diff --git a/backend/internal/handlers/handlers_project_related.go b/backend/internal/handlers/handlers_project_related.go
index 603f4cd..e9ef966 100644
--- a/backend/internal/handlers/handlers_project_related.go
+++ b/backend/internal/handlers/handlers_project_related.go
@@ -44,10 +44,11 @@ func (gs *GState) DeleteProject(c *fiber.Ctx) error {
 
 // GetUserProjects returns all projects that the user is a member of
 func (gs *GState) GetUserProjects(c *fiber.Ctx) error {
-	// First we get the username from the token
-	user := c.Locals("user").(*jwt.Token)
-	claims := user.Claims.(jwt.MapClaims)
-	username := claims["name"].(string)
+	username := c.Params("username")
+	if username == "" {
+		log.Info("No username provided")
+		return c.Status(400).SendString("No username provided")
+	}
 
 	// Then dip into the database to get the projects
 	projects, err := gs.Db.GetProjectsForUser(username)
diff --git a/backend/main.go b/backend/main.go
index ff6b94e..7d98918 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -84,7 +84,7 @@ func main() {
 
 	// Protected routes (require a valid JWT bearer token authentication header)
 	server.Post("/api/submitWeeklyReport", gs.SubmitWeeklyReport)
-	server.Get("/api/getUserProjects", gs.GetUserProjects)
+	server.Get("/api/getUserProjects/:username", gs.GetUserProjects)
 	server.Post("/api/loginrenew", gs.LoginRenew)
 	server.Delete("/api/userdelete/:username", gs.UserDelete) // Perhaps just use POST to avoid headaches
 	server.Delete("api/project/:projectID", gs.DeleteProject) // WIP