diff --git a/libretroshare/src/jsonapi/jsonapi.cpp b/libretroshare/src/jsonapi/jsonapi.cpp
index 88dd58c02..88281a4d7 100644
--- a/libretroshare/src/jsonapi/jsonapi.cpp
+++ b/libretroshare/src/jsonapi/jsonapi.cpp
@@ -117,6 +117,39 @@ JsonApiServer::corsOptionsHeaders =
 	return false;
 }
 
+static bool is_alphanumeric(char c) { return (c>='0' && c<'9') || (c>='a' && c<='z') || (c>='A' && c<='Z') ;}
+static bool is_alphanumeric(const std::string& s)
+{
+    for(uint32_t i=0;i<s.size();++i)
+        if(!is_alphanumeric(s[i]))
+            return false;
+    return true;
+}
+
+bool RsJsonAPI::parseToken(const std::string& clear_token,std::string& user,std::string& passwd)
+{
+	uint32_t last_index=0;
+	uint32_t nb_colons=0;
+
+	for(uint32_t i=0;i<clear_token.length();++i)
+		if(clear_token[i]==':')
+		{
+			++nb_colons;
+			last_index = i;
+		}
+		else if(!is_alphanumeric(clear_token[i]))
+			return false;
+
+	if(nb_colons != 1)
+		return false;
+
+	user   = clear_token.substr(0,last_index);
+	passwd = clear_token.substr(last_index+1,(int)clear_token.size()-(int)last_index-2);
+
+	return true;
+}
+
+
 JsonApiServer::JsonApiServer(): configMutex("JsonApiServer config")
 {
 	registerHandler("/rsLoginHelper/createLocation",
@@ -436,38 +469,6 @@ bool JsonApiServer::requestNewTokenAutorization(const std::string& user)
 	return false;
 }
 
-static bool is_alphanumeric(char c) { return (c>='0' && c<'9') || (c>='a' && c<='z') || (c>='A' && c<='Z') ;}
-static bool is_alphanumeric(const std::string& s)
-{
-    for(uint32_t i=0;i<s.size();++i)
-        if(!is_alphanumeric(s[i]))
-            return false;
-    return true;
-}
-
-static bool parseToken(const std::string& clear_token,std::string& user,std::string& passwd)
-{
-	uint32_t last_index=0;
-	uint32_t nb_colons=0;
-
-	for(uint32_t i=0;i<clear_token.length();++i)
-		if(clear_token[i]==':')
-		{
-			++nb_colons;
-			last_index = i;
-		}
-		else if(!is_alphanumeric(clear_token[i]))
-			return false;
-
-	if(nb_colons != 1)
-		return false;
-
-	user   = clear_token.substr(0,last_index);
-	passwd = clear_token.substr(last_index+1,(int)clear_token.size()-(int)last_index-2);
-
-	return true;
-}
-
 
 bool JsonApiServer::isAuthTokenValid(const std::string& token)
 {
diff --git a/libretroshare/src/jsonapi/jsonapi.h b/libretroshare/src/jsonapi/jsonapi.h
index 7c8e9ca5d..1dc9ec7b7 100644
--- a/libretroshare/src/jsonapi/jsonapi.h
+++ b/libretroshare/src/jsonapi/jsonapi.h
@@ -64,7 +64,7 @@ public:
 	bool isAuthTokenValid(const std::string& token) override;
 	bool requestNewTokenAutorization(const std::string& user) override;
 
-    // private API
+    // private API. These methods may be moved to RsJsonAPI so as to be visible in http mode, if needed.
 
 	/**
 	 * @brief Get decoded version of the given encoded token
diff --git a/libretroshare/src/jsonapi/restbedservice.cc b/libretroshare/src/jsonapi/restbedservice.cc
index 4d4bfb72a..05e1078d7 100644
--- a/libretroshare/src/jsonapi/restbedservice.cc
+++ b/libretroshare/src/jsonapi/restbedservice.cc
@@ -58,7 +58,7 @@ public:
 
         try
         {
-			std::cerr << "(II) Starting web service on port " << std::dec << _listening_port << std::endl;
+			std::cerr << "(II) Starting restbed service on port " << std::dec << _listening_port << std::endl;
 			_service->start( settings );
         }
         catch(std::exception& e)
@@ -67,7 +67,7 @@ public:
             return;
         }
 
