diff --git a/pages/api/matching/subscription/create.ts b/pages/api/matching/subscription/create.ts
new file mode 100644
index 00000000..306cfd7e
--- /dev/null
+++ b/pages/api/matching/subscription/create.ts
@@ -0,0 +1,56 @@
+import { firestore } from 'firebase-admin';
+import { NextApiRequest, NextApiResponse } from 'next';
+import initializeApi from '../../../../lib/admin/init';
+import { userIsAuthorized } from '../../../../lib/authorization/check-authorization';
+
+initializeApi();
+const db = firestore();
+
+// interface of subscription data that contains the user id and the post id
+interface SubscriptionData {
+  userId: string;
+  postId: string;
+}
+
+// create a subscription for user that subscribe them to a post
+async function createSubscription(req: NextApiRequest, res: NextApiResponse) {
+  try {
+    const subscriptionData: SubscriptionData = JSON.parse(req.body);
+    await db.collection('subscriptions').add(subscriptionData);
+    return res.status(201).json({
+      msg: 'Subscription created',
+    });
+  } catch (error) {
+    return res.status(500).json({
+      msg: 'Unexpected error. Please try again later',
+    });
+  }
+}
+
+async function handlePostRequest(req: NextApiRequest, res: NextApiResponse) {
+  const userToken = req.headers['authorization'] as string;
+  const isAuthorized = await userIsAuthorized(userToken, ['hacker']);
+
+  if (!isAuthorized) {
+    return res.status(403).json({
+      statusCode: 403,
+      msg: 'Request is not authorized to perform this functionality',
+    });
+  }
+
+  return createSubscription(req, res);
+}
+
+export default function handler(req: NextApiRequest, res: NextApiResponse) {
+  const { method } = req;
+  switch (method) {
+    case 'POST': {
+      return handlePostRequest(req, res);
+    }
+    default: {
+      return res.status(404).json({
+        msg: 'Route not found',
+      });
+    }
+  }
+}
diff --git a/pages/api/matching/subscription/delete.ts b/pages/api/matching/subscription/delete.ts
new file mode 100644
index 00000000..e72c434c
--- /dev/null
+++ b/pages/api/matching/subscription/delete.ts
@@ -0,0 +1,76 @@
+import { firestore, auth } from 'firebase-admin';
+import { NextApiRequest, NextApiResponse } from 'next';
+import initializeApi from '../../../../lib/admin/init';
+import { userIsAuthorized } from '../../../../lib/authorization/check-authorization';
+
+initializeApi();
+const db = firestore();
+
+// interface of subscription data that contains the user id and the post id
+interface SubscriptionData {
+  userId: string;
+  postId: string;
+}
+
+// delete one subscription for user that unsubscribe them to a post
+async function deleteSubscription(req: NextApiRequest, res: NextApiResponse) {
+  // check if check if current logged in user matches the user id in the subscription data
+  const loggedInUserId = (await auth().verifyIdToken(req.headers['authorization'] as string)).uid;
+  if (loggedInUserId !== JSON.parse(req.body).userId) {
+    return res.status(403).json({
+      msg: 'Unauthorized to delete subscription',
+    });
+  }
+
+  try {
+    const subscriptionData: SubscriptionData = JSON.parse(req.body);
+    const snapshot = await db
+      .collection('subscriptions')
+      .where('userId', '==', subscriptionData.userId)
+      .where('postId', '==', subscriptionData.postId)
+      .get();
+    if (snapshot.empty) {
+      return res.status(404).json({
+        msg: 'Subscription to posting not found',
+      });
+    }
+
+    await Promise.all(snapshot.docs.map((doc) => doc.ref.delete()));
+
+    return res.status(200).json({
+      msg: 'Subscription to posting deleted',
+    });
+  } catch (error) {
+    return res.status(500).json({
+      msg: 'Unexpected error. Please try again later',
+    });
+  }
+}
+
+async function handleDeleteRequest(req: NextApiRequest, res: NextApiResponse) {
+  const userToken = req.headers['authorization'] as string;
+  const isAuthorized = await userIsAuthorized(userToken, ['hacker']);
+
+  if (!isAuthorized) {
+    return res.status(403).json({
+      statusCode: 403,
+      msg: 'Request is not authorized to perform this functionality',
+    });
+  }
+
+  return deleteSubscription(req, res);
+}
+
+export default function handler(req: NextApiRequest, res: NextApiResponse) {
+  const { method } = req;
+  switch (method) {
+    case 'POST': {
+      return handleDeleteRequest(req, res);
+    }
+    default: {
+      return res.status(404).json({
+        msg: 'Route not found',
+      });
+    }
+  }
+}
diff --git a/pages/api/matching/subscription/get.ts b/pages/api/matching/subscription/get.ts
new file mode 100644
index 00000000..fb4e3961
--- /dev/null
+++ b/pages/api/matching/subscription/get.ts
@@ -0,0 +1,65 @@
+import { firestore, auth } from 'firebase-admin';
+import { NextApiRequest, NextApiResponse } from 'next';
+import initializeApi from '../../../../lib/admin/init';
+import { userIsAuthorized } from '../../../../lib/authorization/check-authorization';
+
+initializeApi();
+const db = firestore();
+
+// get all subscriptions for user
+async function getSubscriptions(req: NextApiRequest, res: NextApiResponse) {
+  try {
+    const userId = req.query.userId as string;
+    const loggedInUserId = (await auth().verifyIdToken(req.headers['authorization'] as string)).uid;
+
+    if (userId !== loggedInUserId) {
+      return res.status(403).json({
+        msg: 'Unauthorized to get subscriptions',
+      });
+    }
+
+    const snapshot = await db.collection('subscriptions').where('userId', '==', userId).get();
+    if (snapshot.empty) {
+      return res.status(404).json({
+        msg: 'Subscriptions not found',
+      });
+    }
+    const subscriptions = [];
+    snapshot.forEach((doc) => {
+      subscriptions.push(doc.data());
+    });
+    return res.status(200).json(subscriptions);
+  } catch (error) {
+    return res.status(500).json({
+      msg: 'Unexpected error. Please try again later',
+    });
+  }
+}
+
+async function handleGetRequest(req: NextApiRequest, res: NextApiResponse) {
+  const userToken = req.headers['authorization'] as string;
+  const isAuthorized = await userIsAuthorized(userToken, ['hacker']);
+
+  if (!isAuthorized) {
+    return res.status(403).json({
+      statusCode: 403,
+      msg: 'Request is not authorized to perform this functionality',
+    });
+  }
+
+  return getSubscriptions(req, res);
+}
+
+export default function handler(req: NextApiRequest, res: NextApiResponse) {
+  const { method } = req;
+  switch (method) {
+    case 'GET': {
+      return handleGetRequest(req, res);
+    }
+    default: {
+      return res.status(404).json({
+        msg: 'Route not found',
+      });
+    }
+  }
+}