diff --git a/lib/loopback.js b/lib/loopback.js
index d53492e..fd827cf 100644
--- a/lib/loopback.js
+++ b/lib/loopback.js
@@ -1,6 +1,6 @@
 'use strict';
 
-module.exports.create = function () {
+module.exports.create = function (deps) {
   var PromiseA = require('bluebird');
   var request = PromiseA.promisify(require('request'));
   var pending = {};
@@ -8,7 +8,7 @@ module.exports.create = function () {
   function checkPublicAddr(host) {
     return request({
       method: 'GET'
-    , url: 'https://'+host+'/api/org.oauth3.tunnel/checkip'
+    , url: host+'/api/org.oauth3.tunnel/checkip'
     , json: true
     }).then(function (result) {
       if (!result.body) {
@@ -18,7 +18,6 @@ module.exports.create = function () {
         var err = new Error(result.body.error.message);
         return PromiseA.reject(Object.assign(err, result.body.error));
       }
-      console.log(result.body, result.body.address);
       return result.body.address;
     });
   }
@@ -39,7 +38,7 @@ module.exports.create = function () {
 
     return request({
       method: 'POST'
-    , url: 'https://'+host+'/api/org.oauth3.tunnel/loopback'
+    , url: host+'/api/org.oauth3.tunnel/loopback'
     , json: opts
     })
     .then(function (result) {
@@ -60,26 +59,22 @@ module.exports.create = function () {
     });
   }
 
-  function loopback(session) {
-    var host;
-    if (!session) {
-      host = 'api.oauth3.org';
-    } else {
-      host = 'api.' + ((session.token || {}).aud || 'oauth3.org');
-    }
-
-    return checkPublicAddr(host).then(function (address) {
-      console.log('checking to see if', address, 'gets back to us');
-      var ports = require('./servers').listeners.tcp.list();
-      return PromiseA.all(ports.map(function (port) {
-        return checkSinglePort(host, address, port);
-      }))
-      .then(function (values) {
-        var result = {error: null, address: address};
-        ports.forEach(function (port, ind) {
-          result[port] = values[ind];
+  function loopback(provider) {
+    return deps.OAUTH3.discover(provider).then(function (directives) {
+      return checkPublicAddr(directives.api).then(function (address) {
+        console.log('checking to see if', address, 'gets back to us');
+        var ports = require('./servers').listeners.tcp.list();
+        return PromiseA.all(ports.map(function (port) {
+          return checkSinglePort(directives.api, address, port);
+        }))
+        .then(function (values) {
+          console.log(pending);
+          var result = {error: null, address: address};
+          ports.forEach(function (port, ind) {
+            result[port] = values[ind];
+          });
+          return result;
         });
-        return result;
       });
     });
   }
diff --git a/packages/apis/com.daplie.goldilocks/index.js b/packages/apis/com.daplie.goldilocks/index.js
index 79732f3..1c08fbc 100644
--- a/packages/apis/com.daplie.goldilocks/index.js
+++ b/packages/apis/com.daplie.goldilocks/index.js
@@ -313,9 +313,18 @@ module.exports.create = function (deps, conf) {
         return;
       }
       isAuthorized(req, res, function () {
+        var prom;
+        var query = require('querystring').parse(require('url').parse(req.url).query);
+        if (query.provider) {
+          prom = deps.loopback(query.provider);
+        } else {
+          prom = deps.storage.owners.get(req.userId).then(function (session) {
+            return deps.loopback(session.token.aud);
+          });
+        }
+
         res.setHeader('Content-Type', 'application/json');
-        deps.loopback()
-        .then(function (result) {
+        prom.then(function (result) {
           res.end(JSON.stringify(result));
         }, function (err) {
           res.end(JSON.stringify({error: {message: err.message, code: err.code}}));