diff --git a/README.md b/README.md
index a366e4ba..0211ea65 100644
--- a/README.md
+++ b/README.md
@@ -901,6 +901,18 @@ If success, 200 with the list of activities, for example:
 }
 ```
 
+#### PUT /api/aliases/:alias_id
+
+Update alias note. In the future, the endpoint will support other updates (e.g. mailbox update) as well.
+ 
+Input:
+- `Authentication` header that contains the api key
+- `alias_id` in url.
+- `note` in request body
+
+Output:
+If success, return 200
+
 
 ### Database migration
 
diff --git a/app/api/views/alias.py b/app/api/views/alias.py
index 18f5a46a..0e3e29c7 100644
--- a/app/api/views/alias.py
+++ b/app/api/views/alias.py
@@ -158,3 +158,34 @@ def get_alias_activities(alias_id):
         activities.append(activity)
 
     return (jsonify(activities=activities), 200)
+
+
+@api_bp.route("/aliases/<int:alias_id>", methods=["PUT"])
+@cross_origin()
+@verify_api_key
+def update_alias(alias_id):
+    """
+    Update alias note
+    Input:
+        alias_id: in url
+        note: in body
+    Output:
+        200
+
+
+    """
+    data = request.get_json()
+    if not data:
+        return jsonify(error="request body cannot be empty"), 400
+
+    user = g.user
+    gen_email: GenEmail = GenEmail.get(alias_id)
+
+    if gen_email.user_id != user.id:
+        return jsonify(error="Forbidden"), 403
+
+    new_note = data.get("note")
+    gen_email.note = new_note
+    db.session.commit()
+
+    return jsonify(note=new_note), 200
diff --git a/tests/api/test_alias.py b/tests/api/test_alias.py
index f6bc62b7..bbab7d24 100644
--- a/tests/api/test_alias.py
+++ b/tests/api/test_alias.py
@@ -160,3 +160,26 @@ def test_alias_activities(flask_client):
         headers={"Authentication": api_key.code},
     )
     assert len(r.json["activities"]) < 3
+
+
+def test_update_alias(flask_client):
+    user = User.create(
+        email="a@b.c", password="password", name="Test User", activated=True
+    )
+    db.session.commit()
+
+    # create api_key
+    api_key = ApiKey.create(user.id, "for test")
+    db.session.commit()
+
+    gen_email = GenEmail.create_new_random(user)
+    db.session.commit()
+
+    r = flask_client.put(
+        url_for("api.update_alias", alias_id=gen_email.id),
+        headers={"Authentication": api_key.code},
+        json={"note": "test note"},
+    )
+
+    assert r.status_code == 200
+    assert r.json == {"note": "test note"}