diff --git a/config/__pycache__/settings.cpython-313.pyc b/config/__pycache__/settings.cpython-313.pyc
index fa17db2..53df004 100644
Binary files a/config/__pycache__/settings.cpython-313.pyc and b/config/__pycache__/settings.cpython-313.pyc differ
diff --git a/config/api.py b/config/api.py
new file mode 100644
index 0000000..e0c8738
--- /dev/null
+++ b/config/api.py
@@ -0,0 +1,8 @@
+from rest_framework.routers import DefaultRouter
+
+from apps.users.viewsets import UserViewSet
+
+router = DefaultRouter()
+router.register(r'users', UserViewSet, basename = 'user')
+
+urlpatterns = router.urls
diff --git a/config/asgi.py b/config/asgi.py
index ed7c431..a00b3b5 100644
--- a/config/asgi.py
+++ b/config/asgi.py
@@ -1,12 +1,3 @@
-"""
-ASGI config for config project.
-
-It exposes the ASGI callable as a module-level variable named ``application``.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/5.2/howto/deployment/asgi/
-"""
-
 import os
 
 from django.core.asgi import get_asgi_application
diff --git a/config/settings.py b/config/settings.py
index ca38e20..e38026b 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -1,36 +1,35 @@
-"""
-Django settings for config project.
-
-Generated by 'django-admin startproject' using Django 5.2.8.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/5.2/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/5.2/ref/settings/
-"""
-
 from pathlib import Path
+import os
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
 
+from dotenv import load_dotenv
+load_dotenv(dotenv_path = BASE_DIR / '.env')
+
+
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'django-insecure-pf#9a$@vq1o91n#mxwba_dm-+v9&*u4f3$#bts%zanu-$0*whk'
+# Prefer setting `DJANGO_SECRET_KEY` in the repository `.env` file or in
+# the deployment environment. A fallback is kept for local convenience.
+SECRET_KEY = os.getenv('DJANGO_SECRET_KEY', 'django-insecure-pf#9a$@vq1o91n#mxwba_dm-+v9&*u4f3$#bts%zanu-$0*whk')
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+# Set `DJANGO_DEBUG=false` in production environments.
+_debug_env = os.getenv('DJANGO_DEBUG', 'True')
+DEBUG = str(_debug_env).lower() in ('1', 'true', 'yes', 'on')
 
-ALLOWED_HOSTS = []
+# ALLOWED_HOSTS can be provided as a comma-separated list in `DJANGO_ALLOWED_HOSTS`.
+_hosts = os.getenv('DJANGO_ALLOWED_HOSTS', '')
+ALLOWED_HOSTS = [h.strip() for h in _hosts.split(',') if h.strip()]
 
 
 # Application definition
 
-INSTALLED_APPS = [
+DJANGO_APPS = [
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
@@ -39,6 +38,21 @@ INSTALLED_APPS = [
     'django.contrib.staticfiles',
 ]
 
+THIRD_PARTY_APPS = [
+    'rest_framework',
+]
+
+LOCAL_APPS = [
+    'apps.users',
+    'apps.domains',
+    'apps.agents',
+]
+
+INSTALLED_APPS = DJANGO_APPS + THIRD_PARTY_APPS + LOCAL_APPS
+
+
+AUTH_USER_MODEL = 'users.User'
+
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
@@ -79,6 +93,11 @@ DATABASES = {
     }
 }
 
+# Allow overriding sqlite file via DJANGO_DB_NAME environment variable (relative to project root).
+_db_name = os.getenv('DJANGO_DB_NAME')
+if _db_name:
+    DATABASES['default']['NAME'] = BASE_DIR / _db_name
+
 
 # Password validation
 # https://docs.djangoproject.com/en/5.2/ref/settings/#auth-password-validators
@@ -121,3 +140,16 @@ STATIC_ROOT = 'static/'
 # https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
+
+# Django REST framework basic configuration for the POC. Adjust auth/permissions
+# as features become defined. For production, tighten permissions and use token
+# or JWT authentication as appropriate.
+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.SessionAuthentication',
+        'rest_framework.authentication.BasicAuthentication',
+    ],
+    'DEFAULT_PERMISSION_CLASSES': [
+        'rest_framework.permissions.AllowAny',
+    ],
+}
diff --git a/config/urls.py b/config/urls.py
index 35a0802..b44230e 100644
--- a/config/urls.py
+++ b/config/urls.py
@@ -1,22 +1,7 @@
-"""
-URL configuration for config project.
-
-The `urlpatterns` list routes URLs to views. For more information please see:
-    https://docs.djangoproject.com/en/5.2/topics/http/urls/
-Examples:
-Function views
-    1. Add an import:  from my_app import views
-    2. Add a URL to urlpatterns:  path('', views.home, name='home')
-Class-based views
-    1. Add an import:  from other_app.views import Home
-    2. Add a URL to urlpatterns:  path('', Home.as_view(), name='home')
-Including another URLconf
-    1. Import the include() function: from django.urls import include, path
-    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
-"""
 from django.contrib import admin
-from django.urls import path
+from django.urls import path, include
 
 urlpatterns = [
     path('admin/', admin.site.urls),
+    path('api/', include('config.api')),
 ]