diff --git a/.gitignore b/.gitignore
index ea3c919..8f8320e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+.idea
 tests/_output
 vendor
 composer.lock
diff --git a/Module.php b/Module.php
index e5ebd40..3be1cc3 100644
--- a/Module.php
+++ b/Module.php
@@ -10,7 +10,7 @@
 namespace dmstr\modules\pages;
 
 use dmstr\modules\pages\models\Tree;
-use yii\filters\AccessControl;
+use dmstr\web\traits\AccessBehaviorTrait;
 
 /**
  * Class Module
@@ -19,6 +19,8 @@
  */
 class Module extends \yii\base\Module
 {
+    use AccessBehaviorTrait;
+
     /**
      * @var array the list of rights that are allowed to access this module.
      * If you modify, you also need to enable authManager.
@@ -32,36 +34,9 @@ class Module extends \yii\base\Module
     
     public $availableViews = [];
 
-
     /**
-     * Restrict access permissions to admin user and users with auth-item 'module-controller'
      * @inheritdoc
      */
-    public function behaviors()
-    {
-        return [
-            'access' => [
-                'class' => AccessControl::className(),
-                'rules' => [
-                    [
-                        'allow' => true,
-                        'matchCallback' => function () {
-                            if ($this->roles) {
-                                foreach ($this->roles as $role) {
-                                    if (\Yii::$app->user->can($role)) {
-                                        return true;
-                                    }
-                                }
-                                return (\Yii::$app->user->identity && \Yii::$app->user->identity->isAdmin);
-                            }
-                            return true;
-                        },
-                    ]
-                ]
-            ]
-        ];
-    }
-
     public function init()
     {
         parent::init();
@@ -80,6 +55,9 @@ public function init()
         }
     }
 
+    /**
+     * @return mixed|object dmstr\modules\pages\models\Tree
+     */
     public function getLocalizedRootNode()
     {
         $localizedRoot = 'root_' . \Yii::$app->language;
diff --git a/composer.json b/composer.json
index 5bdac79..c338fe7 100644
--- a/composer.json
+++ b/composer.json
@@ -19,7 +19,8 @@
         "kartik-v/yii2-tree-manager": "~1.0.3",
         "kartik-v/yii2-widget-select2": "^2.0.1",
         "rmrevin/yii2-fontawesome": "~2.9",
-        "devgroup/yii2-jsoneditor": "1.0.*"
+        "devgroup/yii2-jsoneditor": "1.0.*",
+        "dmstr/yii2-web": "~0.1"
     },
     "autoload": {
         "psr-4": {
diff --git a/controllers/DefaultController.php b/controllers/DefaultController.php
index a6e2570..08de0ed 100644
--- a/controllers/DefaultController.php
+++ b/controllers/DefaultController.php
@@ -11,7 +11,6 @@
 
 use dmstr\modules\pages\models\Tree;
 use Yii;
-use yii\filters\AccessControl;
 use yii\helpers\Url;
 use yii\web\Controller;
 use yii\web\HttpException;
@@ -20,39 +19,13 @@
 /**
  * Class DefaultController
  * @package dmstr\modules\pages\controllers
- * @author $Author
+ * @author Christopher Stebe <c.stebe@herzogkommunikation.de>
  */
 class DefaultController extends Controller
 {
     /**
-     * @var boolean whether to enable CSRF validation for the actions in this controller.
-     * CSRF validation is enabled only when both this property and [[Request::enableCsrfValidation]] are true.
+     * @return mixed
      */
-    public $enableCsrfValidation = false;
-
-    /**
-     * @inheritdoc
-     */
-    public function behaviors()
-    {
-        return [
-            'access' => [
-                'class' => AccessControl::className(),
-                'rules' => [
-                    [
-                        'allow' => true,
-                        'matchCallback' => function ($rule, $action) {
-                            return \Yii::$app->user->can(
-                                $this->module->id . '_' . $this->id . '_' . $action->id,
-                                ['route' => true]
-                            );
-                        },
-                    ]
-                ]
-            ]
-        ];
-    }
-
     public function actionIndex()
     {
 
diff --git a/controllers/TestController.php b/controllers/TestController.php
index 9410293..b70e77f 100644
--- a/controllers/TestController.php
+++ b/controllers/TestController.php
@@ -9,40 +9,19 @@
 
 namespace dmstr\modules\pages\controllers;
 
-
 use dmstr\modules\pages\models\Tree;
-use yii\filters\AccessControl;
 use yii\web\Controller;
 
