diff --git a/api/challenge/claim.php b/api/challenge/claim.php
index cff683bf3f01921f2cc004a77fbcdc22f2c542ed..d6d1c869297d07e40ba97b92c2e5dccb7e631cc7 100644
--- a/api/challenge/claim.php
+++ b/api/challenge/claim.php
@@ -1,3 +1,20 @@
 <?php
 
-echo "Hello World!";
\ No newline at end of file
+include_once __DIR__."/../session.php";
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    parse_str(file_get_contents('php://input'), $_POST);
+    $user_id    = $_POST['user_id'];
+    $quest_id   = $_POST['quest_id'];
+
+    $conn = Database::getInstance();
+
+    $sql = "INSERT INTO user_quest (user_id, quest_id) VALUES ($user_id, $quest_id)";
+    $result = $conn->query($sql);
+
+    echo $sql;
+
+} else {
+    http_response_code(405);
+    echo "Metode HTTP yang tidak diizinkan";
+}
\ No newline at end of file
diff --git a/api/challenge/unclaim.php b/api/challenge/unclaim.php
index e716e017dd8b6fc0d8fe8c39a788885e69b1189c..dad667f22b112881c7dac212df9fdcedf19e606a 100644
--- a/api/challenge/unclaim.php
+++ b/api/challenge/unclaim.php
@@ -1,3 +1,19 @@
 <?php
 
-echo "Hello World2!";
\ No newline at end of file
+include_once __DIR__."/../session.php";
+
+if ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
+    parse_str(file_get_contents('php://input'), $_DELETE);
+    $user_id = $_DELETE['user_id'];
+    $quest_id = $_DELETE['quest_id'];
+
+    $conn = Database::getInstance();
+
+    $sql = "DELETE FROM user_quest WHERE user_id = $user_id AND quest_id = $quest_id";
+    $result = $conn->query($sql);
+    
+    echo $sql;
+} else {
+    http_response_code(405);
+    echo "Metode HTTP yang tidak diizinkan";
+}
\ No newline at end of file