diff --git a/Environmental Sensor Data Repository.iml b/Environmental Sensor Data Repository.iml
index 8683894..fb37aa5 100644
--- a/Environmental Sensor Data Repository.iml	
+++ b/Environmental Sensor Data Repository.iml	
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <module type="WEB_MODULE" version="4">
-  <component name="NewModuleRootManager" inherit-compiler-output="true">
-    <exclude-output />
+  <component name="NewModuleRootManager">
     <content url="file://$MODULE_DIR$">
       <excludeFolder url="file://$MODULE_DIR$/datastore" />
     </content>
diff --git a/Environmental Sensor Data Repository.ipr b/Environmental Sensor Data Repository.ipr
index 6b55f56..a6aa564 100644
--- a/Environmental Sensor Data Repository.ipr	
+++ b/Environmental Sensor Data Repository.ipr	
@@ -40,42 +40,10 @@
   <component name="EntryPointsManager">
     <entry_points version="2.0" />
   </component>
-  <component name="InspectionProjectProfileManager">
-    <profile version="1.0" is_locked="false">
-      <option name="myName" value="Project Default" />
-      <option name="myLocal" value="true" />
-      <inspection_tool class="CStyleArrayDeclaration" enabled="true" level="WARNING" enabled_by_default="true" />
-      <inspection_tool class="NullableProblems" enabled="true" level="ERROR" enabled_by_default="true">
-        <option name="REPORT_NULLABLE_METHOD_OVERRIDES_NOTNULL" value="true" />
-        <option name="REPORT_NOT_ANNOTATED_METHOD_OVERRIDES_NOTNULL" value="true" />
-        <option name="REPORT_NOTNULL_PARAMETER_OVERRIDES_NULLABLE" value="true" />
-        <option name="REPORT_NOT_ANNOTATED_PARAMETER_OVERRIDES_NOTNULL" value="true" />
-        <option name="REPORT_NOT_ANNOTATED_GETTER" value="true" />
-        <option name="REPORT_NOT_ANNOTATED_SETTER_PARAMETER" value="true" />
-        <option name="REPORT_ANNOTATION_NOT_PROPAGATED_TO_OVERRIDERS" value="true" />
-        <option name="REPORT_NULLS_PASSED_TO_NON_ANNOTATED_METHOD" value="true" />
-      </inspection_tool>
-      <inspection_tool class="ObjectEquality" enabled="true" level="WARNING" enabled_by_default="true">
-        <option name="m_ignoreEnums" value="true" />
-        <option name="m_ignoreClassObjects" value="false" />
-        <option name="m_ignorePrivateConstructors" value="false" />
-      </inspection_tool>
-      <inspection_tool class="SpellCheckingInspection" enabled="false" level="TYPO" enabled_by_default="false">
-        <option name="processCode" value="true" />
-        <option name="processLiterals" value="true" />
-        <option name="processComments" value="true" />
-      </inspection_tool>
-      <inspection_tool class="SubtractionInCompareTo" enabled="true" level="WARNING" enabled_by_default="true" />
-      <inspection_tool class="SuspiciousIndentAfterControlStatement" enabled="true" level="WARNING" enabled_by_default="true" />
-      <inspection_tool class="VariableNotUsedInsideIf" enabled="true" level="WARNING" enabled_by_default="true" />
-    </profile>
-    <option name="PROJECT_PROFILE" value="Project Default" />
-    <option name="USE_PROJECT_PROFILE" value="true" />
-    <version value="1.0" />
-  </component>
   <component name="JavaScriptLibraryMappings">
     <file url="file://$PROJECT_DIR$" libraries="{EnvironmentalSensorDataRepository node_modules}" />
-    <file url="PROJECT" libraries="{EnvironmentalSensorDataRepository node_modules, Superagent, jQuery 1.11.1, mocha-DefinitelyTyped, nconf-DefinitelyTyped, should-DefinitelyTyped}" />
+    <file url="PROJECT" libraries="{EnvironmentalSensorDataRepository node_modules, Superagent, jQuery 1.11.1}" />
+    <includedPredefinedLibrary name="Node.js Globals" />
   </component>
   <component name="ProjectCodeStyleSettingsManager">
     <option name="PER_PROJECT_SETTINGS">
@@ -158,18 +126,12 @@
           <option name="SPACE_BEFORE_COLON" value="true" />
           <option name="ARRAY_WRAPPING" value="5" />