+/**
+ * Class TestController
+ * @package dmstr\modules\pages\controllers
+ * @author $Author
+ */
 class TestController extends Controller
 {
-
-    /**
-     * @inheritdoc
-     */
-    public function behaviors()
-    {
-        return [
-            'access' => [
-                'class' => AccessControl::className(),
-                'rules' => [
-                    [
-                        'allow' => true,
-                        'matchCallback' => function ($rule, $action) {
-                            return \Yii::$app->user->can(
-                                $this->module->id.'_'.$this->id.'_'.$action->id,
-                                ['route' => true]
-                            );
-                        },
-                    ]
-                ]
-            ]
-        ];
-    }
-
     public function actionIndex()
     {
-        $tree = Tree::getMenuItems('root_'.\Yii::$app->language);
+        $tree = Tree::getMenuItems('root_' . \Yii::$app->language);
         return $this->render('index', ['tree' => $tree]);
     }
 }
\ No newline at end of file
diff --git a/controllers/api/DefaultController.php b/controllers/api/DefaultController.php
new file mode 100644
index 0000000..0f7987a
--- /dev/null
+++ b/controllers/api/DefaultController.php
@@ -0,0 +1,70 @@
+<?php
+
+namespace dmstr\modules\pages\controllers\api;
+
+/**
+ * This is the class for REST controller "DefaultController".
+ *
+ * @package dmstr\modules\pages
+ * @author Christopher Stebe <c.stebe@herzogkommunikation.de>
+ */
+class DefaultController extends \yii\rest\ActiveController
+{
+    /**
+     * The limit for the \yii\data\ActiveDataProvider
+     */
+    const QUERY_LIMIT = 2000;
+
+    public $modelClass = 'dmstr\modules\pages\models\Tree';
+
+    /**
+     * @inheritdoc
+     */
+    public function actions()
+    {
+        return [
+            /**
+             * Supported $_GET params for /pages/api/default/index
+             *
+             * @param dmstr\modules\pages\models\Tree::ATTR_ID
+             * @param dmstr\modules\pages\models\Tree::ATTR_NAME_ID
+             * @param dmstr\modules\pages\models\Tree::ATTR_ROOT
+             * @param dmstr\modules\pages\models\Tree::ATTR_ACCESS_DOMAIN
+             */
+            'index' => [
+                'class'               => 'yii\rest\IndexAction',
+                'modelClass'          => $this->modelClass,
+                'checkAccess'         => [$this, 'checkAccess'],
+                'prepareDataProvider' => function () {
+
+                    /* @var $modelClass \yii\db\BaseActiveRecord */
+                    $modelClass = $this->modelClass;
+
+                    $query = $modelClass::find();
+
+                    if (isset($_GET[$modelClass::ATTR_ID])) {
+                        $query->andFilterWhere([$modelClass::ATTR_ID => $_GET[$modelClass::ATTR_ID]]);
+                    }
+                    if (isset($_GET[$modelClass::ATTR_NAME_ID])) {
+                        $query->andFilterWhere([$modelClass::ATTR_NAME_ID => $_GET[$modelClass::ATTR_NAME_ID]]);
+                    }
+                    if (isset($_GET[$modelClass::ATTR_ROOT])) {
+                        $query->andFilterWhere([$modelClass::ATTR_ROOT => $_GET[$modelClass::ATTR_ROOT]]);
+                    }
+                    if (isset($_GET[$modelClass::ATTR_ACCESS_DOMAIN])) {
+                        $query->andFilterWhere([$modelClass::ATTR_ACCESS_DOMAIN => $_GET[$modelClass::ATTR_ACCESS_DOMAIN]]);
+                    }
+
+                    return new \yii\data\ActiveDataProvider(
+                        [
+                            'query'      => $query,
+                            'pagination' => [
+                                'pageSize' => self::QUERY_LIMIT,
+                            ],
+                        ]
+                    );
+                }
+            ]
+        ];
+    }
+}
\ No newline at end of file
diff --git a/models/Tree.php b/models/Tree.php
index 349564b..4a738a0 100755
--- a/models/Tree.php
+++ b/models/Tree.php
@@ -70,6 +70,7 @@ class Tree extends \kartik\tree\models\Tree
     const ATTR_ID = 'id';
     const ATTR_NAME_ID = 'name_id';
     const ATTR_ACCESS_DOMAIN = 'access_domain';
+    const ATTR_ROOT = 'root';
     const ATTR_ROUTE = 'route';
     const ATTR_VIEW = 'view';
     const ATTR_REQUEST_PARAMS = 'request_params';
@@ -163,6 +164,7 @@ public function rules()
                 ],
                 [
                     [
+                        'root',
                         'access_owner',
                     ],
                     'integer',
diff --git a/tests/.gitignore b/tests/.gitignore
index be1c5a4..a7affde 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -1 +1,3 @@
 _output
+
+tests/_output/*
\ No newline at end of file