diff --git a/app/controllers/api/v1/contact_requests_controller.rb b/app/controllers/api/v1/contact_requests_controller.rb
new file mode 100644
index 000000000..0ac379396
--- /dev/null
+++ b/app/controllers/api/v1/contact_requests_controller.rb
@@ -0,0 +1,23 @@
+module Api
+  module V1
+    class ContactRequestsController < BaseController
+      before_action :authenticate_shared_key
+
+      # POST api/v1/contact_requests/
+      def create
+        return head(:bad_request) if contact_request_params[:email].blank?
+
+        ContactRequest.save_record(contact_request_params)
+        head(:created)
+      rescue ActionController::ParameterMissing
+        head(:bad_request)
+      end
+
+      def update; end
+
+      def contact_request_params
+        params.require(:contact_request).permit(:email, :whois_record_id, :name, :status, :id)
+      end
+    end
+  end
+end
diff --git a/app/models/contact_request.rb b/app/models/contact_request.rb
new file mode 100644
index 000000000..5da1587dc
--- /dev/null
+++ b/app/models/contact_request.rb
@@ -0,0 +1,33 @@
+class ContactRequest < ApplicationRecord
+  establish_connection :"whois_#{Rails.env}"
+  self.table_name = 'contact_requests'
+
+  STATUS_NEW       = 'new'.freeze
+  STATUS_CONFIRMED = 'confirmed'.freeze
+  STATUS_SENT      = 'sent'.freeze
+  STATUSES         = [STATUS_NEW, STATUS_CONFIRMED, STATUS_SENT].freeze
+
+  validates :whois_record_id, presence: true
+  validates :email, presence: true
+  validates :name, presence: true
+  validates :status, inclusion: { in: STATUSES }
+
+  attr_readonly :secret,
+                :valid_to
+
+  def self.save_record(params)
+    contact_request = new(params)
+    contact_request.secret = create_random_secret
+    contact_request.valid_to = set_valid_to_24_hours_from_now
+    contact_request.status = STATUS_NEW
+    contact_request.save!
+  end
+
+  def self.create_random_secret
+    SecureRandom.hex(64)
+  end
+
+  def self.set_valid_to_24_hours_from_now
+    (Time.zone.now + 24.hours)
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index 3042eced4..93897b0f1 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -91,6 +91,7 @@ Rails.application.routes.draw do
       end
 
       resources :auctions, only: %i[index show update], param: :uuid
+      resources :contact_requests, only: %i[create update], param: :uuid
       resources :bounces, only: %i[create]
     end
 
diff --git a/test/integration/api/v1/contact_requests_test.rb b/test/integration/api/v1/contact_requests_test.rb
new file mode 100644
index 000000000..78525e0b5
--- /dev/null
+++ b/test/integration/api/v1/contact_requests_test.rb
@@ -0,0 +1,39 @@
+require 'test_helper'
+
+class ApiV1ContactRequestTest < ActionDispatch::IntegrationTest
+  def setup
+    @api_key = "Basic #{ENV['api_shared_key']}"
+    @headers = { "Authorization": "#{@api_key}" }
+    @json_body = { "contact_request": valid_contact_request_body }.as_json
+  end
+
+  def test_authorizes_api_request
+    post api_v1_contact_requests_path, params: @json_body, headers: @headers
+    assert_response :created
+
+    invalid_headers = { "Authorization": "Basic invalid_api_key" }
+    post api_v1_contact_requests_path, params: @json_body, headers: invalid_headers
+    assert_response :unauthorized
+  end
+
+  def test_saves_new_contact_request
+    request_body = @json_body.dup
+    random_mail = "#{rand(10000..99999)}@registry.test"
+    request_body['contact_request']['email'] = random_mail
+
+    post api_v1_contact_requests_path, params: request_body, headers: @headers
+    assert_response :created
+
+    contact_request = ContactRequest.last
+    assert_equal contact_request.email, random_mail
+    assert ContactRequest::STATUS_NEW, contact_request.status
+  end
+
+  def valid_contact_request_body
+    {
+      "email": "aaa@bbb.com",
+      "whois_record_id": "1",
+      "name": "test"
+    }.as_json
+  end
+end