         </JSON>
-        <JavaCodeStyleSettings>
-          <option name="CLASS_NAMES_IN_JAVADOC" value="3" />
-        </JavaCodeStyleSettings>
         <XML>
           <option name="XML_ATTRIBUTE_WRAP" value="0" />
           <option name="XML_TEXT_WRAP" value="0" />
           <option name="XML_KEEP_BLANK_LINES" value="1" />
           <option name="XML_LEGACY_SETTINGS_IMPORTED" value="true" />
         </XML>
-        <ADDITIONAL_INDENT_OPTIONS fileType="haml">
-          <option name="INDENT_SIZE" value="2" />
-        </ADDITIONAL_INDENT_OPTIONS>
         <ADDITIONAL_INDENT_OPTIONS fileType="rb">
           <option name="INDENT_SIZE" value="2" />
           <option name="CONTINUATION_INDENT_SIZE" value="4" />
@@ -193,6 +155,19 @@
           <option name="ALIGN_MULTILINE_PARAMETERS_IN_CALLS" value="true" />
           <option name="PARENT_SETTINGS_INSTALLED" value="true" />
         </codeStyleSettings>
+        <codeStyleSettings language="Dart">
+          <option name="KEEP_FIRST_COLUMN_COMMENT" value="false" />
+          <option name="KEEP_BLANK_LINES_IN_CODE" value="1" />
+          <option name="BRACE_STYLE" value="3" />
+          <option name="METHOD_BRACE_STYLE" value="3" />
+          <option name="ELSE_ON_NEW_LINE" value="true" />
+          <option name="WHILE_ON_NEW_LINE" value="true" />
+          <option name="CATCH_ON_NEW_LINE" value="true" />
+          <option name="ALIGN_MULTILINE_PARAMETERS_IN_CALLS" value="true" />
+          <option name="ALIGN_MULTILINE_BINARY_OPERATION" value="true" />
+          <option name="ALIGN_MULTILINE_TERNARY_OPERATION" value="true" />
+          <option name="PARENT_SETTINGS_INSTALLED" value="true" />
+        </codeStyleSettings>
         <codeStyleSettings language="ECMA Script Level 4">
           <option name="KEEP_FIRST_COLUMN_COMMENT" value="false" />
           <option name="KEEP_BLANK_LINES_IN_CODE" value="1" />
@@ -427,9 +402,7 @@
       <module fileurl="file://$PROJECT_DIR$/Environmental Sensor Data Repository.iml" filepath="$PROJECT_DIR$/Environmental Sensor Data Repository.iml" />
     </modules>
   </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_1_6" assert-keyword="true" jdk-15="true">
-    <output url="file://$PROJECT_DIR$/out" />
-  </component>
+  <component name="ProjectRootManager" version="2" />
   <component name="ProjectTasksOptions">
     <TaskOptions isEnabled="true">
       <option name="arguments" value="$FileName$ $FileNameWithoutExtension$.css" />
@@ -494,7 +467,6 @@
       <CLASSES>
         <root url="file://$PROJECT_DIR$/node_modules" />
       </CLASSES>
-      <JAVADOC />
       <SOURCES />
     </library>
     <library name="Generated files" type="javaScript">
@@ -506,7 +478,6 @@
       <CLASSES>
         <root url="file://$PROJECT_DIR$/public/js/handlebars_templates.js" />
       </CLASSES>
-      <JAVADOC />
       <SOURCES />
     </library>
     <library name="jQuery 1.11.1" type="javaScript">
@@ -519,7 +490,6 @@
         <root url="file://$PROJECT_DIR$/public/lib/jquery/jquery-1.11.1.min.js" />
         <root url="file://$PROJECT_DIR$/public/lib/jquery/jquery-1.11.1.js" />
       </CLASSES>
-      <JAVADOC />
       <SOURCES />
     </library>
     <library name="Superagent" type="javaScript">
@@ -531,7 +501,6 @@
       <CLASSES>
         <root url="file://$PROJECT_DIR$/public/lib/superagent/superagent.js" />
       </CLASSES>
-      <JAVADOC />
       <SOURCES />
     </library>
   </component>
diff --git a/models/Devices.js b/models/Devices.js
index 9721685..519e1a2 100644
--- a/models/Devices.js
+++ b/models/Devices.js
@@ -87,12 +87,16 @@ module.exports = function(databaseHelper) {
       // now validate
       jsonValidator.validate(device, JSON_SCHEMA, function(err1) {
          if (err1) {
+            console.log('* VALIDATION ERROR *');
+            console.dir(err1);
             return callback(new ValidationError(err1));
          }
 
