diff --git a/app/controllers/api.py b/app/controllers/api.py
index ca2922d..c9362ab 100644
--- a/app/controllers/api.py
+++ b/app/controllers/api.py
@@ -61,43 +61,35 @@ def get_comments_count():
 @app.route("/comments", methods=['POST'])
 def new_comment():
 
-    logger.info("new comment !!!!")
-
     try:
-        token = request.form['token']
-        site = Site.select().where(Site.token == token).get()
-
-        # FOR DEBUG
-        return "OK"
+        data = request.get_json()
+        logger.info(data)
 
-        source_url = request.headers.get('referer', '')
-        url = app.config["pecosys"]["post"]["redirect_url"]
+        # validate token: retrieve site entity
+        token = data.get('token', '')
+        site = Site.select().where(Site.token == token).get()
+        if site is None:
+            logger.warn('Unknown site %s' % token)
+            abort(400)
+
+        # get values
+        url = data.get('url', '')
+        author_name = data.get('author', '')
+        author_email = data.get('email', '')
+        author_site = data.get('site', '')
+        message = data.get('message', '')
+        subscribe = data.get('subscribe', '')
 
-        if app.config["pecosys"]["post"]["redirect_referer"]:
-            url = app.config["pecosys"]["post"]["redirect_url"] + '?referer=' + request.headers.get('referer', '')
-        else:
-            url = request.headers.get('referer', app.config["pecosys"]["post"]["redirect_url"])
-
-        # get form values and create comment file
-        author = request.form['author']
-        email = request.form['email']
-        site = request.form['site']
-        article = request.form['article']
-        message = request.form['message']
-        subscribe = False
-        if "subscribe" in request.form and request.form['subscribe'] == "on":
-            subscribe = True
         # honeypot for spammers
-        captcha = ""
-        if "captcha" in request.form:
-            captcha = request.form['captcha']
+        captcha = data.get('captcha', '')
         if captcha:
-            logger.warn("discard spam: captcha %s author %s email %s site %s article %s message %s"
-                        % (captcha, author, email, site, article, message))
+            logger.warn('discard spam: captcha %s author %s email %s site %s url  %s message %s'
+                          % (captcha, author_name, author_email, author_site, url, message))
         else:
-            req = {'type': 'comment', 'author': author, 'email': email, 'site': site, 'article': article,
-                   'message': message, 'url': source_url, 'subscribe': subscribe}
-            processor.enqueue(req)
+            # TODO push new comment to backend service
+            logger.info('process: captcha %s author %s email %s site %s url  %s message %s subscribe %s'
+                          % (captcha, author_name, author_email, author_site,
+                              url, message, subscribe))
 
     except:
         logger.exception("new comment failure")
diff --git a/demo/public/index.html b/demo/public/index.html
index 41c4db0..ad7c883 100644
--- a/demo/public/index.html
+++ b/demo/public/index.html
@@ -200,10 +200,10 @@ instance d'ici peu.</p>
 
 <script type="text/javascript"><!--
 
-STACOSYS_URL = 'http://127.0.0.1:8000';
-STACOSYS_TOKEN = '9fb3fc042c572cb831005fd16186126765140fa2bd9bb2d4a28e47a9457dc26c';
+var STACOSYS_URL = 'http://127.0.0.1:8000';
+var STACOSYS_TOKEN = '9fb3fc042c572cb831005fd16186126765140fa2bd9bb2d4a28e47a9457dc26c';
 //STACOSYS_PAGE = 'blogduyax.madyanne.fr/mes-applications-pour-blackberry.html'
-STACOSYS_PAGE = 'blogduyax.madyanne.fr/migration-du-blog-sous-pelican.html'
+var STACOSYS_PAGE = 'blogduyax.madyanne.fr/migration-du-blog-sous-pelican.html'
 
 window.onload = initialize_comments();
 
diff --git a/demo/public/js/page.js b/demo/public/js/page.js
index d027626..77c4813 100644
--- a/demo/public/js/page.js
+++ b/demo/public/js/page.js
@@ -16,23 +16,32 @@ function show_hide(panel_id, button_id){
 // --------------------------------------------------------------------------
 
 function initialize_comments() { 
-  stacosys_count(comments_initialized);
+  stacosys_get_count(init_success, init_failure);
 }
 
-function comments_initialized(count) { 
+function init_success(data) {
+  var response = JSON.parse(data);
+  var count = response.count;
   if (count > 0) {
     if (count > 1) { 
       document.getElementById('show-comment-label').innerHTML = 'Voir les ' + count + ' commentaires';
     }
     document.getElementById('show-comments-button').style.display = '';
   }
+  console.log('initialization success');
+}
+
+function init_failure(error) { 
+  // NOP
+  console.log('initialization failure');
 }
 
 function show_comments() {
-  stacosys_load(comments_loaded);
+  stacosys_load_comments(loading_success, loading_failure);
 }
 
-function comments_loaded(response) { 
+function loading_success(data) { 
+  var response = JSON.parse(data);
   for (var i = 0, numTokens = response.data.length; i < numTokens; ++i) {
     response.data[i].mdcontent = markdown.toHTML(response.data[i].content);
   }
@@ -42,6 +51,11 @@ function comments_loaded(response) {
   document.getElementById('stacosys-comments').innerHTML = rendered;
 }
 
+function loading_failure(error) {
+  // NOP
+  console.log('loading failure');
+}
+
 // --------------------------------------------------------------------------
 //  Submit a new comment
 // --------------------------------------------------------------------------
@@ -53,11 +67,17 @@ function new_comment() {
   var captcha = document.getElementById('captcha').value;
   //var subscribe = document.getElementById('subscribe').value;
   
