diff --git a/app/controllers/api/v1/registrant/confirms_controller.rb b/app/controllers/api/v1/registrant/confirms_controller.rb
new file mode 100644
index 000000000..cbc8c5413
--- /dev/null
+++ b/app/controllers/api/v1/registrant/confirms_controller.rb
@@ -0,0 +1,55 @@
+require 'serializers/registrant_api/domain'
+
+module Api
+  module V1
+    module Registrant
+      class ConfirmsController < ::Api::V1::Registrant::BaseController
+        skip_before_action :authenticate, :set_paper_trail_whodunnit
+        before_action :set_domain, only: %i[index update]
+        before_action :verify_updateable, only: %i[index update]
+
+        def index
+          render json: {
+            domain_name: @domain.name,
+            current_registrant: serialized_registrant(@domain.registrant),
+            new_registrant: serialized_registrant(@domain.pending_registrant)
+          }
+        end
+
+        def update
+        end
+
+        private
+
+        def serialized_registrant(registrant)
+          {
+            name: registrant.try(:name),
+            ident: registrant.try(:ident),
+            country: registrant.try(:ident_country_code)
+          }
+        end
+
+        def confirmation_params
+          params do |p|
+            p.require(:name)
+            p.require(:token)
+          end
+        end
+
+        def set_domain
+          @domain = Domain.find_by(name: confirmation_params[:name])
+          return if @domain
+
+          render json: { error: 'Domain not found' }, status: :not_found
+        end
+
+        def verify_updateable
+          return if @domain.registrant_update_confirmable?(confirmation_params[:token])
+
+          render json: { error: 'Application expired or not found' },
+          status: :unauthorized
+        end
+      end
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index f58063fae..0b74a2b97 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -56,12 +56,12 @@ Rails.application.routes.draw do
     namespace :v1 do
       namespace :registrant do
         post 'auth/eid', to: 'auth#eid'
-
+        get 'confirms/:name/:token', to: 'confirms#index', constraints: { name: /[^\/]+/ }
+        post 'confirms/:name/:token', to: 'confirms#update', constraints: { name: /[^\/]+/ }
         resources :domains, only: %i[index show], param: :uuid do
           resource :registry_lock, only: %i[create destroy]
         end
         resources :contacts, only: %i[index show update], param: :uuid
-        resources :companies, only: %i[index]
       end
 
       resources :auctions, only: %i[index show update], param: :uuid