diff --git a/app.js b/app.js
index 7429410d..92050075 100644
--- a/app.js
+++ b/app.js
@@ -30,6 +30,7 @@ let segments = require('./routes/segments');
 let webhooks = require('./routes/webhooks');
 let subscription = require('./routes/subscription');
 let archive = require('./routes/archive');
+let api = require('./routes/api');
 
 let app = express();
 
@@ -172,6 +173,7 @@ app.use('/segments', segments);
 app.use('/webhooks', webhooks);
 app.use('/subscription', subscription);
 app.use('/archive', archive);
+app.use('/api', api);
 
 // catch 404 and forward to error handler
 app.use((req, res, next) => {
diff --git a/lib/models/fields.js b/lib/models/fields.js
index b9076439..ebe92c5d 100644
--- a/lib/models/fields.js
+++ b/lib/models/fields.js
@@ -348,7 +348,7 @@ function addCustomField(listId, name, defaultValue, type, group, visible, callba
     });
 }
 
-module.exports.getRow = (fieldList, values, useDate, showAll) => {
+module.exports.getRow = (fieldList, values, useDate, showAll, onlyExisting) => {
     let valueList = {};
     let row = [];
 
@@ -363,6 +363,10 @@ module.exports.getRow = (fieldList, values, useDate, showAll) => {
     });
 
     fieldList.filter(field => showAll || field.visible).forEach(field => {
+        if (onlyExisting && field.column && !valueList.hasOwnProperty(field.column)) {
+            // ignore missing values
+            return;
+        }
         switch (field.type) {
             case 'text':
             case 'website':
@@ -409,15 +413,21 @@ module.exports.getRow = (fieldList, values, useDate, showAll) => {
                         mergeTag: field.key,
                         mergeValue: field.defaultValue,
                         ['type' + (field.type || '').toString().trim().replace(/(?:^|\-)([a-z])/g, (m, c) => c.toUpperCase())]: true,
-                        options: (field.options || []).map(subField => ({
-                            type: subField.type,
-                            name: subField.name,
-                            column: subField.column,
-                            value: valueList[subField.column] ? 1 : 0,
-                            visible: !!subField.visible,
-                            mergeTag: subField.key,
-                            mergeValue: valueList[subField.column] ? subField.name : subField.defaultValue
-                        }))
+                        options: (field.options || []).map(subField => {
+                            if (onlyExisting && subField.column && !valueList.hasOwnProperty(subField.column)) {
+                                // ignore missing values
+                                return false;
+                            }
+                            return {
+                                type: subField.type,
+                                name: subField.name,
+                                column: subField.column,
+                                value: valueList[subField.column] ? 1 : 0,
+                                visible: !!subField.visible,
+                                mergeTag: subField.key,
+                                mergeValue: valueList[subField.column] ? subField.name : subField.defaultValue
+                            };
+                        }).filter(subField => subField)
                     };
                     item.value = item.options.filter(subField => showAll || subField.visible && subField.value).map(subField => subField.name).join(', ');
                     item.mergeValue = item.value || field.defaultValue;
diff --git a/lib/models/subscriptions.js b/lib/models/subscriptions.js
index 5b159c89..8dfb237a 100644
--- a/lib/models/subscriptions.js
+++ b/lib/models/subscriptions.js
@@ -248,7 +248,7 @@ module.exports.insert = (listId, meta, subscription, callback) => {
             }
         });
 
-        fields.getValues(fields.getRow(fieldList, subscription, true, true), true).forEach(field => {
+        fields.getValues(fields.getRow(fieldList, subscription, true, true, !!meta.partial), true).forEach(field => {
             keys.push(field.key);
             values.push(field.value);
         });
diff --git a/lib/models/users.js b/lib/models/users.js
index 6631d292..c178659b 100644
--- a/lib/models/users.js
+++ b/lib/models/users.js
@@ -21,7 +21,30 @@ module.exports.get = (id, callback) => {
         if (err) {
             return callback(err);
         }
-        connection.query('SELECT id, username, email FROM users WHERE id=? LIMIT 1', [id], (err, rows) => {
+        connection.query('SELECT `id`, `username`, `email`, `access_token` FROM `users` WHERE `id`=? LIMIT 1', [id], (err, rows) => {
+            connection.release();
+
+            if (err) {
+                return callback(err);
+            }
+
+            if (!rows.length) {
+                return callback(null, false);
+            }
+
+            let user = tools.convertKeys(rows[0]);
+            return callback(null, user);
+        });
+    });
+};
+
+module.exports.findByAccessToken = (accessToken, callback) => {
+    db.getConnection((err, connection) => {
+        if (err) {
+            return callback(err);
+        }
+
+        connection.query('SELECT `id`, `username`, `email`, `access_token` FROM `users` WHERE `access_token`=? LIMIT 1', [accessToken], (err, rows) => {
             connection.release();
 
