diff --git a/DamageAssesmentApi/DamageAssesment.Api.Answers/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Answers/Program.cs
index 417195c..2ffd8cf 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.Answers/Program.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Answers/Program.cs
@@ -32,6 +32,10 @@ builder.Services.AddDbContext<AnswerDbContext>(option =>
     option.UseSqlServer("AnswerConnection");
 });
 
+builder.Services.AddCors(p => p.AddPolicy("DamageAppCorsPolicy", build => {
+    build.WithOrigins("*").AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
+}));
+
 var app = builder.Build();
 
 // Configure the HTTP request pipeline.
@@ -40,7 +44,8 @@ if (app.Environment.IsDevelopment())
     app.UseSwagger();
     app.UseSwaggerUI();
 }
-
+app.UseCors("DamageAppCorsPolicy");
+app.UseAuthorization();
 
 // Enable CORS, authentication, and authorization middleware.
 app.UseCors("DamageAppCorsPolicy");
diff --git a/DamageAssesmentApi/DamageAssesment.Api.Attachments/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Attachments/Program.cs
index 018740c..c415f31 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.Attachments/Program.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Attachments/Program.cs
@@ -42,6 +42,9 @@ builder.Services.Configure<FormOptions>(o =>
     o.MultipartBodyLengthLimit = int.MaxValue;
     o.MemoryBufferThreshold = int.MaxValue;
 });
+builder.Services.AddCors(p => p.AddPolicy("DamageAppCorsPolicy", build => {
+    build.WithOrigins("*").AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
+}));
 
 var app = builder.Build();
 
@@ -53,10 +56,10 @@ if (app.Environment.IsDevelopment())
 }
 
 // Enable CORS, authentication, and authorization middleware.
+
 app.UseCors("DamageAppCorsPolicy");
 app.UseAuthorization();
 app.UseHttpsRedirection();
-
 app.MapControllers();
 app.UseStaticFiles();
 app.Run();
diff --git a/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Program.cs
index ec3acea..aec0623 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Program.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Program.cs
@@ -33,6 +33,9 @@ builder.Services.AddDbContext<DoculinkDbContext>(option =>
 {
     option.UseSqlServer("DoculinConnection");
 });
+builder.Services.AddCors(p => p.AddPolicy("DamageAppCorsPolicy", build => {
+    build.WithOrigins("*").AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
+}));
 var app = builder.Build();
 
 // Configure the HTTP request pipeline.
@@ -44,6 +47,7 @@ if (app.Environment.IsDevelopment())
 
 
 // Enable CORS, authentication, and authorization middleware.
+
 app.UseCors("DamageAppCorsPolicy");
 app.UseAuthorization();
 
diff --git a/DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs
index b8548ff..b1af271 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs
@@ -32,7 +32,9 @@ builder.Services.AddDbContext<EmployeeDbContext>(option =>
 {
     option.UseSqlServer("EmployeeConnection");
 });
-
+builder.Services.AddCors(p => p.AddPolicy("DamageAppCorsPolicy", build => {
+    build.WithOrigins("*").AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
+}));
 var app = builder.Build();
 
 // Configure the HTTP request pipeline.
@@ -49,6 +51,8 @@ if (app.Environment.IsDevelopment())
     }
 }
 
+app.UseCors("DamageAppCorsPolicy");
+
 // Enable CORS, authentication, and authorization middleware.
 app.UseCors("DamageAppCorsPolicy");
 
diff --git a/DamageAssesmentApi/DamageAssesment.Api.Locations/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Locations/Program.cs
index a96e13f..fa92c7b 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.Locations/Program.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Locations/Program.cs
@@ -31,6 +31,9 @@ builder.Services.AddDbContext<LocationDbContext>(option =>
 {
     option.UseSqlServer("LocationConnection");
 });
+builder.Services.AddCors(p => p.AddPolicy("DamageAppCorsPolicy", build => {
+    build.WithOrigins("*").AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
+}));
 var app = builder.Build();
 
 // Configure the HTTP request pipeline.
@@ -49,6 +52,8 @@ if (app.Environment.IsDevelopment())
     }
 }
 