          // now that we have the hashed secret, try to insert
          databaseHelper.execute("INSERT INTO Devices SET ?", device, function(err2, result) {
             if (err2) {
+               console.log('* INSERTION ERROR *');
+               console.dir(err2);
                return callback(err2);
             }
 
@@ -106,6 +110,18 @@ module.exports = function(databaseHelper) {
       });
    };
 
+   this.remove = function(deviceId, userId, callback) {
+      databaseHelper.execute("DELETE FROM Devices WHERE id = "+deviceId+" and userId = "+userId, null, function(err, result) {
+         if (err) {
+            return callback(err);
+         } else {
+            return callback(null, {
+               deviceId : deviceId
+            });
+         }
+      });
+   };
+
    /**
     * Tries to find the device with the given <code>deviceId</code> for the given authenticated user and returns it to
     * the given <code>callback</code>. If successful, the device is returned as the 2nd argument to the
diff --git a/models/Products.js b/models/Products.js
index dd90cbd..0a94607 100644
--- a/models/Products.js
+++ b/models/Products.js
@@ -122,6 +122,37 @@ module.exports = function(databaseHelper) {
       });
    };
 
+   this.update = function(productId, userId, body, callback) {
+      var setstring = "";
+      console.log("-- update called for product id "+productId+", and userId = "+userId);
+      //console.dir(body);
+      for(var k in body){
+         var v = body[k];
+         setstring += +"="+v+",";
+      }
+      setstring = setstring.substring(0, setstring.length-1);
+      console.log("setstring is "+setstring);
+      databaseHelper.execute("UPDATE Products SET "+setstring+" WHERE id = "+productId+" and userId = "+userId, null, function(err, result) {
+         if (err) {
+            return callback(err);
+         } else {
+            return callback(null, result);
+         }
+      });
+   };
+
+   this.remove = function(productId, userId, callback) {
+      databaseHelper.execute("DELETE FROM Products WHERE id = "+productId+" and userId = "+userId, null, function(err, result) {
+         if (err) {
+            return callback(err);
+         } else {
+            return callback(null, {
+               productId : productId
+            });
+         }
+      });
+   };
+
    /**
     * Tries to find the product with the given <code>name</code> and returns it to the given <code>callback</code>. If
     * successful, the product is returned as the 2nd argument to the <code>callback</code> function.  If unsuccessful,
diff --git a/routes/api/devices.js b/routes/api/devices.js
index c7b5e50..60fa9a3 100644
--- a/routes/api/devices.js
+++ b/routes/api/devices.js
@@ -42,6 +42,32 @@ module.exports = function(DeviceModel, FeedModel) {
                  });
               });
 
