diff --git a/lib/Controller/DocumentAPIController.php b/lib/Controller/DocumentAPIController.php
index 1b57e41d59..4d3c009dc2 100644
--- a/lib/Controller/DocumentAPIController.php
+++ b/lib/Controller/DocumentAPIController.php
@@ -70,6 +70,7 @@ public function __construct(IRequest $request, IRootFolder $rootFolder, IManager
 	 * @NoAdminRequired
 	 * @PublicPage
 	 * @BruteForceProtection(action=richdocumentsCreatePublic)
+	 * @AnonRateThrottle(limit: 5, period: 120)
 	 */
 	public function create(string $mimeType, string $fileName, string $directoryPath = '/', string $shareToken = null, ?int $templateId = null): JSONResponse {
 		try {
@@ -97,10 +98,12 @@ public function create(string $mimeType, string $fileName, string $directoryPath
 			}
 		} catch (Throwable $e) {
 			$this->logger->error('Failed to create document', ['exception' => $e]);
-			return new JSONResponse([
+			$response = new JSONResponse([
 				'status' => 'error',
 				'message' => $this->l10n->t('Cannot create document')
 			], Http::STATUS_BAD_REQUEST);
+			$response->throttle();
+			return $response;
 		}
 
 		$basename = $this->l10n->t('New Document.odt');