diff --git a/app/api/v1/people.rb b/app/api/v1/people.rb
index d12626d..f40113b 100644
--- a/app/api/v1/people.rb
+++ b/app/api/v1/people.rb
@@ -119,6 +119,20 @@ module Api
               members = select_filtered_collection_of(profile, 'members', params)
               present members, :with => Entities::Person, :current_person => current_person
             end
+
+            post do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.add_member(current_person) rescue forbidden!
+              {pending: !current_person.is_member_of?(profile)}
+            end
+
+            delete do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.remove_member(current_person)
+              present current_person, :with => Entities::Person, :current_person => current_person
+            end
           end
         end
       end
diff --git a/app/models/profile.rb b/app/models/profile.rb
index 1d9f516..1c392d3 100644
--- a/app/models/profile.rb
+++ b/app/models/profile.rb
@@ -758,7 +758,7 @@ private :generate_url, :url_options
 
   # Adds a person as member of this Profile.
   def add_member(person, attributes={})
-    if self.has_members?
+    if self.has_members? && !self.secret
       if self.closed? && members.count > 0
         AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
       else
diff --git a/test/api/people_test.rb b/test/api/people_test.rb
index 01d7f08..a2cd273 100644
--- a/test/api/people_test.rb
+++ b/test/api/people_test.rb
@@ -397,4 +397,62 @@ class PeopleTest < ActiveSupport::TestCase
     assert_not_nil person.image
     assert_equal person.image.filename, base64_image[:filename]
   end
+
+  should 'add logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], false
+    assert person.is_member_of?(profile)
+  end
+
+  should 'create task when add logged person as member of a moderated profile' do
+    login_api
+    profile = fast_create(Community, public_profile: false)
+    profile.add_member(create_user.person)
+    profile.closed = true
+    profile.save!
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], true
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'remove logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    profile.add_member(person)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.identifier, json['person']['identifier']
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'forbid access to add members for non logged user' do
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid access to remove members for non logged user' do
+    profile = fast_create(Community)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile does not allow' do
+    login_api
+    profile = fast_create(Person)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile is secret' do
+    login_api
+    profile = fast_create(Community, secret: true)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert !person.is_member_of?(profile)
+    assert_equal 403, last_response.status
+  end
 end
diff --git a/test/unit/profile_test.rb b/test/unit/profile_test.rb
index 8c5dc07..9c998ba 100644
--- a/test/unit/profile_test.rb
+++ b/test/unit/profile_test.rb
@@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase
       assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
     end
   end
+
+  should 'not allow to add members in secret profiles' do
+    c = fast_create(Community, secret: true)
+    p = create_user('mytestuser').person
+    assert_raise RuntimeError do
+      c.add_member(p)
+    end
+  end
 end
--
libgit2 0.21.2