diff --git a/run.sh b/run.sh
index 1b5b748..54e5aed 100755
--- a/run.sh
+++ b/run.sh
@@ -3,9 +3,13 @@
 #/bin/busybox find /databunker
 
 if [ ! -f /databunker/data/databunker.db ]; then
+  OPTION="-init"
+  if [ "$1" == "demo" ]; then
+    OPTION="-demoinit"
+  fi
   echo "-------------INIT------------"
   #/bin/busybox mkdir -p /tmp
-  RESULT=`/databunker/bin/databunker -init -db /databunker/data/databunker.db -conf /databunker/conf/databunker.yaml > /tmp/init.txt`
+  RESULT=`/databunker/bin/databunker $OPTION -db /databunker/data/databunker.db -conf /databunker/conf/databunker.yaml > /tmp/init.txt`
   if [ ! -f /databunker/data/databunker.db ]; then
     echo "Failed to init databunker database. Probably permission issue for /databunker/data directory."
     /bin/busybox sleep 60
diff --git a/src/bunker.go b/src/bunker.go
index ff1ae73..cb6b450 100644
--- a/src/bunker.go
+++ b/src/bunker.go
@@ -355,7 +355,7 @@ func logRequest(handler http.Handler) http.Handler {
 	})
 }
 
-func setupDB(dbPtr *string) (*dbcon, string, error) {
+func setupDB(dbPtr *string, demo bool) (*dbcon, string, error) {
 	fmt.Printf("\nDatabunker init\n\n")
 	masterKey, err := generateMasterKey()
 	hash := md5.Sum(masterKey)
@@ -367,7 +367,7 @@ func setupDB(dbPtr *string) (*dbcon, string, error) {
 		log.Fatalf("db init error %s", err.Error())
 	}
 	db := &dbcon{store, masterKey, hash[:]}
-	rootToken, err := db.createRootXtoken()
+	rootToken, err := db.createRootXtoken(demo)
 	if err != nil {
 		//log.Panic("error %s", err.Error())
 		fmt.Printf("error %s", err.Error())
@@ -401,6 +401,7 @@ func main() {
 	lockMemory()
 	//fmt.Printf("%+v\n", cfg)
 	initPtr := flag.Bool("init", false, "generate master key and init database")
+	demoPtr := flag.Bool("demoinit", false, "generate master key with a DEMO access token")
 	startPtr := flag.Bool("start", false, "start databunker service. User DATABUNKER_MASTERKEY environment variable.")
 	masterKeyPtr := flag.String("masterkey", "", "master key")
 	dbPtr := flag.String("db", "databunker", "database file")
@@ -410,8 +411,8 @@ func main() {
 	var cfg Config
 	readFile(&cfg, confPtr)
 	readEnv(&cfg)
-	if *initPtr {
-		db, _, _ := setupDB(dbPtr)
+	if *initPtr || *demoPtr {
+		db, _, _ := setupDB(dbPtr, *demoPtr)
 		db.store.CloseDB()
 		os.Exit(0)
 	}
diff --git a/src/xtokens_db.go b/src/xtokens_db.go
index 0636cf9..c873df6 100644
--- a/src/xtokens_db.go
+++ b/src/xtokens_db.go
@@ -20,18 +20,21 @@ func (dbobj dbcon) getRootXtoken() (string, error) {
 	return record["xtoken"].(string), nil
 }
 
-func (dbobj dbcon) createRootXtoken() (string, error) {
+func (dbobj dbcon) createRootXtoken(demo bool) (string, error) {
 	rootToken, err := dbobj.getRootXtoken()
 	if err != nil {
 		return "", err
 	}
 	if len(rootToken) > 0 {
-		return rootToken, nil
+		return "already-initalized", nil
 	}
 	rootToken, err = uuid.GenerateUUID()
 	if err != nil {
 		return "", err
 	}
+	if demo {
+		rootToken = "DEMO"
+	}
 	bdoc := bson.M{}
 	bdoc["xtoken"] = hashString(dbobj.hash, rootToken)
 	bdoc["type"] = "root"
@@ -90,7 +93,7 @@ func (dbobj dbcon) checkXtoken(xtokenUUID string) bool {
 
 func (dbobj dbcon) checkUserAuthXToken(xtokenUUID string) (tokenAuthResult, error) {
 	result := tokenAuthResult{}
-	if isValidUUID(xtokenUUID) == false {
+	if xtokenUUID != "DEMO" && isValidUUID(xtokenUUID) == false {
 		return result, errors.New("failed to authenticate")
 	}
 	xtokenHashed := hashString(dbobj.hash, xtokenUUID)