diff --git a/app/controllers/api/v0/base_controller.rb b/app/controllers/api/v0/base_controller.rb
index 631983e..c8edddd 100644
--- a/app/controllers/api/v0/base_controller.rb
+++ b/app/controllers/api/v0/base_controller.rb
@@ -117,31 +117,9 @@
 
       def render_bad_credentials
         self.headers['WWW-Authenticate'] = "Token realm=\"\""
-        render json: I18n.t("api.bad_credentials"), status: 401
+        render json: _("Bad Credentials"), status: 401
       end
 
-      def has_auth (auth_type)
-        #auth = false
-        # not sure if initial if is necissary, but it works with it there... refactor later?
-        # if !TokenPermission.where(api_token: @token).nil?
-        #   TokenPermission.where(api_token: @token).find_each do |permission|
-        #     if permission.token_permission_type.token_type == auth_type
-        #       auth = true
-        #       logger.info "we have auth"
-        #     end
-        #   end
-        # end
-        
-        #OrgTokenPermission.where(org_id: @user.org_id).find_each do |org_token_permission|
-        #  logger.debug "#{org_token_permission.token_permission_type.token_type}"
-        #  if org_token_permission.token_permission_type.token_type == auth_type
-        #    auth= true
-        #  end
-        #end
-        #return auth
-        tpt = TokenPermissionType.find_by(token_type: auth)
-        org.token_permission_types.include?(tpt)
-      end
 
     end
   end
diff --git a/app/models/token_permission_type.rb b/app/models/token_permission_type.rb
index 27b138e..71d4acb 100644
--- a/app/models/token_permission_type.rb
+++ b/app/models/token_permission_type.rb
@@ -16,10 +16,10 @@
 
   ##
   # Constant Token Permission Types
-  GUIDANCES   = TokenPermissionType.where(name: 'guidances').first.freeze
-  PLANS       = TokenPermissionType.where(name: 'plans').first.freeze
-  TEMPLATES   = TokenPermissionType.where(name: 'templates').first.freeze
-  STATISTICS  = TokenPermissionType.where(name: 'statistics').first.freeze
+  GUIDANCES   = TokenPermissionType.where(token_type: 'guidances').first.freeze
+  PLANS       = TokenPermissionType.where(token_type: 'plans').first.freeze
+  TEMPLATES   = TokenPermissionType.where(token_type: 'templates').first.freeze
+  STATISTICS  = TokenPermissionType.where(token_type: 'statistics').first.freeze
 
 
   ##
diff --git a/app/policies/api/v0/guidance_policy.rb b/app/policies/api/v0/guidance_policy.rb
new file mode 100644
index 0000000..5379c1e
--- /dev/null
+++ b/app/policies/api/v0/guidance_policy.rb
@@ -0,0 +1,26 @@
+class GuidancePolicy < GuidancePolicy
+  attr_reader :user
+  attr_reader :guidance
+
+  def initialize(user, guidance)
+    raise Pundit::NotAuthorizedError, _("must be logged in") unless user
+    unless user.org.token_permission_types.include? TokenPermissionType::GUIDANCES
+      raise Pundit::NotAuthorizedError, _("must have access to guidances api")
+    end
+    @user = user
+    @guidance = guidance
+  end
+
+  ##
+  # is the plan editable by the user
+  def show?
+    Guidance.can_view(@user, @guidance.id)
+  end
+
+  ##
+  # always allowed as index chooses which guidances to display
+  def index?
+    true
+  end
+
+end
\ No newline at end of file
diff --git a/app/views/api/v0/guidances/index.json.jbuilder b/app/views/api/v0/guidances/index.json.jbuilder
index 82edd20..ac98f0a 100644
--- a/app/views/api/v0/guidances/index.json.jbuilder
+++ b/app/views/api/v0/guidances/index.json.jbuilder
@@ -8,22 +8,15 @@
   json.updated_at   guidance.updated_at
 
   # each guidance may be associated with many guidance groups
-  @guidance_groups = guidance.guidance_groups
-  json.guidance_groups @guidance_groups do |guidance_group|
-    json.name       guidance_group.name
-    json.id         guidance_group.id
+  guidance_group = guidance.guidance_group
+  unless guidance_group.nil?
+    json.guidance_group do
+      json.name       guidance_group.name
+      json.id         guidance_group.id
 
-    # for each template associated with the guidance group, list the template name
-    @templates = guidance_group.dmptemplates
-    # if the template is empty, instead use all avalable templates
-    if @templates.empty?
-      @templates = Dmptemplate.all
+      json.optional   guidance_group.optional_subset
+      json.updated    guidance_group.updated_at
     end
-    json.templates @templates do |template|
-      json.title    template.title
-    end
-    json.optional   guidance_group.optional_subset
-    json.updated    guidance_group.updated_at
   end
 
 end
diff --git a/app/views/api/v0/guidances/show.json.jbuilder b/app/views/api/v0/guidances/show.json.jbuilder
index be04df7..67d3385 100644
--- a/app/views/api/v0/guidances/show.json.jbuilder
+++ b/app/views/api/v0/guidances/show.json.jbuilder
@@ -7,22 +7,14 @@
   json.text   @guidance.text
   json.updated_at   @guidance.updated_at
 
-  # each guidance may be associated with many guidance groups
-  @guidance_groups = @guidance.guidance_groups
-  unless @guidance_groups.empty?
-    json.guidance_groups @guidance_groups do |guidance_group|
+  # each guidance may be associated with one guidance group
+  guidance_group = @guidance.guidance_group
+
+  unless guidance_group.nil?
+    json.guidance_group do
       json.name       guidance_group.name
       json.id         guidance_group.id
 
-      # for each template associated with the guidance group, list the template name
-      @templates = guidance_group.dmptemplates
-      # if the template is empty, instead use all avalable templates
-      if @templates.empty?
-        @templates = Dmptemplate.all
-      end
-      json.templates @templates do |template|
-        json.title    template.title
-      end
       json.optional   guidance_group.optional_subset
       json.updated    guidance_group.updated_at
     end