diff --git a/crates/oxidetalis/src/routes/user.rs b/crates/oxidetalis/src/routes/user.rs
index 16a3e95..febdc14 100644
--- a/crates/oxidetalis/src/routes/user.rs
+++ b/crates/oxidetalis/src/routes/user.rs
@@ -20,7 +20,9 @@ use oxidetalis_core::types::{PublicKey, Signature};
 use salvo::{
     http::StatusCode,
     oapi::{endpoint, extract::JsonBody},
+    writing::Json,
     Depot,
+    Extractible,
     Request,
     Router,
     Writer,
@@ -28,10 +30,11 @@ use salvo::{
 
 use super::{ApiError, ApiResult};
 use crate::{
-    database::UserTableExt,
+    database::{UserTableExt, WhiteListExt},
     extensions::DepotExt,
     middlewares,
-    schemas::{EmptySchema, MessageSchema, RegisterUserBody},
+    parameters::Pagination,
+    schemas::{EmptySchema, MessageSchema, RegisterUserBody, WhiteListedUser},
     utils,
 };
 
@@ -79,10 +82,50 @@ pub async fn register(
     Ok(EmptySchema::new(StatusCode::CREATED))
 }
 
+/// (🔐) Get whitelisted users
+#[endpoint(
+    operation_id = "whitelist",
+    tags("User"),
+    responses(
+        (status_code = 200, description = "Returns whitelisted users", content_type = "application/json", body = Vec<WhiteListedUser>),
+        (status_code = 403, description = "Not registered user, must register first", content_type = "application/json", body = MessageSchema),
+        (status_code = 401, description = "The entered signature or public key is invalid", content_type = "application/json", body = MessageSchema),
+        (status_code = 429, description = "Too many requests", content_type = "application/json", body = MessageSchema),
+        (status_code = 500, description = "Internal server error", content_type = "application/json", body = MessageSchema),
+    ),
+    parameters(
+        Pagination,
+        ("X-OTMP-PUBLIC"    = PublicKey, Header, description = "Public key of the sender"),
+        ("X-OTMP-SIGNATURE" = Signature, Header, description = "Signature of the request"),
+    ),
+)]
+async fn user_whitelist(
+    req: &mut Request,
+    depot: &mut Depot,
+) -> ApiResult<Json<Vec<WhiteListedUser>>> {
+    let pagination = Pagination::extract(req).await?;
+    let conn = depot.db_conn();
+    let user = conn
+        .get_user_by_pubk(
+            &utils::extract_public_key(req)
+                .expect("Public key should be checked in the middleware"),
+        )
+        .await?
+        .ok_or(ApiError::NotRegisteredUser)?;
+    Ok(Json(
+        conn.user_whitelist(&user, pagination.page, pagination.page_size)
+            .await?
+            .into_iter()
+            .map(Into::into)
+            .collect(),
+    ))
+}
+
 /// The route of the endpoints of this module
 pub fn route() -> Router {
     Router::new()
         .push(Router::with_path("register").post(register))
+        .push(Router::with_path("whitelist").get(user_whitelist))
         .hoop(middlewares::public_key_check)
         .hoop(middlewares::signature_check)
 }