             if (err) {
@@ -48,7 +71,7 @@ module.exports.get = (id, callback) => {
 module.exports.authenticate = (username, password, callback) => {
 
     let login = (connection, callback) => {
-        connection.query('SELECT id, password FROM users WHERE username=? OR email=? LIMIT 1', [username, username], (err, rows) => {
+        connection.query('SELECT `id`, `password`, `access_token` FROM `users` WHERE `username`=? OR email=? LIMIT 1', [username, username], (err, rows) => {
             if (err) {
                 return callback(err);
             }
@@ -175,6 +198,34 @@ module.exports.update = (id, updates, callback) => {
     });
 };
 
+module.exports.resetToken = (id, callback) => {
+    id = Number(id) || 0;
+
+    if (!id) {
+        return callback(new Error('User ID not set'));
+    }
+
+    db.getConnection((err, connection) => {
+        if (err) {
+            return callback(err);
+        }
+
+        let token = crypto.randomBytes(20).toString('hex').toLowerCase();
+        let query = 'UPDATE users SET `access_token`=? WHERE id=? LIMIT 1';
+        let values = [token, id];
+
+        connection.query(query, values, (err, result) => {
+            connection.release();
+            if (err) {
+                return callback(err);
+            }
+            return callback(null, result.affectedRows);
+        });
+    });
+
+};
+
+
 module.exports.sendReset = (username, callback) => {
     username = (username || '').toString().trim();
 
diff --git a/meta.json b/meta.json
index 827af726..0aa4b5e3 100644
--- a/meta.json
+++ b/meta.json
@@ -1,3 +1,3 @@
 {
-    "schemaVersion": 8
+    "schemaVersion": 9
 }
diff --git a/public/javascript/tables.js b/public/javascript/tables.js
index cf6fe68a..6afbf235 100644
--- a/public/javascript/tables.js
+++ b/public/javascript/tables.js
@@ -72,7 +72,6 @@ $('.data-table-ajax').each(function () {
     });
 });
 
-
 $('.datestring').each(function () {
     $(this).html(moment($(this).data('date')).fromNow());
 });
@@ -126,6 +125,10 @@ $('.page-refresh').each(function () {
     }, interval * 1000);
 });
 
