diff --git a/src/alpine_bits_python/api.py b/src/alpine_bits_python/api.py
index cacdab9..8fd584d 100644
--- a/src/alpine_bits_python/api.py
+++ b/src/alpine_bits_python/api.py
@@ -572,16 +572,24 @@ async def handle_wix_form_test(
         raise HTTPException(status_code=500, detail="Error processing test data")
 
 
-@api_router.post("/hoteldata/conversions_import")
+@api_router.put("/hoteldata/conversions_import/{filename:path}")
 @limiter.limit(DEFAULT_RATE_LIMIT)
 async def handle_xml_upload(
-    request: Request, credentials_tupel: tuple = Depends(validate_basic_auth)
+    request: Request,
+    filename: str,
+    credentials_tupel: tuple = Depends(validate_basic_auth),
 ):
-    """Endpoint for receiving XML files for conversion processing.
+    """Endpoint for receiving XML files for conversion processing via PUT.
     Requires basic authentication and saves XML files to log directory.
     Supports gzip compression via Content-Encoding header.
+
+    Example: PUT /api/hoteldata/conversions_import/Reservierungen.xml
     """
     try:
+        # Validate filename to prevent path traversal
+        if ".." in filename or filename.startswith("/"):
+            raise HTTPException(status_code=400, detail="ERROR: Invalid filename")
+
         # Get the raw body content
         body = await request.body()
 
@@ -626,12 +634,20 @@ async def handle_xml_upload(
         # Generate filename with timestamp and authenticated user
         username, _ = credentials_tupel
         timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
-        log_filename = logs_dir / f"xml_import_{username}_{timestamp}.xml"
+        # Use the filename from the path, but add timestamp and username for uniqueness
+        base_filename = Path(filename).stem
+        extension = Path(filename).suffix or ".xml"
+        log_filename = logs_dir / f"{base_filename}_{username}_{timestamp}{extension}"
 
         # Save XML content to file
         log_filename.write_text(xml_content, encoding="utf-8")
 
-        _LOGGER.info("XML file saved to %s by user %s", log_filename, username)
+        _LOGGER.info(
+            "XML file saved to %s by user %s (original: %s)",
+            log_filename,
+            username,
+            filename,
+        )
 
         response_headers = {
             "Content-Type": "application/xml; charset=utf-8",