diff --git a/gregsite/settings/base.py b/gregsite/settings/base.py
index 11a32801be699f13e49a383c0945d8b91229f7da..81e06942dd58b9fc1a355ea0bfeabf8f25148220 100644
--- a/gregsite/settings/base.py
+++ b/gregsite/settings/base.py
@@ -268,6 +268,17 @@ INTERNAL_RK_PREFIX = "no.{instance}.greg".format(instance=INSTANCE_NAME)
 
 FEIDE_SOURCE = "feide"
 
+# Rate limit settings of invite endpoint
+REST_FRAMEWORK = {
+    "DEFAULT_THROTTLE_CLASSES": [
+        "rest_framework.throttling.AnonRateThrottle",
+    ],
+    "DEFAULT_THROTTLE_RATES": {
+        "anon": "100/day",
+    },
+}
+
+
 # Used by the OU import from orgreg to distinguish the OuIdentifiers from others
 ORGREG_SOURCE = "orgreg"
 ORGREG_NAME = "orgreg_id"
diff --git a/gregsite/settings/dev.py b/gregsite/settings/dev.py
index 0d50da5f288ab1fec646eaf68bb821e4008f9363..5cd39430464c501ad8e133dbc9581f634d02752e 100644
--- a/gregsite/settings/dev.py
+++ b/gregsite/settings/dev.py
@@ -45,6 +45,14 @@ SESSION_COOKIE_SAMESITE = "Lax"
 
 SESSION_COOKIE_AGE = 1209600  # two weeks for easy development
 
+# Disable throttling in development, uncomment CACHES to test
+CACHES = {
+    "default": {
+        "BACKEND": "django.core.cache.backends.dummy.DummyCache",
+    }
+}
+
+
 try:
     from .local import *
 except ImportError:
diff --git a/gregsite/settings/prod.py b/gregsite/settings/prod.py
index fddaf490faf58b375a52ffea9e40ed0deb7b229d..0336f7bc6af9dd96381348351c2053dc900549c7 100644
--- a/gregsite/settings/prod.py
+++ b/gregsite/settings/prod.py
@@ -27,6 +27,13 @@ ALLOWED_HOSTS = (
     else []
 )
 
+# This is the default values for CACHES, only present for clarity
+CACHES = {
+    "default": {
+        "BACKEND": "django.core.cache.backends.locmem.LocMemCache",
+    }
+}
+
 
 try:
     from .local import *
diff --git a/gregui/api/views/invitation.py b/gregui/api/views/invitation.py
index 5a293b3f6e5313f5cc81ec8f458586539d575bc1..a7feaa10006d7417df5ebfac9afbd72ea89b053e 100644
--- a/gregui/api/views/invitation.py
+++ b/gregui/api/views/invitation.py
@@ -11,6 +11,7 @@ from rest_framework.generics import CreateAPIView, GenericAPIView, DestroyAPIVie
 from rest_framework.parsers import JSONParser
 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
+from rest_framework.throttling import AnonRateThrottle
 from rest_framework.views import APIView
 
 from greg.models import Identity, InvitationLink, Person
@@ -96,6 +97,7 @@ class InvitationView(CreateAPIView, DestroyAPIView):
 class CheckInvitationView(APIView):
     authentication_classes = []
     permission_classes = [AllowAny]
+    throttle_classes = [AnonRateThrottle]
 
     def post(self, request, *args, **kwargs):
         """