+$('.click-select').on('click', function () {
+    $(this).select();
+});
+
 if (typeof moment.tz !== 'undefined') {
     (function () {
         var tz = moment.tz.guess();
diff --git a/routes/api.js b/routes/api.js
new file mode 100644
index 00000000..00963c1b
--- /dev/null
+++ b/routes/api.js
@@ -0,0 +1,188 @@
+'use strict';
+
+let users = require('../lib/models/users');
+let lists = require('../lib/models/lists');
+let fields = require('../lib/models/fields');
+let subscriptions = require('../lib/models/subscriptions');
+let tools = require('../lib/tools');
+let express = require('express');
+let router = new express.Router();
+
+router.all('/*', (req, res, next) => {
+    if (!req.query.access_token) {
+        res.status(403);
+        return res.json({
+            error: 'Missing access_token',
+            data: []
+        });
+    }
+
+    users.findByAccessToken(req.query.access_token, (err, user) => {
+        if (err) {
+            res.status(500);
+            return res.json({
+                error: err.message || err,
+                data: []
+            });
+        }
+        if (!user) {
+            res.status(403);
+            return res.json({
+                error: 'Invalid or expired access_token',
+                data: []
+            });
+        }
+        next();
+    });
+
+});
+
+router.post('/subscribe/:listId', (req, res) => {
+    let input = {};
+    Object.keys(req.body).forEach(key => {
+        input[(key || '').toString().trim().toUpperCase()] = (req.body[key] || '').toString().trim();
+    });
+    lists.getByCid(req.params.listId, (err, list) => {
+        if (err) {
+            res.status(500);
+            return res.json({
+                error: err.message || err,
+                data: []
+            });
+        }
+        if (!list) {
+            res.status(404);
+            return res.json({
+                error: 'Selected listId not found',
+                data: []
+            });
+        }
+        if (!input.EMAIL) {
+            res.status(400);
+            return res.json({
+                error: 'Missing EMAIL',
+                data: []
+            });
+        }
+        tools.validateEmail(input.EMAIL, false, err => {
+            if (err) {
+                res.status(400);
+                return res.json({
+                    error: err.message || err,
+                    data: []
+                });
+            }
+
+            let subscription = {
+                email: input.EMAIL
+            };
+
+            if (input.FIRST_NAME) {
+                subscription.first_name = (input.FIRST_NAME || '').toString().trim();
+            }
+
+            if (input.LAST_NAME) {
+                subscription.last_name = (input.LAST_NAME || '').toString().trim();
+            }
+
+            if (input.TIMEZONE) {
+                subscription.tz = (input.TIMEZONE || '').toString().trim();
+            }
+
+            fields.list(list.id, (err, fieldList) => {
+                if (err && !fieldList) {
+                    fieldList = [];
+                }
+
+                fieldList.forEach(field => {
+                    if (input.hasOwnProperty(field.key) && field.column) {
+                        subscription[field.column] = input[field.key];
+                    } else if (field.options) {
+                        for (let i = 0, len = field.options.length; i < len; i++) {
+                            if (input.hasOwnProperty(field.options[i].key) && field.options[i].column) {
+                                let value = input[field.options[i].key];
+                                if (field.options[i].type === 'option') {
+                                    value = ['false', 'no', '0', ''].indexOf((value || '').toString().trim().toLowerCase()) >= 0 ? '' : '1';
+                                }
+                                subscription[field.options[i].column] = value;
+                            }
+                        }
+                    }
+                });
+
+                let meta = {
+                    partial: true
+                };
+
+                if (input.FORCE_SUBSCRIBE === 'yes') {
+                    meta.status = 1;
+                }
+
+                subscriptions.insert(list.id, meta, subscription, (err, response) => {
+                    if (err) {
+                        res.status(500);
+                        return res.json({
+                            error: err.message || err,
+                            data: []
+                        });
+                    }
+                    res.status(200);
+                    res.json({
+                        data: {
+                            id: response.entryId,
+                            subscribed: true
+                        }
+                    });
+                });
+            });
+        });
+    });
+});
+
+router.post('/unsubscribe/:listId', (req, res) => {
+    let input = {};
+    Object.keys(req.body).forEach(key => {
+        input[(key || '').toString().trim().toUpperCase()] = (req.body[key] || '').toString().trim();
+    });
+    lists.getByCid(req.params.listId, (err, list) => {
+        if (err) {
+            res.status(500);
+            return res.json({
+                error: err.message || err,
+                data: []
+            });
+        }
+        if (!list) {
+            res.status(404);
+            return res.json({
+                error: 'Selected listId not found',
+                data: []
+            });
+        }
+        if (!input.EMAIL) {
+            res.status(400);
+            return res.json({
+                error: 'Missing EMAIL',
+                data: []
+            });
+        }
+        subscriptions.unsubscribe(list.id, input.EMAIL, false, (err, subscription) => {
+            if (err) {
+                res.status(500);
+                return res.json({
+                    error: err.message || err,
+                    data: []
+                });
+            }
+            res.status(200);
+            res.json({
+                data: {
+                    id: subscription.id,
+                    unsubscribed: true
+                }
+            });
+        });
+    });
+});
+
+module.exports = router;
diff --git a/routes/settings.js b/routes/settings.js
index 49e295e4..4785f6d0 100644
--- a/routes/settings.js
+++ b/routes/settings.js
@@ -69,6 +69,10 @@ router.post('/update', passport.parseForm, passport.csrfProtection, (req, res) =
         Object.keys(data).forEach(key => {
             let value = data[key].trim();
             key = tools.toDbKey(key);
+            // ensure trailing slash for service home page
+            if (key === 'service_url' && value && !/\/$/.test(value)) {
+                value = value + '/';
+            }
             if (allowedKeys.indexOf(key) >= 0) {
                 keys.push(key);
                 values.push(value);
diff --git a/routes/users.js b/routes/users.js
index 8f9f3678..bffc073b 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -4,6 +4,7 @@ let passport = require('../lib/passport');
 let express = require('express');
 let router = new express.Router();
 let users = require('../lib/models/users');
+let settings = require('../lib/models/settings');
 
