diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
index c8d2618..47f0c83 100644
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@@ -37,6 +37,7 @@ const main = async () => {
             "/project/update": withCors(withAuth(routes.projectUpdate)),
             "/project/delete": withCors(withAuth(routes.projectDelete)),
             "/projects/by-creator": withCors(withAuth(routes.projectsByCreator)),
+            "/projects/by-organisation": withCors(withAuth(routes.projectsByOrganisation)),
             "/projects/all": withCors(withAuth(routes.projectsAll)),
             "/projects/with-creators": withCors(withAuth(routes.projectsWithCreators)),
             "/project/with-creator": withCors(withAuth(routes.projectWithCreator)),
diff --git a/packages/backend/src/routes/index.ts b/packages/backend/src/routes/index.ts
index ad4454f..9934a76 100644
--- a/packages/backend/src/routes/index.ts
+++ b/packages/backend/src/routes/index.ts
@@ -17,6 +17,7 @@ import organisationUpdate from "./organisation/update";
 import organisationUpdateMemberRole from "./organisation/update-member-role";
 import projectsAll from "./project/all";
 import projectsByCreator from "./project/by-creator";
+import projectsByOrganisation from "./project/by-organisation";
 import projectCreate from "./project/create";
 import projectDelete from "./project/delete";
 import projectUpdate from "./project/update";
@@ -45,6 +46,7 @@ export const routes = {
     projectUpdate,
     projectDelete,
     projectsByCreator,
+    projectsByOrganisation,
     projectsAll,
     projectsWithCreators,
     projectWithCreator,
diff --git a/packages/backend/src/routes/project/by-organisation.ts b/packages/backend/src/routes/project/by-organisation.ts
new file mode 100644
index 0000000..2b55e05
--- /dev/null
+++ b/packages/backend/src/routes/project/by-organisation.ts
@@ -0,0 +1,33 @@
+import type { AuthedRequest } from "../../auth/middleware";
+import { getOrganisationById, getOrganisationsByUserId, getProjectsByOrganisationId } from "../../db/queries";
+
+// /projects/by-organisation?organisationId=1
+export default async function projectsByOrganisation(req: AuthedRequest) {
+    const url = new URL(req.url);
+    const organisationId = url.searchParams.get("organisationId");
+
+    if (!organisationId) {
+        return new Response("organisationId is required", { status: 400 });
+    }
+
+    const orgIdNumber = Number(organisationId);
+    if (!Number.isInteger(orgIdNumber)) {
+        return new Response("organisationId must be an integer", { status: 400 });
+    }
+
+    const organisation = await getOrganisationById(orgIdNumber);
+    if (!organisation) {
+        return new Response(`organisation with id ${organisationId} not found`, { status: 404 });
+    }
+
+    // Check if user has access to this organisation
+    const userOrganisations = await getOrganisationsByUserId(req.userId);
+    const hasAccess = userOrganisations.some((item) => item.Organisation.id === orgIdNumber);
+    if (!hasAccess) {
+        return new Response("Access denied: you are not a member of this organisation", { status: 403 });
+    }
+
+    const projects = await getProjectsByOrganisationId(orgIdNumber);
+
+    return Response.json(projects);
+}