diff --git a/odex25_mobile/odex_mobile/controllers/authentication.py b/odex25_mobile/odex_mobile/controllers/authentication.py
index b1964bcfc..a69d9d6fd 100644
--- a/odex25_mobile/odex_mobile/controllers/authentication.py
+++ b/odex25_mobile/odex_mobile/controllers/authentication.py
@@ -185,7 +185,6 @@ class AuthenticationController(http.Controller):
             return http_helper.response(code=400,message=_('User account with login {} not found').format(login),success=False)
             
         uid = http_helper.is_authentic(login,password)
-
         if not uid:
             return http_helper.errcode(code=400, message=_('Unable to Sign In. invalid user password'))
         token = validator.create_token(request.env.user)
diff --git a/odex25_mobile/odex_mobile/controllers/rest_api_v2/authentication.py b/odex25_mobile/odex_mobile/controllers/rest_api_v2/authentication.py
index 8aa5f6f30..d2e5f3c84 100644
--- a/odex25_mobile/odex_mobile/controllers/rest_api_v2/authentication.py
+++ b/odex25_mobile/odex_mobile/controllers/rest_api_v2/authentication.py
@@ -186,7 +186,6 @@ class AuthenticationController(http.Controller):
             return http_helper.response(code=400,message=_('User account with login {} not found').format(login),success=False)
             
         uid = http_helper.is_authentic(login,password)
-
         if not uid:
             return http_helper.errcode(code=400, message=_('Unable to Sign In. invalid user password'))
         token = validator.create_token(request.env.user)
diff --git a/odex25_mobile/odex_web_app/controllers/authentication.py b/odex25_mobile/odex_web_app/controllers/authentication.py
index a1b8f5942..eff185bc5 100644
--- a/odex25_mobile/odex_web_app/controllers/authentication.py
+++ b/odex25_mobile/odex_web_app/controllers/authentication.py
@@ -18,7 +18,7 @@ SENSITIVE_FIELDS = ['password', 'password_crypt', 'new_password', 'create_uid',
 
 class AuthenticationController(http.Controller):
 
-    @http.route('/rest_api/login', type='http', auth='none', csrf=False, cors='*', methods=['POST'])
+    @http.route('/rest_api/web/login', type='http', auth='none', csrf=False, cors='*', methods=['POST'])
     def login_phone(self, **kw):
         login = kw.get('login')
         password = kw.get('password')
@@ -31,7 +31,7 @@ class AuthenticationController(http.Controller):
             return http_helper.response(code=400, message=_('Device id is missing'), success=False)
 
         # check fcm_token
-        if not kw.get('fcm_token'):
+        if not kw.get('fcm_token') or not kw.get('fcm_token_web'):
             return http_helper.response(code=400, message=_('FCM Token is missing'), success=False)
 
         user = request.env['res.users'].sudo().search([('login', '=', login)], limit=1)
@@ -59,7 +59,7 @@ class AuthenticationController(http.Controller):
         return http_helper.response(data=dic, message=_("User log in successfully"))
     
 
-    @http.route('/rest_api/validate',type='http', auth='none', csrf=False, cors='*',methods=['POST'])
+    @http.route('/rest_api/web/validate',type='http', auth='none', csrf=False, cors='*',methods=['POST'])
     def validate_token(self, **kw):
         http_method, body, headers, token = http_helper.parse_request()
 
@@ -69,7 +69,7 @@ class AuthenticationController(http.Controller):
 
         return http_helper.response(message="uploaded success",data=result['data'])
 
-    @http.route('/rest_api/refresh',type='http', auth='none', csrf=False, cors='*',methods=['POST'])
+    @http.route('/rest_api/web/refresh',type='http', auth='none', csrf=False, cors='*',methods=['POST'])
     def refresh_token(self, **kw):
         http_method, body, headers, token = http_helper.parse_request()
 
@@ -80,7 +80,7 @@ class AuthenticationController(http.Controller):
         return http_helper.response(message="uploaded success",data=result['data'])
 
     # Reet password with email
-    @http.route(['/rest_api/reset'], type='http', auth='none', csrf=False, methods=['POST'])
+    @http.route(['/rest_api/web/reset'], type='http', auth='none', csrf=False, methods=['POST'])
     def reset_email(self, **kw):
         http_method, body, headers, token = http_helper.parse_request()
         if not body.get('email'):
@@ -92,7 +92,7 @@ class AuthenticationController(http.Controller):
         else:
             return http_helper.errcode(code=403, message="Password reset failed")
     
-    @http.route('/rest_api/users/password',type='http', auth='none', csrf=False, cors='*',methods=['PUT'])
+    @http.route('/rest_api/web/users/password',type='http', auth='none', csrf=False, cors='*',methods=['PUT'])
     def change_password(self, **kw):
         http_method, body, headers, token = http_helper.parse_request()
         if not body.get('old_password') or not  body.get('new_password'):
@@ -118,7 +118,7 @@ class AuthenticationController(http.Controller):
 
         return http_helper.response(message=_("password changed successfully"),data={'id':user.id})
     
-    @http.route('/rest_api/logout', type='http', auth='none', csrf=False, cors='*', methods=['POST'])
+    @http.route('/rest_api/web/logout', type='http', auth='none', csrf=False, cors='*', methods=['POST'])
     def logout(self, **kw):
         http_method, body, headers, token = http_helper.parse_request()
         result = validator.verify_token(token)
@@ -128,7 +128,7 @@ class AuthenticationController(http.Controller):
         http_helper.do_logout(token)
         return http_helper.response()
     
-    @http.route('/rest_api/users', type='http', auth='none', csrf=False, cors='*', methods=['GET'])
+    @http.route('/rest_api/web/users', type='http', auth='none', csrf=False, cors='*', methods=['GET'])
     def info(self, **kw):
         http_method, body, headers, token = http_helper.parse_request()
         result = validator.verify_token(token)