diff --git a/test/api/v2/groups/POST-groups_id_invite.test.js b/test/api/v2/groups/POST-groups_id_invite.test.js
new file mode 100644
index 0000000000..5acf6e637a
--- /dev/null
+++ b/test/api/v2/groups/POST-groups_id_invite.test.js
@@ -0,0 +1,89 @@
+import {
+  createAndPopulateGroup,
+  generateUser,
+} from '../../../helpers/api-integration/v2';
+import { each } from 'lodash';
+
+describe('POST /groups/:id/invite', () => {
+  context('user is a member of the group', () => {
+    each({
+      'public guild': {type: 'guild', privacy: 'public'},
+      'private guild': {type: 'guild', privacy: 'private'},
+      party: {type: 'party', privacy: 'private'},
+    }, (groupDetails, groupType) => {
+      let group, invitee, inviter;
+
+      beforeEach(async () => {
+        invitee = await generateUser();
+        let groupData = await createAndPopulateGroup({
+          groupDetails,
+          members: 1,
+        });
+        group = groupData.group;
+        inviter = groupData.members[0];
+      });
+
+      it(`allows user to send an invitation for a ${groupType}`, async () => {
+        await inviter.post(`/groups/${group._id}/invite`, {
+          uuids: [invitee._id],
+        });
+        await group.sync();
+        expect(group.invites).to.include(invitee._id);
+      });
+    });
+  });
+
+  context('user is a not member of the group', () => {
+    each({
+      'public guild': {type: 'guild', privacy: 'public'},
+    }, (groupDetails, groupType) => {
+      context(`the group is a ${groupType}`, () => {
+        let group, invitee, inviter;
+
+        beforeEach(async () => {
+          invitee = await generateUser();
+          inviter = await generateUser();
+          let groupData = await createAndPopulateGroup({
+            groupDetails,
+          });
+          group = groupData.group;
+        });
+
+        it(`allows user to send an invitation for a ${groupType}`, async () => {
+          await inviter.post(`/groups/${group._id}/invite`, {
+            uuids: [invitee._id],
+          });
+          await group.sync();
+          expect(group.invites).to.include(invitee._id);
+        });
+      });
+    });
+
+    each({
+      'private guild': {type: 'guild', privacy: 'private'},
+      party: {type: 'party', privacy: 'private'},
+    }, (groupDetails, groupType) => {
+      context(`the group is a ${groupType}`, () => {
+        let group, invitee, inviter;
+
+        beforeEach(async () => {
+          invitee = await generateUser();
+          inviter = await generateUser();
+          let groupData = await createAndPopulateGroup({
+            groupDetails,
+          });
+          group = groupData.group;
+        });
+
+        it(`does not allows user to send an invitation for a ${groupType}`, async () => {
+          return expect(inviter.post(`/groups/${group._id}/invite`, {
+            uuids: [invitee._id],
+          })).to.eventually.be.rejected.and.eql({
+            code: 401,
+            text: 'Only a member can invite new members!',
+          });
+        });
+      });
+    });
+  });
+});
diff --git a/website/src/controllers/api-v2/groups.js b/website/src/controllers/api-v2/groups.js
index 25b1cd52da..8bd64e2a76 100644
--- a/website/src/controllers/api-v2/groups.js
+++ b/website/src/controllers/api-v2/groups.js
@@ -690,6 +690,9 @@ var inviteByEmails = function(invites, group, req, res, next){
 api.invite = function(req, res, next){
   var group = res.locals.group;
 
+  if (group.privacy === 'private' && !_.contains(group.members,res.locals.user._id)) {
+    return res.json(401, {err: "Only a member can invite new members!"});
+  }
   if (req.body.uuids) {
     inviteByUUIDs(req.body.uuids, group, req, res, next);
   } else if (req.body.emails) {