diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js
index c75998d..4758c52 100644
--- a/src/controllers/auth.controller.js
+++ b/src/controllers/auth.controller.js
@@ -71,3 +71,39 @@ export const signup = async (req, res) => {
     return res.status(500).json({ message: `Signup failed: ${error.message}` });
   }
 };
+
+export const verifyEmail = async (req, res) => {
+  try {
+    const { email, otp } = req.body;
+
+    const user = await prisma.user.findFirst({
+      where: { email: email },
+    });
+
+    if (!user) {
+      return res.status(404).json({ message: 'User not found' });
+    }
+
+    // Check OTP
+    if (
+      user.emailVerificationToken !== otp ||
+      user.emailVerificationExpires < new Date()
+    ) {
+      return res.status(400).json({ message: 'Invalid or expired OTP' });
+    }
+
+    // Activate user and clear verification tokens
+    await prisma.user.update({
+      where: { email: email },
+      data: {
+        isActive: true,
+        emailVerificationToken: null,
+        emailVerificationExpires: null,
+      },
+    });
+
+    return res.status(200).json({ message: 'Email verified successfully' });
+  } catch (error) {
+    return res.status(500).json({ message: 'Verification failed', error });
+  }
+};
diff --git a/src/routes/auth.routes.js b/src/routes/auth.routes.js
index 1c06722..2bcf649 100644
--- a/src/routes/auth.routes.js
+++ b/src/routes/auth.routes.js
@@ -1,8 +1,9 @@
 import { Router } from 'express';
-import { signup } from '../controllers/auth.controller.js';
+import { signup, verifyEmail } from '../controllers/auth.controller.js';
 
 const router = Router();
 
 router.post('/api/auth/signup', signup);
+router.post('/api/auth/verifyEmail', verifyEmail);
 
 export default router;