diff --git a/backend/internal/v1/v1_auth/routes.go b/backend/internal/v1/v1_auth/routes.go
index 44b5150..8af2cea 100644
--- a/backend/internal/v1/v1_auth/routes.go
+++ b/backend/internal/v1/v1_auth/routes.go
@@ -4,6 +4,7 @@ import (
 	"KonferCA/SPUR/db"
 	"KonferCA/SPUR/internal/interfaces"
 	"KonferCA/SPUR/internal/middleware"
+	"time"
 
 	"github.com/labstack/echo/v4"
 )
@@ -14,12 +15,21 @@ Sets up the V1 auth routes.
 func SetupAuthRoutes(e *echo.Group, s interfaces.CoreServer) {
 
 	h := Handler{server: s}
+
+	// 5 request per minute, get block for 15 minutes, and ban up to 1 hour after four blocks.
+	authLimiter := middleware.NewRateLimiter(&middleware.RateLimiterConfig{
+		Requests:    5,
+		Window:      time.Minute,
+		BlockPeriod: time.Minute * 15,
+		MaxBlocks:   4,
+	})
+
 	e.POST("/auth/login", h.handleLogin)
 	e.GET(
 		"/auth/ami-verified",
 		h.handleEmailVerificationStatus,
 		middleware.Auth(s.GetDB(), db.UserRoleStartupOwner, db.UserRoleAdmin),
 	)
-	e.GET("/auth/verify-email", h.handleVerifyEmail)
-	e.POST("/auth/register", h.handleRegister)
+	e.GET("/auth/verify-email", h.handleVerifyEmail, authLimiter.RateLimit())
+	e.POST("/auth/register", h.handleRegister, authLimiter.RateLimit())
 }