diff --git a/changelog.d/oauth-app-spam.fix b/changelog.d/oauth-app-spam.fix
new file mode 100644
index 000000000..0e95c01d7
--- /dev/null
+++ b/changelog.d/oauth-app-spam.fix
@@ -0,0 +1 @@
+Add a rate limiter to the OAuth App creation endpoint
diff --git a/config/config.exs b/config/config.exs
index ad6b1cb94..a4fedff45 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -711,6 +711,7 @@ config :pleroma, :rate_limit,
   timeline: {500, 3},
   search: [{1000, 10}, {1000, 30}],
   app_account_creation: {1_800_000, 25},
+  oauth_app_creation: {900_000, 5},
   relations_actions: {10_000, 10},
   relation_id_action: {60_000, 2},
   statuses_actions: {10_000, 15},
diff --git a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
index 844673ae0..6cfeb712e 100644
--- a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
@@ -19,6 +19,8 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
 
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 
+  plug(Pleroma.Web.Plugs.RateLimiter, [name: :oauth_app_creation] when action == :create)
+
   plug(:skip_auth when action in [:create, :verify_credentials])
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)