diff --git a/Backend/main.py b/Backend/main.py
index b43a2c615a8714b305f7e8e522725ce69d9632fe..e603d48aac0047288601e69bb32b3d1146d67fff 100644
--- a/Backend/main.py
+++ b/Backend/main.py
@@ -1,7 +1,7 @@
 from utils.application import app
 from routes.category import get_category
 from routes.home import get_home
-#from routes.order import post_pay_products
+from routes.order import post_create_order, pay_order
 #from routes.cart import get_cart
 from routes.login import post_login, post_logout, post_register
 from routes.product import get_product_by_id, get_product_all, get_products_by_search
@@ -13,28 +13,33 @@ from routes.product import get_product_by_id, get_product_all, get_products_by_s
 def home():
     return get_home()
 
-#@app.route('/order/<int:order_id>', methods=['GET'])
-#def order(order_id):
-#    return get_order(order_id)
-
 # Routes for getting the different categories
 @app.route('/category/', methods=['GET'])
 @app.route('/category/<string:category_name>', methods=['GET'])
 def category(category_name=None):
     return get_category(category_name)
 
+# Route for creating the order
 @app.route('/order/', methods=['POST'])
-def pay_products():
-    return post_pay_products()
+def create_order():
+    return post_create_order()
+
+# Route for paying an order
+@app.route('/order/payment/', methods=['POST'])
+def pay():
+    return pay_order()
 
+# Route for logging out of the app
 @app.route('/logout/', methods=['POST'])
 def logout():
     return post_logout()
 
+# Route for logging in
 @app.route('/login/', methods=['POST'])
 def login():
     return post_login()
 
+# Route for registering a new user
 @app.route('/register/', methods=['POST'])
 def register():
     return post_register()
@@ -49,6 +54,7 @@ def get_product(product_id):
 def get_products():
     return get_product_all()
 
+# Route for searching for a new product
 @app.route('/product/search/<string:search>', methods=['GET'])
 def search_products(search):
     return get_products_by_search(search)
diff --git a/Backend/routes/order.py b/Backend/routes/order.py
index c251d73bad11da53338db47617b04fc0c8b33834..649bb4290375f733e09853c042a0ab86b886bfc4 100644
--- a/Backend/routes/order.py
+++ b/Backend/routes/order.py
@@ -12,15 +12,26 @@ def post_create_order():
         return jsonify({"message": "You are not logged in"}), 401
 
     data = request.json
+
     # Products is array of {product_id, quantity}
+
+    # Example body:
+
+        # "products": [
+        #   {
+        #      "productid": 1,
+        #      "quantity": 2 
+        #   },
+        #   ...
+        # ],
+
     products = data["products"]
-    payment_method = data["payment_method"]
 
     productIds = []
     for product in products:
         productIds.append(product["product_id"])
 
-    if (len(products) == 0):
+    if (len(products) <= 0):
         return jsonify({"message": "No products in order"}), 400
     
     # Acquire the mutex lock
@@ -75,4 +86,70 @@ def post_create_order():
         # Release the lock even if the try-block fails
         mutex_lock.release()
 
-    return jsonify({"message": "Order placed"}), 201
\ No newline at end of file
+    return jsonify({"message": "Order placed"}), 201
+
+def pay_order():
+    # Get user from logged in cookie
+    userId = request.cookies.get('logged_in')
+    if userId is None:
+        return jsonify({"message": "You are not logged in"}), 401
+
+    # Example body:
+
+    # {
+    #   "order_id": 6,
+    #   "payment_method": "Vipps"
+    # }
+
+    data = request.json
+
+    order_id = data['order_id']
+    payment_method = data['payment_method']
+
+    # Get the user_id of the user with the email from the user table
+    # Check that the user_id logged in is the same as the user on the order
+    # Get the order status to make sure the order is not already paid
+
+    cur = mysql.connection.cursor()
+    cur.execute('''SELECT user_order.status, user_order.total_amount, user.user_id 
+                FROM user_order INNER JOIN user ON user_order.user_id = user.user_id
+                WHERE order_id = %s''', (order_id,))
+    order_info = cur.fetchall()
+    cur.close()
+
+    # Check we have one and only one order
+    if len(order_info) != 1:
+        return jsonify({"message": "Not a valid order id"}), 400
+
+    # Destructure the query into variables
+    status, amount, user_id = order_info[0]
+
+    # Check email is the same as logged in email
+    if userId != str(user_id):
+        return jsonify({"message": "This order is not for the logged in user"}), 400
+    
+    # Check order is not already paid
+    if status != "Pending":
+        return jsonify({"message": "Order is already paid"}), 400
+    
+    # Make sure correct payment method
+    if payment_method != "Vipps":
+        return jsonify({"message": "Invalid payment method"}), 400
+    
+    # Pay the order
+    payment = vipps(amount, order_id)
+
+    if not payment:
+        return jsonify({"message": "Payment failed"}), 400
+    
+    # Update the status of the order to paid
+    cur = mysql.connection.cursor()
+    cur.execute('''UPDATE user_order SET status = 'Paid' WHERE user_order.order_id = %s''', (order_id,))
+    mysql.connection.commit()
+    cur.close()
+
+    return jsonify({"message": "Order paid"}), 200
+
+# Dummy payment method
+def vipps(amount, order_id):
+    return True
\ No newline at end of file