diff --git a/basic_ap.py b/basic_ap.py
index f39041b..95b270a 100644
--- a/basic_ap.py
+++ b/basic_ap.py
@@ -18,6 +18,8 @@
 import flask, os
 from flask import request
 from flask import Response
+from time import strftime, gmtime
+import httpsig
 
 #Config
 DOMAIN = 'https://my-example.com'
@@ -37,6 +39,20 @@ def public_key():
 
 public_key() #generate public_key on first launch
 
+def sign_header(private_key, key_id, host):
+	date= strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime())
+	
+	keypair= open(private_key,'rb').read()
+	hs = httpsig.HeaderSigner(key_id, secret, algorithm="rsa-sha256", headers=['(request-target): post /inbox', 'host', 'date'])    
+	auth = hs.sign({"Date": date, "Host": host})
+
+	# thanks to https://github.com/snarfed for the authorization -> signature headers hack
+    # this is necessary because httpsig.HeaderSigner returns an Authorization header instead of Signature
+    auth['Signature'] = auth.pop('authorization')
+    assert auth['Signature'].startswith('Signature ')
+	auth['Signature'] = auth['Signature'][len('Signature '):]
+
+
 #Flask
 app = flask.Flask(__name__)
 
diff --git a/templates/create.json b/templates/create.json
new file mode 100644
index 0000000..411ec17
--- /dev/null
+++ b/templates/create.json
@@ -0,0 +1,17 @@
+{
+	"@context": "https://www.w3.org/ns/activitystreams",
+
+	"id": "{{domain}}/create-hello-world",
+	"type": "Create",
+	"actor": "{{domain}}/users/{{actor}}",
+
+	"object": {
+		"id": "{{domain}}hello-world",
+		"type": "Note",
+		"published": "{{date}}",
+		"attributedTo": "{{domain}}/users/{{actor}}",
+		"inReplyTo": "https://friend.camp/@darius/101065750930453908",
+		"content": "<p>This is a test from a <a href='https://git.vvvvvvaria.org/rra/basic_ap'>flask based implementation</a> of the mastodon tutorial</p>",
+		"to": "https://www.w3.org/ns/activitystreams#Public"
+	}
+}
\ No newline at end of file