diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java
index 80213f5cd..b3ea0fb62 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java
@@ -2,6 +2,7 @@
 
 import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor;
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation;
+import edu.internet2.tier.shibboleth.admin.ui.domain.versioning.Version;
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
 import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.User;
@@ -9,6 +10,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
+import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorVersionService;
 import org.opensaml.core.xml.io.MarshallingException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -34,6 +36,7 @@
 import javax.annotation.PostConstruct;
 import javax.xml.ws.Response;
 import java.net.URI;
+import java.util.List;
 import java.util.stream.Collectors;
 
 @RestController
@@ -52,20 +55,17 @@ public class EntityDescriptorController {
     @Autowired
     RestTemplateBuilder restTemplateBuilder;
 
-    private UserRepository userRepository;
-
-    private RoleRepository roleRepository;
-
     private UserService userService;
 
     private RestTemplate restTemplate;
 
+    private EntityDescriptorVersionService versionService;
+
     private static Logger LOGGER = LoggerFactory.getLogger(EntityDescriptorController.class);
 
-    public EntityDescriptorController(UserRepository userRepository, RoleRepository roleRepository, UserService userService) {
-        this.userRepository = userRepository;
-        this.roleRepository = roleRepository;
+    public EntityDescriptorController(UserService userService, EntityDescriptorVersionService versionService) {
         this.userService = userService;
+        this.versionService = versionService;
     }
 
     @PostConstruct
@@ -220,6 +220,40 @@ public ResponseEntity<?> deleteOne(@PathVariable String resourceId) {
         }
     }
 
+    //Versioning endpoints
+
+    @GetMapping("/EntityDescriptor/{resourceId}/Versions")
+    public ResponseEntity<?> getAllVersions(@PathVariable String resourceId) {
+        EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId);
+        if (ed == null) {
+            return ResponseEntity.notFound().build();
+        }
+        List<Version> versions = versionService.findVersionsForEntityDescriptor(resourceId);
+        if (versions.isEmpty()) {
+            return ResponseEntity.notFound().build();
+        }
+        if(isAuthorizedFor(ed.getCreatedBy())) {
+            return ResponseEntity.ok(versions);
+        }
+        return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+    }
+
+    @GetMapping("/EntityDescriptor/{resourceId}/Versions/{versionId}")
+    public ResponseEntity<?> getSpecificVersion(@PathVariable String resourceId, @PathVariable String versionId) {
+        EntityDescriptorRepresentation edRepresentation =
+                versionService.findSpecificVersionOfEntityDescriptor(resourceId, versionId);
+
+        if (edRepresentation == null) {
+            return ResponseEntity.notFound().build();
+        }
+        if(isAuthorizedFor(edRepresentation.getCreatedBy())) {
+            return ResponseEntity.ok(edRepresentation);
+        }
+        return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+    }
+
+    //Private methods
+
     private static URI getResourceUriFor(EntityDescriptor ed) {
         return ServletUriComponentsBuilder
                 .fromCurrentServletMapping().path("/api/EntityDescriptor")
@@ -267,4 +301,11 @@ private ResponseEntity<?> handleUploadingEntityDescriptorXml(byte[] rawXmlBytes,
                 .body(entityDescriptorService.createRepresentationFromDescriptor(persistedEd));
     }
 
+    private boolean isAuthorizedFor(String username) {
+        User u = userService.getCurrentUser();
+        return (u != null) &&
+                (u.getRole().equals("ROLE_ADMIN")
+                        || (u.getUsername().equals(username)));
+    }
+
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java
index 44e1bb9d8..5e1542ea2 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java
@@ -13,5 +13,5 @@ public interface EntityDescriptorVersionService {
 
     List<Version> findVersionsForEntityDescriptor(String resourceId);
 
-    EntityDescriptorRepresentation findSpecificVersionOfEntityDescriptor(String resourceId, String versionToken);
+    EntityDescriptorRepresentation findSpecificVersionOfEntityDescriptor(String resourceId, String versionId);
 }
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy
index 928cd18ec..89cb89d54 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy
@@ -11,6 +11,7 @@ import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorReposit
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
+import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorVersionService
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityDescriptorServiceImpl
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityServiceImpl
 import edu.internet2.tier.shibboleth.admin.ui.util.RandomGenerator
@@ -69,6 +70,7 @@ class EntityDescriptorControllerTests extends Specification {
     RoleRepository roleRepository = Mock()
 
     UserService userService
+    EntityDescriptorVersionService versionService = Mock()
 
     def setup() {
         generator = new TestObjectGenerator()
@@ -78,7 +80,7 @@ class EntityDescriptorControllerTests extends Specification {
         userService = new UserService(roleRepository, userRepository)
         service = new JPAEntityDescriptorServiceImpl(openSamlObjects, new JPAEntityServiceImpl(openSamlObjects), userService)
 
-        controller = new EntityDescriptorController(userRepository, roleRepository, userService)
+        controller = new EntityDescriptorController(userService, versionService)
         controller.entityDescriptorRepository =  entityDescriptorRepository
         controller.openSamlObjects = openSamlObjects
         controller.entityDescriptorService = service