diff --git a/src/backend/main.ts b/src/backend/main.ts
index 83d3dc6..bcc6f7b 100644
--- a/src/backend/main.ts
+++ b/src/backend/main.ts
@@ -2,11 +2,13 @@ import express from 'express'
 
 import authMiddleware from './middleware/auth'
 import tokenMiddleware from './middleware/token'
+import isAdmin from './middleware/isAdmin'
 
 import * as auth from './routes/auth'
 import * as client from './routes/client'
 import * as tunnel from './routes/tunnel'
 import * as clientOnly from './routes/clientOnly'
+import * as admin from './routes/admin'
 
 import {
   checkForRathole,
@@ -58,6 +60,13 @@ app.delete('/api/v1/tunnel/:id', authMiddleware, tunnel.remove)
 
 app.get('/api/v1/clientOnly/generate', tokenMiddleware, clientOnly.generate)
 
+app.post(
+  '/api/v1/admin/createAccount',
+  authMiddleware,
+  isAdmin,
+  admin.createAccount
+)
+
 app.use(express.static('dist'))
 app.get('*', (_, res) => {
   res.sendFile('dist/index.html', { root: '.' })
diff --git a/src/backend/middleware/isAdmin.ts b/src/backend/middleware/isAdmin.ts
new file mode 100644
index 0000000..0ee9168
--- /dev/null
+++ b/src/backend/middleware/isAdmin.ts
@@ -0,0 +1,12 @@
+import { Request, Response, NextFunction } from 'express'
+
+const isAdmin = (req: Request, res: Response, next: NextFunction) => {
+  const user = req.user
+  if (user.adm) {
+    next()
+  } else {
+    res.status(403).json({ message: 'Forbidden' })
+  }
+}
+
+export default isAdmin
diff --git a/src/backend/routes/admin.ts b/src/backend/routes/admin.ts
new file mode 100644
index 0000000..1cbaba0
--- /dev/null
+++ b/src/backend/routes/admin.ts
@@ -0,0 +1,14 @@
+import { Request, Response } from 'express'
+
+import db from '../db'
+
+export const createAccount = (req: Request, res: Response) => {
+  const { username, password } = req.body
+  const user = db.users.find(username)
+  if (user) {
+    res.status(400).json({ message: 'Username already exists' })
+  } else {
+    db.users.create(username, password)
+    res.json({ message: 'Account created' })
+  }
+}