diff --git a/backend/main.go b/backend/main.go
index e140793f..f76dd15b 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -27,16 +27,16 @@ type contextKey string
 const claimsKey = contextKey("claims")
 
 type QuestionPaper struct {
-	ID              int    `json:"id"`
-	CourseCode      string `json:"course_code"`
-	CourseName      string `json:"course_name"`
-	Year            int    `json:"year"`
-	Exam            string `json:"exam"`
-	FileLink        string `json:"filelink"`
-	FromLibrary     bool   `json:"from_library"`
-	UploadTimestamp string `json:"upload_timestamp"`
-	ApproveStatus   bool   `json:"approve_status"`
-	CourseDetails   string `json:"course_details"`
+	ID              int    `json:"id,omitempty"`
+	CourseCode      string `json:"course_code,omitempty"`
+	CourseName      string `json:"course_name,omitempty"`
+	Year            int    `json:"year,omitempty"`
+	Exam            string `json:"exam,omitempty"`
+	FileLink        string `json:"filelink,omitempty"`
+	FromLibrary     bool   `json:"from_library,omitempty"`
+	UploadTimestamp string `json:"upload_timestamp,omitempty"`
+	ApproveStatus   bool   `json:"approve_status,omitempty"`
+	CourseDetails   string `json:"course_details,omitempty"`
 }
 
 type uploadEndpointRes struct {
@@ -189,6 +189,32 @@ func search(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func listUnapprovedPapers(w http.ResponseWriter, r *http.Request) {
+	rows, err := db.Query("SELECT course_code, course_name, year, exam, filelink FROM qp WHERE approve_status = false ORDER BY upload_timestamp ASC")
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	defer rows.Close()
+
+	var qps []QuestionPaper = make([]QuestionPaper, 0)
+	for rows.Next() {
+		qp := QuestionPaper{}
+		err := rows.Scan(&qp.CourseCode, &qp.CourseName, &qp.Year, &qp.Exam, &qp.FileLink)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		qps = append(qps, qp)
+	}
+	http.Header.Add(w.Header(), "content-type", "application/json")
+	err = json.NewEncoder(w).Encode(&qps)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+}
+
 func upload(w http.ResponseWriter, r *http.Request) {
 	if r.Method != "POST" {
 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
@@ -499,23 +525,6 @@ func JWTMiddleware(handler http.Handler) http.Handler {
 	})
 }
 
-func getClaims(r *http.Request) jwt.MapClaims {
-	if claims, ok := r.Context().Value(claimsKey).(jwt.MapClaims); ok {
-		return claims
-	}
-	return nil
-}
-
-// func protectedRoute(w http.ResponseWriter, r *http.Request) {
-// 	claims := getClaims(r)
-
-// 	if claims != nil {
-// 		fmt.Fprintf(w, "Hello, %s", claims["username"])
-// 	} else {
-// 		http.Error(w, "No claims found", http.StatusUnauthorized)
-// 	}
-// }
-
 func CheckError(err error) {
 	if err != nil {
 		panic(err)
@@ -552,7 +561,7 @@ func LoadGhEnv() {
 }
 
 func main() {
-	err := godotenv.Load()
+	godotenv.Load()
 	host := os.Getenv("DB_HOST")
 	port, err := strconv.Atoi(os.Getenv("DB_PORT"))
 	CheckError(err)
@@ -587,7 +596,7 @@ func main() {
 	http.HandleFunc("/library", library)
 	http.HandleFunc("POST /upload", upload)
 	http.HandleFunc("POST /oauth", GhAuth)
-	// http.Handle("/protected", JWTMiddleware(http.HandlerFunc(protectedRoute)))
+	http.Handle("GET /unapproved", JWTMiddleware(http.HandlerFunc(listUnapprovedPapers)))
 
 	c := cors.New(cors.Options{
 		AllowedOrigins: []string{"https://qp.metakgp.org", "http://localhost:3000"},