diff --git a/app/controllers/api/v1/Menu.controller.js b/app/controllers/api/v1/Menu.controller.js
index 08a1bc8..a13f046 100644
--- a/app/controllers/api/v1/Menu.controller.js
+++ b/app/controllers/api/v1/Menu.controller.js
@@ -68,6 +68,7 @@ class Menu extends Controller {
             noChildren: true,
             virtual: true,
             type: PageType.Branch,
+            userRootPage: true,
         })
 
         // Get view only shared trees
@@ -125,6 +126,61 @@ class Menu extends Controller {
         return res.api(menu)
     }
 
+    async move_node(req, res, next) {
+        const Page = this.models.get('api:Page');
+
+        if ( !req.body.MovedPageId ) {
+            return res.status(400)
+                .message('Missing MovedPageId.')
+                .api()
+        }
+
+        if ( !req.body.ParentPageId && req.body.ParentPageId !== 0 ) {
+            return res.status(400)
+                .message('Missing ParentPageId.')
+                .api()
+        }
+
+        const moved_page = await Page.findOne({ UUID: req.body.MovedPageId, Active: true })
+        if ( !moved_page || !(await moved_page.is_accessible_by(req.user, 'manage')) ) {
+            return res.status(400)
+                .message('You do not have permission to move this page.')
+                .api()
+        }
+
+        const parent_page = req.body.ParentPageId === 0 ? await req.user.get_root_page()
+            : await Page.findOne({ UUID: req.body.ParentPageId, Active: true })
+
+        if ( !parent_page || !(await parent_page.is_accessible_by(req.user, 'manage')) ) {
+            return res.status(400)
+                .message('You do not have permission to move into that page.')
+                .api()
+        }
+
+        // For now, disallow moving pages between users
+        if ( `${moved_page.OrgUserId}` !== `${parent_page.OrgUserId}` ) {
+            return res.status(400)
+                .message('Moving pages between user accounts is not supported at this time.')
+                .api()
+        }
+
+        if ( !moved_page.ParentId || moved_page.ParentId === '0' ) {
+            return res.status(400)
+                .message('You cannot move a root page node.')
+                .api()
+        }
+
+        const old_parent = await moved_page.parent
+        moved_page.ParentId = parent_page.UUID;
+        old_parent.ChildPageIds = old_parent.ChildPageIds.filter(x => x !== moved_page.UUID);
+        parent_page.ChildPageIds.push(moved_page.UUID);
+
+        await parent_page.save();
+        await moved_page.save();
+        await old_parent.save();
+        return res.api();
+    }
+
     async _build_menu_object(parent_node, arr= [], page_only = false) {
         const children = await this.models.get('api:Page').find({UUID: {$in: parent_node.ChildPageIds}})
         if ( children ) {
diff --git a/app/routing/middleware/auth/ApiRoute.middleware.js b/app/routing/middleware/auth/ApiRoute.middleware.js
index 3359029..bba667a 100644
--- a/app/routing/middleware/auth/ApiRoute.middleware.js
+++ b/app/routing/middleware/auth/ApiRoute.middleware.js
@@ -6,7 +6,6 @@ class ApiRoute extends Middleware {
     }
 
     async test(req, res, next, { allow_public = false }) {
-        console.log({allow_public})
         // If we have an authenticated session, just continue
         if ( req.is_auth ) {
             return next()
diff --git a/app/routing/routers/api/v1/menu.routes.js b/app/routing/routers/api/v1/menu.routes.js
index a660ddd..819275a 100644
--- a/app/routing/routers/api/v1/menu.routes.js
+++ b/app/routing/routers/api/v1/menu.routes.js
@@ -13,6 +13,9 @@ module.exports = exports = {
     },
 
     post: {
-
+        '/move-node': [
+            ['middleware::auth:ApiRoute', { allow_public: true }],
+            'controller::api:v1:Menu.move_node',
+        ],
     },
 }