diff --git a/rating.py b/rating.py
new file mode 100644
index 0000000000000000000000000000000000000000..9d5e7a415c33588ec1cbb49aea8b2895fbb04eae
--- /dev/null
+++ b/rating.py
@@ -0,0 +1,39 @@
+from flask import Blueprint, request, jsonify
+from flask_login import current_user, login_required
+from app.models import db, Movie, Rating
+
+rating_bp = Blueprint('rating', __name__, url_prefix='/api/rating')
+
+@rating_bp.route('/create', methods=['POST'])
+@login_required
+def create_rating():
+    data = request.get_json()
+    movie_id = data['movie_id']
+    value = data['value']
+
+    movie = Movie.query.get(movie_id)
+
+    if not movie:
+        return jsonify({'error': 'Invalid movie ID'})
+
+    rating = Rating(movie=movie, user=current_user, value=value)
+    db.session.add(rating)
+    db.session.commit()
+
+    return jsonify({'success': 'Rating created successfully'})
+
+@rating_bp.route('/list', methods=['GET'])
+def list_ratings():
+    movie_id = request.args.get('movie_id')
+
+    if not movie_id:
+        return jsonify({'error': 'Missing movie ID'})
+
+    movie = Movie.query.get(movie_id)
+
+    if not movie:
+        return jsonify({'error': 'Invalid movie ID'})
+
+    ratings = [r.to_dict() for r in movie.ratings]
+
+    return jsonify({'ratings': ratings})
diff --git a/review.py b/review.py
new file mode 100644
index 0000000000000000000000000000000000000000..bb919b70091e3b1edf1192d7f08fd5e23f9474fa
--- /dev/null
+++ b/review.py
@@ -0,0 +1,39 @@
+from flask import Blueprint, request, jsonify
+from flask_login import current_user, login_required
+from app.models import db, Movie, Review
+
+review_bp = Blueprint('review', __name__, url_prefix='/api/review')
+
+@review_bp.route('/create', methods=['POST'])
+@login_required
+def create_review():
+    data = request.get_json()
+    movie_id = data['movie_id']
+    text = data['text']
+
+    movie = Movie.query.get(movie_id)
+
+    if not movie:
+        return jsonify({'error': 'Invalid movie ID'})
+
+    review = Review(movie=movie, user=current_user, text=text)
+    db.session.add(review)
+    db.session.commit()
+
+    return jsonify({'success': 'Review created successfully'})
+
+@review_bp.route('/list', methods=['GET'])
+def list_reviews():
+    movie_id = request.args.get('movie_id')
+
+    if not movie_id:
+        return jsonify({'error': 'Missing movie ID'})
+
+    movie = Movie.query.get(movie_id)
+
+    if not movie:
+        return jsonify({'error': 'Invalid movie ID'})
+
+    reviews = [r.to_dict() for r in movie.reviews]
+
+    return jsonify({'reviews': reviews})