diff --git a/src/lib/routes/admin-api/user-admin.ts b/src/lib/routes/admin-api/user-admin.ts
index f08a74dbdc..6eadb17b01 100644
--- a/src/lib/routes/admin-api/user-admin.ts
+++ b/src/lib/routes/admin-api/user-admin.ts
@@ -39,6 +39,8 @@ import {
 } from '../../openapi/spec/users-groups-base-schema';
 import { IGroup } from '../../types/group';
 import { IFlagResolver } from '../../types/experimental';
+import rateLimit from 'express-rate-limit';
+import { minutesToMilliseconds } from 'date-fns';
 
 export default class UserAdminController extends Controller {
     private flagResolver: IFlagResolver;
@@ -202,6 +204,12 @@ export default class UserAdminController extends Controller {
                     requestBody: createRequestSchema('createUserSchema'),
                     responses: { 200: createResponseSchema('userSchema') },
                 }),
+                rateLimit({
+                    windowMs: minutesToMilliseconds(1),
+                    max: 20,
+                    standardHeaders: true,
+                    legacyHeaders: false,
+                }),
             ],
         });