diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb
new file mode 100644
index 0000000..7991a6a
--- /dev/null
+++ b/app/controllers/api/v1/users_controller.rb
@@ -0,0 +1,32 @@
+class Api::V1::UsersController < ApplicationController
+  before_action :set_user, only: %i[show update destroy]
+
+  def index
+    render json: User.all
+  end
+
+  def show
+    render json: User.find(params[:id])
+  end
+
+  def create
+    @user = User.new(user_params)
+
+    if @user.save
+      render json: @user, status: :created
+    else
+      render json: @user.errors, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  # Only allow a trusted parameter "white list" through.
+  def user_params
+    params.require(:user).permit(:email, :username, :password)
+  end
+
+  def set_user
+    @user = User.find(params[:id])
+  end
+end
diff --git a/test/controllers/api/v1/users_controller_test.rb b/test/controllers/api/v1/users_controller_test.rb
new file mode 100644
index 0000000..f278ab0
--- /dev/null
+++ b/test/controllers/api/v1/users_controller_test.rb
@@ -0,0 +1,38 @@
+require "test_helper"
+
+class Api::V1::UsersControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = users(:one)
+  end
+
+  #SHOW 
+  test "should show user" do
+    get api_v1_user_url(@user), as: :json
+    assert_response :success
+    # Test to ensure response contains the correct email
+    json_response = JSON.parse(self.response.body)
+    assert_equal @user.email, json_response['email']
+  end
+
+  #CREATE
+  test "should create user" do
+    assert_difference('User.count') do
+      post api_v1_users_url, params: { user: { email: 'test@test.org', username: 'new_user_name', password: '123456' } }, as: :json
+    end
+    assert_response :created
+  end
+
+  test "should not create user with taken email" do
+    assert_no_difference('User.count') do
+      post api_v1_users_url, params: { user: { email: @user.email, username: 'username_test', password: '123456' } }, as: :json
+    end
+    assert_response :unprocessable_entity
+  end
+
+  test "should not create user with taken username" do
+    assert_no_difference('User.count') do
+      post api_v1_users_url, params: { user: { email: "test@email.com", username: @user.username, password: '123456' } }, as: :json
+    end
+    assert_response :unprocessable_entity
+  end 
+end