-        std::cerr << "(II) webui service stopped." << std::endl;
+        std::cerr << "(II) restbed service stopped." << std::endl;
 	}
     void stop()
     {
@@ -77,7 +77,7 @@ public:
 
         while(isRunning())
         {
-			std::cerr << "(II) shutting down webui service." << std::endl;
+			std::cerr << "(II) shutting down restbed service." << std::endl;
             rstime::rs_usleep(1000*1000);
         }
     }
@@ -112,7 +112,7 @@ RestbedService::~RestbedService()
 
 bool RestbedService::restart()
 {
-    RsDbg() << "Restarting web interface listening on port " << _restbed_thread->listeningPort() << std::endl;
+    RsDbg() << "Restarting restbed service listening on port " << _restbed_thread->listeningPort() << std::endl;
 
     if(_restbed_thread->isRunning())
         _restbed_thread->stop();
diff --git a/libretroshare/src/retroshare/rsjsonapi.h b/libretroshare/src/retroshare/rsjsonapi.h
index 8886ce15a..0c741a4c9 100644
--- a/libretroshare/src/retroshare/rsjsonapi.h
+++ b/libretroshare/src/retroshare/rsjsonapi.h
@@ -20,6 +20,8 @@
  *******************************************************************************/
 #pragma once
 
+#include <string>
+
 class RsJsonAPI
 {
 public:
@@ -59,6 +61,12 @@ public:
 	 */
 	virtual bool requestNewTokenAutorization(const std::string& token)=0;
 
+    //=============================================================================================//
+    //                                    Utility methods                                          //
+    //=============================================================================================//
+
+    static bool parseToken(const std::string& clear_token,std::string& user,std::string& passwd);
+
     //=============================================================================================//
     //                      API methods that SHOULD NOT be accessible through http                 //
     //=============================================================================================//
@@ -91,7 +99,7 @@ public:
 	 * @param[in] token decoded
 	 * @return tru if authorized, false otherwise
 	 */
-	virtual bool isAuthTokenValid(const std::string& token);
+	virtual bool isAuthTokenValid(const std::string& token)=0;
 
 
 };
diff --git a/retroshare-gui/src/gui/settings/JsonApiPage.cc b/retroshare-gui/src/gui/settings/JsonApiPage.cc
index 5d8e202a4..532373976 100644
--- a/retroshare-gui/src/gui/settings/JsonApiPage.cc
+++ b/retroshare-gui/src/gui/settings/JsonApiPage.cc
@@ -37,6 +37,26 @@ JsonApiPage::JsonApiPage(QWidget */*parent*/, Qt::WindowFlags /*flags*/)
 	connect( ui.removeTokenPushButton, SIGNAL(clicked()), this, SLOT(removeTokenClicked() ));
 	connect( ui.tokensListView,        SIGNAL(clicked()), this, SLOT(tokenClicked() ));
 	connect( ui.applyConfigPushButton, SIGNAL(clicked()), this, SLOT(onApplyClicked() ));
+	connect( ui.portSpinBox, 		   SIGNAL(valueChanged(int)), this, SLOT(updateParams() ));
+	connect( ui.listenAddressLineEdit, SIGNAL(textChanged(QString)), this, SLOT(updateParams() ));
+
+    // This limits the possible tokens to alphanumeric
+
+    QString anRange = "{[a-z]|[A-Z]|[0-9]}+";
+    QRegExp anRegex ("^" + anRange + ":" + anRange + "$");
+    QRegExpValidator *anValidator = new QRegExpValidator(anRegex, this);
+
+    ui.tokenLineEdit->setValidator(anValidator);
+
+    // This limits the possible tokens to alphanumeric
+
+    QString ipRange = "(?:[0-1]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])";
+    // You may want to use QRegularExpression for new code with Qt 5 (not mandatory).
+    QRegExp ipRegex ("^" + ipRange + "\\." + ipRange + "\\." + ipRange + "\\." + ipRange + "$");
+    QRegExpValidator *ipValidator = new QRegExpValidator(ipRegex, this);
+
+    ui.listenAddressLineEdit->setValidator(ipValidator);
+
 }
 
 void JsonApiPage::enableJsonApi(bool checked)
@@ -45,6 +65,8 @@ void JsonApiPage::enableJsonApi(bool checked)
 	ui.applyConfigPushButton->setEnabled(checked);
 	ui.removeTokenPushButton->setEnabled(checked);
 	ui.tokensListView->setEnabled(checked);
+	ui.portSpinBox->setEnabled(checked);
+	ui.listenAddressLineEdit->setEnabled(checked);
 
