diff --git a/api/v1/admin/getUnverifiedUsers.js b/api/v1/admin/getUnverifiedUsers.js
new file mode 100644
index 0000000..3171b91
--- /dev/null
+++ b/api/v1/admin/getUnverifiedUsers.js
@@ -0,0 +1,33 @@
+const express = require('express');
+const jwt = require('jsonwebtoken');
+
+const {getUnverifiedUsers} = require("../../../libs/mysql.js")
+
+const router = express.Router();
+
+router.post('/', async (req, res) => {
+    const {token} = req.body;
+
+    if (!token) {
+        return res.status(400).send({error: "invalid token"});
+    }
+
+    try {
+        const user = jwt.verify(token, process.env.JWTSecret);
+
+        if (user.expiration < Date.now()) {
+            return res.status(400).send({error: "token expired"});
+        }
+
+        if (!user.admin) {
+            return res.status(400).send({error: "unauthorized"});
+        }
+    } catch {
+        return res.status(400).send({error: "invalid token"});
+    }
+
+    const users = await getUnverifiedUsers();
+    res.status(200).send(users);
+});
+
+module.exports = router;
\ No newline at end of file
diff --git a/libs/mysql.js b/libs/mysql.js
index d8795fb..6a93d5b 100644
--- a/libs/mysql.js
+++ b/libs/mysql.js
@@ -111,6 +111,23 @@ function addUser(username, name, lastname, password) {
   }) 
 }
 
+// +-----------------------------------+
+// |              ADMIN                |
+// +-----------------------------------+
+
+function getUnverifiedUsers() {
+  return new Promise((resolve, reject) => {
+    con.query(
+      `SELECT * FROM users WHERE verified = 0`,
+      (error, result) => {
+        if (error) {
+          reject(new Error(error));
+        }
+        resolve(result);
+      })
+  }) 
+}
+
 module.exports = {
   getGames,
   getGame,
@@ -120,4 +137,6 @@ module.exports = {
 
   getUser,
   addUser,
+
+  getUnverifiedUsers,
 };
\ No newline at end of file