diff --git a/functions/api/events-team/points/[id].ts b/functions/api/events-team/points/[id].ts
new file mode 100644
index 0000000..61fc1af
--- /dev/null
+++ b/functions/api/events-team/points/[id].ts
@@ -0,0 +1,22 @@
+import { jsonError } from "../../../common.js";
+
+export async function onRequestPost(context: RequestContext) {
+  const { current_user: user } = context.data;
+
+  if (!user) return jsonError("You are not logged in", 401);
+
+  if (![1 << 4, 1 << 12].find((p) => user.permissions & p))
+    return jsonError("No permission to edit points", 403);
+
+  const { points } = context.data.body;
+
+  if (typeof points !== "number") return jsonError("Invalid point count", 400);
+
+  await context.env.D1.prepare("UPDATE et_members SET points = ? WHERE id = ?;")
+    .bind(points, context.params.id)
+    .run();
+
+  return new Response(null, {
+    status: 204,
+  });
+}