diff --git a/index.js b/index.js
index 19dfc75..8e5c512 100644
--- a/index.js
+++ b/index.js
@@ -21,6 +21,15 @@ app.use(bodyParser.urlencoded({ extended: true }));
 // -- Parse cookies
 const cookieParser = require('cookie-parser');
 app.use(cookieParser());
+// -- Rate limiting
+const { rateLimit } = require('express-rate-limit')
+const limiter = rateLimit({
+	windowMs: 10 * 60 * 1000, // 15 minutes
+	limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
+	standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
+	legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+	// store: ... , // Redis, Memcached, etc. See below.
+})
 
 // Authentication
 const { signup, login, logout, resetPassword } = require('./auth/authEmail.js');
diff --git a/package-lock.json b/package-lock.json
index f8e5e25..53e8172 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -18,6 +18,7 @@
         "dotenv": "^8.2.0",
         "expo-server-sdk": "^3.6.0",
         "express": "^4.17.1",
+        "express-rate-limit": "^7.5.0",
         "mongodb": "^3.6.3",
         "nodemailer": "^6.6.3",
         "object-hash": "^3.0.0",
@@ -1277,6 +1278,21 @@
         "node": ">= 0.10.0"
       }
     },
+    "node_modules/express-rate-limit": {
+      "version": "7.5.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.0.tgz",
+      "integrity": "sha512-eB5zbQh5h+VenMPM3fh+nw1YExi5nMr6HUCR62ELSP11huvxm/Uir1H1QEyTkk5QX6A58pX6NmaTMceKZ0Eodg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/express-rate-limit"
+      },
+      "peerDependencies": {
+        "express": "^4.11 || 5 || ^5.0.0-beta.1"
+      }
+    },
     "node_modules/fast-safe-stringify": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
@@ -4560,6 +4576,12 @@
         "vary": "~1.1.2"
       }
     },
+    "express-rate-limit": {
+      "version": "7.5.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.0.tgz",
+      "integrity": "sha512-eB5zbQh5h+VenMPM3fh+nw1YExi5nMr6HUCR62ELSP11huvxm/Uir1H1QEyTkk5QX6A58pX6NmaTMceKZ0Eodg==",
+      "requires": {}
+    },
     "fast-safe-stringify": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
diff --git a/package.json b/package.json
index e5d54da..21c279a 100644
--- a/package.json
+++ b/package.json
@@ -22,6 +22,7 @@
     "dotenv": "^8.2.0",
     "expo-server-sdk": "^3.6.0",
     "express": "^4.17.1",
+    "express-rate-limit": "^7.5.0",
     "mongodb": "^3.6.3",
     "nodemailer": "^6.6.3",
     "object-hash": "^3.0.0",