diff --git a/app/api/views/auth_mfa.py b/app/api/views/auth_mfa.py
index 5bf3b24b..ddf66251 100644
--- a/app/api/views/auth_mfa.py
+++ b/app/api/views/auth_mfa.py
@@ -7,11 +7,13 @@ from app.api.base import api_bp
 from app.config import FLASK_SECRET
 from app.db import Session
 from app.email_utils import send_invalid_totp_login_email
+from app.extensions import limiter
 from app.log import LOG
 from app.models import User, ApiKey
 
 
 @api_bp.route("/auth/mfa", methods=["POST"])
+@limiter.limit("10/minute")
 def auth_mfa():
     """
     Validate the OTP Token