diff --git a/lib/travis/api/app.rb b/lib/travis/api/app.rb
index e8b290f4..434e1d8e 100644
--- a/lib/travis/api/app.rb
+++ b/lib/travis/api/app.rb
@@ -18,7 +18,7 @@ require 'sidekiq'
 require 'metriks/reporter/logger'
 require 'travis/support/log_subscriber/active_record_metrics'
 require 'fileutils'
-require 'travis/api/serializer'
+require 'travis/api/v2/http'
 
 # Rack class implementing the HTTP API.
 # Instances respond to #call.
diff --git a/lib/travis/api/app/endpoint/setting_endpoint.rb b/lib/travis/api/app/endpoint/setting_endpoint.rb
index 44bc047f..b7c47b76 100644
--- a/lib/travis/api/app/endpoint/setting_endpoint.rb
+++ b/lib/travis/api/app/endpoint/setting_endpoint.rb
@@ -32,15 +32,15 @@ class Travis::Api::App
 
     # Rails style methods for easy overriding
     def index
-      respond_with(collection, type: name, verson: :v2)
+      respond_with(collection, type: name, version: :v2)
     end
 
     def show
-      respond_with(record, type: singular_name, verson: :v2)
+      respond_with(record, type: singular_name, version: :v2)
     end
 
     def update
-      record.update(params[singular_name])
+      record.update(JSON.parse(request.body.read)[singular_name])
       if record.valid?
         repo_settings.save
         respond_with(record, type: singular_name, version: :v2)
@@ -51,7 +51,7 @@ class Travis::Api::App
     end
 
     def create
-      record = collection.create(params[singular_name])
+      record = collection.create(JSON.parse(request.body.read)[singular_name])
       if record.valid?
         repo_settings.save
         respond_with(record, type: singular_name, version: :v2)
@@ -64,7 +64,7 @@ class Travis::Api::App
     def destroy
       record = collection.destroy(params[:id]) || record_not_found
       repo_settings.save
-      respond_with(record, type: singular_name, verson: :v2)
+      respond_with(record, type: singular_name, version: :v2)
     end
 
     def singular_name
diff --git a/spec/integration/settings_endpoint_spec.rb b/spec/integration/settings_endpoint_spec.rb
index f7ae0dc7..1df946b7 100644
--- a/spec/integration/settings_endpoint_spec.rb
+++ b/spec/integration/settings_endpoint_spec.rb
@@ -78,8 +78,8 @@ describe Travis::Api::App::SettingsEndpoint do
 
     describe 'POST /items' do
       it 'creates a new item' do
-        params = { repository_id: repo.id, item: { name: 'foo', secret: 'TEH SECRET' } }
-        response = post '/settings/items', params, headers
+        body = { item: { name: 'foo', secret: 'TEH SECRET' } }.to_json
+        response = post "/settings/items?repository_id=#{repo.id}", body, headers
         json = JSON.parse(response.body)
         json['item']['name'].should == 'foo'
         json['item']['id'].should_not be_nil
@@ -92,8 +92,7 @@ describe Travis::Api::App::SettingsEndpoint do
       end
 
       it 'returns error message if item is invalid' do
-        params = { repository_id: repo.id }
-        response = post '/settings/items', params, headers
+        response = post "/settings/items?repository_id=#{repo.id}", '{}', headers
         response.status.should == 422
 
         json = JSON.parse(response.body)
@@ -116,8 +115,8 @@ describe Travis::Api::App::SettingsEndpoint do
         item = settings.items.create(name: 'an item', secret: 'TEH SECRET')
         settings.save
 
-        params = { repository_id: repo.id, item: { name: 'a new name', secret: 'a new secret' } }
-        response = patch '/settings/items/' + item.id, params, headers
+        body = { item: { name: 'a new name', secret: 'a new secret' } }.to_json
+        response = patch "/settings/items/#{item.id}?repository_id=#{repo.id}", body, headers
         json = JSON.parse(response.body)
         json['item']['name'].should == 'a new name'
         json['item']['id'].should == item.id
@@ -134,8 +133,8 @@ describe Travis::Api::App::SettingsEndpoint do
         item = settings.items.create(name: 'an item', secret: 'TEH SECRET')
         settings.save
 
-        params = { repository_id: repo.id, item: { name: '' } }
-        response = patch '/settings/items/' + item.id, params, headers
+        body = { item: { name: '' } }.to_json
+        response = patch "/settings/items/#{item.id}?repository_id=#{repo.id}", body, headers
         response.status.should == 422
 
         json = JSON.parse(response.body)
diff --git a/spec/integration/v2/settings/ssh_keys_spec.rb b/spec/integration/v2/settings/ssh_keys_spec.rb
index e78cf117..f13be3d0 100644
--- a/spec/integration/v2/settings/ssh_keys_spec.rb
+++ b/spec/integration/v2/settings/ssh_keys_spec.rb
@@ -11,7 +11,7 @@ describe Travis::Api::App::SettingsEndpoint do
 
     before { user.permissions.create!(:repository_id => repo.id, :admin => true, :push => true) }
 
