diff --git a/CoviDok/BLL/User/Handlers/ICaseHandler.cs b/CoviDok/BLL/User/Handlers/ICaseHandler.cs
index aa4e6b3..dbc04e0 100644
--- a/CoviDok/BLL/User/Handlers/ICaseHandler.cs
+++ b/CoviDok/BLL/User/Handlers/ICaseHandler.cs
@@ -21,5 +21,6 @@ namespace CoviDok.BLL.User.Handlers
         public bool IsAuthorized(int ID, Case c);
 
         public List<Update> GetUpdatesForCase(int id);
+        public Update GetUpadte(int id);
     }
 }
diff --git a/CoviDok/BLL/User/Managers/CaseManager.cs b/CoviDok/BLL/User/Managers/CaseManager.cs
index 754bcf2..f0aac61 100644
--- a/CoviDok/BLL/User/Managers/CaseManager.cs
+++ b/CoviDok/BLL/User/Managers/CaseManager.cs
@@ -61,7 +61,23 @@ namespace CoviDok.BLL.User.Managers
             }
         }
 
-        
+        public async Task<Update> GetUpdate(Session s, int id)
+        {
+            // Parent, Doctor, and doctors assistants can access a case
+            Update u = handler.GetUpadte(id);
+            Case c = await handler.GetCase(u.CaseID);
+            if (c == null) throw new KeyNotFoundException();
+            if (handler.IsAuthorized(s.ID, c))
+            {
+                return u;
+            }
+            else
+            {
+                throw new UnauthorizedAccessException();
+            }
+        }
+
+
 
         public async Task<Case> GetCase(Session s, int id)
         {
diff --git a/CoviDok/Controllers/CaseController.cs b/CoviDok/Controllers/CaseController.cs
index 8a5f0fd..45e194e 100644
--- a/CoviDok/Controllers/CaseController.cs
+++ b/CoviDok/Controllers/CaseController.cs
@@ -100,6 +100,25 @@ namespace CoviDok.Controllers
             }
         }
 
+        [HttpPost("updates/{id}")]
+        public async Task<ActionResult<Update>>  GetUpdate(int id, AuthGet get)
+        {
+            Session s = await Handler.GetSession(get.SessionID);
+            if (s == null) return Unauthorized();
+            try
+            {
+                return await mgr.GetUpdate(s, id);
+            }
+            catch (UnauthorizedAccessException)
+            {
+                return Unauthorized();
+            }
+            catch (KeyNotFoundException)
+            {
+                return NotFound();
+            }
+        }
+
         // POST /api/Case/{id}/close
         [HttpPost("{id}/close")]
         public async Task<IActionResult> PostClose(int id, CaseUpdate data)
diff --git a/CoviDok/Data/MySQL/MySqlCaseHandler.cs b/CoviDok/Data/MySQL/MySqlCaseHandler.cs
index e48b8a4..4b80337 100644
--- a/CoviDok/Data/MySQL/MySqlCaseHandler.cs
+++ b/CoviDok/Data/MySQL/MySqlCaseHandler.cs
@@ -33,6 +33,11 @@ namespace CoviDok.Data.MySQL
             return (from u in context.Updates where u.CaseID == id select u).ToList();
         }
 
+        public Update GetUpadte(int id)
+        {
+            return (from u in context.Updates where u.Id == id select u).First();
+        }
+
         public async Task<List<Case>> Filter(CaseFilter filter)
         {
             List<Case> ret = new List<Case>();