diff --git a/pkg/bitwarden/bitwarden.go b/pkg/bitwarden/bitwarden.go
index 00f7795..b1aea9d 100644
--- a/pkg/bitwarden/bitwarden.go
+++ b/pkg/bitwarden/bitwarden.go
@@ -15,29 +15,48 @@ limitations under the License.
 package bitwarden
 
 import (
-	"os"
-
 	"github.com/bitwarden/sdk-go"
 )
 
-func GetSecret() {
+const (
+	defaultAPIURL      = "https://api.bitwarden.com"
+	defaultIdentityURL = "https://identity.bitwarden.com"
+	defaultStatePath   = ".bitwarden-state"
+)
+
+// RequestBase contains optional API_URL and IDENTITY_URL values. If not defined,
+// defaults are used always.
+type RequestBase struct {
+	APIURL      string `yaml:"apiUrl,omitempty"`
+	IdentityURL string `yaml:"identityUrl,omitempty"`
+}
+
+// LoginRequest defines bitwarden login details to Secrets Manager.
+type LoginRequest struct {
+	*RequestBase `yaml:",inline,omitempty"`
+
+	AccessToken string `yaml:"accessToken"`
+	StatePath   string `yaml:"statePath,omitempty"`
+}
+
+// Login creates a session for further Bitwarden requests.
+func Login(req *LoginRequest) error {
 	// Configuring the URLS is optional, set them to nil to use the default values
-	apiURL := os.Getenv("API_URL")
-	identityURL := os.Getenv("IDENTITY_URL")
+	apiURL := defaultAPIURL
+	identityURL := defaultIdentityURL
 
+	// TODO: Cache the client... or the session?
 	bitwardenClient, err := sdk.NewBitwardenClient(&apiURL, &identityURL)
 	if err != nil {
-		panic(err)
+		return err
 	}
 
 	defer bitwardenClient.Close()
 
-	accessToken := os.Getenv("ACCESS_TOKEN")
-	// Configuring the statePath is optional, pass nil
-	// in AccessTokenLogin() to not use state
-	statePath := os.Getenv("STATE_PATH")
-
-	if err := bitwardenClient.AccessTokenLogin(accessToken, &statePath); err != nil {
-		panic(err)
+	var statePath string
+	if req.StatePath == "" {
+		statePath = defaultStatePath
 	}
+
+	return bitwardenClient.AccessTokenLogin(req.AccessToken, &statePath)
 }
diff --git a/pkg/server/server.go b/pkg/server/server.go
index dfe3098..72e7867 100644
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@@ -22,8 +22,6 @@ import (
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
-
-	"github.com/external-secrets/bitwarden-sdk-server/pkg/bitwarden"
 )
 
 const (
@@ -58,18 +56,11 @@ func (s *Server) Run(_ context.Context) error {
 	r.Get("/live", func(w http.ResponseWriter, r *http.Request) {
 		_, _ = w.Write([]byte("live"))
 	})
-	r.Get(api+"/secret", func(w http.ResponseWriter, r *http.Request) {
-		bitwarden.GetSecret()
-		_, _ = w.Write([]byte("welcome"))
-	})
-	r.Delete(api+"/secret", func(w http.ResponseWriter, r *http.Request) {
-		bitwarden.GetSecret()
-		_, _ = w.Write([]byte("welcome"))
-	})
-	r.Post(api+"/secret", func(w http.ResponseWriter, r *http.Request) {
-		bitwarden.GetSecret()
-		_, _ = w.Write([]byte("welcome"))
-	})
+
+	r.Post(api+"/login", s.loginHandler)
+	r.Get(api+"/secret", s.getSecretHandler)
+	r.Delete(api+"/secret", s.deleteSecretHandler)
+	r.Post(api+"/secret", s.createSecretHandler)
 
 	srv := &http.Server{Addr: s.Addr, Handler: r, ReadTimeout: 5 * time.Second}
 	s.server = srv
@@ -85,3 +76,15 @@ func (s *Server) Run(_ context.Context) error {
 func (s *Server) Shutdown(ctx context.Context) error {
 	return s.server.Shutdown(ctx)
 }
+
+func (s *Server) getSecretHandler(writer http.ResponseWriter, request *http.Request) {
+}
+
+func (s *Server) deleteSecretHandler(writer http.ResponseWriter, request *http.Request) {
+}
+
+func (s *Server) createSecretHandler(writer http.ResponseWriter, request *http.Request) {
+}
+
+func (s *Server) loginHandler(writer http.ResponseWriter, request *http.Request) {
+}