diff --git a/package-lock.json b/package-lock.json
index 50990db..7572876 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,6 +14,7 @@
         "decimal.js": "^10.4.3",
         "dotenv": "^16.0.3",
         "express": "^4.18.2",
+        "express-rate-limit": "^8.2.1",
         "jimp": "^0.22.8",
         "jsonwebtoken": "^9.0.0",
         "nanoid": "^5.1.5",
@@ -4261,6 +4262,24 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/express-rate-limit": {
+      "version": "8.2.1",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.2.1.tgz",
+      "integrity": "sha512-PCZEIEIxqwhzw4KF0n7QF4QqruVTcF73O5kFKUnGOyjbCCgizBBiFaYpd/fnBLUMPw/BWw9OsiN7GgrNYr7j6g==",
+      "license": "MIT",
+      "dependencies": {
+        "ip-address": "10.0.1"
+      },
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/express-rate-limit"
+      },
+      "peerDependencies": {
+        "express": ">= 4.11"
+      }
+    },
     "node_modules/express/node_modules/debug": {
       "version": "2.6.9",
       "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -5181,6 +5200,15 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/ip-address": {
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.0.1.tgz",
+      "integrity": "sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
     "node_modules/ipaddr.js": {
       "version": "1.9.1",
       "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
diff --git a/package.json b/package.json
index 2ccf31e..f5d7a74 100644
--- a/package.json
+++ b/package.json
@@ -23,6 +23,7 @@
     "decimal.js": "^10.4.3",
     "dotenv": "^16.0.3",
     "express": "^4.18.2",
+    "express-rate-limit": "^8.2.1",
     "jimp": "^0.22.8",
     "jsonwebtoken": "^9.0.0",
     "nanoid": "^5.1.5",
diff --git a/src/middleware/middleware.ts b/src/middleware/middleware.ts
index 0f81c49..cddcdd9 100644
--- a/src/middleware/middleware.ts
+++ b/src/middleware/middleware.ts
@@ -1,4 +1,5 @@
 import { NextFunction, Request, Response } from 'express';
+import { rateLimit } from 'express-rate-limit';
 import jwt from 'jsonwebtoken';
 import User from '@/schemes/User';
 import UserData from '../interfaces/common/UserData';
@@ -34,6 +35,18 @@ class Middleware {
 			res.status(401).send({ success: false, data: 'Unauthorized' });
 		}
 	}
+
+	defaultRateLimit = async (req: Request, res: Response, next: NextFunction) =>
+		rateLimit({
+			windowMs: 10 * 60 * 1000, // 10 minutes
+			max: 600, // limit each IP to 600 requests per windowMs for /api/check-auth
+			message: {
+				success: false,
+				data: 'Too many requests from this IP, please try again later.',
+			},
+			standardHeaders: true,
+			legacyHeaders: false,
+		})(req, res, next);
 }
 
 const middleware = new Middleware();
diff --git a/src/server.ts b/src/server.ts
index d6f1d3a..5337b6f 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -74,6 +74,8 @@ process.on('unhandledRejection', (reason, promise) => {
 
 	socketStart(io);
 
+	app.use(middleware.defaultRateLimit);
+
 	app.use(express.json());
 	app.use(express.urlencoded({ extended: true }));