+app.UseCors("DamageAppCorsPolicy");
+
 // Enable CORS, authentication, and authorization middleware.
 app.UseCors("DamageAppCorsPolicy");
 
diff --git a/DamageAssesmentApi/DamageAssesment.Api.Questions/Controllers/QuestionsController.cs b/DamageAssesmentApi/DamageAssesment.Api.Questions/Controllers/QuestionsController.cs
index c73ff8a..dbd4170 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.Questions/Controllers/QuestionsController.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Questions/Controllers/QuestionsController.cs
@@ -1,4 +1,5 @@
 using DamageAssesment.Api.Questions.Interfaces;
+using DamageAssesment.Api.Questions.Models;
 using Microsoft.AspNetCore.Mvc;
 
 namespace DamageAssesment.Api.Questions.Controllers
@@ -108,6 +109,27 @@ namespace DamageAssesment.Api.Questions.Controllers
             }
             return CreatedAtRoute("DefaultApi",questions);
         }
+
+        /// <summary>
+        /// POST request for creating a multiple question (multilingual).
+        /// </summary>
+        [HttpPut("questions/multiple/{surveyid}")]
+        public async Task<IActionResult> UpdateQuestions(int surveyid, List<Models.Question> questions)
+        {
+            if (questions != null)
+            {
+                var result = await this.questionsProvider.PutQuestionsAsync(surveyid,questions);
+                if (result.IsSuccess)
+                {
+                    return Ok(result.Question);
+                }
+                if (result.ErrorMessage == "Not Found")
+                    return NotFound(result.ErrorMessage);
+
+                return BadRequest(result.ErrorMessage);
+            }
+            return CreatedAtRoute("DefaultApi", questions);
+        }
         /// <summary>
         /// POST request for creating a new question (multilingual).
         /// </summary>
diff --git a/DamageAssesmentApi/DamageAssesment.Api.Questions/Interfaces/IQuestionsProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Questions/Interfaces/IQuestionsProvider.cs
index 4fcea32..eb2be52 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.Questions/Interfaces/IQuestionsProvider.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Questions/Interfaces/IQuestionsProvider.cs
@@ -9,6 +9,7 @@ namespace DamageAssesment.Api.Questions.Interfaces
         Task<(bool IsSuccess, List<SurveyQuestions> SurveyQuestions, string ErrorMessage)> GetSurveyQuestionAsync(int surveyId,string language);
         Task<(bool IsSuccess, Models.MultiLanguage Question, string ErrorMessage)> PostQuestionAsync(Models.Question Question);
         Task<(bool IsSuccess, IEnumerable<Models.MultiLanguage> Question, string ErrorMessage)> PostQuestionsAsync(List<Models.Question> Questions);
+        Task<(bool IsSuccess, IEnumerable<Models.MultiLanguage> Question, string ErrorMessage)> PutQuestionsAsync(int surveyId, List<Models.Question> Questions);
         Task<(bool IsSuccess, Models.MultiLanguage Question, string ErrorMessage)> UpdateQuestionAsync(Models.Question Question);
         Task<(bool IsSuccess, Models.MultiLanguage Question, string ErrorMessage)> DeleteQuestionAsync(int id);
 
diff --git a/DamageAssesmentApi/DamageAssesment.Api.Questions/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Questions/Program.cs
index 2eedaff..49bcda4 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.Questions/Program.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Questions/Program.cs
@@ -34,6 +34,9 @@ builder.Services.AddDbContext<QuestionDbContext>(option =>
 {
     option.UseSqlServer("QuestionConnection");
 });
+builder.Services.AddCors(p => p.AddPolicy("DamageAppCorsPolicy", build => {
+    build.WithOrigins("*").AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
+}));
 var app = builder.Build();
 
 // Configure the HTTP request pipeline.
@@ -50,6 +53,7 @@ if (app.Environment.IsDevelopment())
     }
 }
 
+
 // Enable CORS, authentication, and authorization middleware.
 app.UseCors("DamageAppCorsPolicy");
 app.UseAuthorization();
diff --git a/DamageAssesmentApi/DamageAssesment.Api.Questions/Providers/QuestionsProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Questions/Providers/QuestionsProvider.cs
index d6bfebc..b0b002a 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.Questions/Providers/QuestionsProvider.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Questions/Providers/QuestionsProvider.cs
@@ -376,6 +376,22 @@ namespace DamageAssesment.Api.Questions.Providers
                 return (false, null, ex.Message);
             }
         }
+
+        public async Task<(bool IsSuccess, IEnumerable<Models.MultiLanguage> Question, string ErrorMessage)> PutQuestionsAsync(int surveyId, List<Models.Question> Questions)
+        {
+            try
+            {
+                questionDbContext.Questions.ToList().RemoveAll(s=> s.SurveyId == surveyId);
+                questionDbContext.SaveChanges();
+                var response = await PostQuestionsAsync(Questions);
+                return (response);
+            }
+            catch (Exception ex)
+            {
+                logger?.LogError(ex.ToString());
+                return (false, null, ex.Message);
+            }
+        }
         public async Task<(bool IsSuccess, Models.MultiLanguage Question, string ErrorMessage)> UpdateQuestionAsync(Models.Question Question)
         {
             try
diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Program.cs
index 972ccce..1721409 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Program.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Program.cs
@@ -52,6 +52,9 @@ builder.Services.AddDbContext<SurveyResponseDbContext>(option =>
 {
     option.UseSqlServer("ResponsesConnection");
 });
+builder.Services.AddCors(p => p.AddPolicy("DamageAppCorsPolicy", build => {
+    build.WithOrigins("*").AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
+}));
 var app = builder.Build();
 
