diff --git a/backend/src/api/routes/auth.route.test.ts b/backend/src/api/routes/auth.route.test.ts
new file mode 100644
index 0000000..55efbd0
--- /dev/null
+++ b/backend/src/api/routes/auth.route.test.ts
@@ -0,0 +1,19 @@
+import request from 'supertest';
+import express from 'express';
+import authRouter from './auth.route';
+import { authLimiter } from '../middleware/rate-limit.middleware';
+
+const app = express();
+app.use(express.json());
+app.use('/sep10', authLimiter, authRouter);
+
+describe('Auth Route Rate Limiting', () => {
+  it('should return 429 when rate limit is exceeded', async () => {
+    // authLimiter max is 10, let's send 11 requests
+    for (let i = 0; i < 10; i++) {
+      await request(app).post('/sep10').send({ account: 'GXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' });
+    }
+    const response = await request(app).post('/sep10').send({ account: 'GXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' });
+    expect(response.status).toBe(429);
+  });
+});
diff --git a/backend/src/index.ts b/backend/src/index.ts
index d059293..5bb0225 100644
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -17,6 +17,7 @@ import relayerRouter from './api/routes/relayer.route';
 import recurringPaymentsRouter from './api/routes/recurring-payments.route';
 import configRouter from './api/routes/config.route';
 import sep31Router from './api/routes/sep31.route';
+import authRouter from './api/routes/auth.route';
 import { errorHandler } from './api/middleware/error.middleware';
 import { metricsMiddleware, connectionTracker } from './api/middleware/metrics.middleware';
 import { securityHeadersMiddleware } from './api/middleware/security-headers.middleware';
@@ -25,7 +26,7 @@ import feeReportRouter from './api/routes/fee-report.route';
 import { feeReportScheduler } from './workers/fee-report.scheduler';
 import eventRouter from './api/routes/event.route';
 import notificationsRouter from './api/routes/notifications.route';
-import { publicLimiter } from './api/middleware/rate-limit.middleware';
+import { publicLimiter, authLimiter } from './api/middleware/rate-limit.middleware';
 import { notificationService } from './services/notification.service';
 import { createEmailProvider, ConsoleSmsProvider, ConsolePushProvider } from './lib/notifications/providers';
 import { NotificationType } from './services/notification.service';
@@ -144,6 +145,9 @@ app.use('/api/relayer', relayerRouter);
 // SEP-40 Swap Rates API
 app.use('/sep40', sep40Router);
 
+// SEP-10 Auth routes
+app.use('/sep10', authLimiter, authRouter);
+
 // SEP-12 KYC routes
 app.use('/sep12', sep12Router);