diff --git a/public/fn.js b/public/fn.js
index 07447c2..1781b72 100644
--- a/public/fn.js
+++ b/public/fn.js
@@ -1,5 +1,54 @@
 //console.log(document.cookie.toString());
 
+const tokenAPI = {
+    fetch_api: function(apicall) {
+        return new Promise((resolve, reject) => {
+            console.log(floGlobals.tokenURL + apicall);
+            fetch(floGlobals.tokenURL + apicall).then(response => {
+                if (response.ok)
+                    response.json().then(data => resolve(data));
+                else
+                    reject(response)
+            }).catch(error => reject(error))
+        })
+    },
+    getBalance: function(floID, token = 'rupee') {
+        return new Promise((resolve, reject) => {
+            this.fetch_api(`api/v1.0/getFloAddressBalance?token=${token}&floAddress=${floID}`)
+                .then(result => resolve(result.balance || 0))
+                .catch(error => reject(error))
+        })
+    },
+    getTx: function(txID) {
+        return new Promise((resolve, reject) => {
+            this.fetch_api(`api/v1.0/getTransactionDetails/${txID}`).then(res => {
+                if (res.result === "error")
+                    reject(res.description);
+                else if (!res.parsedFloData)
+                    reject("Data piece (parsedFloData) missing");
+                else if (!res.transactionDetails)
+                    reject("Data piece (transactionDetails) missing");
+                else
+                    resolve(res);
+            }).catch(error => reject(error))
+        })
+    },
+    sendToken: function(privKey, amount, message = "", receiverID = floGlobals.adminID, token = 'rupee') {
+        return new Promise((resolve, reject) => {
+            let senderID = floCrypto.getFloID(privKey);
+            if (typeof amount !== "number" || amount <= 0)
+                return reject("Invalid amount");
+            this.getBalance(senderID, token).then(bal => {
+                if (amount > bal)
+                    return reject("Insufficiant token balance");
+                floBlockchainAPI.writeData(senderID, `send ${amount} ${token}# ${message}`, privKey, receiverID)
+                    .then(txid => resolve(txid))
+                    .catch(error => reject(error))
+            }).catch(error => reject(error))
+        });
+    }
+}
+
 function ResponseError(status, data) {
     if (this instanceof ResponseError) {
         this.data = data;
@@ -65,47 +114,64 @@ function getTransactionList() {
     });
 }
 
+function signRequest(request, privKey) {
+    if (typeof request !== "object")
+        throw Error("Request is not an object");
+    let req_str = Object.keys(request).sort().map(r => r + ":" + request[r]).join("|");
+    return floCrypto.signData(req_str, privKey);
+}
+
 function signUp(privKey, sid) {
     return new Promise((resolve, reject) => {
-        let pubKey = floCrypto.getPubKeyHex(privKey);
-        let floID = floCrypto.getFloID(pubKey);
-        let sign = floCrypto.signData(sid, privKey);
-        console.log(privKey, pubKey, floID, sid)
+        let request = {
+            pubKey: floCrypto.getPubKeyHex(privKey),
+            floID: floCrypto.getFloID(privKey),
+            timestamp: Date.now()
+        };
+        request.sign = signRequest({
+            type: "create_account",
+            random: sid,
+            timestamp: request.timestamp
+        }, privKey);
+        console.debug(request);
+
         fetch("/signup", {
                 method: "POST",
                 headers: {
                     'Content-Type': 'application/json'
                 },
-                body: JSON.stringify({
-                    floID,
-                    pubKey,
-                    sign
-                })
+                body: JSON.stringify(request)
             }).then(result => responseParse(result, false)
                 .then(result => resolve(result))
                 .catch(error => reject(error)))
             .catch(error => reject(error));
-    })
-
+    });
 }
 