 router.get('/logout', (req, res) => passport.logout(req, res));
 
@@ -67,6 +68,47 @@ router.post('/reset', passport.parseForm, passport.csrfProtection, (req, res) =>
     });
 });
 
+router.all('/api', (req, res, next) => {
+    if (!req.user) {
+        req.flash('danger', 'Need to be logged in to access restricted content');
+        return res.redirect('/users/login?next=' + encodeURIComponent(req.originalUrl));
+    }
+    next();
+});
+
+router.get('/api', passport.csrfProtection, (req, res, next) => {
+    users.get(req.user.id, (err, user) => {
+        if (err) {
+            return next(err);
+        }
+        if (!user) {
+            return next(new Error('User data not found'));
+        }
+        settings.list(['serviceUrl'], (err, configItems) => {
+            if (err) {
+                return next(err);
+            }
+            user.serviceUrl = configItems.serviceUrl;
+            user.csrfToken = req.csrfToken();
+            res.render('users/api', user);
+        });
+    });
+
+});
+
+router.post('/api/reset-token', passport.parseForm, passport.csrfProtection, (req, res) => {
+    users.resetToken(Number(req.user.id), (err, success) => {
+        if (err) {
+            req.flash('danger', err.message || err);
+        } else if (success) {
+            req.flash('success', 'Access token updated');
+        } else {
+            req.flash('info', 'Access token not updated');
+        }
+        return res.redirect('/users/api');
+    });
+});
+
 router.all('/account', (req, res, next) => {
     if (!req.user) {
         req.flash('danger', 'Need to be logged in to access restricted content');
diff --git a/services/importer.js b/services/importer.js
index 2095b5cf..47d23dc8 100644
--- a/services/importer.js
+++ b/services/importer.js
@@ -165,7 +165,8 @@ function processImport(data, callback) {
 
                 subscriptions.insert(listId, {
                     imported: data.id,
-                    status: data.type
+                    status: data.type,
+                    partial: true
                 }, entry, (err, response) => {
                     if (err) {
                         // ignore
diff --git a/setup/sql/upgrade-00009.sql b/setup/sql/upgrade-00009.sql
new file mode 100644
index 00000000..cc8808bb
--- /dev/null
+++ b/setup/sql/upgrade-00009.sql
@@ -0,0 +1,12 @@
+# Header section
+# Define incrementing schema version number
+SET @schema_version = '9';
+
+# Adds a column for static access tokens to be used in API authentication
+ALTER TABLE `users` ADD COLUMN `access_token` varchar(40) NULL DEFAULT NULL AFTER `email`;
+CREATE INDEX token_index ON `users` (`access_token`);
+
+# Footer section
+LOCK TABLES `settings` WRITE;
+INSERT INTO `settings` (`key`, `value`) VALUES('db_schema_version', @schema_version) ON DUPLICATE KEY UPDATE `value`=@schema_version;
+UNLOCK TABLES;
diff --git a/views/campaigns/view.hbs b/views/campaigns/view.hbs
index fbe3ffd1..d02c92b5 100644
--- a/views/campaigns/view.hbs
+++ b/views/campaigns/view.hbs
@@ -167,7 +167,7 @@
                                     <input type="hidden" name="_csrf" value="{{csrfToken}}">
                                     <input type="hidden" name="id" value="{{id}}" />
 
