diff --git a/src/routes/settings.js b/src/routes/settings.js
index 19ea9d752..0edbafded 100644
--- a/src/routes/settings.js
+++ b/src/routes/settings.js
@@ -15,6 +15,9 @@ exports = module.exports = {
     getDnsConfig: getDnsConfig,
     setDnsConfig: setDnsConfig,
 
+    getBackupConfig: getBackupConfig,
+    setBackupConfig: setBackupConfig,
+
     setCertificate: setCertificate,
     setAdminCertificate: setAdminCertificate
 };
@@ -111,6 +114,27 @@ function setDnsConfig(req, res, next) {
     });
 }
 
+function getBackupConfig(req, res, next) {
+    settings.getBackupConfig(function (error, config) {
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(200, config));
+    });
+}
+
+function setBackupConfig(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+
+    if (typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider is required'));
+
+    settings.setBackupConfig(req.body, function (error) {
+        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(200));
+    });
+}
+
 // default fallback cert
 function setCertificate(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
diff --git a/src/routes/test/cloudron-test.js b/src/routes/test/cloudron-test.js
index 0fcbb2864..b78ef40fc 100644
--- a/src/routes/test/cloudron-test.js
+++ b/src/routes/test/cloudron-test.js
@@ -282,6 +282,19 @@ describe('Cloudron', function () {
                         callback();
                     });
                 },
+
+                function setupBackupConfig(callback) {
+                    request.post(SERVER_URL + '/api/v1/settings/backup_config')
+                           .send({ provider: 'caas', token: 'BACKUP_TOKEN', bucket: 'Bucket', prefix: 'Prefix' })
+                           .query({ access_token: token })
+                           .end(function (error, result) {
+                        expect(error).to.not.be.ok();
+                        expect(result.statusCode).to.equal(200);
+
+                        callback();
+                    });
+                }
+
             ], done);
         });
 
@@ -341,7 +354,6 @@ describe('Cloudron', function () {
             });
         });
 
-
         it('fails with wrong region type', function (done) {
             request.post(SERVER_URL + '/api/v1/cloudron/migrate')
                    .send({ size: 'small', region: 4, password: PASSWORD })
@@ -355,7 +367,7 @@ describe('Cloudron', function () {
 
         it('fails when in wrong state', function (done) {
             var scope2 = nock(config.apiServerOrigin())
-                    .post('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=APPSTORE_TOKEN')
+                    .post('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=BACKUP_TOKEN')
                     .reply(201, { credentials: { AccessKeyId: 'accessKeyId', SecretAccessKey: 'secretAccessKey', SessionToken: 'sessionToken' } });
 
             var scope3 = nock(config.apiServerOrigin())
@@ -391,7 +403,6 @@ describe('Cloudron', function () {
             });
         });
 
-
         it('succeeds', function (done) {
             var scope1 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/migrate?token=APPSTORE_TOKEN', function (body) {
                 return body.size && body.region && body.restoreKey;
@@ -404,7 +415,7 @@ describe('Cloudron', function () {
                     .reply(200, { id: 'someid' });
 
             var scope3 = nock(config.apiServerOrigin())
-                    .post('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=APPSTORE_TOKEN')
+                    .post('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=BACKUP_TOKEN')
                     .reply(201, { credentials: { AccessKeyId: 'accessKeyId', SecretAccessKey: 'secretAccessKey', SessionToken: 'sessionToken' } });
 
             injectShellMock();
diff --git a/src/server.js b/src/server.js
index 5c7563898..124d06b11 100644
--- a/src/server.js
+++ b/src/server.js
@@ -160,6 +160,8 @@ function initializeExpressSync() {
     router.post('/api/v1/settings/cloudron_avatar',    settingsScope, multipart, routes.settings.setCloudronAvatar);
     router.get ('/api/v1/settings/dns_config',         settingsScope, routes.settings.getDnsConfig);
     router.post('/api/v1/settings/dns_config',         settingsScope, routes.settings.setDnsConfig);
+    router.get ('/api/v1/settings/backup_config',      settingsScope, routes.settings.getBackupConfig);
+    router.post('/api/v1/settings/backup_config',      settingsScope, routes.settings.setBackupConfig);
     router.post('/api/v1/settings/certificate',        settingsScope, routes.settings.setCertificate);
     router.post('/api/v1/settings/admin_certificate',  settingsScope, routes.settings.setAdminCertificate);