-function login(privKey, sid, rememberMe = false) {
+function login(privKey, proxyKey, sid, rememberMe = false) {
     return new Promise((resolve, reject) => {
-        let pubKey = floCrypto.getPubKeyHex(privKey);
-        let floID = floCrypto.getFloID(pubKey);
-        if (!floID || !floCrypto.verifyPrivKey(privKey, floID))
+        let request = {
+            proxyKey: proxyKey,
+            floID: floCrypto.getFloID(privKey),
+            timestamp: Date.now(),
+            saveSession: rememberMe
+        };
+        if (!privKey || !request.floID)
             return reject("Invalid Private key");
-        let sign = floCrypto.signData(sid, privKey);
+        request.sign = signRequest({
+            type: "login",
+            random: sid,
+            proxyKey: request.proxyKey,
+            timestamp: request.timestamp
+        }, privKey);
+        console.debug(request);
+
         fetch("/login", {
                 method: "POST",
                 headers: {
                     'Content-Type': 'application/json'
                 },
-                body: JSON.stringify({
-                    floID,
-                    sign,
-                    saveSession: rememberMe
-                })
+                body: JSON.stringify(request)
             }).then(result => responseParse(result, false)
                 .then(result => resolve(result))
                 .catch(error => reject(error)))
@@ -123,21 +189,31 @@ function logout() {
     })
 }
 
-function buy(quantity, max_price) {
+function buy(quantity, max_price, proxySecret) {
     return new Promise((resolve, reject) => {
         if (typeof quantity !== "number" || quantity <= 0)
             return reject(`Invalid quantity (${quantity})`);
         else if (typeof max_price !== "number" || max_price <= 0)
             return reject(`Invalid max_price (${max_price})`);
+        let request = {
+            quantity: quantity,
+            max_price: max_price,
+            timestamp: Date.now()
+        };
+        request.sign = signRequest({
+            type: "buy_order",
+            quantity: quantity,
+            max_price: max_price,
+            timestamp: request.timestamp
+        }, proxySecret);
+        console.debug(request);
+
         fetch('/buy', {
                 method: "POST",
                 headers: {
                     'Content-Type': 'application/json'
                 },
-                body: JSON.stringify({
-                    quantity,
-                    max_price
-                })
+                body: JSON.stringify(request)
             }).then(result => responseParse(result, false)
                 .then(result => resolve(result))
                 .catch(error => reject(error)))
@@ -146,21 +222,31 @@ function buy(quantity, max_price) {
 
 }
 
-function sell(quantity, min_price) {
+function sell(quantity, min_price, proxySecret) {
     return new Promise((resolve, reject) => {
         if (typeof quantity !== "number" || quantity <= 0)
             return reject(`Invalid quantity (${quantity})`);
         else if (typeof min_price !== "number" || min_price <= 0)
             return reject(`Invalid min_price (${min_price})`);
+        let request = {
+            quantity: quantity,
+            min_price: min_price,
+            timestamp: Date.now()
+        };
+        request.sign = signRequest({
+            type: "sell_order",
+            quantity: quantity,
+            min_price: min_price,
+            timestamp: request.timestamp
+        }, proxySecret);
+        console.debug(request);
+
         fetch('/sell', {
                 method: "POST",
                 headers: {
                     'Content-Type': 'application/json'
                 },
-                body: JSON.stringify({
-                    quantity,
-                    min_price
-                })
+                body: JSON.stringify(request)
             }).then(result => responseParse(result, false)
                 .then(result => resolve(result))
                 .catch(error => reject(error)))
@@ -169,19 +255,145 @@ function sell(quantity, min_price) {
 
