diff --git a/api/kiwi_vpn_api/routers/_deps.py b/api/kiwi_vpn_api/routers/_deps.py
index ac6431e..4566a75 100644
--- a/api/kiwi_vpn_api/routers/_deps.py
+++ b/api/kiwi_vpn_api/routers/_deps.py
@@ -29,6 +29,10 @@ class Responses:
         "description": "Must be admin",
         "content": None,
     }
+    entry_exists = {
+        "description": "Entry exists in database",
+        "content": None,
+    }
 
 
 async def get_current_user(
diff --git a/api/kiwi_vpn_api/routers/user.py b/api/kiwi_vpn_api/routers/user.py
index ce3397d..0f4552c 100644
--- a/api/kiwi_vpn_api/routers/user.py
+++ b/api/kiwi_vpn_api/routers/user.py
@@ -47,3 +47,38 @@ async def get_current_user(
     current_user: schemas.User | None = Depends(_deps.get_current_user),
 ):
     return current_user
+
+
+@router.post(
+    "/new",
+    responses={
+        status.HTTP_200_OK: _deps.Responses.ok,
+        status.HTTP_400_BAD_REQUEST: _deps.Responses.not_installed,
+        status.HTTP_401_UNAUTHORIZED: _deps.Responses.needs_user,
+        status.HTTP_403_FORBIDDEN: _deps.Responses.needs_admin,
+        status.HTTP_409_CONFLICT: _deps.Responses.entry_exists,
+    },
+    response_model=schemas.User,
+)
+async def add_user(
+    user: schemas.UserCreate,
+    current_config: Config | None = Depends(Config.load),
+    current_user: schemas.User | None = Depends(_deps.get_current_user),
+    db: Session | None = Depends(Connection.get),
+):
+    if current_config is None:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
+
+    if current_user is None or "admin" not in current_user.capabilities:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
+
+    new_user = schemas.User.create(
+        db=db,
+        user=user,
+        crypt_context=await current_config.crypto.crypt_context,
+    )
+
+    if new_user is None:
+        raise HTTPException(status_code=status.HTTP_409_CONFLICT)
+
+    return new_user