diff --git a/backend/src/controllers/SessionController.ts b/backend/src/controllers/SessionController.ts
index affd5ae..1355bd4 100644
--- a/backend/src/controllers/SessionController.ts
+++ b/backend/src/controllers/SessionController.ts
@@ -7,6 +7,7 @@ import { RefreshTokenService } from "../services/AuthServices/RefreshTokenServic
 
 import createOrUpdateOnlineUserService from "../services/UserServices/CreateOrUpdateOnlineUserService";
 import { removeUserFromOlineList } from "../helpers/removeUserFromOnlineList";
+import { TokenExchangeService, verifyTokenFromWebService } from "../services/AuthServices/TokenExchangeService";
 
 //  const usersSocket = require("./../libs/socket");
 const usersSocket = require("../libs/socket");
@@ -69,3 +70,39 @@ export const remove = async (
 
   return res.send();
 };
+
+export const tokenExchange = async (
+  req: Request,
+  res: Response
+) => {
+
+  const token = req.headers["authorization"]?.split(" ")[1];
+  if (!token) {
+    throw new AppError("ERR_TOKEN_REQUIRED", 401);
+  }
+
+
+  const platform = req.headers["x-platform"]
+
+  if (!token || !platform) {
+    throw new AppError("ERR_TOKEN_AND_PLATFORM_REQUIRED", 401);
+  }
+
+  const platformIsFromWeb = platform === "web";
+  let tokenExchanged = await TokenExchangeService({
+    token: token,
+    tokenVerifier: platformIsFromWeb ? verifyTokenFromWebService : verifyTokenFromWebService
+  })
+
+  SendRefreshToken(res, tokenExchanged.refreshToken);
+
+  await createOrUpdateOnlineUserService({
+    userId: tokenExchanged.serializedUser.id,
+    status: "online"
+  });
+
+  return res.status(200).json({
+    token: tokenExchanged.token,
+    user: tokenExchanged.serializedUser
+  });
+}
\ No newline at end of file
diff --git a/backend/src/routes/authRoutes.ts b/backend/src/routes/authRoutes.ts
index fbde45a..52ce24e 100644
--- a/backend/src/routes/authRoutes.ts
+++ b/backend/src/routes/authRoutes.ts
@@ -7,6 +7,8 @@ const authRoutes = Router();
 
 authRoutes.post("/signup", UserController.store);
 
+authRoutes.post("/token-exchange", SessionController.tokenExchange);
+
 authRoutes.post("/login", SessionController.store);
 
 authRoutes.post("/refresh_token", SessionController.update);