diff --git a/api/src/routes/candidate.rs b/api/src/routes/candidate.rs
index ed3e0aa..6b77bc6 100644
--- a/api/src/routes/candidate.rs
+++ b/api/src/routes/candidate.rs
@@ -2,6 +2,7 @@ use std::net::{IpAddr, Ipv4Addr, SocketAddr};
 
 use entity::application;
 use portfolio_core::Query;
+use portfolio_core::error::ServiceError;
 use portfolio_core::models::auth::AuthenticableTrait;
 use portfolio_core::models::candidate::{ApplicationDetails, NewCandidateResponse};
 use portfolio_core::sea_orm::prelude::Uuid;
@@ -77,9 +78,11 @@ pub async fn whoami(conn: Connection<'_, Db>, session: ApplicationAuth) -> Resul
 
     let private_key = session.get_private_key();
     let application: entity::application::Model = session.into();
-    let candidate = ApplicationService::find_related_candidate(&db, &application).await.map_err(to_custom_error)?; // TODO
-    println!("candidate: {:?}", candidate);
-    let response = NewCandidateResponse::from_encrypted(&private_key, candidate).await
+    let candidate = ApplicationService::find_related_candidate(&db, &application)
+        .await.map_err(to_custom_error)?; // TODO more compact
+    let applications = Query::find_applications_by_candidate_id(&db, candidate.id)
+        .await.map_err(|e| to_custom_error(ServiceError::DbError(e)))?; 
+    let response = NewCandidateResponse::from_encrypted(applications, &private_key, candidate).await
         .map_err(to_custom_error)?;
 
     Ok(Json(response))
diff --git a/core/src/models/candidate.rs b/core/src/models/candidate.rs
index 38b7cc7..9f536d6 100644
--- a/core/src/models/candidate.rs
+++ b/core/src/models/candidate.rs
@@ -1,5 +1,5 @@
 use chrono::NaiveDate;
-use entity::candidate;
+use entity::{candidate, application};
 use sea_orm::FromQueryResult;
 use serde::{Serialize, Deserialize};
 
@@ -11,7 +11,7 @@ use super::candidate_details::EncryptedString;
 #[derive(Debug, Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct NewCandidateResponse {
-    pub application_id: i32,
+    pub applications: Vec<i32>,
     pub personal_id_number: String,
 }
 
@@ -103,11 +103,12 @@ pub struct Row {
 }
 
 impl NewCandidateResponse {
-    pub async fn from_encrypted(private_key: &String, c: candidate::Model) -> Result<Self, ServiceError> {
+    pub async fn from_encrypted(applications: Vec<application::Model>, private_key: &String, c: candidate::Model) -> Result<Self, ServiceError> {
         let id_number = EncryptedString::from(c.personal_identification_number).decrypt(private_key).await?;
+        let applications = applications.iter().map(|a| a.id).collect();
         Ok(
             Self {
-                application_id: c.id,
+                applications,
                 personal_id_number: id_number,
             }
         )