 }
 
-function cancelOrder(type, id) {
+function cancelOrder(type, id, proxySecret) {
     return new Promise((resolve, reject) => {
         if (type !== "buy" && type !== "sell")
             return reject(`Invalid type (${type}): type should be sell (or) buy`);
+        let request = {
+            orderType: type,
+            orderID: id,
+            timestamp: Date.now()
+        };
+        request.sign = signRequest({
+            type: "cancel_order",
+            order: type,
+            id: id,
+            timestamp: data.timestamp
+        }, proxySecret);
+        console.debug(request);
+
         fetch('/cancel', {
                 method: "POST",
                 headers: {
                     'Content-Type': 'application/json'
                 },
-                body: JSON.stringify({
-                    orderType: type,
-                    orderID: id
-                })
+                body: JSON.stringify(request)
+            }).then(result => responseParse(result, false)
+                .then(result => resolve(result))
+                .catch(error => reject(error)))
+            .catch(error => reject(error))
+    })
+}
+
+function depositFLO(quantity, userID, privKey, proxySecret) {
+    return new Promise((resolve, reject) => {
+        if (typeof quantity !== "number" || quantity <= floGlobals.fee)
+            return reject(`Invalid quantity (${quantity})`);
+        floBlockchainAPI.sendTx(userID, floGlobals.adminID, quantity, privKey, 'Deposit FLO in market').then(result => {
+            if (!result.txid || !result.txid.result || result.txid.error)
+                return reject(result);
+            let request = {
+                txid: result.txid.result,
+                timestamp: Date.now()
+            };
+            request.sign = signRequest({
+                type: "deposit_FLO",
+                txid: request.txid,
+                timestamp: request.timestamp
+            }, proxySecret);
+            console.debug(request);
+
+            fetch('/deposit-flo', {
+                    method: "POST",
+                    headers: {
+                        'Content-Type': 'application/json'
+                    },
+                    body: JSON.stringify(request)
+                }).then(result => responseParse(result, false)
+                    .then(result => resolve(result))
+                    .catch(error => reject(error)))
+                .catch(error => reject(error))
+        }).catch(error => reject(error))
+    })
+}
+
+function withdrawFLO(quantity, proxySecret) {
+    return new Promise((resolve, reject) => {
+        let request = {
+            amount: quantity,
+            timestamp: Date.now()
+        };
+        request.sign = signRequest({
+            type: "withdraw_FLO",
+            amount: request.amount,
+            timestamp: request.timestamp
+        }, proxySecret);
+        console.debug(request);
+
+        fetch('/withdraw-flo', {
+                method: "POST",
+                headers: {
+                    'Content-Type': 'application/json'
+                },
+                body: JSON.stringify(request)
+            }).then(result => responseParse(result, false)
+                .then(result => resolve(result))
+                .catch(error => reject(error)))
+            .catch(error => reject(error))
+    })
+}
+
+function depositRupee(quantity, userID, privKey, proxySecret) {
+    return new Promise((resolve, reject) => {
+        if (!floGlobals.verifyPrivKey(privKey, userID))
+            return reject("Invalid Private Key");
+        tokenAPI.sendToken(privKey, quantity, 'Deposit Rupee in market').then(result => {
+            if (!result.txid || !result.txid.result || result.txid.error)
+                return reject(result);
+            let request = {
+                txid: result.txid.result,
+                timestamp: Date.now()
+            };
+            request.sign = signRequest({
+                type: "deposit_Rupee",
+                txid: request.txid,
+                timestamp: request.timestamp
+            }, proxySecret);
+            console.debug(request);
+
+            fetch('/deposit-rupee', {
+                    method: "POST",
+                    headers: {
+                        'Content-Type': 'application/json'
+                    },
+                    body: JSON.stringify(request)
+                }).then(result => responseParse(result, false)
+                    .then(result => resolve(result))
+                    .catch(error => reject(error)))
+                .catch(error => reject(error))
+        }).catch(error => reject(error))
+    })
+}
+
+function withdrawRupee(quantity, proxySecret) {
+    return new Promise((resolve, reject) => {
+        let request = {
+            amount: quantity,
+            timestamp: Date.now()
+        };
+        request.sign = signRequest({
+            type: "withdraw_Rupee",
+            amount: request.amount,
+            timestamp: request.timestamp
+        }, proxySecret);
+        console.debug(request);
+
+        fetch('/withdraw-rupee', {
+                method: "POST",
+                headers: {
+                    'Content-Type': 'application/json'
+                },
+                body: JSON.stringify(request)
             }).then(result => responseParse(result, false)
                 .then(result => resolve(result))
                 .catch(error => reject(error)))
diff --git a/public/home.html b/public/home.html
index 77d1405..3eb7255 100644
--- a/public/home.html
+++ b/public/home.html
@@ -44,6 +44,16 @@
                     <input type="button" name="sell" value="sell" onclick="UI_evt.sell();" />
                 </fieldset>
             </form>
+            <form id="deposit-withdraw-form">
+                <fieldset>
+                    <legend>Deposit/Withdraw</legend><br />
+                    <input type="number" name="quantity" placeholder="Enter Quantity" />
+                    <input type="button" name="deposit-flo" value="Deposit FLO" onclick="UI_evt.depositFLO();" />
+                    <input type="button" name="withdraw-flo" value="Withdraw FLO" onclick="UI_evt.withdrawFLO();" />
+                    <input type="button" name="deposit-rupee" value="Deposit Rupee" onclick="UI_evt.depositRupee();" />
+                    <input type="button" name="withdraw-rupee" value="Withdraw Rupee" onclick="UI_evt.withdrawRupee();" />
+                </fieldset>
+            </form>
             <button onclick="toggle_view('my-profile');">Toggle</button>
             <div id="my-profile">
                 <div id="my-orders">
@@ -156,8 +166,10 @@
     </div>
 
