diff --git a/inc/activities/update.php b/inc/activities/update.php
index 2ebdd1d..b250e08 100644
--- a/inc/activities/update.php
+++ b/inc/activities/update.php
@@ -3,18 +3,18 @@ namespace activities\update;
 
 require_once plugin_dir_path( __FILE__ ) . '/../objects.php';
 
-function handle_outbox( $actor, $activity ) {
+function handle_outbox( $actor_slug, $activity ) {
     if ( !(array_key_exists( 'type', $activity ) && $activity['type'] === 'Update') ) {
         return new \WP_Error(
             'invalid_activity',
-            __( 'Expecting an Update activity', 'activitypub' ),
+            __( 'Expecting an Update activity', 'pterotype' ),
             array( 'status' => 400 )
         );
     }
     if ( !array_key_exists( 'object', $activity ) ) {
         return new \WP_Error(
             'invalid_activity',
-            __( 'Expecting an object', 'activitypub' ),
+            __( 'Expecting an object', 'pterotype' ),
             array( 'status' => 400 )
         );
     }
@@ -22,7 +22,7 @@ function handle_outbox( $actor, $activity ) {
     if ( !array_key_exists( 'id', $update_object ) ) {
         return new \WP_Error(
             'invalid_object',
-            __( 'Object must have an "id" parameter', 'activitypub' ),
+            __( 'Object must have an "id" parameter', 'pterotype' ),
             array( 'status' => 400 )
         );
     }
@@ -37,4 +37,59 @@ function handle_outbox( $actor, $activity ) {
     }
     return $activity;
 }
+
+function handle_inbox( $actor_slug, $activity ) {
+    if ( !(array_key_exists( 'type', $activity ) && $activity['type'] === 'Update') ) {
+        return new \WP_Error(
+            'invalid_activity',
+            __( 'Expecting an Update activity', 'pterotype' ),
+            array( 'status' => 400 )
+        );
+    }
+    if ( !array_key_exists( 'id', $activity ) ) {
+        return new \WP_Error(
+            'invalid_activity',
+            __( 'Activities must have an "id" field', 'pterotype' ),
+            array( 'status' => 400 )
+        );
+    }
+    if ( !array_key_exists( 'object', $activity ) ) {
+        return new \WP_Error(
+            'invalid_activity',
+            __( 'Expecting an object', 'pterotype' ),
+            array( 'status' => 400 )
+        );
+    }
+    $object = $activity['object'];
+    if ( !array_key_exists( 'id', $object ) ) {
+        return new \WP_Error(
+            'invalid_activity',
+            __( 'Objects must have an "id" field', 'pterotype' ),
+            array( 'status' => 400 )
+        );
+    }
+    $authorized = check_authorization( $activity );
+    if ( is_wp_error( $authorized ) ) {
+        return $authorized;
+    }
+    $object = \objects\upsert_object( $object );
+    if ( is_wp_error( $object ) ) {
+        return $object;
+    }
+    return $activity;
+}
+
+function check_authorization( $activity ) {
+    $object = $activity['object'];
+    $activity_origin = parse_url( $activity['id'] )['host'];
+    $object_origin = parse_url( $object['id'] )['host'];
+    if ( ( !$activity_origin || !$object_origin ) || $activity_origin !== $object_origin ) {
+        return new \WP_Error(
+            'unauthorized',
+            __( 'Unauthorized Update activity', 'pterotype' ),
+            array( 'status' => 403 )
+        );
+    }
+    return true;
+}
 ?>
diff --git a/inc/inbox.php b/inc/inbox.php
index 3f9e513..cf42cf0 100644
--- a/inc/inbox.php
+++ b/inc/inbox.php
@@ -26,6 +26,7 @@ function handle_activity( $actor_slug, $activity ) {
         $activity = \create\handle_inbox( $actor_slug, $activity );
         break;
     case 'Update':
+        $activity = \update\handle_inbox( $actor_slug, $activity );
         break;
     case 'Delete':
         break;