diff --git a/.gitignore b/.gitignore
index eb3489a..dc942a9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,4 @@
 # Ignore all logfiles and tempfiles.
 /log/*.log
 /tmp
+.env
diff --git a/Gemfile b/Gemfile
index 5513b1d..8cc83d9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -35,3 +35,7 @@ group :test do
   # Pretty printed test output
   gem 'turn', :require => false
 end
+
+group :development, :test do
+  gem 'dotenv-rails' # Protects api-keys
+end
\ No newline at end of file
diff --git a/Gemfile.lock b/Gemfile.lock
index 29857a1..70a5427 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,138 +1,185 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (3.2.8)
-      actionpack (= 3.2.8)
-      mail (~> 2.4.4)
-    actionpack (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.0)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.1.3)
-    activemodel (3.2.8)
-      activesupport (= 3.2.8)
-      builder (~> 3.0.0)
-    activerecord (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-    activesupport (3.2.8)
-      i18n (~> 0.6)
-      multi_json (~> 1.0)
-    addressable (2.3.2)
-    ansi (1.4.3)
-    arel (3.0.2)
-    builder (3.0.0)
-    coffee-rails (3.2.2)
+    actioncable (5.2.1.1)
+      actionpack (= 5.2.1.1)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.1.1)
+      actionpack (= 5.2.1.1)
+      actionview (= 5.2.1.1)
+      activejob (= 5.2.1.1)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.2.1.1)
+      actionview (= 5.2.1.1)
+      activesupport (= 5.2.1.1)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.2.1.1)
+      activesupport (= 5.2.1.1)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.2.1.1)
+      activesupport (= 5.2.1.1)
+      globalid (>= 0.3.6)
+    activemodel (5.2.1.1)
+      activesupport (= 5.2.1.1)
+    activerecord (5.2.1.1)
+      activemodel (= 5.2.1.1)
+      activesupport (= 5.2.1.1)
+      arel (>= 9.0)
+    activestorage (5.2.1.1)
+      actionpack (= 5.2.1.1)
+      activerecord (= 5.2.1.1)
+      marcel (~> 0.3.1)
+    activesupport (5.2.1.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    ansi (1.5.0)
+    arel (9.0.0)
+    builder (3.2.3)
+    coffee-rails (4.2.2)
       coffee-script (>= 2.2.0)
-      railties (~> 3.2.0)
-    coffee-script (2.2.0)
+      railties (>= 4.0.0)
+    coffee-script (2.4.1)
       coffee-script-source
       execjs
-    coffee-script-source (1.3.3)
-    erubis (2.7.0)
-    execjs (1.4.0)
-      multi_json (~> 1.0)
-    faraday (0.7.6)
-      addressable (~> 2.2)
-      multipart-post (~> 1.1)
-      rack (~> 1.1)
-    hashie (1.2.0)
-    hike (1.2.1)
-    httpauth (0.1)
-    i18n (0.6.1)
-    journey (1.0.4)
-    jquery-rails (2.1.1)
-      railties (>= 3.1.0, < 5.0)
-      thor (~> 0.14)
-    json (1.7.5)
-    mail (2.4.4)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.19)
-    multi_json (1.3.6)
-    multipart-post (1.1.5)
-    oauth2 (0.6.1)
-      faraday (~> 0.7)
-      httpauth (~> 0.1)
+    coffee-script-source (1.12.2)
+    concurrent-ruby (1.1.3)
+    crass (1.0.4)
+    dotenv (2.5.0)
+    dotenv-rails (2.5.0)
+      dotenv (= 2.5.0)
+      railties (>= 3.2, < 6.0)
+    erubi (1.7.1)
+    execjs (2.7.0)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    ffi (1.9.25)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
+    hashie (3.5.7)
+    i18n (1.1.1)
+      concurrent-ruby (~> 1.0)
+    jquery-rails (4.3.3)
+      rails-dom-testing (>= 1, < 3)
+      railties (>= 4.2.0)
+      thor (>= 0.14, < 2.0)
+    jwt (2.1.0)
+    loofah (2.2.3)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.3)
+      mimemagic (~> 0.3.2)
+    method_source (0.9.2)
+    mimemagic (0.3.2)
+    mini_mime (1.0.1)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    multi_json (1.13.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
+    nio4r (2.3.1)
+    nokogiri (1.8.5)
+      mini_portile2 (~> 2.3.0)
+    oauth2 (1.4.1)
+      faraday (>= 0.8, < 0.16.0)
+      jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
-    omniauth (1.1.1)
-      hashie (~> 1.2)
-      rack
-    omniauth-oauth2 (1.0.2)
-      oauth2 (~> 0.6.0)
-      omniauth (~> 1.0)
-    omniauth-podio (0.0.1)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.8.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-oauth2 (1.5.0)
+      oauth2 (~> 1.1)
+      omniauth (~> 1.2)
+    omniauth-podio (0.1.0)
       omniauth (~> 1.0)
       omniauth-oauth2 (~> 1.0)
-    podio (0.8)
-      activemodel (~> 3.0)
-      activesupport (~> 3.0)
-      faraday (~> 0.7.0)
+    podio (2.0.0)
+      activemodel (>= 3.0)
+      activesupport (>= 3.0)
+      faraday (>= 0.8.0, < 0.10.0)
       multi_json
-    polyglot (0.3.3)
-    rack (1.4.1)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-ssl (1.3.2)
-      rack
-    rack-test (0.6.1)
-      rack (>= 1.0)
-    rails (3.2.8)
-      actionmailer (= 3.2.8)
-      actionpack (= 3.2.8)
-      activerecord (= 3.2.8)
-      activeresource (= 3.2.8)
-      activesupport (= 3.2.8)
-      bundler (~> 1.0)
-      railties (= 3.2.8)
-    railties (3.2.8)
-      actionpack (= 3.2.8)
-      activesupport (= 3.2.8)
-      rack-ssl (~> 1.3.2)
+    rack (2.0.6)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails (5.2.1.1)
+      actioncable (= 5.2.1.1)
+      actionmailer (= 5.2.1.1)
+      actionpack (= 5.2.1.1)
+      actionview (= 5.2.1.1)
+      activejob (= 5.2.1.1)
+      activemodel (= 5.2.1.1)
+      activerecord (= 5.2.1.1)
+      activestorage (= 5.2.1.1)
+      activesupport (= 5.2.1.1)
+      bundler (>= 1.3.0)
+      railties (= 5.2.1.1)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    railties (5.2.1.1)
+      actionpack (= 5.2.1.1)
+      activesupport (= 5.2.1.1)
+      method_source
       rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (0.9.2.2)
-    rdoc (3.12)
-      json (~> 1.4)
-    sass (3.2.1)
-    sass-rails (3.2.5)
-      railties (~> 3.2.0)
-      sass (>= 3.1.10)
-      tilt (~> 1.3)
-    sprockets (2.1.3)
-      hike (~> 1.2)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.6)
-    thor (0.16.0)
-    tilt (1.3.3)
-    treetop (1.4.10)
-      polyglot
-      polyglot (>= 0.3.1)
+      thor (>= 0.19.0, < 2.0)
+    rake (12.3.1)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    sass (3.7.2)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    sass-rails (5.0.7)
+      railties (>= 4.0.0, < 6)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (>= 1.1, < 3)
+    sprockets (3.7.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.13)
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    tilt (2.0.9)
     turn (0.9.6)
       ansi
-    tzinfo (0.3.33)
-    uglifier (1.3.0)
-      execjs (>= 0.3.0)
-      multi_json (~> 1.0, >= 1.0.2)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    uglifier (4.1.20)
+      execjs (>= 0.3.0, < 3)
+    websocket-driver (0.7.0)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.3)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   coffee-rails
+  dotenv-rails
   jquery-rails
   omniauth-podio
   podio
@@ -141,3 +188,6 @@ DEPENDENCIES
   sqlite3
   turn
   uglifier
+
+BUNDLED WITH
+   1.17.1
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8b80bf4..26c321a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
 
