlib
+import config
+
+
+def salt(value):
+    string = '%s%s' % (value, config.SALT)
+    dk = hashlib.sha256(string.encode())
+    return dk.hexdigest()
+
+
+def md5(value):
+    dk = hashlib.md5(value.encode())
+    return dk.hexdigest()
diff --git a/app/services/database.py b/app/services/database.py
index e3baf82..f0fc403 100644
--- a/app/services/database.py
+++ b/app/services/database.py
@@ -1,15 +1,13 @@
 #!/usr/bin/python
 # -*- coding: UTF-8 -*-
 
-import hashlib
 import config
 import functools
-from config import DB_URL
 from playhouse.db_url import connect
 
 
 def get_db():
-    return connect(DB_URL)
+    return connect(config.DB_URL)
 
 
 def provide_db(func):
@@ -21,12 +19,6 @@ def provide_db(func):
     return new_function
 
 
-def hash(value):
-    string = '%s%s' % (value, config.SALT)
-    dk = hashlib.sha256(string.encode())
-    return dk.hexdigest()
-
-
 @provide_db
 def setup(db):
     from app.models.site import Site
diff --git a/config.py b/config.py
index 351dc1f..00c8647 100644
--- a/config.py
+++ b/config.py
@@ -6,3 +6,5 @@ DB_URL = "mysql://stacosys_user:stacosys_password@localhost:3306/stacosys"
 
 HTTP_ADDRESS = "0.0.0.0"
 HTTP_PORT = 8000
+
+SALT = "BRRJRqXgGpXWrgTidBPcixIThHpDuKc0"
diff --git a/tools/pecosys2stacosys.py b/tools/pecosys2stacosys.py
index 8610f98..600ab6d 100644
--- a/tools/pecosys2stacosys.py
+++ b/tools/pecosys2stacosys.py
@@ -17,6 +17,7 @@ for path in paths:
 
 # import database models 
 from app.services.database import provide_db
+from app.helpers.hashing import salt
 from app.models.site import Site
 from app.models.comment import Comment
 
@@ -57,14 +58,14 @@ def convert_comment(db, site, filename):
     # create DB record
     comment = Comment(site=site, author_name=d['author'], content=content)
     if 'email' in d:
-        comment.author_email = d['email']
+        comment.author_email = d['email'].strip()
     if 'site' in d:
-        comment.author_site = d['site']
+        comment.author_site = d['site'].strip()
     if 'url' in d:
         if d['url'][:7] == 'http://':
-            comment.url = d['url'][7:]
+            comment.url = d['url'][7:].strip()
         elif d['url'][:8] == 'https://':
-            comment.url = d['url'][8:]
+            comment.url = d['url'][8:].strip()
     # else:
     #    comment.url = d['article']
     if 'date' in d:
@@ -86,7 +87,7 @@ def convert(db, site_name, url, comment_dir):
     except Site.DoesNotExist:
         pass
 
-    site = Site.create(name=site_name, url=url, token='')
+    site = Site.create(name=site_name, url=url, token=salt(url))
 
     for dirpath, dirs, files in os.walk(comment_dir):
         for filename in files: