diff --git a/lnbits/extensions/lnurlp/views_api.py b/lnbits/extensions/lnurlp/views_api.py
index de36345a5..cbe1bc4e2 100644
--- a/lnbits/extensions/lnurlp/views_api.py
+++ b/lnbits/extensions/lnurlp/views_api.py
@@ -87,6 +87,9 @@ async def api_link_create_or_update(link_id=None):
         round(g.data["min"]) != g.data["min"] or round(g.data["max"]) != g.data["max"]
     ):
         return jsonify({"message": "Must use full satoshis."}), HTTPStatus.BAD_REQUEST
+    
+    if g.data["success_url"][:8] != "https://":
+        return jsonify({"message": "Success URL must be secure https://..."}), HTTPStatus.BAD_REQUEST
 
     if link_id:
         link = await get_pay_link(link_id)