diff --git a/ItemRelationsPlugin.php b/ItemRelationsPlugin.php
index e7858d0..4624996 100644
--- a/ItemRelationsPlugin.php
+++ b/ItemRelationsPlugin.php
@@ -98,7 +98,7 @@ public function filterApiResources($apiResources)
             // List of GET parameters available for your index action.
             'index_params' => array('label', 'id', 'vocabulary_id'),
         );
-        
+    /*    
         //Added GET only
         $apiResources['autocomplete_item'] = array(
             // Module associated with your resource.
@@ -119,7 +119,7 @@ public function filterApiResources($apiResources)
             // List of GET parameters available for your index action.
             // 'index_params' => array('label', 'id', 'vocabulary_id'),
         );
-    
+    */
         return $apiResources;
     }
 
diff --git a/controllers/ItemAutocompleteController.php b/controllers/ItemAutocompleteController.php
index 04fca73..6d9f22e 100644
--- a/controllers/ItemAutocompleteController.php
+++ b/controllers/ItemAutocompleteController.php
@@ -29,18 +29,18 @@ public function indexAction()
     public function getAction()
     {
         $request = $this->getRequest();
-//        $recordType = $request->getParam('api_record_type');
-        $resource = $request->getParam('api_resource');
-        $apiParams = $request->getParam('api_params');
         
-        $key = $apiParams[0];
-        $term = $apiParams[1];
-        $dcfieldid = empty($apiParams[1]) ? null : $apiParams[2];
+        // reserve access for logged-in users
+        if (! current_user())
+        {
+            throw new Omeka_Controller_Exception_403();
+        }
+
+        $params = $request->getParams();
         
-        //  TODO: investigate another way to check user is logged in - current_user() doesn't work in API, only keys.  key mgmt a possible solution.  also possibly move this to a normal view instead of an API call
-        if ($key != '81hf938u1hjd83najne83h28d82h382h128fh82h')     
+        if (empty($params['term']))
         {
-            throw new Omeka_Controller_Exception_Api('Invalid key.', 403);
+            die('argh!  need a term');
         }
         
         $db = $this->_helper->db->getTable("element_texts");
@@ -62,7 +62,7 @@ public function getAction()
      //   $select = $db->getSelect();
 
         // if DC field is a person, limit results to people...
-        if (in_array($dcfieldid, array(22, 24, 35)))    // contributor, creator, publisher
+        if (!empty($params['elementid']) && in_array($params['elementid'], array(22, 24, 35)))    // contributor, creator, publisher
         {
             $sql = "
                 SELECT DISTINCT et1.record_id, et1.text
@@ -80,7 +80,7 @@ public function getAction()
                     AND         et2.text LIKE ?
                     AND         it.id = 12";    //  12 = Person
 
-            $data = $db->getTable('Element')->fetchObjects($sql, array('%'. $term . '%'));
+            $data = $db->getTable('Element')->fetchObjects($sql, array('%'. $params['term'] . '%'));
         }
         else
         {
@@ -95,7 +95,7 @@ public function getAction()
                     AND         (et2.element_id = 50 or et2.element_id = 52)
                     AND         et2.text LIKE ?";
 
-            $data = $db->getTable('Element')->fetchObjects($sql, array('%'. $term . '%'));
+            $data = $db->getTable('Element')->fetchObjects($sql, array('%'. $params['term'] . '%'));
         }        
 
         $output = array();
@@ -107,9 +107,6 @@ public function getAction()
             $output[] = $tmp_out;
         }
         
-        if (!empty($_GET['callback']))
-            echo $_GET['callback']. '=';
-            
         echo json_encode( $output );
 
 //        print_r($data);
diff --git a/item_relations_form.php b/item_relations_form.php
index 212c828..9a03a03 100644
--- a/item_relations_form.php
+++ b/item_relations_form.php
@@ -83,7 +83,7 @@
                },
                source: function(request, response) {
                     jQuery.ajax({
-                        url: "/api/autocomplete_item/81hf938u1hjd83najne83h28d82h382h128fh82h/" + request.term + (jQuery('#item_relations_property_id' + rowid).val() == undefined ? '' : '/' + jQuery('#item_relations_property_id' + rowid).val()),
+                        url: '/item-relations/item-autocomplete/get/term/' + request.term + (jQuery('#item_relations_property_id' + rowid).val() == undefined ? '' : '/elementid/' + jQuery('#item_relations_property_id' + rowid).val()),
                         dataType: "json",
                         data: {
                             // q: request.term
@@ -110,7 +110,7 @@
            },
            source: function(request, response) {
                 jQuery.ajax({
-                    url: "/api/autocomplete_item/81hf938u1hjd83najne83h28d82h382h128fh82h/" + request.term + (jQuery('#item_relations_property_id').val() == undefined ? '' : '/' + jQuery('#item_relations_property_id').val()),
+                   url: '/item-relations/item-autocomplete/get/term/' + request.term + (jQuery('#item_relations_property_id').val() == undefined ? '' : '/elementid/' + jQuery('#item_relations_property_id').val()),
                     dataType: "json",
                     data: {
                         // q: request.term