-  before_filter :ensure_login
+  before_action :ensure_login
 
   protected
 
diff --git a/app/controllers/leads_controller.rb b/app/controllers/leads_controller.rb
index 216064c..3ca3ee8 100644
--- a/app/controllers/leads_controller.rb
+++ b/app/controllers/leads_controller.rb
@@ -1,5 +1,5 @@
 class LeadsController < ApplicationController
-  before_filter :load_collections, :only => [:new, :edit]
+  before_action :load_collections, :only => [:new, :edit]
 
   def index
     @leads = Lead.all
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 753d681..87c28e0 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,5 +1,5 @@
 class SessionsController < ApplicationController
-  skip_before_filter :ensure_login
+  skip_before_action :ensure_login
 
   def new
   end
@@ -15,7 +15,6 @@ def create
 
   def create_from_app_auth
     Podio.setup(
-      :api_url => 'https://api.podio.com',
       :api_key => ENV['PODIO_CLIENT_ID'],
       :api_secret => ENV['PODIO_CLIENT_SECRET']
     )
diff --git a/config/routes.rb b/config/routes.rb
index 627ba5c..24f6633 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -7,7 +7,8 @@
       post :create_from_app_auth
     end
   end
-  match "/auth/:provider/callback" => "sessions#create"
+  get "/auth/:provider/callback" => "sessions#create"
+  post "/auth/:provider/callback" => "sessions#create"
   resources :leads
   resources :tasks