-                                    <button type="submit" class="btn btn-danger"><span class="glyphicon glyphicon-remove" aria-hidden="true"></span> Cancel</a>
+                                    <button type="submit" class="btn btn-danger"><span class="glyphicon glyphicon-remove" aria-hidden="true"></span> Cancel
                                     </button>
                                 </form>
                             </div>
@@ -178,7 +178,7 @@
                                     <input type="hidden" name="_csrf" value="{{csrfToken}}">
                                     <input type="hidden" name="id" value="{{id}}" />
 
-                                    <button type="submit" class="btn btn-info"><span class="glyphicon glyphicon-pause" aria-hidden="true"></span> Pause</a>
+                                    <button type="submit" class="btn btn-info"><span class="glyphicon glyphicon-pause" aria-hidden="true"></span> Pause
                                     </button>
                                 </form>
                             </div>
@@ -192,7 +192,7 @@
                                 <input type="hidden" name="_csrf" value="{{csrfToken}}">
                                 <input type="hidden" name="id" value="{{id}}" />
 
-                                <button type="submit" class="btn btn-info"><span class="glyphicon glyphicon-play" aria-hidden="true"></span> Resume</a>
+                                <button type="submit" class="btn btn-info"><span class="glyphicon glyphicon-play" aria-hidden="true"></span> Resume
                                 </button>
                             </form>
                         </div>
@@ -211,10 +211,10 @@
                                 <input type="hidden" name="id" value="{{id}}" />
                             </form>
 
-                            <button type="submit" form="continue-sending" class="btn btn-info"><span class="glyphicon glyphicon-play" aria-hidden="true"></span> Continue</a>
+                            <button type="submit" form="continue-sending" class="btn btn-info"><span class="glyphicon glyphicon-play" aria-hidden="true"></span> Continue
                             </button>
 
-                            <button type="submit" form="reset-sending" class="btn btn-danger"><span class="glyphicon glyphicon-refresh" aria-hidden="true"></span> Reset</a>
+                            <button type="submit" form="reset-sending" class="btn btn-danger"><span class="glyphicon glyphicon-refresh" aria-hidden="true"></span> Reset
                             </button>
 
                         </div>
@@ -236,7 +236,7 @@
                                 <input type="hidden" name="id" value="{{id}}" />
                             </form>
 
-                            <button type="submit" form="inactivate-sending" class="btn btn-warning"><span class="glyphicon glyphicon-pause" aria-hidden="true"></span> Pause</a>
+                            <button type="submit" form="inactivate-sending" class="btn btn-warning"><span class="glyphicon glyphicon-pause" aria-hidden="true"></span> Pause
                             </button>
                         </div>
 
@@ -248,7 +248,7 @@
                                 <input type="hidden" name="id" value="{{id}}" />
                             </form>
 
-                            <button type="submit" form="activate-sending" class="btn btn-info"><span class="glyphicon glyphicon-play" aria-hidden="true"></span> Activate</a>
+                            <button type="submit" form="activate-sending" class="btn btn-info"><span class="glyphicon glyphicon-play" aria-hidden="true"></span> Activate
                             </button>
                         </div>
 
diff --git a/views/layout.hbs b/views/layout.hbs
index ca0f8a4e..efa08841 100644
--- a/views/layout.hbs
+++ b/views/layout.hbs
@@ -72,6 +72,11 @@
                                         <span class="glyphicon glyphicon-cog" aria-hidden="true"></span> Settings
                                     </a>
                                 </li>
+                                <li>
+                                    <a href="/users/api">
+                                        <span class="glyphicon glyphicon-retweet" aria-hidden="true"></span> API
+                                    </a>
+                                </li>
                                 <li>
                                     <a href="/users/logout">
                                         <span class="glyphicon glyphicon-log-out" aria-hidden="true"></span> Log out
diff --git a/views/lists/lists.hbs b/views/lists/lists.hbs
index aec09f67..127e2f80 100644
--- a/views/lists/lists.hbs
+++ b/views/lists/lists.hbs
@@ -12,7 +12,7 @@
 <hr>
 
