diff --git a/src/c3nav/mapdata/newapi/mapdata_base.py b/src/c3nav/mapdata/newapi/mapdata_base.py
new file mode 100644
index 00000000..154bd9f2
--- /dev/null
+++ b/src/c3nav/mapdata/newapi/mapdata_base.py
@@ -0,0 +1,41 @@
+from typing import Type, Optional, Sequence
+
+from django.db.models import Model
+
+from c3nav.api.exceptions import API404
+from c3nav.mapdata.api import optimize_query
+from c3nav.mapdata.schemas.filters import FilterSchema
+
+
+def mapdata_list_endpoint(request,
+                          model: Type[Model],
+                          filters: Optional[FilterSchema] = None,
+                          order_by: Sequence[str] = ('pk',)):
+    # todo: request permissions based on api key
+
+    # validate filters
+    if filters:
+        filters.validate(request)
+
+    # get the queryset and filter it
+    qs = optimize_query(
+        model.qs_for_request(request) if hasattr(model, 'qs_for_request') else model.objects.all()
+    )
+    if filters:
+        qs = filters.filter_qs(qs)
+
+    # order_by
+    qs = qs.order_by(*order_by)
+
+    # todo: can access geometry… using defer?
+
+    return qs
+
+
+def mapdata_retrieve_endpoint(request, model: Type[Model], **lookups):
+    try:
+        return optimize_query(
+            model.qs_for_request(request) if hasattr(model, 'qs_for_request') else model.objects.all()
+        ).get(**lookups)
+    except model.DoesNotExist:
+        raise API404("%s not found" % model.__name__.lower())
diff --git a/src/c3nav/mapdata/newapi/updates.py b/src/c3nav/mapdata/newapi/updates.py
index 91c151b8..a871d9ac 100644
--- a/src/c3nav/mapdata/newapi/updates.py
+++ b/src/c3nav/mapdata/newapi/updates.py
@@ -67,4 +67,4 @@ def fetch_updates(request, response: HttpResponse):
         response['Access-Control-Allow-Credentials'] = 'true'
     set_tile_access_cookie(request, response)
 
-    return response
+    return result