diff --git a/app/api/captcha/route.js b/app/api/captcha/route.js
new file mode 100644
index 0000000..2874d30
--- /dev/null
+++ b/app/api/captcha/route.js
@@ -0,0 +1,33 @@
+import svgCaptcha from 'svg-captcha';
+import { NextResponse } from 'next/server';
+import crypto from 'crypto';
+
+export async function GET() {
+    const captcha = svgCaptcha.create({
+        size: 5,
+        ignoreChars: '0o1i',
+        noise: 2,
+        color: true,
+        background: '#f3f4f6'
+    });
+    
+    const text = captcha.text.toLowerCase();
+    const secret = process.env.CAPTCHA_SECRET || 'dev_secret_meow';
+    const hash = crypto.createHmac('sha256', secret).update(text).digest('hex');
+
+    const response = new NextResponse(captcha.data, {
+        headers: {
+            'Content-Type': 'image/svg+xml',
+            'Cache-Control': 'no-store, max-age=0'
+        }
+    });
+    
+    // Store the expected hash in an HttpOnly cookie
+    response.cookies.set('captcha_hash', hash, {
+        httpOnly: true,
+        path: '/',
+        maxAge: 300 // 5 minutes validity
+    });
+    
+    return response;
+}