diff --git a/api/app.py b/api/app.py
index a5031847df3b5d83e38729e8ce2ae884aa841083..d68758abff4ebcf09cef7907e89f8b9e983103a2 100644
--- a/api/app.py
+++ b/api/app.py
@@ -1,5 +1,7 @@
 import json
 from flask import Flask, redirect, render_template, request, url_for
+from flask_limiter import Limiter
+from flask_limiter.util import get_ipaddr
 from stravalib import unithelper
 from api.decorators import admin
 from api.models import db, ContactFormSubmission
@@ -11,6 +13,9 @@ app.config.from_pyfile('config.py')
 
 db.init_app(app)
 
+limiter = Limiter(key_func=get_ipaddr)
+limiter.init_app(app)
+
 @app.route('/')
 def index():
     return render_template('index.html')
@@ -39,10 +44,12 @@ def api_strava():
     return r
 
 @app.route('/api/contact', methods=['POST'])
+@limiter.limit("1/minute")
 def api_contact():
-    json = request.json
-    db.session.add(ContactFormSubmission(email=json['email'],
-        name=json['name'], text=json['text']))
+    db.session.add(ContactFormSubmission(
+        email=request.form['email'],
+        name=request.form['name'],
+        text=request.form['text']))
     db.session.commit()
     return 'ok'
 
diff --git a/api/contact.py b/api/contact.py
deleted file mode 100644
index 2ad00607c0afc8851cdc1f7c35d56495c8826e49..0000000000000000000000000000000000000000
--- a/api/contact.py
+++ /dev/null
@@ -1,21 +0,0 @@
-from flask import request, redirect, current_app
-from stravalib.client import Client
-from requests.exceptions import HTTPError
-from sqlalchemy.orm.exc import NoResultFound
-from api.models import db, StravaApiToken
-
-class Contact():
-    """Website contact form handler"""
-
-    @classmethod
-    def check_auth(cls, token = None):
-        if not token:
-            try:
-                token = db.session.query(StravaApiToken).one().token
-            except NoResultFound:
-                return False
-        strava = Client(token)
-        try:
-            return strava.get_athlete().email
-        except (HTTPError, AttributeError):
-            return False
diff --git a/config.py b/config.py
index ca590d0f3f90a9b77bee8c1218e4a297f2faa75e..d094d92e8f24a4eff69d998911d2609953158819 100644
--- a/config.py
+++ b/config.py
@@ -4,4 +4,4 @@ ADMIN_IP = '127.0.0.1'
 ADMIN_EMAIL = 'mail@ant.sr'
 SQLALCHEMY_DATABASE_URI = 'sqlite:///api.db'
 SQLALCHEMY_TRACK_MODIFICATIONS = True
-
+RATELIMIT_HEADERS_ENABLED = True
diff --git a/requirements.txt b/requirements.txt
index 3af8b966316254a14ce9d9102002a0bb0a836dc4..486e853579db8e9c33e0967081a1187eeaadc1e8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,5 @@
 Flask==0.11.1
+Flask-Limiter==0.9.3
 Flask-Migrate==1.8.1
 Flask-SQLAlchemy==2.1
 psycopg2==2.6.2