+   router.delete('/:id',
+                 passport.authenticate('bearer', { session : false }),
+                 function(req, res, next) {
+                    var userId = req.user.id;
+                    var deviceId = req.params.id;
+                    log.debug("Received DELETE for device [" + deviceId + "]");
+                    DeviceModel.findByIdForUser(deviceId, userId, "id,userId", function(err, prod){
+                       //console.log("delete find err = "+err+", prod = "+prod);
+                       //console.dir(prod);
+                       if (err){
+                          console.dir(err);
+                          console.log("Access Denied");
+                          res.jsendClientError("Access denied", err.data);
+                       }
+                       else if (prod.userId != userId) {
+                          console.log("Access Denied, since creator userId is "+prod.userId+" and attempted deletor userId is "+userId);
+                          res.jsendClientError("Access denied", null, httpStatus.FORBIDDEN);
+                       } else {
+                          console.log("Device removed.");
+                          DeviceModel.remove(deviceId, userId, function(result) {
+                             res.jsendSuccess(result);
+                          });
+                       }
+                    });
+                 });
+
    // create a feed for the specified device (specified by device ID)
    router.post('/:deviceId/feeds',
                passport.authenticate('bearer', { session : false }),
diff --git a/routes/api/products.js b/routes/api/products.js
index 7c2402d..9d69869 100644
--- a/routes/api/products.js
+++ b/routes/api/products.js
@@ -42,6 +42,21 @@ module.exports = function(ProductModel, DeviceModel) {
                                       });
                });
 
+   // update a product
+   router.put('/:id',
+               passport.authenticate('bearer', { session : false }),
+               function(req, res, next) {
+                  var id = req.params.id;
+                  var userId = req.user.id;
+                  var newProduct = req.body;
+                  log.debug("Received PUT from user ID [" + userId + "] to update product [" + (newProduct && newProduct.name ? newProduct.name : null) + "]");
+                  findProductByNameOrId(res, id, 'id', function(product) {
+                     ProductModel.update(id, userId, newProduct, function(err, result){
+                        res.jsendSuccess(result, httpStatus.ACCEPTED);
+                     });
+                  });
+               });
+
    // find products
    router.get('/',
               function(req, res, next) {
@@ -85,6 +100,25 @@ module.exports = function(ProductModel, DeviceModel) {
                  });
               });
 
+   // delete a specific product
+   // TODO: Guard against products being deleted when there are devices that refer to them
+   router.delete('/:id',
+                 passport.authenticate('bearer', { session : false }),
+                 function(req, res, next) {
+                    var userId = req.user.id;
+                    var productId = req.params.id;
+                    log.debug("Received DELETE for product [" + productId + "]");
+                    ProductModel.findById(productId, "id,creatorUserId", function(err, prod){
+                       if (prod.creatorUserId != userId) {
+                           res.jsendClientError("Access denied", null, httpStatus.FORBIDDEN);
+                       } else {
+                          ProductModel.remove(productId, userId, function(result) {
+                             res.jsendSuccess(result);
+                          });
+                       }
+                    });
+              });
+
    // create a new device
    router.post('/:productNameOrId/devices',
                passport.authenticate('bearer', { session : false }),
@@ -110,11 +144,10 @@ module.exports = function(ProductModel, DeviceModel) {
                            return res.jsendServerError(message);
                         }
 
-                        log.debug("Created new device [" + result.serialNumber + "] with id [" + result.insertId + "] ");
-
                         return res.jsendSuccess({
                                                    id : result.insertId,
                                                    name : result.name,
+                                                   userId: req.user.id,
                                                    serialNumber : result.serialNumber
                                                 }, httpStatus.CREATED); // HTTP 201 Created
                      });
diff --git a/test/index.js b/test/index.js
index dedea29..dcb34ed 100644
--- a/test/index.js
+++ b/test/index.js
@@ -2104,6 +2104,8 @@ describe("ESDR", function() {
 
          });
 