 <div class="table-responsive">
-    <table class="table table-bordered table-hover data-table display nowrap" width="100%" data-row-sort="0,1,1,0,0">
+    <table class="table table-bordered table-hover data-table display nowrap" width="100%" data-row-sort="0,1,1,1,0,0">
         <thead>
             <th class="col-md-1">
                 #
@@ -20,6 +20,9 @@
             <th>
                 Name
             </th>
+            <th class="col-md-2">
+                ID
+            </th>
             <th class="col-md-1">
                 Subscribers
             </th>
@@ -44,6 +47,9 @@
                             {{name}}
                         </a>
                         </td>
+                        <td>
+                            <input class="click-select gpg-text" type="text" readonly value="{{cid}}">
+                        </td>
                         <td>
                             <p class="text-center">{{subscribers}}</p>
                         </td>
diff --git a/views/users/api.hbs b/views/users/api.hbs
new file mode 100644
index 00000000..c452b739
--- /dev/null
+++ b/views/users/api.hbs
@@ -0,0 +1,91 @@
+<ol class="breadcrumb">
+    <li><a href="/">Home</a></li>
+    <li class="active">API</li>
+</ol>
+
+<h2>API</h2>
+
+<hr>
+
+<div class="panel panel-default">
+    <div class="panel-body">
+        <div class="pull-right">
+            <form class="form-horizontal confirm-submit" {{#if accessToken}} data-confirm-message="Are you sure? Resetting would invalidate the currently existing token." {{else}} data-confirm-message="Are you sure?" {{/if}} method="post" action="/users/api/reset-token">
+                <input type="hidden" name="_csrf" value="{{csrfToken}}">
+                <button type="submit" class="btn btn-info"><span class="glyphicon glyphicon-retweet" aria-hidden="true"></span>
+                    {{#if accessToken}}
+                        Reset Access Token
+                    {{else}}
+                        Generate Access Token
+                    {{/if}}
+                </button>
+            </form>
+        </div>
+        {{#if accessToken}}
+            Personal access token: <code>{{accessToken}}</code>
+        {{else}}
+            Access token not yet generated
+        {{/if}}
+    </div>
+</div>
+
+<h3>POST /api/subscribe/:listId – Add subscription</h3>
+
+<p>
+    This API call either inserts a new subscription or updates existing. Fields not included are left as is, so if you update only LAST_NAME value, then FIRST_NAME is kept untouched for an existing subscription.
+</p>
+
+<p>
+    <strong>GET</strong> arguments
+</p>
+<ul>
+    <li><strong>access_token</strong> – your personal access token
+</ul>
+
+<p>
+    <strong>POST</strong> arguments
+</p>
+<ul>
+    <li><strong>EMAIL</strong> – subscriber's email address (<em>required</em>)
+    <li><strong>FIRST_NAME</strong> – subscriber's first name
+    <li><strong>LAST_NAME</strong> – subscriber's last name
+    <li><strong>TIMEZONE</strong> – subscriber's timezone (eg. "Europe/Tallinn", "PST" or "UTC"). If not set defaults to "UTC"
+    <li><strong>MERGE_TAG_VALUE</strong> – custom field value. Use yes/no for option group values (checkboxes, radios, drop downs)
+    <li>
+    <strong>FORCE_SUBSCRIBE</strong> – set to "yes" if you want to make sure the email is marked as subscribed even if it was previously marked as unsubscribed. By default if the email was already unsubscribed then subscription status is not changed.
+    </li>
+</ul>
+
+<p>
+    <strong>Example</strong>
+</p>
+
+<pre>curl -XPOST {{serviceUrl}}api/subscribe/B16uVTdW?access_token={{accessToken}}\
+--data 'EMAIL=test@example.com&MERGE_CHECKBOX=yes'</pre>
+
+<h3>POST /api/unsubscribe/:listId – Remove subscription</h3>
+
+<p>
+    This API call marks a subscription as unsubscribed
+</p>
+
+<p>
+    <strong>GET</strong> arguments
+</p>
+<ul>
+    <li><strong>access_token</strong> – your personal access token
+</ul>
+
+<p>
+    <strong>POST</strong> arguments
+</p>
+<ul>
+    <li><strong>EMAIL</strong> – subscriber's email address (<em>required</em>)
+</ul>
+
+<p>
+    <strong>Example</strong>
+</p>
+
+<pre>curl -XPOST {{serviceUrl}}api/unsubscribe/B16uVTdW?access_token={{accessToken}}\
+--data 'EMAIL=test@example.com'</pre>