diff --git a/backend/main.py b/backend/main.py
index e08af748a9b62a389c0a086276c1fdb6e1398e9b..82d1274cfac292910c066e9f770064db0d7a2c26 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -1,7 +1,10 @@
 from uuid import UUID
 
-from fastapi import Depends, FastAPI, HTTPException
+from fastapi import Depends, FastAPI, HTTPException, Request
 from fastapi.middleware.cors import CORSMiddleware
+from slowapi import Limiter, _rate_limit_exceeded_handler
+from slowapi.errors import RateLimitExceeded
+from slowapi.util import get_remote_address
 from sqlalchemy.orm import Session
 
 from . import schemas, utils
@@ -13,8 +16,6 @@ create_database()
 app = FastAPI()
 
 origins = [settings.customer_url, settings.worker_url]
-
-
 app.add_middleware(
     CORSMiddleware,
     allow_origins=origins,
@@ -22,6 +23,9 @@ app.add_middleware(
     allow_methods=["*"],
     allow_headers=["*"],
 )
+limiter = Limiter(key_func=get_remote_address)
+app.state.limiter = limiter
+app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
 
 
 # Dependency
@@ -34,7 +38,12 @@ def get_db():
 
 
 @app.post("/item/prepare", response_model=schemas.Item)
-def add_item(item: schemas.ItemCreatePrepareShipping, db: Session = Depends(get_db)):
+@limiter.limit("2/minute")
+def add_item(
+    request: Request,
+    item: schemas.ItemCreatePrepareShipping,
+    db: Session = Depends(get_db),
+):
     return utils.prepare_item_shipping(db, item)
 
 
diff --git a/requirements.txt b/requirements.txt
index eab79be612cede5d6cbc159823389523c162a6c6..cba80ad9583d632667c2da6ec273b6cdc89148ae 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,3 +4,4 @@ Jinja2==3.1.2
 python-multipart==0.0.6
 SQLAlchemy==2.0.9
 uvicorn[standard]==0.21.1
+slowapi==0.1.8