 // Configure the HTTP request pipeline.
@@ -61,7 +64,6 @@ if (app.Environment.IsDevelopment())
     app.UseSwaggerUI();
 }
 
-// Enable CORS, authentication, and authorization middleware.
 app.UseCors("DamageAppCorsPolicy");
 app.UseAuthorization();
 
diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Program.cs
new file mode 100644
index 0000000..8fbea9f
--- /dev/null
+++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Program.cs
@@ -0,0 +1,147 @@
+using DamageAssesment.Api.UsersAccess.Db;
+using DamageAssesment.Api.UsersAccess.Interfaces;
+using DamageAssesment.Api.UsersAccess.Providers;
+using DamageAssesment.Api.UsersAccess.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
+using System.Text;
+using Polly;
+using DamageAssesment.Api.UsersAccess.Services;
+using Microsoft.OpenApi.Models;
+using System.Reflection;
+using Microsoft.AspNetCore.Authorization;
+
+const int maxApiCallRetries = 3;
+const int intervalToRetry = 2; //2 seconds
+const int maxRetryForCircuitBraker = 5;
+const int intervalForCircuitBraker = 5; //5 seconds
+
+var builder = WebApplication.CreateBuilder(args);
+
+// Add services to the container.
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+
+
+builder.Services.AddAuthentication().
+    AddJwtBearer("DamageApp", item =>
+{
+
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+}).AddJwtBearer("Dadeschools", options =>
+{
+    options.Authority = builder.Configuration["Dadeschools:Authority"];
+    options.TokenValidationParameters.ValidTypes = new[] { "at+jwt" };
+    options.TokenValidationParameters.ValidateAudience = false;
+});
+
+
+builder.Services.AddAuthorization(options =>
+{
+    var DamageAppPolicy = new AuthorizationPolicyBuilder()
+        .RequireAuthenticatedUser()
+        .AddAuthenticationSchemes("DamageApp")
+        .Build();
+    var DadeschoolsPolicy = new AuthorizationPolicyBuilder()
+        .RequireAuthenticatedUser()
+        .AddAuthenticationSchemes("Dadeschools")
+        .Build();
+
+    var allPolicy = new AuthorizationPolicyBuilder()
+        .RequireAuthenticatedUser()
+        .AddAuthenticationSchemes("DamageApp", "Dadeschools")
+        .Build();
+    options.AddPolicy("DamageApp", DamageAppPolicy);
+    options.AddPolicy("Dadeschools", DadeschoolsPolicy);
+    options.AddPolicy("AllPolicies", allPolicy);
+    options.DefaultPolicy = options.GetPolicy("DamageApp")!;
+});
+
+var _jwtsettings = builder.Configuration.GetSection("JwtSettings");
+builder.Services.Configure<JwtSettings>(_jwtsettings);
+
+builder.Services.AddControllers();
+// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
+builder.Services.AddScoped<IUsersAccessProvider, UsersAccessProvider>();
+builder.Services.AddScoped<ITokenServiceProvider, TokenServiceProvider>();
+builder.Services.AddScoped<IEmployeeServiceProvider, EmployeeServiceProvider>();
+
+builder.Services.AddHttpClient<IHttpUtil, HttpUtil>().
+    AddTransientHttpErrorPolicy(policy => policy.WaitAndRetryAsync(maxApiCallRetries, _ => TimeSpan.FromSeconds(intervalToRetry))).
+    AddTransientHttpErrorPolicy(policy => policy.CircuitBreakerAsync(maxRetryForCircuitBraker, TimeSpan.FromSeconds(intervalForCircuitBraker)));
+
+builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
+builder.Services.AddEndpointsApiExplorer();
+//builder.Services.AddSwaggerGen();
+
+builder.Services.AddSwaggerGen(options =>
+{
+
+    // Include XML comments from your assembly
+    var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
+    var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
+    //options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
+});
+
+builder.Services.AddDbContext<UsersAccessDbContext>(option =>
+{
+    option.UseInMemoryDatabase("UsersAccess");
+});
+var app = builder.Build();
+
+// Configure the HTTP request pipeline.
+if (app.Environment.IsDevelopment())
+{
+    app.UseSwagger();
+    app.UseSwaggerUI();
+
+    using (var serviceScope = app.Services.CreateScope())
+    {
+        var services = serviceScope.ServiceProvider;
+        var usersAccessProvider = services.GetRequiredService<IUsersAccessProvider>();
+        usersAccessProvider.seedData();
+    }
+}
+
+app.UseAuthentication();
+app.UseAuthorization();
+
+app.MapControllers();
+app.Run();