     <script>
+        var user_id, proxy_secret; //container for user ID and proxy private-key
+
         function toggle_view(id) {
-            let element = document.getElementById(id)
+            let element = document.getElementById(id);
             if (element.style.display === "none")
                 element.style.display = "block";
             else
@@ -210,7 +222,11 @@
         }
 
         function refresh(init = false) {
-            console.info("refresh");
+            if (init) {
+                console.info("init");
+                proxy_secret = localStorage.getItem("proxy_secret");
+            } else
+                console.info("refresh");
             list_buy();
             list_sell();
             list_txns();
@@ -225,6 +241,7 @@
                 document.getElementById("login-form").style.display = "none";
                 document.getElementById('user-container').style.display = "block";
                 document.getElementById("user_id").textContent = acc.floID;
+                user_id = acc.floID;
                 //FLO Balance
                 let flo_total = acc.coins.reduce((a, x) => a + x.quantity, 0);
                 let flo_locked = acc.sellOrders.reduce((a, x) => a + x.quantity, 0);
@@ -307,24 +324,29 @@
             let privKey = formInputs['priv-key'].value;
             let sid = formInputs['sid'].value;
             let rememberMe = formInputs['remember-me'].checked;
-            login(privKey, sid, rememberMe).then(result => {
+            let proxy = floCrypto.generateNewID();
+            login(privKey, proxy.pubKey, sid, rememberMe).then(result => {
                 console.log(result);
+                proxy_secret = proxy.privKey;
+                localStorage.setItem("proxy_secret", proxy_secret);
                 account();
             }).catch(error => console.error(error));
         };
 
         UI_evt.sell = function() {
             let formInputs = document.forms['sell-form'];
-            sell(parseFloat(formInputs["quantity"].value), parseFloat(formInputs["min-price"].value))
+            sell(parseFloat(formInputs["quantity"].value), parseFloat(formInputs["min-price"].value, proxy_secret))
                 .then(result => console.log(result))
-                .catch(error => console.error(error));
+                .catch(error => console.error(error))
+                .finally(_ => formInputs.reset());
         };
 
         UI_evt.buy = function() {
             let formInputs = document.forms['buy-form'];
-            buy(parseFloat(formInputs["quantity"].value), parseFloat(formInputs["max-price"].value))
+            buy(parseFloat(formInputs["quantity"].value), parseFloat(formInputs["max-price"].value, proxy_secret))
                 .then(result => console.log(result))
-                .catch(error => console.error(error));
+                .catch(error => console.error(error))
+                .finally(_ => formInputs.reset());
         };
 
         UI_evt.cancelOrders = function() {
@@ -339,11 +361,45 @@
                     cancel.push([type, id]);
                 }
             }
-            cancel.forEach(o => cancelOrder(o[0], o[1])
+            cancel.forEach(o => cancelOrder(o[0], o[1], proxy_secret)
                 .then(result => console.log(result))
                 .catch(error => console.error(o, error)))
         };
 
+        UI_evt.depositFLO = function() {
+            let formInputs = document.forms['deposit-withdraw-form'];
+            let privKey = prompt("Enter private key");
+            depositFLO(formInputs["quantity"].value, user_id, privKey, proxy_secret)
+                .then(result => console.log(result))
+                .catch(error => console.error(error))
+                .finally(_ => formInputs.reset());
+        }
+
+        UI_evt.depositRupee = function() {
+            let formInputs = document.forms['deposit-withdraw-form'];
+            let privKey = prompt("Enter private key");
+            depositRupee(formInputs["quantity"].value, user_id, privKey, proxy_secret)
+                .then(result => console.log(result))
+                .catch(error => console.error(error))
+                .finally(_ => formInputs.reset());
+        }
+
+        UI_evt.withdrawFLO = function() {
+            let formInputs = document.forms['deposit-withdraw-form'];
+            withdrawFLO(formInputs["quantity"].value, proxy_secret)
+                .then(result => console.log(result))
+                .catch(error => console.error(error))
+                .finally(_ => formInputs.reset());
+        }
+
+        UI_evt.withdrawRupee = function() {
+            let formInputs = document.forms['deposit-withdraw-form'];
+            withdrawRupee(formInputs["quantity"].value, proxy_secret)
+                .then(result => console.log(result))
+                .catch(error => console.error(error))
+                .finally(_ => formInputs.reset());
+        }
+
         refresh(true);
     </script>