diff --git a/gateway/gateway.go b/gateway/gateway.go
index e9588c8..73d558c 100644
--- a/gateway/gateway.go
+++ b/gateway/gateway.go
@@ -2,6 +2,7 @@ package gateway
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"net/http"
 
@@ -10,20 +11,17 @@ import (
 
 func Register(client proto.UsersClient) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		password, passwordAgain :=
-			r.URL.Query().Get("password"),
-			r.URL.Query().Get("password_again")
-		_, err := client.Register(r.Context(), &proto.RegisterRequest{
-			Form: &proto.UserForm{
-				Email:         r.URL.Query().Get("email"),
-				Password:      &password,
-				PasswordAgain: &passwordAgain,
-			},
-		})
+		var req proto.RegisterRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			w.WriteHeader(http.StatusBadRequest)
+			w.Write([]byte(err.Error()))
+			return
+		}
 
-		if err != nil {
+		if _, err := client.Register(r.Context(), &req); err != nil {
 			w.WriteHeader(http.StatusBadRequest)
 			w.Write([]byte(err.Error()))
+			return
 		}
 
 		w.WriteHeader(http.StatusOK)
@@ -32,36 +30,33 @@ func Register(client proto.UsersClient) http.HandlerFunc {
 
 func Login(client proto.UsersClient) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		password, passwordAgain :=
-			r.URL.Query().Get("password"),
-			r.URL.Query().Get("password_again")
-		res, err := client.Login(r.Context(), &proto.LoginRequest{
-			Form: &proto.UserForm{
-				Email:         r.URL.Query().Get("email"),
-				Password:      &password,
-				PasswordAgain: &passwordAgain,
-			},
-		})
+		var req proto.LoginRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			w.Write([]byte(err.Error()))
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
 
+		res, err := client.Login(r.Context(), &req)
 		if err != nil {
-			w.WriteHeader(http.StatusBadRequest)
 			w.Write([]byte(err.Error()))
+			w.WriteHeader(http.StatusBadRequest)
+			return
 		}
 
-		w.WriteHeader(http.StatusOK)
 		w.Write([]byte(res.Token.Token))
+		w.WriteHeader(http.StatusOK)
 	})
 }
 
 func Logout(client proto.UsersClient) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		_, err := client.Logout(r.Context(), &proto.LogoutRequest{
+		if _, err := client.Logout(r.Context(), &proto.LogoutRequest{
 			Token: r.Context().Value("token").(*proto.UserToken),
-		})
-
-		if err != nil {
-			w.WriteHeader(http.StatusBadRequest)
+		}); err != nil {
 			w.Write([]byte(err.Error()))
+			w.WriteHeader(http.StatusBadRequest)
+			return
 		}
 
 		w.WriteHeader(http.StatusOK)
@@ -70,22 +65,28 @@ func Logout(client proto.UsersClient) http.HandlerFunc {
 
 func Authorize(client proto.UsersClient, serverSecret *string, next http.HandlerFunc) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var req proto.AuthorizeRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			w.Write([]byte(err.Error()))
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+
 		res, err := client.Authorize(r.Context(), &proto.AuthorizeRequest{
 			Secret: *serverSecret,
-			Token: &proto.UserToken{
-				Token: r.URL.Query().Get("token"),
-			},
+			Token:  req.Token,
 		})
 
 		if err != nil {
-			w.WriteHeader(http.StatusBadRequest)
 			w.Write([]byte(err.Error()))
+			w.WriteHeader(http.StatusBadRequest)
+			return
 		}
 
 		ctx := context.WithValue(r.Context(), "user", res.User)
 		ctx = context.WithValue(ctx, "roles", res.Roles)
 		ctx = context.WithValue(ctx, "token", &proto.UserToken{
-			Token: r.URL.Query().Get("token"),
+			Token: req.Token.Token,
 		})
 
 		next(w, r.WithContext(ctx))
@@ -94,40 +95,40 @@ func Authorize(client proto.UsersClient, serverSecret *string, next http.Handler
 
 func ResetPassword(client proto.UsersClient, endpoint string) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		res, err := client.ResetPassword(r.Context(), &proto.ResetPasswordRequest{
-			Form: &proto.UserForm{
-				Email: r.URL.Query().Get("email"),
-			},
-		})
+		var req proto.ResetPasswordRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			w.Write([]byte(err.Error()))
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
 
+		res, err := client.ResetPassword(r.Context(), &req)
 		if err != nil {
-			w.WriteHeader(http.StatusBadRequest)
 			w.Write([]byte(err.Error()))
+			w.WriteHeader(http.StatusBadRequest)
+			return
 		}
 
-		w.WriteHeader(http.StatusOK)
 		w.Write([]byte(fmt.Sprintf(
 			"Please follow this link to update your password: %s/change_password?token=%s\n",
 			endpoint, res.Token.Token)))
+		w.WriteHeader(http.StatusOK)
 	})
 }
 
 func ChangePassword(client proto.UsersClient) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		password, passwordAgain :=
-			r.URL.Query().Get("password"),
-			r.URL.Query().Get("password_again")
-		_, err := client.ChangePassword(r.Context(), &proto.ChangePasswordRequest{
-			Form: &proto.UserForm{
-				Email:         r.URL.Query().Get("email"),
-				Password:      &password,
-				PasswordAgain: &passwordAgain,
-			},
-		})
-
-		if err != nil {
+		var req proto.ChangePasswordRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			w.Write([]byte(err.Error()))
 			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+
+		if _, err := client.ChangePassword(r.Context(), &req); err != nil {
 			w.Write([]byte(err.Error()))
+			w.WriteHeader(http.StatusBadRequest)
+			return
 		}
 
 		w.WriteHeader(http.StatusOK)