diff --git a/care/abdm/api/serializers/healthid.py b/care/abdm/api/serializers/healthid.py
index aa2b7cc1fd..2c1910b823 100644
--- a/care/abdm/api/serializers/healthid.py
+++ b/care/abdm/api/serializers/healthid.py
@@ -59,3 +59,8 @@ class CreateHealthIdSerializer(Serializer):
     healthId = CharField(max_length=64, min_length=1, required=False)
     txnId = CharField(max_length=64, min_length=1, required=True)
     patientId = UUIDField(required=False)
+
+
+class LinkPatientSerializer(Serializer):
+    abha_number = UUIDField(required=True)
+    patient = UUIDField(required=True)
diff --git a/care/abdm/api/viewsets/abha_number.py b/care/abdm/api/viewsets/abha_number.py
index 5fd2cb8984..eae53df9c5 100644
--- a/care/abdm/api/viewsets/abha_number.py
+++ b/care/abdm/api/viewsets/abha_number.py
@@ -28,7 +28,7 @@ def get_object(self):
             Q(abha_number=id) | Q(health_id=id) | Q(patient__external_id=id)
         ).first()
 
-        if not instance or get_patient_queryset(self.request.user).contains(
+        if not instance or not get_patient_queryset(self.request.user).contains(
             instance.patient
         ):
             raise Http404
diff --git a/care/abdm/api/viewsets/healthid.py b/care/abdm/api/viewsets/healthid.py
index 3a280503be..e435c1614f 100644
--- a/care/abdm/api/viewsets/healthid.py
+++ b/care/abdm/api/viewsets/healthid.py
@@ -20,6 +20,7 @@
     GenerateMobileOtpRequestPayloadSerializer,
     HealthIdAuthSerializer,
     HealthIdSerializer,
+    LinkPatientSerializer,
     QRContentSerializer,
     VerifyDemographicsRequestPayloadSerializer,
     VerifyOtpRequestPayloadSerializer,
@@ -415,6 +416,65 @@ def link_via_qr(self, request):
             status=status.HTTP_200_OK,
         )
 
+    @extend_schema(
+        operation_id="search_by_health_id",
+        request=LinkPatientSerializer,
+        tags=["ABDM HealthID"],
+    )
+    @action(detail=False, methods=["post"])
+    def link_patient(self, request):
+        data = request.data
+
+        serializer = LinkPatientSerializer(data=data)
+        serializer.is_valid(raise_exception=True)
+
+        patient_queryset = get_patient_queryset(request.user)
+        patient = patient_queryset.filter(external_id=data.get("patient")).first()
+
+        if not patient:
+            return Response(
+                {
+                    "detail": "Patient not found or you do not have permission to access the patient",
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        if hasattr(patient, "abha_number"):
+            return Response(
+                {
+                    "detail": "Patient already linked to an ABHA Number",
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        abha_number = AbhaNumber.objects.filter(
+            external_id=data.get("abha_number")
+        ).first()
+
+        if not abha_number:
+            return Response(
+                {
+                    "detail": "ABHA Number not found",
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        if abha_number.patient is not None:
+            return Response(
+                {
+                    "detail": "ABHA Number already linked to a patient",
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        abha_number.patient = patient
+        abha_number.save()
+
+        return Response(
+            AbhaNumberSerializer(abha_number).data,
+            status=status.HTTP_200_OK,
+        )
+
     @extend_schema(
         operation_id="get_new_linking_token",
         responses={"200": "{'status': 'boolean'}"},