diff --git a/clientapi/routing/routing.go b/clientapi/routing/routing.go
index 5cea1c54d..14c164c48 100644
--- a/clientapi/routing/routing.go
+++ b/clientapi/routing/routing.go
@@ -353,6 +353,19 @@ func Setup(
 				return util.ErrorResponse(err)
 			}
 
+			isAllowedInviter, _ := authorization.IsAllowed(authz.AuthorizationArgs{
+				RoomId:     vars["roomID"],
+				UserId:     device.UserID,
+				Permission: authz.PermissionInvite,
+			})
+
+			if !isAllowedInviter {
+				return util.JSONResponse{
+					Code: http.StatusUnauthorized,
+					JSON: jsonerror.Forbidden("Inviter not allowed"),
+				}
+			}
+
 			return SendInvite(req, userAPI, device, vars["roomID"], cfg, rsAPI, asAPI)
 		}),
 	).Methods(http.MethodPost, http.MethodOptions)