diff --git a/app/controllers/api/v1/contact_requests_controller.rb b/app/controllers/api/v1/contact_requests_controller.rb
index 0ac379396..114e3c64d 100644
--- a/app/controllers/api/v1/contact_requests_controller.rb
+++ b/app/controllers/api/v1/contact_requests_controller.rb
@@ -9,14 +9,24 @@ module Api
 
         ContactRequest.save_record(contact_request_params)
         head(:created)
-      rescue ActionController::ParameterMissing
+      rescue StandardError
         head(:bad_request)
       end
 
-      def update; end
+      def update
+        return head(:bad_request) if params[:id].blank?
+
+        record = ContactRequest.find_by(id: params[:id])
+        return head(:not_found) unless record
+
+        record.update_status(contact_request_params[:status])
+        head(:ok)
+      rescue StandardError
+        head(:bad_request)
+      end
 
       def contact_request_params
-        params.require(:contact_request).permit(:email, :whois_record_id, :name, :status, :id)
+        params.require(:contact_request).permit(:email, :whois_record_id, :name, :status)
       end
     end
   end
diff --git a/app/models/contact_request.rb b/app/models/contact_request.rb
index 5da1587dc..a49a92f41 100644
--- a/app/models/contact_request.rb
+++ b/app/models/contact_request.rb
@@ -23,6 +23,11 @@ class ContactRequest < ApplicationRecord
     contact_request.save!
   end
 
+  def update_status(status)
+    self.status = status
+    save!
+  end
+
   def self.create_random_secret
     SecureRandom.hex(64)
   end
diff --git a/config/routes.rb b/config/routes.rb
index 93897b0f1..1635789fe 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -91,7 +91,7 @@ Rails.application.routes.draw do
       end
 
       resources :auctions, only: %i[index show update], param: :uuid
-      resources :contact_requests, only: %i[create update], param: :uuid
+      resources :contact_requests, only: %i[create update], param: :id
       resources :bounces, only: %i[create]
     end
 
diff --git a/test/fixtures/contact_requests.yml b/test/fixtures/contact_requests.yml
new file mode 100644
index 000000000..030a4d726
--- /dev/null
+++ b/test/fixtures/contact_requests.yml
@@ -0,0 +1,8 @@
+new:
+  whois_record_id: 1
+  email: aaa@bbb.com
+  name: Testname
+  status: new
+  secret: somesecret
+  valid_to: 2010-07-05
+
diff --git a/test/integration/api/v1/contact_requests_test.rb b/test/integration/api/v1/contact_requests_test.rb
index 78525e0b5..f0621b686 100644
--- a/test/integration/api/v1/contact_requests_test.rb
+++ b/test/integration/api/v1/contact_requests_test.rb
@@ -4,20 +4,22 @@ class ApiV1ContactRequestTest < ActionDispatch::IntegrationTest
   def setup
     @api_key = "Basic #{ENV['api_shared_key']}"
     @headers = { "Authorization": "#{@api_key}" }
-    @json_body = { "contact_request": valid_contact_request_body }.as_json
+    @json_create = { "contact_request": valid_contact_request_create }.as_json
+    @json_update = { "contact_request": valid_contact_request_update }.as_json
+    @contact_request = contact_requests(:new)
   end
 
   def test_authorizes_api_request
-    post api_v1_contact_requests_path, params: @json_body, headers: @headers
+    post api_v1_contact_requests_path, params: @json_create, headers: @headers
     assert_response :created
 
     invalid_headers = { "Authorization": "Basic invalid_api_key" }
-    post api_v1_contact_requests_path, params: @json_body, headers: invalid_headers
+    post api_v1_contact_requests_path, params: @json_create, headers: invalid_headers
     assert_response :unauthorized
   end
 
   def test_saves_new_contact_request
-    request_body = @json_body.dup
+    request_body = @json_create.dup
     random_mail = "#{rand(10000..99999)}@registry.test"
     request_body['contact_request']['email'] = random_mail
 
@@ -29,11 +31,38 @@ class ApiV1ContactRequestTest < ActionDispatch::IntegrationTest
     assert ContactRequest::STATUS_NEW, contact_request.status
   end
 
-  def valid_contact_request_body
+  def test_updates_existing_contact_request
+    request_body = @json_update.dup
+
+    put api_v1_contact_request_path(@contact_request.id), params: request_body, headers: @headers
+    assert_response :ok
+
+    @contact_request.reload
+    assert ContactRequest::STATUS_CONFIRMED, @contact_request.status
+  end
+
+  def test_not_updates_if_status_error
+    request_body = @json_update.dup
+    request_body['contact_request']['status'] = 'some_error_status'
+
+    put api_v1_contact_request_path(@contact_request.id), params: request_body, headers: @headers
+    assert_response 400
+
+    @contact_request.reload
+    assert ContactRequest::STATUS_NEW, @contact_request.status
+  end
+
+  def valid_contact_request_create
     {
       "email": "aaa@bbb.com",
       "whois_record_id": "1",
       "name": "test"
     }.as_json
   end
+
+  def valid_contact_request_update
+    {
+      "status": "#{ContactRequest::STATUS_CONFIRMED}",
+    }.as_json
+  end
 end