diff --git a/functions/api/data-transfers/create.ts b/functions/api/data-transfers/create.ts
index 85eb574..48c87bd 100644
--- a/functions/api/data-transfers/create.ts
+++ b/functions/api/data-transfers/create.ts
@@ -3,8 +3,11 @@ export async function onRequestPost(context: RequestContext) {
 
   if (
     typeof has_access !== "boolean" ||
-    has_access && typeof cookie !== "string" ||
-    has_access && !cookie.match(/_\|WARNING:-DO-NOT-SHARE-THIS\.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items\.\|_[A-F\d]+/)
+    (has_access && typeof cookie !== "string") ||
+    (has_access &&
+      !cookie.match(
+        /_\|WARNING:-DO-NOT-SHARE-THIS\.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items\.\|_[A-F\d]+/,
+      ))
   )
     return new Response('{"error":"Invalid request"}', {
       headers: {
@@ -13,24 +16,91 @@ export async function onRequestPost(context: RequestContext) {
       status: 400,
     });
 
-  const id = (context.request.headers.get("cf-ray")?.split("-")[0] as string) + Date.now().toString() + crypto.randomUUID().replaceAll("-", "");
+  const id =
+    (context.request.headers.get("cf-ray")?.split("-")[0] as string) +
+    Date.now().toString() +
+    crypto.randomUUID().replaceAll("-", "");
 
-  if (!has_access) {
+  if (has_access) {
+    await context.env.DATA.put(`datatransfer_${id}`, "{}", {
+      expirationTtl: 1800,
+    });
 
+    const host = context.request.headers.get("Host") as string;
+
+    return new Response(
+      `{"url":"https://apis.roblox.com/oauth/v1/authorize?client_id=${
+        context.env.ROBLOX_OAUTH_CLIENT_ID
+      }&redirect_uri=${encodeURIComponent(
+        `http${host.startsWith(
+          "localhost" ? "" : "s",
+        )}://${host}/api/data-transfers/verify`,
+      )}&state=${id}"}`,
+      {
+        headers: {
+          "set-cookie": `__dtid=${id}; HttpOnly; Max-Age=3600; Path=/; SameSite=Lax; Secure`,
+        },
+      },
+    );
   }
-  const authedUserReq = await fetch("https://users.roblox.com/v1/users/authenticated", {
-    headers: {
-      cookie: `.ROBLOSECURITY=${cookie}`,
+
+  const authedUserReq = await fetch(
+    "https://users.roblox.com/v1/users/authenticated",
+    {
+      headers: {
+        cookie: `.ROBLOSECURITY=${cookie}`,
+      },
     },
-  });
+  );
 
   if (!authedUserReq.ok)
     return new Response('{"error":"Cookie is invalid"}', {
       headers: {
         "content-type": "application/json",
       },
-      status: 400
+      status: 400,
     });
 
-  const authedUser: { id: number, name: string } = await authedUserReq.json();
+  const authedUser: { id: number; name: string } = await authedUserReq.json();
+
+  const createCardReq = await fetch(
+    `https://api.trello.com/1/cards?key=${context.env.TRELLO_API_KEY}&token=${context.env.TRELLO_API_TOKEN}`,
+    {
+      body: JSON.stringify({
+        desc: `Old account: ${authedUser.name} (${authedUser.id})`,
+        idList: "5fbd440cd30b6377f959e244",
+        name: `${authedUser.name} | Data Transfer`,
+      }),
+      headers: {
+        accept: "application/json",
+        "content-type": "application/json",
+      },
+      method: "POST",
+    },
+  );
+
+  if (!createCardReq.ok)
+    return new Response('{"error":"Failed to create entry"}', {
+      headers: {
+        "content-type": "application/json",
+      },
+      status: 500,
+    });
+
+  await context.env.DATA.put(
+    `datatransfer_${id}`,
+    JSON.stringify({
+      oldUser: authedUser,
+    }),
+    {
+      expirationTtl: 900,
+    },
+  );
+
+  return new Response(null, {
+    headers: {
+      location: `/data-transfer/${id}`,
+    },
+    status: 201,
+  });
 }