diff --git a/ki/handlers/__init__.py b/ki/handlers/__init__.py
index bce6ecb..f7c8366 100644
--- a/ki/handlers/__init__.py
+++ b/ki/handlers/__init__.py
@@ -2,4 +2,5 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
+from ki.handlers.find_profiles import find_profiles  # noqa
 from ki.handlers.update_profile import update_profile  # noqa
diff --git a/ki/handlers/find_profiles.py b/ki/handlers/find_profiles.py
new file mode 100644
index 0000000..89e5abb
--- /dev/null
+++ b/ki/handlers/find_profiles.py
@@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: WTF Kooperative eG <https://wtf-eg.de/>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+from flask import make_response, request
+
+from ki.models import Profile
+
+
+def find_profiles():
+    page = int(request.args.get("page", 1))
+
+    if page < 1:
+        return make_response({"messages": {"page": "Die angefragte Seite muss mindestens 1 sein"}}, 400)
+
+    page_size = int(request.args.get("page_size", 20))
+
+    if page_size > 100:
+        return make_response({"messages": {"page_size": "Die maximale Anzahl Einträge pro Seite beträgt 100"}}, 400)
+
+    offset = (page - 1) * page_size
+
+    query = Profile.query.filter(Profile.visible is True)
+    count = query.count()
+
+    db_profiles = query.limit(page_size).offset(offset).all()
+    api_profiles = []
+
+    for db_profile in db_profiles:
+        api_profiles.append(db_profile.to_dict())
+
+    return make_response({"total": count, "profiles": api_profiles})
diff --git a/ki/routes.py b/ki/routes.py
index 1135727..57909cb 100644
--- a/ki/routes.py
+++ b/ki/routes.py
@@ -7,6 +7,7 @@ from flask import g, make_response, request, send_file
 from functools import wraps
 
 from ki.auth import auth
+from ki.handlers import find_profiles as find_profiles_handler
 from ki.handlers import update_profile as update_profile_handler
 from ki.models import ContactType, Language, Skill, Token, User
 from app import app
@@ -143,6 +144,12 @@ def get_contacttypes():
     return handle_completion_request(ContactType, "contacttypes")
 
 
+@app.route("/users/profiles")
+@token_auth
+def find_profiles():
+    return find_profiles_handler()
+
+
 @app.route("/skills")
 @token_auth
 def get_skills():
diff --git a/ki/test/test_find_profiles_endpoint.py b/ki/test/test_find_profiles_endpoint.py
new file mode 100644
index 0000000..fa497fd
--- /dev/null
+++ b/ki/test/test_find_profiles_endpoint.py
@@ -0,0 +1,43 @@
+# SPDX-FileCopyrightText: WTF Kooperative eG <https://wtf-eg.de/>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+import unittest
+
+from ki.test.ApiTest import ApiTest
+
+
+class TestSkillsEndpoint(ApiTest):
+    def test_skills_options(self):
+        response = self.client.options("/skills")
+        self.assertEqual(response.status_code, 200)
+        self.assertIn("Access-Control-Allow-Origin", response.headers)
+        self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")
+
+    def test_get_skills1(self):
+        token = self.login("peter", "geheim")["token"]
+
+        response = self.client.get("/skills?search=p", headers={"Authorization": "Bearer " + token})
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(
+            {
+                "skills": [{
+                    "id": 1,
+                    "name": "PHP",
+                    "icon_url": "/skills/1/icon"
+                }, {
+                    "id": 10,
+                    "name": "PostgreSQL",
+                    "icon_url": "/skills/10/icon"
+                }, {
+                    "id": 3,
+                    "name": "Python",
+                    "icon_url": "/skills/3/icon"
+                }]
+            }, response.json)
+        self.assertIn("Access-Control-Allow-Origin", response.headers)
+        self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")
+
+
+if __name__ == "main":
+    unittest.main()