diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1ff807a5e..bebaa9797 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -79,6 +79,7 @@
 - Update profile audience to filter blocked instances ([e0c3dae3](https://github.com/pixelfed/pixelfed/commit/e0c3dae3))
 - Update SearchApiV2Service, improve query performance ([4d1f2811](https://github.com/pixelfed/pixelfed/commit/4d1f2811))
 - Update InstanceService, improve unlisted/banned network post filtering ([a0da6ec3](https://github.com/pixelfed/pixelfed/commit/a0da6ec3))
+- Update ApiV1DotController, fix inAppRegistrationConfirm logic ([6cfbedd9](https://github.com/pixelfed/pixelfed/commit/6cfbedd9))
 -  ([](https://github.com/pixelfed/pixelfed/commit/))
 
 ## [v0.11.4 (2022-10-04)](https://github.com/pixelfed/pixelfed/compare/v0.11.3...v0.11.4)
diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
index 053f31fa0..b46fd38cd 100644
--- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
@@ -547,13 +547,16 @@ class ApiV1Dot1Controller extends Controller
             return response()->json(['error' => 'Invalid tokens'], 403);
         }
 
+        if($verify->created_at->lt(now()->subHours(24))) {
+            $verify->delete();
+            return response()->json(['error' => 'Invalid tokens'], 403);
+        }
+
         $user = User::findOrFail($verify->user_id);
         $user->email_verified_at = now();
         $user->last_active_at = now();
         $user->save();
 
-        $verify->delete();
-
         $token = $user->createToken('Pixelfed');
 
         return response()->json([