diff --git a/lib/session.ts b/lib/session.ts
index bd6ac70..eb5942c 100644
--- a/lib/session.ts
+++ b/lib/session.ts
@@ -15,3 +15,12 @@ export default function withSession(handler: Handler) {
     },
   })
 }
+
+export const isAdminSession = function (req: any, res: any) {
+  const user = req?.session.get('user')
+  if (user && user.role === 'admin') {
+    return true
+  }
+  res.status(401).end('Your are unauthorized. Best to move along...')
+  return false
+}
diff --git a/pages/admin/booking/[uuid]/bill.tsx b/pages/admin/booking/[uuid]/bill.tsx
index 546f853..675ed89 100644
--- a/pages/admin/booking/[uuid]/bill.tsx
+++ b/pages/admin/booking/[uuid]/bill.tsx
@@ -93,7 +93,7 @@ async function saveBill(
     status: BILL_STATUS
   }
 ): Promise<BillDocument> {
-  const response = await fetch(`/api/booking/${booking.uuid}/bill`, {
+  const response = await fetch(`/api/admin/booking/${booking.uuid}/bill`, {
     method: booking.bill?._id ? 'PATCH' : 'POST',
     mode: 'cors',
     cache: 'no-cache',
diff --git a/pages/admin/booking/[uuid]/index.tsx b/pages/admin/booking/[uuid]/index.tsx
new file mode 100644
index 0000000..cf50db5
--- /dev/null
+++ b/pages/admin/booking/[uuid]/index.tsx
@@ -0,0 +1,78 @@
+import React, { useEffect, useState } from 'react'
+import Footer from '../../../../components/footer'
+import Header from '../../../../components/header'
+import Input from '../../../../components/input'
+import { getServerSideBooking } from '../../../../lib/getServerSideProps'
+import { BookingDocument } from '../../../../db/booking'
+import { getBookingStatus } from '../../../../helpers/booking'
+
+export const getServerSideProps = getServerSideBooking
+
+async function storeBooking(booking: BookingDocument) {
+  const response = await fetch(`/api/admin/booking/${booking.uuid}`, {
+    method: 'PATCH',
+    mode: 'cors',
+    cache: 'no-cache',
+    credentials: 'same-origin',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    referrerPolicy: 'no-referrer',
+    body: JSON.stringify({ ...booking }),
+  })
+  return response.json()
+}
+
+export default function ShowBookingAdmin({
+  booking: bookingProp,
+}: {
+  booking: BookingDocument
+}) {
+  const [booking, setBooking] = useState(bookingProp)
+  const [storingBooking, setStoringBooking] = useState(false)
+  const [storingBookingError, setStoringBookingError] = useState(null)
+
+  // in case the props change, update the internal state
+  useEffect(() => setBooking(bookingProp), [bookingProp])
+
+  const onStoreBooking = async () => {
+    try {
+      setStoringBookingError(null)
+      setStoringBooking(true)
+      const updatedBooking = await storeBooking(booking)
+      setBooking(updatedBooking)
+    } catch (error) {
+      setStoringBookingError('Buchung konnte nicht gespeichert werden.')
+      console.error('Failed to store booking', error)
+    }
+    setStoringBooking(false)
+  }
+
+  return (
+    <div className="mx-3 flex flex-col min-h-screen">
+      <Header />
+      <main className="flex-grow">
+        <h2 className="text-3xl">Buchung {booking.uuid}</h2>
+        <div>
+          <strong>Buchungsstatus:</strong> {getBookingStatus(booking)}
+        </div>
+        <Input label="Von" type="date" value={booking.startDate} readOnly />
+        <Input label="Bis" type="date" value={booking.endDate} readOnly />
+        {storingBookingError && (
+          <div className="error-message flex-grow">{storingBookingError}</div>
+        )}
+        <div className="my-6">
+          <button
+            onClick={onStoreBooking}
+            className="btn btn-blue"
+            disabled={storingBooking}
+          >
+            Buchung Speichern
+          </button>
+        </div>
+      </main>
+
+      <Footer />
+    </div>
+  )
+}
diff --git a/pages/api/booking/[uuid]/bill.ts b/pages/api/admin/booking/[uuid]/bill.ts
similarity index 74%
rename from pages/api/booking/[uuid]/bill.ts
rename to pages/api/admin/booking/[uuid]/bill.ts
index 9adaf0c..4f1c21b 100644
--- a/pages/api/booking/[uuid]/bill.ts
+++ b/pages/api/admin/booking/[uuid]/bill.ts
@@ -1,20 +1,18 @@
-import { BillDocument } from '../../../../db/bill'
-import { createBill, patchBill } from '../../../../db/index'
-import withSession from '../../../../lib/session'
+import { BillDocument } from '../../../../../db/bill'
+import { createBill, patchBill } from '../../../../../db/index'
+import withSession, { isAdminSession } from '../../../../../lib/session'
 
 export default withSession(async function billHandler(req, res) {
+  if (!isAdminSession(req, res)) {
+    return
+  }
+
   const {
     method,
     query: { uuid: uuids },
   } = req
   const bookingUUID = Array.isArray(uuids) ? uuids[0] : uuids
 
-  const user = req?.session.get('user')
-  if (!user || user.role !== 'admin') {
-    res.status(401).end('Your are unauthorized. Best to move along...')
-    return
-  }
-
   let bill: BillDocument
 
   switch (method) {
diff --git a/pages/api/admin/booking/[uuid]/index.ts b/pages/api/admin/booking/[uuid]/index.ts
new file mode 100644
index 0000000..8be8775
--- /dev/null
+++ b/pages/api/admin/booking/[uuid]/index.ts
@@ -0,0 +1,32 @@
+import { BookingDocument } from '../../../../../db/booking'
+import { getBookingByUUID } from '../../../../../db/index'
+import withSession, { isAdminSession } from '../../../../../lib/session'
+
+export default withSession(async function bookingHandler(req, res) {
+  if (!isAdminSession(req, res)) {
+    return
+  }
+
+  const {
+    method,
+    query: { uuid: uuids },
+  } = req
+
+  const uuid = Array.isArray(uuids) ? uuids[0] : uuids
+
+  let booking: BookingDocument
+
+  switch (method) {
+    case 'PATCH':
+      booking = await getBookingByUUID(uuid)
+
+      // FIXME: validate all the things
+      booking.set(req.body)
+      await booking.save()
+      res.status(200).json(booking.toJSON())
+      break
+    default:
+      res.setHeader('Allow', ['PATCH'])
+      res.status(405).end(`Method ${method} Not Allowed`)
+  }
+})