diff --git a/app/Mod/Names/Controllers/NamesController.php b/app/Mod/Names/Controllers/NamesController.php
index b097e57..12548af 100644
--- a/app/Mod/Names/Controllers/NamesController.php
+++ b/app/Mod/Names/Controllers/NamesController.php
@@ -525,6 +525,63 @@ class NamesController extends Controller
      * Matches daemon's validate_alias_name: a-z, 0-9, dash, dot. Max 255 chars.
      * We additionally require at least 1 char (daemon allows empty but we don't).
      */
+    /**
+     *   POST /v1/names/claims/{id}/approve
+     */
+    public function approveClaim(string $id): JsonResponse
+    {
+        $claim = NameClaim::where('claim_id', $id)->first();
+
+        if (! $claim) {
+            return response()->json(['error' => 'Claim not found'], 404);
+        }
+
+        if ($claim->status !== 'pending') {
+            return response()->json(['error' => "Claim already {$claim->status}"], 409);
+        }
+
+        $claim->approve();
+
+        Models\NameActivity::log($claim->name, 'claim_approved', [
+            'claim_id' => $claim->claim_id,
+            'email' => $claim->email,
+        ]);
+
+        return response()->json([
+            'claim_id' => $claim->claim_id,
+            'name' => $claim->name,
+            'status' => 'approved',
+        ]);
+    }
+
+    /**
+     *   POST /v1/names/claims/{id}/reject
+     */
+    public function rejectClaim(string $id): JsonResponse
+    {
+        $claim = NameClaim::where('claim_id', $id)->first();
+
+        if (! $claim) {
+            return response()->json(['error' => 'Claim not found'], 404);
+        }
+
+        if ($claim->status !== 'pending') {
+            return response()->json(['error' => "Claim already {$claim->status}"], 409);
+        }
+
+        $claim->reject();
+
+        Models\NameActivity::log($claim->name, 'claim_rejected', [
+            'claim_id' => $claim->claim_id,
+        ]);
+
+        return response()->json([
+            'claim_id' => $claim->claim_id,
+            'name' => $claim->name,
+            'status' => 'rejected',
+        ]);
+    }
+
     private function isValidName(string $name): bool
     {
         return (bool) preg_match('/^[a-z0-9][a-z0-9.\-]{0,254}$/', $name);
diff --git a/app/Mod/Names/Routes/api.php b/app/Mod/Names/Routes/api.php
index cf2c262..42dd00e 100644
--- a/app/Mod/Names/Routes/api.php
+++ b/app/Mod/Names/Routes/api.php
@@ -22,3 +22,5 @@ Route::get('/sunrise/check/{name}', [NamesController::class, 'sunriseCheck']);
 // Pre-registration claims (soft launch)
 Route::post('/claim', [NamesController::class, 'claim'])->middleware('throttle:10,1');
 Route::get('/claims', [NamesController::class, 'listClaims'])->middleware('auth.api');
+Route::post('/claims/{id}/approve', [NamesController::class, 'approveClaim'])->middleware('auth.api');
+Route::post('/claims/{id}/reject', [NamesController::class, 'rejectClaim'])->middleware('auth.api');