diff --git a/src/highlanderticketing/handler/order.go b/src/highlanderticketing/handler/order.go
index 4bcef0f148dd84ecdd14768084d5b74b5a95e601..19c0be04225fc079a49b62cc23e3a6c32b167fbc 100644
--- a/src/highlanderticketing/handler/order.go
+++ b/src/highlanderticketing/handler/order.go
@@ -69,7 +69,9 @@ func CancelOrder(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
-	order, err := getOrder(r)
+	fmt.Println(orderId, "orderid")
+	order, err := service.GetOrderById(orderId)
+	fmt.Println("order ", order)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
@@ -89,9 +91,9 @@ func CancelOrder(w http.ResponseWriter, r *http.Request) {
 		log.Errorf("Failure loading internal user Info %v", err)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 	}
-	order.User = *internalUser
-	order.ID = orderId
-	fmt.Println(orderId, "orderId")
+	if order.User != *internalUser {
+		sendJson(w, "user is not allowed to cancel this order")
+	}
 
 	err = service.CancelOrder(id, order)
 	if err != nil {
diff --git a/src/highlanderticketing/service/nats.go b/src/highlanderticketing/service/nats.go
index 23a4c5cae451954ff118e1b547e9aeb026ac4f53..d4c7e379e6391295f558f1471b3b3f57f244c38d 100644
--- a/src/highlanderticketing/service/nats.go
+++ b/src/highlanderticketing/service/nats.go
@@ -60,7 +60,7 @@ func (s NatsServer) ConfirmCancel(e *model.EmialContent) error {
 		fmt.Println(errMarshal)
 		return fmt.Errorf(errMarshal.Error())
 	}
-	response, err := s.Nc.Request("confirmOrder."+string(e.OrderID), []byte(emailContenct), 2*time.Second)
+	response, err := s.Nc.Request("confirmCancel."+string(e.OrderID), []byte(emailContenct), 2*time.Second)
 	if err != nil {
 		log.Println("Error making NATS request:", err)
 		return fmt.Errorf(err.Error())
@@ -70,6 +70,6 @@ func (s NatsServer) ConfirmCancel(e *model.EmialContent) error {
 		return fmt.Errorf(err.Error())
 	}
 
-	fmt.Println("hier die nats response", &res)
+	fmt.Println("hier die nats response", *res)
 	return nil
 }
diff --git a/src/highlanderticketing/service/order.go b/src/highlanderticketing/service/order.go
index fca41f42081a7f24b1b202e1488b601ddbaafe71..63a87290ac68f46257270d58bbb7c5fd4681a3e0 100644
--- a/src/highlanderticketing/service/order.go
+++ b/src/highlanderticketing/service/order.go
@@ -2,6 +2,7 @@ package service
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"gitlab.reutlingen-university.de/ege/highlander-ticketing-go-ss2023/src/highlanderticketing/db"
@@ -179,6 +180,31 @@ func CancelOrder(matchID primitive.ObjectID, order *model.Order) error {
 
 }
 
+func GetOrderById(orderID primitive.ObjectID) (*model.Order, error) {
+	client, err := db.GetMongoClient()
+	if err != nil {
+		return nil, err
+	}
+	collection := client.Database(db.DB).Collection(db.MATCHES)
+
+	filter := bson.M{"orders._id": orderID}
+
+	var result model.Match
+
+	err = collection.FindOne(context.TODO(), filter).Decode(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, order := range result.Orders {
+		if order.ID == orderID {
+			return &order, nil
+		}
+	}
+
+	return nil, errors.New("Order not found")
+}
+
 func deleteOrder(matchID primitive.ObjectID, orderID primitive.ObjectID) error {
 	filter := bson.D{primitive.E{Key: "_id", Value: matchID}}
 	updater := bson.D{primitive.E{Key: "$pull", Value: bson.D{