diff --git a/keyserver/src/deleters/siwe-nonce-deleters.js b/keyserver/src/deleters/siwe-nonce-deleters.js
--- a/keyserver/src/deleters/siwe-nonce-deleters.js
+++ b/keyserver/src/deleters/siwe-nonce-deleters.js
@@ -14,4 +14,14 @@
   await dbQuery(query);
 }
 
-export { deleteStaleSIWENonceEntries };
+async function checkAndInvalidateSIWEEntry(nonce: string): Promise<boolean> {
+  const earliestValidCreationTime = Date.now() - nonceLifetime;
+  const query = SQL`
+    DELETE FROM siwe_nonces
+      WHERE nonce = ${nonce} AND creation_time > ${earliestValidCreationTime}
+  `;
+  const { affectedRows } = await dbQuery(query);
+  return affectedRows && affectedRows > 0 ? true : false;
+}
+
+export { deleteStaleSIWENonceEntries, checkAndInvalidateSIWEEntry };
diff --git a/keyserver/src/responders/user-responders.js b/keyserver/src/responders/user-responders.js
--- a/keyserver/src/responders/user-responders.js
+++ b/keyserver/src/responders/user-responders.js
@@ -50,6 +50,7 @@
 import { dbQuery, SQL } from '../database/database';
 import { deleteAccount } from '../deleters/account-deleters';
 import { deleteCookie } from '../deleters/cookie-deleters';
+import { checkAndInvalidateSIWEEntry } from '../deleters/siwe-nonce-deleters.js';
 import { fetchEntryInfos } from '../fetchers/entry-fetchers';
 import { fetchMessageInfos } from '../fetchers/message-fetchers';
 import { fetchThreadInfos } from '../fetchers/thread-fetchers';
@@ -325,6 +326,13 @@
     throw new ServerError('invalid_parameters');
   }
 
+  // 3. Ensure that the `nonce` exists in the `siwe_nonces` table
+  //    AND hasn't expired. If those conditions are met, delete the entry to
+  //    ensure that the same `nonce` can't be re-used in a future request.
+  if (!checkAndInvalidateSIWEEntry(siweMessage.nonce)) {
+    throw new ServerError('invalid_parameters');
+  }
+
   return false;
 }