diff --git a/app/start.go b/app/start.go
index 968e004..6f94383 100644
--- a/app/start.go
+++ b/app/start.go
@@ -18,10 +18,15 @@ func Start(conf common.Conf, db *sql.DB) {
 	{
 		gv1 := api.Group("/v1")
 		{
-			gv1.GET("/user/:id", Method(v1.UserGET, db, common.PrivilegeRead))
+			// Auth-free API endpoints
 			gv1.GET("/ping", Method(v1.Ping, db))
 			gv1.GET("/surprise_me", Method(v1.SurpriseMe, db))
 			gv1.GET("/privileges", Method(v1.PrivilegesGET, db))
+
+			// Read privilege required
+			gv1.GET("/users/:id", Method(v1.UserGET, db, common.PrivilegeRead))
+			gv1.GET("/badges", Method(v1.BadgesGET, db, common.PrivilegeRead))
+			gv1.GET("/badges/:id", Method(v1.BadgeByIDGET, db, common.PrivilegeRead))
 		}
 	}
 
diff --git a/app/v1/badge.go b/app/v1/badge.go
new file mode 100644
index 0000000..e48981e
--- /dev/null
+++ b/app/v1/badge.go
@@ -0,0 +1,57 @@
+package v1
+
+import (
+	"database/sql"
+
+	"github.com/osuripple/api/common"
+)
+
+type badgeData struct {
+	ID   int    `json:"id"`
+	Name string `json:"name"`
+	Icon string `json:"icon"`
+}
+
+// BadgeByIDGET is the handler for /badge/:id
+func BadgeByIDGET(md common.MethodData) (r common.Response) {
+	b := badgeData{}
+	err := md.DB.QueryRow("SELECT id, name, icon FROM badges WHERE id=? LIMIT 1", md.C.Param("id")).Scan(&b.ID, &b.Name, &b.Icon)
+	switch {
+	case err == sql.ErrNoRows:
+		r.Code = 404
+		r.Message = "No such badge was found"
+		return
+	case err != nil:
+		md.C.Error(err)
+		r = Err500
+		return
+	}
+	r.Code = 200
+	r.Data = b
+	return
+}
+
+// BadgesGET retrieves all the badges on this ripple instance.
+func BadgesGET(md common.MethodData) (r common.Response) {
+	var badges []badgeData
+	rows, err := md.DB.Query("SELECT id, name, icon FROM badges")
+	if err != nil {
+		md.C.Error(err)
+		r = Err500
+	}
+	defer rows.Close()
+	for rows.Next() {
+		nb := badgeData{}
+		err = rows.Scan(&nb.ID, &nb.Name, &nb.Icon)
+		if err != nil {
+			md.C.Error(err)
+		}
+		badges = append(badges, nb)
+	}
+	if err := rows.Err(); err != nil {
+		md.C.Error(err)
+	}
+	r.Code = 200
+	r.Data = badges
+	return
+}
diff --git a/app/v1/user.go b/app/v1/user.go
index 6e541fc..56b118c 100644
--- a/app/v1/user.go
+++ b/app/v1/user.go
@@ -44,7 +44,7 @@ func UserGET(md common.MethodData) (r common.Response) {
 	latestActivity := int64(0)
 	var badges string
 	var showcountry bool
-	err = md.DB.QueryRow("SELECT users.id, users.username, register_datetime, rank, latest_activity, users_stats.username_aka, users_stats.badges_shown, users_stats.country, users_stats.show_country FROM users LEFT JOIN users_stats ON users.id=users_stats.id WHERE users.id=?", uid).Scan(
+	err = md.DB.QueryRow("SELECT users.id, users.username, register_datetime, rank, latest_activity, users_stats.username_aka, users_stats.badges_shown, users_stats.country, users_stats.show_country FROM users LEFT JOIN users_stats ON users.id=users_stats.id WHERE users.id=? LIMIT 1", uid).Scan(
 		&user.ID, &user.Username, &registeredOn, &user.Rank, &latestActivity, &user.UsernameAKA, &badges, &user.Country, &showcountry)
 	switch {
 	case err == sql.ErrNoRows: