diff --git a/api/src/controllers/staff.controllers.ts b/api/src/controllers/staff.controllers.ts
index dbe6ed75ab164acd4d666d4052ac4d10d608431a..4137841b3f7c356e69813f6c71b1abad2ebd603b 100644
--- a/api/src/controllers/staff.controllers.ts
+++ b/api/src/controllers/staff.controllers.ts
@@ -28,7 +28,30 @@ export const login = async (req: Request, res: Response) => {
 };
 
 export const addAccount = async (req: Request, res: Response) => {
-    const { username, password } = req.body;
+    const { username, password } = req.query;
+
+    if (typeof username !== "string") {     //TODO: toto má byť asi niekde inde (dalsich 20 riadkov)
+        return res.status(400).json({
+            message: "Query param 'username' has to be of type string"
+        });
+    }
+    if (typeof password !== "string") {
+        return res.status(400).json({
+            message: "Query param 'password' has to be of type string"
+        });
+    }
+
+    const staff = await prisma.staff.findUnique({
+        where:{
+            username,
+        }
+    })
+    if(staff){
+        return res.status(400).json({
+            status: 'error',
+            message: 'username already exists'
+        });
+    }
 
     bcrypt.hash(password, 10, async (err: any, hash: any) => {
       if(err){
diff --git a/api/src/middleware/staff.middleware.ts b/api/src/middleware/staff.middleware.ts
index a296023f13ae948a836d7df43f60b885ff309690..13e3561c1c014b0ddc2d93998ad79c54b7763d4f 100644
--- a/api/src/middleware/staff.middleware.ts
+++ b/api/src/middleware/staff.middleware.ts
@@ -26,7 +26,8 @@ export const authorizeStaff = (req: Request, res: Response, next: NextFunction)
 };
 
 export const validateStaffLogin = async (req: Request, res: Response, next: NextFunction) => {
-    const { username, password } = req.body;
+    const { username, password } = req.query;
+
     if(!username || !password){
         return res.status(400).json({
             status: 'error',