-    describe 'GET /items/:id' do
+    describe 'GET /ssh_keys/:id' do
       it 'returns an item' do
         settings = repo.settings
         record = settings.ssh_keys.create(name: 'key for my repo', content: 'the key')
@@ -21,7 +21,7 @@ describe Travis::Api::App::SettingsEndpoint do
         json = JSON.parse(response.body)
         json['ssh_key']['name'].should == 'key for my repo'
         json['ssh_key']['id'].should == record.id
-        json['ssh_key'].should_not have_key('secret')
+        json['ssh_key'].should_not have_key('content')
       end
 
       it 'returns 404 if ssh_key can\'t be found' do
@@ -30,5 +30,117 @@ describe Travis::Api::App::SettingsEndpoint do
         json['error'].should == "Could not find a requested setting"
       end
     end
+
+    describe 'GET /settings/ssh_keys' do
+      it 'returns a list of ssh_keys' do
+        settings = repo.settings
+        record = settings.ssh_keys.create(name: 'key for my repo', content: 'the key')
+        settings.save
+
+        response = get '/settings/ssh_keys', { repository_id: repo.id }, headers
+        response.should be_successful
+
+        json = JSON.parse(response.body)
+        key = json['ssh_keys'].first
+        key['name'].should == 'key for my repo'
+        key['id'].should == record.id
+        key.should_not have_key('content')
+      end
+    end
+
+    describe 'POST /settings/ssh_keys' do
+      it 'creates a new key' do
+        body = { ssh_key: { name: 'foo', content: 'content' } }.to_json
+        response = post "/settings/ssh_keys?repository_id=#{repo.id}", body, headers
+        json = JSON.parse(response.body)
+        json['ssh_key']['name'].should == 'foo'
+        json['ssh_key']['id'].should_not be_nil
+        json['ssh_key'].should_not have_key('content')
+
+        ssh_key = repo.reload.settings.ssh_keys.first
+        ssh_key.id.should_not be_nil
+        ssh_key.name.should == 'foo'
+        ssh_key.content.decrypt.should == 'content'
+      end
+
+      it 'returns error message if a key is invalid' do
+        response = post "/settings/ssh_keys?repository_id=#{repo.id}", '{}', headers
+        response.status.should == 422
+
+        json = JSON.parse(response.body)
+        json['message'].should == 'Validation failed'
+        json['errors'].should == [{
+          'field' => 'name',
+          'code' => 'missing_field'
+        }]
+
+        repo.reload.settings.ssh_keys.length.should == 0
+      end
+    end
+
+    describe 'PATCH /settings/ssh_keys/:id' do
+      it 'should update a key' do
+        settings = repo.settings
+        ssh_key = settings.ssh_keys.create(name: 'foo', content: 'content')
+        settings.save
+
+        body = { ssh_key: { name: 'bar', content: 'a new content' } }.to_json
+        response = patch "/settings/ssh_keys/#{ssh_key.id}?repository_id=#{repo.id}", body, headers
+        json = JSON.parse(response.body)
+        json['ssh_key']['name'].should == 'bar'
+        json['ssh_key']['id'].should == ssh_key.id
+        json['ssh_key'].should_not have_key('content')
+
+        updated_ssh_key = repo.reload.settings.ssh_keys.find(ssh_key.id)
+        updated_ssh_key.id.should == ssh_key.id
+        updated_ssh_key.name.should == 'bar'
+        updated_ssh_key.content.decrypt.should == 'a new content'
+      end
+
+      it 'returns an error message if ssh_key is invalid' do
+        settings = repo.settings
+        ssh_key = settings.ssh_keys.create(name: 'foo', content: 'content')
+        settings.save
+
+        body = { ssh_key: { name: '' } }.to_json
+        response = patch "/settings/ssh_keys/#{ssh_key.id}?repository_id=#{repo.id}", body, headers
+        response.status.should == 422
+
+        json = JSON.parse(response.body)
+        json['message'].should == 'Validation failed'
+        json['errors'].should == [{
+          'field' => 'name',
+          'code' => 'missing_field'
+        }]
+
+        updated_ssh_key = repo.reload.settings.ssh_keys.find(ssh_key.id)
+        updated_ssh_key.id.should == ssh_key.id
+        updated_ssh_key.name.should == 'foo'
+        updated_ssh_key.content.decrypt.should == 'content'
+      end
+    end
+
+    describe 'DELETE /ssh_keys/:id' do
+      it 'should delete an ssh_key' do
+        settings = repo.settings
+        ssh_key = settings.ssh_keys.create(name: 'foo', content: 'content')
+        settings.save
+
+        params = { repository_id: repo.id }
+        response = delete '/settings/ssh_keys/' + ssh_key.id, params, headers
+        json = JSON.parse(response.body)
+        json['ssh_key']['name'].should == 'foo'
+        json['ssh_key']['id'].should == ssh_key.id
+        json['ssh_key'].should_not have_key('content')
+
+        repo.reload.settings.ssh_keys.should have(0).ssh_keys
+      end
+
+      it 'returns 404 if ssh_key can\'t be found' do
+        response = delete '/settings/ssh_keys/123', { repository_id: repo.id }, headers
+        json = JSON.parse(response.body)
+        json['error'].should == "Could not find a requested setting"
+      end
+    end
   end
 end