     Settings->setJsonApiEnabled(checked);
 
@@ -54,43 +76,26 @@ void JsonApiPage::enableJsonApi(bool checked)
         checkShutdownJsonApi();
 }
 
-bool JsonApiPage::updateParams(QString &errmsg)
+bool JsonApiPage::updateParams()
 {
 	bool ok = true;
 	bool changed = false;
 
-	bool enabled = ui.enableCheckBox->isChecked();
-
-	if( enabled != Settings->getJsonApiEnabled())
-	{
-		Settings->setJsonApiEnabled(enabled);
-		changed = true;
-	}
-
 	uint16_t port = static_cast<uint16_t>(ui.portSpinBox->value());
-
-	if(port != Settings->getJsonApiPort())
-	{
-		Settings->setJsonApiPort(port);
-		changed = true;
-	}
-
 	QString listenAddress = ui.listenAddressLineEdit->text();
 
-	if(listenAddress != Settings->getJsonApiListenAddress())
-	{
-		Settings->setJsonApiListenAddress(listenAddress);
-		changed = true;
-	}
+	Settings->setJsonApiEnabled(ui.enableCheckBox->isChecked());
+	Settings->setJsonApiPort(port);
+	Settings->setJsonApiListenAddress(listenAddress);
 
 	return ok;
 }
 
 void JsonApiPage::load()
 {
-	whileBlocking(ui.enableCheckBox)->setChecked(Settings->getJsonApiEnabled());
 	whileBlocking(ui.portSpinBox)->setValue(Settings->getJsonApiPort());
 	whileBlocking(ui.listenAddressLineEdit)->setText(Settings->getJsonApiListenAddress());
+	whileBlocking(ui.enableCheckBox)->setChecked(Settings->getJsonApiEnabled());
 
     QStringList newTk;
 
@@ -102,17 +107,21 @@ void JsonApiPage::load()
 
 QString JsonApiPage::helpText() const { return ""; }
 
-/*static*/ bool JsonApiPage::checkStartJsonApi()
+bool JsonApiPage::checkStartJsonApi()
 {
-	if(Settings->getJsonApiEnabled())
-		rsJsonAPI->restart();
+	if(!Settings->getJsonApiEnabled())
+        return false;
+
+	rsJsonAPI->setListeningPort(Settings->getJsonApiPort());
+	rsJsonAPI->setBindingAddress(Settings->getJsonApiListenAddress().toStdString());
+	rsJsonAPI->restart();
 
 	return true;
 }
 
 /*static*/ void JsonApiPage::checkShutdownJsonApi()
 {
-    rsJsonAPI->isRunning())
+    if(RsJsonAPI::JSONAPI_STATUS_RUNNING != rsJsonAPI->status())
         return;
 
 	rsJsonAPI->stop();	// this is a blocking call until the thread is terminated.
@@ -148,17 +157,18 @@ void JsonApiPage::onApplyClicked(bool)
     // restart
 
     checkShutdownJsonApi();
-
-    rsJsonAPI->setListeningPort(ui.portSpinBox->value());
-    rsJsonAPI->setBindingAddress(ui.listenAddressLineEdit->text().toStdString());
-
     checkStartJsonApi();
 }
 
 void JsonApiPage::addTokenClicked(bool)
 {
 	QString token(ui.tokenLineEdit->text());
-	rsJsonAPI->authorizeUser(token.toStdString());
+    std::string user,passwd;
+
+    if(!RsJsonAPI::parseToken(token.toStdString(),user,passwd))
+        return;
+
+	rsJsonAPI->authorizeUser(user,passwd);
 
     QStringList newTk;
 
diff --git a/retroshare-gui/src/gui/settings/JsonApiPage.h b/retroshare-gui/src/gui/settings/JsonApiPage.h
index 97eb5407b..fff404087 100644
--- a/retroshare-gui/src/gui/settings/JsonApiPage.h
+++ b/retroshare-gui/src/gui/settings/JsonApiPage.h
@@ -54,9 +54,8 @@ public slots:
 	void removeTokenClicked(bool);
 	void tokenClicked(const QModelIndex& index);
 	void enableJsonApi(bool checked);
+	bool updateParams();
 
 private:
 	Ui::JsonApiPage ui; /// Qt Designer generated object
-
-	bool updateParams(QString &errmsg);
 };