diff --git a/src/bunker.go b/src/bunker.go
index 06219c8..de6d710 100644
--- a/src/bunker.go
+++ b/src/bunker.go
@@ -210,7 +210,7 @@ func (e mainEnv) setupRouter() *httprouter.Router {
 	router.POST("/v1/exp/start/:mode/:identity", e.expStart)
 	router.DELETE("/v1/exp/cancel/:mode/:identity", e.expCancel)
 
-	router.POST("/v1/sharedrecord/token/:token", e.newSharedRecord)
+	router.POST("/v1/sharedrecord/:mode/:identity", e.newSharedRecord)
 	router.GET("/v1/get/:record", e.getRecord)
 
 	router.GET("/v1/request/:request", e.getUserRequest)
diff --git a/src/sharedrecords_api.go b/src/sharedrecords_api.go
index 3e83bee..ca2412f 100644
--- a/src/sharedrecords_api.go
+++ b/src/sharedrecords_api.go
@@ -13,11 +13,13 @@ import (
 )
 
 func (e mainEnv) newSharedRecord(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
-	userTOKEN := ps.ByName("token")
-	event := audit("create shareable record by user token", userTOKEN, "token", userTOKEN)
+	identity := ps.ByName("identity")
+	mode := ps.ByName("mode")
+	event := audit("create shareable record by "+mode, identity, "token", identity)
 	defer func() { event.submit(e.db, e.conf) }()
 
-	if enforceUUID(w, userTOKEN, event) == false {
+	userTOKEN := e.loadUserToken(w, r, mode, identity, event)
+	if userTOKEN == "" {
 		return
 	}
 	if e.enforceAuth(w, r, event) == "" {