diff --git a/Backend/main.go b/Backend/main.go
index cd43be3..9220be5 100644
--- a/Backend/main.go
+++ b/Backend/main.go
@@ -29,23 +29,26 @@ func main() {
 }
 
 func timeCreateHandler(w http.ResponseWriter, r *http.Request) {
+	setCors(w)
 	switch r.Method {
 	case "PUT":
 		createBooking(w, r)
+	case "OPTIONS":
+		w.WriteHeader(http.StatusOK)
 	default:
 		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
 	}
 }
 
 func timeHandler(w http.ResponseWriter, r *http.Request) {
-	if os.Getenv("DEBUG") == "true" {
-		w.Header().Set("Access-Control-Allow-Origin", "*")
-	}
+	setCors(w)
 	switch r.Method {
 	case "GET":
 		getBookings(w, r)
 	case "PUT":
 		updateBooking(w, r)
+	case "OPTIONS":
+		w.WriteHeader(http.StatusOK)
 	default:
 		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
 	}
@@ -65,6 +68,7 @@ func createBooking(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
 			return
 		}
+		w.Header().Set("Content-Type", "application/json")
 		w.WriteHeader(http.StatusAccepted)
 		json.NewEncoder(w).Encode(booking)
 	}
@@ -98,29 +102,30 @@ func updateBooking(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "Invalid bookingID query parameter", http.StatusBadRequest)
 		return
 	}
-	booking, err := (*models.Booking).GetBookingById(nil, booking_id)
+	_booking, err := (*models.Booking).GetBookingById(nil, booking_id)
 	if err != nil {
 		log.Println("Error getting booking: ", err)
 		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
 		return
 	}
-	if card_id := r.URL.Query().Get("cardID"); card_id != "" {
-		booking.CardID = card_id
+	var booking models.Booking
+	dec := json.NewDecoder(r.Body)
+	dec.DisallowUnknownFields()
+	err = dec.Decode(&booking)
+	if err != nil {
+		log.Println("Error parsing booking: ", err)
+		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		return
 	}
-	if reader_id := r.URL.Query().Get("readerID"); reader_id != "" {
-		booking.ReaderID = reader_id
+	if booking.Id != 0 && booking.Id != _booking.Id {
+		log.Println("Booking Ids do not match")
+		http.Error(w, "Booking Ids do not match", http.StatusBadRequest)
+		return
 	}
-	if _booking_type := r.URL.Query().Get("bookingType"); _booking_type != "" {
-		booking_type, err := strconv.Atoi(_booking_type)
-		if err != nil {
-			http.Error(w, "Invalid booking_type query parameter", http.StatusInternalServerError)
-			return
-		}
-		booking.BookingType = booking_type
-	}
-	booking.Save()
-	w.WriteHeader(http.StatusOK)
-	json.NewEncoder(w).Encode(booking)
+	_booking.Update(booking)
+	_booking.Save()
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(_booking)
 }
 
 // func getBooking(w http.ResponseWriter, r *http.Request)
@@ -131,3 +136,11 @@ func getEnv(key, fallback string) string {
 	}
 	return fallback
 }
+
+func setCors(w http.ResponseWriter) {
+	if os.Getenv("DEBUG") == "true" {
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Access-Control-Allow-Methods", "*")
+		w.Header().Set("Access-Control-Allow-Headers", "*")
+	}
+}
diff --git a/Backend/models/booking.go b/Backend/models/booking.go
index 3fb6361..b0df1cc 100644
--- a/Backend/models/booking.go
+++ b/Backend/models/booking.go
@@ -16,9 +16,9 @@ func (e SameBookingError) Error() string {
 }
 
 type Booking struct {
-	CardID      string    `json:"cradID"`
+	CardID      string    `json:"cardID"`
 	ReaderID    string    `json:"readerID"`
-	BookingType int       `json:"bookingTyp"`
+	BookingType int       `json:"bookingType"`
 	LoggedTime  time.Time `json:"loggedTime"`
 	Id          int       `json:"id"`
 }
@@ -123,6 +123,18 @@ func (b Booking) Save() {
 	}
 }
 
+func (b *Booking) Update(nb Booking) {
+	if b.BookingType != nb.BookingType && nb.BookingType != 0 {
+		b.BookingType = nb.BookingType
+	}
+	if b.CardID != nb.CardID && nb.CardID != "" {
+		b.CardID = nb.CardID
+	}
+	if b.ReaderID != nb.ReaderID && nb.ReaderID != "" {
+		b.ReaderID = nb.ReaderID
+	}
+}
+
 func checkLastBooking(b Booking) bool {
 	var booking_type int
 	stmt, err := DB.Prepare((`SELECT booking_type FROM "zeiten" WHERE "card_id" = $1 ORDER BY "logged_time" DESC LIMIT 1;`))
diff --git a/Readme.md b/Readme.md
index bf99b43..43c0d42 100644
--- a/Readme.md
+++ b/Readme.md
@@ -14,6 +14,7 @@ docker compose up -d
 
 ## API
 Nutzung der API
+wenn die `dev-docker-compose.yml` Datei gestartet wird, ist direkt ein SwaggerUI Server mit entsprechender Datei inbegriffen.
 
 ### Buchungen [/time]