diff --git a/flaschengeist/controller/userController.py b/flaschengeist/controller/userController.py
index 3f0c9b0..024297d 100644
--- a/flaschengeist/controller/userController.py
+++ b/flaschengeist/controller/userController.py
@@ -199,3 +199,9 @@ def load_avatar(user: User):
 def save_avatar(user, avatar):
     current_app.config["FG_AUTH_BACKEND"].set_avatar(user, avatar)
     db.session.commit()
+
+
+def persist(user=None):
+    if user:
+        db.session.add(user)
+    db.session.commit()
diff --git a/flaschengeist/plugins/balance/__init__.py b/flaschengeist/plugins/balance/__init__.py
index e56e372..6860a8e 100644
--- a/flaschengeist/plugins/balance/__init__.py
+++ b/flaschengeist/plugins/balance/__init__.py
@@ -4,6 +4,8 @@ Extends users plugin with balance functions
 """
 
 from datetime import datetime, timezone
+
+from flaschengeist.utils.HTTP import no_content
 from flask import Blueprint, request, jsonify
 from werkzeug.exceptions import Forbidden, BadRequest
 
@@ -39,31 +41,41 @@ class BalancePlugin(Plugin):
         db.create_all()
 
 
-@balance_bp.route("/users/<userid>/balance/shortcuts", methods=["GET"])
+@balance_bp.route("/users/<userid>/balance/shortcuts", methods=["GET", "PUT"])
 @login_required()
 def get_shortcuts(userid, current_session: Session):
-    """Get set limit of an user
+    """Get balance shortcuts of an user
 
-    Route: ``/users/<userid>/balance/limit`` | Method: ``GET``
+    Route: ``/users/<userid>/balance/shortcuts`` | Method: ``GET`` or ``PUT``
+    POST-data: On ``PUT`` json encoded array of floats
 
     Args:
         userid: Userid identifying the user
         current_session: Session sent with Authorization Header
 
     Returns:
-        JSON object containing the limit (or Null if no limit set) or HTTP error
+        GET: JSON object containing the shortcuts as float array or HTTP error
+        PUT: HTTP-created or HTTP error
     """
     if userid != current_session._user.userid:
         raise Forbidden
 
     user = userController.get_user(userid)
-    return jsonify(user.get_attribute("balance_shortcuts", []))
+    if request.method == "GET":
+        return jsonify(user.get_attribute("balance_shortcuts", []))
+    else:
+        data = request.get_json()
+        if not isinstance(data, list) or all(isinstance(n, int) for n in data):
+            raise BadRequest
+        user.set_attribute("balance_shortcuts", data)
+        userController.persist()
+        return no_content()
 
 
 @balance_bp.route("/users/<userid>/balance/limit", methods=["GET"])
 @login_required()
 def get_limit(userid, current_session: Session):
-    """Get set limit of an user
+    """Get limit of an user
 
     Route: ``/users/<userid>/balance/limit`` | Method: ``GET``