diff --git a/controlpanel/api/routes/decoy.js b/controlpanel/api/routes/decoy.js
index 16b7f45..4a8ca47 100644
--- a/controlpanel/api/routes/decoy.js
+++ b/controlpanel/api/routes/decoy.js
@@ -43,4 +43,14 @@ router.put('/:id', async (req, res) => {
     }
 });
 
+router.patch('/state', async (req, res) => {
+    try {
+        const result = await decoyService.updateDecoyState(req.body);
+        return res.status(result.code).send(result);
+    } catch(e) {
+        console.error(e);
+        return { type: 'error', code: 500, message: "Server error", data: e };
+    }
+});
+
 module.exports = router;
\ No newline at end of file
diff --git a/controlpanel/api/services/decoy.js b/controlpanel/api/services/decoy.js
index a5e56ce..0ea98ff 100644
--- a/controlpanel/api/services/decoy.js
+++ b/controlpanel/api/services/decoy.js
@@ -77,5 +77,22 @@ module.exports = {
         } catch(e) {
             throw e;
         }
+    },
+    /**
+     * @param {JSON} decoyData
+     */
+    updateDecoyState: async (decoyData) => {
+        try {
+            if (typeof decoyData != 'object') return { type: 'error', code: 422, message: 'Payload should be a json' };
+            if (!decoyData.id) return { type: 'error', code: 422, message: 'No decoy id provided' }
+            if (!isUUID(decoyData.id)) return { type: 'error', code: 400, message: 'Invalid decoy id supplied' };
+            if (!decoyData.state) return { type: 'error', code: 422, message: 'No state provided' };
+            if (!['active', 'inactive', 'error'].includes(decoyData.state)) return { type: 'error', code: 422, message: 'Invalid state provided' };
+            const updatedDecoy = await Decoy.update({ state: decoyData.state }, { where: { id: decoyData.id }});
+            if (!updatedDecoy['0']) return { type: 'success', code: 404, message: 'Decoy not found' };
+            return { type: 'success', code: 200, message: 'Successful operation' };
+        } catch(e) {
+            throw e;
+        }
     }
 }
\ No newline at end of file