-  stacosys_new(author, email, site, captcha, comment_submitted);
+  stacosys_new_comment(author, email, site, captcha, submit_success, submit_failure);
+}
+
+function submit_success(data) { 
+  console.log('submit ' + data);
+  // TODO redirect to redirect page with page as argument
 }
 
-function comment_submitted(success) { 
-  console.log('SUBMITTED : ' + success);
+function submit_failure(error) {
+  console.log('submit failure');
+  // TODO redirect to error page
 }
 
 // --------------------------------------------------------------------------
diff --git a/demo/public/js/stacosys.js b/demo/public/js/stacosys.js
index ef1405c..8efba1a 100644
--- a/demo/public/js/stacosys.js
+++ b/demo/public/js/stacosys.js
@@ -1,17 +1,16 @@
-// Copyright (c) 2015 Yannic ARNOUX
-
 /**
  * Make a X-Domain request to url and callback.
  *
  * @param url {String}
  * @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
  * @param data {String} request body
+ * @param header {Dict} header options
  * @param callback {Function} to callback on completion
  * @param errback {Function} to callback on error
  */
-function xdr(url, method, data, callback, errback) {
+function xdr(url, method, data, header, callback, errback) {
     var req;
-    
+
     if(XMLHttpRequest) {
         req = new XMLHttpRequest();
  
@@ -27,6 +26,9 @@ function xdr(url, method, data, callback, errback) {
                     }
                 }
             };
+            for ( var h in header ) {
+              req.setRequestHeader(h, header[h]);
+            }
             req.send(data);
         }
     } else if(XDomainRequest) {
@@ -36,100 +38,38 @@ function xdr(url, method, data, callback, errback) {
         req.onload = function() {
             callback(req.responseText);
         };
+        for ( var h in header ) {
+          req.setRequestHeader(h, header[h]);
+        }
         req.send(data);
     } else {
         errback(new Error('CORS not supported'));
     }
 }
 
-
-// Create the XHR object.
-function stacosys_get_cors_request(method, url) {
-  var xhr = new XMLHttpRequest();
-  if ("withCredentials" in xhr) {
-    // XHR for Chrome/Firefox/Opera/Safari.
-    xhr.open(method, url, true);
-  } else if (typeof XDomainRequest != "undefined") {
-    // XDomainRequest for IE.
-    xhr = new XDomainRequest();
-    xhr.open(method, url);
-  } else {
-    // CORS not supported.
-    xhr = null;
-  }
-  return xhr;
-}
-
-function stacosys_count(callback) {
-
+function stacosys_get_count(callback, errback) {
   var url = STACOSYS_URL + '/comments/count?token=' + STACOSYS_TOKEN + '&url=' + STACOSYS_PAGE;
-  var xhr = stacosys_get_cors_request('GET', url);
-  if (!xhr) {
-    console.log('CORS not supported');
-    callback(0);
-    return;
-  }
-
-  // Response handlers.
-  xhr.onload = function() {
-    var jsonResponse = JSON.parse(xhr.responseText);
-    var count = jsonResponse.count;
-    callback(count);
-  };
-
-  xhr.onerror = function() {
-    console.log('Woops, there was an error making the request.');
-    callback(0);
-  };
-
-  xhr.send();
+  xdr(url, 'GET', null, {}, callback, errback);
 }
 
-function stacosys_load(callback) {
-
+function stacosys_load_comments(callback, errback) {
   var url = STACOSYS_URL + '/comments?token=' + STACOSYS_TOKEN + '&url=' + STACOSYS_PAGE;
-  var xhr = stacosys_get_cors_request('GET', url);
-  if (!xhr) {
-    console.log('CORS not supported');
-    return;
-  }
-
-  // Response handlers.
-  xhr.onload = function() {
-    var jsonResponse = JSON.parse(xhr.responseText);
-    callback(jsonResponse);
-  };
-
-  xhr.onerror = function() {
-    console.log('Woops, there was an error making the request.');
-  };
-
-  xhr.send();
+  xdr(url, 'GET', null, {}, callback, errback);
 }
 
-function stacosys_new(author, email, site, captcha, callback) {
-
-  var url = STACOSYS_URL + '/comments?token=' + STACOSYS_TOKEN 
-              + '&url=' + STACOSYS_PAGE + '&author=' + author 
-              + '&email=' + email + '&site=' + site 
-              + '&captcha=' + captcha;
-  var xhr = stacosys_get_cors_request('POST', url);
-  if (!xhr) {
-    console.log('CORS not supported');
-    callback(false);
-    return;
-  }
-
-  // Response handlers.
-  xhr.onload = function() {
-    var jsonResponse = JSON.parse(xhr.responseText);
-    callback(jsonResponse);
+function stacosys_new_comment(author, email, site, captcha, callback, errback) {
+  var url = STACOSYS_URL + '/comments';
+  var data = {
+    'token': STACOSYS_TOKEN,
+    'url': STACOSYS_PAGE,
+    'author': author,
+    'email': email,
+    'site': site,
+    'captcha': captcha
   };
-
-  xhr.onerror = function() {
-    console.log('Woops, there was an error making the request.');
-    callback(false);
+  var header = {
+    'Content-type': 'application/json'
   };
-
-  xhr.send();
+  var j = JSON.stringify(data);
+  xdr(url, 'POST', JSON.stringify(data), header, callback, errback);
 }