diff --git a/src/github.com/matrix-org/dendrite/clientapi/readers/account_data.go b/src/github.com/matrix-org/dendrite/clientapi/readers/account_data.go
index b262ea4b3..bed0852cd 100644
--- a/src/github.com/matrix-org/dendrite/clientapi/readers/account_data.go
+++ b/src/github.com/matrix-org/dendrite/clientapi/readers/account_data.go
@@ -15,9 +15,10 @@
 package readers
 
 import (
-	"fmt"
+	"io/ioutil"
 	"net/http"
 
+	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 	"github.com/matrix-org/dendrite/clientapi/auth/storage/accounts"
 	"github.com/matrix-org/dendrite/clientapi/httputil"
 	"github.com/matrix-org/dendrite/clientapi/jsonerror"
@@ -26,9 +27,43 @@ import (
 	"github.com/matrix-org/util"
 )
 
+// SaveAccountData implements PUT /user/{userId}/[rooms/{roomId}/]account_data/{type}
 func SaveAccountData(
-	req *http.Request, accountDB *accounts.Database, userID string, roomID string,
+	req *http.Request, accountDB *accounts.Database, device *authtypes.Device,
+	userID string, dataType string, roomID string,
 ) util.JSONResponse {
+	if req.Method != "PUT" {
+		return util.JSONResponse{
+			Code: 405,
+			JSON: jsonerror.NotFound("Bad method"),
+		}
+	}
 
-	localpart, server, err := gomatrixserverlib.SplitID('@', userID)
+	if userID != device.UserID {
+		return util.JSONResponse{
+			Code: 403,
+			JSON: jsonerror.Forbidden("userID does not match the current user"),
+		}
+	}
+
+	localpart, _, err := gomatrixserverlib.SplitID('@', userID)
+	if err != nil {
+		return httputil.LogThenError(req, err)
+	}
+
+	defer req.Body.Close()
+
+	body, err := ioutil.ReadAll(req.Body)
+	if err != nil {
+		return httputil.LogThenError(req, err)
+	}
+
+	if err := accountDB.SaveAccountData(localpart, roomID, dataType, string(body)); err != nil {
+		return httputil.LogThenError(req, err)
+	}
+
+	return util.JSONResponse{
+		Code: 200,
+		JSON: struct{}{},
+	}
 }
diff --git a/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go b/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go
index 7eea3881b..1467d1d8f 100644
--- a/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go
+++ b/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go
@@ -274,16 +274,16 @@ func Setup(
 	)
 
 	r0mux.Handle("/user/{userID}/account_data/{type}",
-		common.MakeAPI("user_account_data", func(req *http.Request) util.JSONResponse {
-			// TODO: Set the account_data
-			return util.JSONResponse{Code: 200, JSON: struct{}{}}
+		common.MakeAuthAPI("user_account_data", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse {
+			vars := mux.Vars(req)
+			return readers.SaveAccountData(req, accountDB, device, vars["userID"], "", vars["type"])
 		}),
 	)
 
 	r0mux.Handle("/user/{userID}/rooms/{roomID}/account_data/{type}",
-		common.MakeAPI("user_account_data", func(req *http.Request) util.JSONResponse {
-			// TODO: Set the account_data
-			return util.JSONResponse{Code: 200, JSON: struct{}{}}
+		common.MakeAuthAPI("user_account_data", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse {
+			vars := mux.Vars(req)
+			return readers.SaveAccountData(req, accountDB, device, vars["userID"], vars["roomID"], vars["type"])
 		}),
 	)