diff --git a/src/main.rs b/src/main.rs
index f91ebb8..5ed9322 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -171,6 +171,7 @@ async fn run_server(db: Arc<DatabaseConnection>) {
         .routes(routes!(routes::book_instance::sell_book_instance))
         .routes(routes!(routes::book_instance::bulk_create_book_instance))
         .routes(routes!(routes::book_instance::get_bal_owner_book_instances))
+        .routes(routes!(routes::book_instance::get_bal_book_instances_by_ean))
         // Owner API
         .routes(routes!(routes::owner::get_owner_by_id))
         .routes(routes!(routes::owner::create_owner))
diff --git a/src/routes/book_instance.rs b/src/routes/book_instance.rs
index 93b740b..ffc5103 100644
--- a/src/routes/book_instance.rs
+++ b/src/routes/book_instance.rs
@@ -2,11 +2,11 @@ use std::sync::Arc;
 
 use axum::{extract::{Path, State}, Json};
 use reqwest::{StatusCode};
-use sea_orm::{ActiveModelTrait, ActiveValue::{NotSet, Set}, ColumnTrait, EntityTrait, QueryFilter, TryIntoModel};
+use sea_orm::{ActiveModelTrait, ActiveValue::{NotSet, Set}, ColumnTrait, EntityTrait, JoinType, QueryFilter, QuerySelect, RelationTrait, TryIntoModel};
 use serde::{Deserialize, Serialize};
 use utoipa::IntoParams;
 
-use crate::{entities::{book_instance, prelude::*}, routes::auth::Claims, utils::auth::{user_is_bal_owner, user_is_book_instance_owner, user_is_owner_owner}, AppState};
+use crate::{entities::{book, book_instance, prelude::*}, routes::auth::Claims, utils::auth::{user_is_bal_owner, user_is_book_instance_owner, user_is_owner_owner}, AppState};
 
 
 #[derive(IntoParams)]
@@ -295,3 +295,42 @@ pub async fn get_bal_owner_book_instances(
         (StatusCode::INTERNAL_SERVER_ERROR, Json(vec![]))
     }
 }
+
+#[derive(IntoParams)]
+#[into_params(names("bal_id", "ean"), parameter_in = Path)]
+#[allow(dead_code)]
+struct BalBookByEanParams(u32, String);
+
+#[axum::debug_handler]
+#[utoipa::path(
+    get,
+    path = "/bal/{bal_id}/ean/{ean}/book_instances",
+    params(BalBookByEanParams),
+    security(("jwt" = [])),
+    responses(
+        (status = OK, body = Vec<book_instance::Model>, description = "Found book instances in the database"),
+        (status = FORBIDDEN, description = "You do not own the specified bal"),
+    ),
+    summary = "Get books instances with the specified ean in a bal",
+    description = "Lists all book instances with the specified ean in a bal",
+    tag = "book-instance-api",
+)]
+pub async fn get_bal_book_instances_by_ean(
+    State(state): State<Arc<AppState>>,
+    claims: Claims,
+    Path((bal_id, ean)): Path<(u32, String)>,
+) -> (StatusCode, Json<Vec<book_instance::Model>>) {
+    if !user_is_bal_owner(claims.user_id, bal_id, state.db_conn.as_ref()).await {
+        return (StatusCode::FORBIDDEN, Json(vec![]));
+    }
+    if let Ok(res) = BookInstance::find()
+        .filter(book_instance::Column::BalId.eq(bal_id))
+        .join(JoinType::InnerJoin, book_instance::Relation::Book.def())
+        .filter(book::Column::Ean.eq(ean))
+        .all(state.db_conn.as_ref()).await
+    {
+        (StatusCode::OK, Json(res))
+    } else {
+        (StatusCode::INTERNAL_SERVER_ERROR, Json(vec![]))
+    }
+}