+         // -------------------------------------------------------------------------------------------------------------------- Products
+
          describe("Products", function() {
 
             var productIds = {};
@@ -2469,6 +2471,71 @@ describe("ESDR", function() {
                           });
             });
 
+            it("Should be able to update an existing product (with authentication)", function(done) {
+               testProduct1.description = "foobar";
+               agent(url)
+                     .put("/api/v1/products/"+productIds.testProduct1)
+                     .set({
+                             Authorization : "Bearer " + accessTokens.testUser1.access_token
+                          })
+                     .send(testProduct1)
+                     .end(function(err, res) {
+                             if (err) {
+                                return done(err);
+                             }
+
+                             res.should.have.property('status', httpStatus.ACCEPTED);
+                             res.body.should.have.property('code', httpStatus.ACCEPTED);
+                             res.body.should.have.property('status', 'success');
+                             res.body.should.have.property('data');
+                             res.body.data.should.have.property('id');
+                             res.body.data.should.have.property('description', testProduct1.description);
+
+                             // remember the product ID
+                             productIds.testProduct1 = res.body.data.id;
+
+                             done();
+                          });
+            });
+
+            it("Should be able to delete a product (with authentication)", function(done) {
+               agent(url)
+                     .delete("/api/v1/products/"+productIds.testProduct1+"?fields=id")
+                     .set({
+                             Authorization : "Bearer " + accessTokens.testUser1.access_token
+                          })
+                     .end(function(err, res) {
+                             if (err) {
+                                return done(err);
+                             }
+
+                             res.should.have.property('status', httpStatus.CREATED);
+                             res.body.should.have.property('code', httpStatus.CREATED);
+                             res.body.should.have.property('status', 'success');
+                             res.body.should.have.property('data');
+                             res.body.data.should.have.property('id');
+                             res.body.data.should.have.property('id', productIds.testProduct1);
+
+                             done();
+                          });
+            });
+
+            it("Should fail to delete a product without authentication", function(done) {
+               agent(url)
+                     .delete("/api/v1/products/"+productIds.testProduct1+"?fields=id")
+                     .end(function(err, res) {
+                             if (err) {
+                                return done(err);
+                             }
+
+                             res.should.have.property('status', httpStatus.UNAUTHORIZED);
+
+                             done();
+                          });
+            });
+
+            // -------------------------------------------------------------------------------------------------------------------- Devices
+
             describe("Devices", function() {
 
                var deviceIds = {};
@@ -2984,6 +3051,44 @@ describe("ESDR", function() {
                              });
                });
 
+               it("Should be able to delete a device (with authentication)", function(done) {
+                  agent(url)
+                        .delete("/api/v1/devices/"+ deviceIds.testDevice1 + "?fields=id,serialNumber,userId")
+                        .set({
+                                Authorization : "Bearer " + accessTokens.testUser1.access_token
+                             })
+                        .end(function(err, res) {
+                                if (err) {
+                                   return done(err);
+                                }
+
+                                res.should.have.property('status', httpStatus.CREATED);
+                                res.body.should.have.property('code', httpStatus.CREATED);
+                                res.body.should.have.property('status', 'success');
+                                res.body.should.have.property('data');
+                                res.body.data.should.have.property('id');
+                                res.body.data.should.have.property('id', productIds.testProduct1);
+
+                                done();
+                             });
+               });
+
+               it("Should fail to delete a device without authentication", function(done) {
+                  agent(url)
+                        .delete("/api/v1/devices/"+ deviceIds.testDevice1 + "?fields=id,serialNumber,userId")
+                        .end(function(err, res) {
+                                if (err) {
+                                   return done(err);
+                                }
+
+                                res.should.have.property('status', httpStatus.UNAUTHORIZED);
+
+                                done();
+                             });
+               });
+
+               // ---------------------------------------------------------------------------------------------------------- Feeds
+
                describe("Feeds", function() {
 
                   var feeds = {};