diff --git a/backend/src/__tests__/contacts.test.js b/backend/src/__tests__/contacts.test.js
index d5b436d..3f29263 100644
--- a/backend/src/__tests__/contacts.test.js
+++ b/backend/src/__tests__/contacts.test.js
@@ -43,4 +43,13 @@ test('POST /contacts should validate contact data', async () => {
   });
 
   assert.strictEqual(response.statusCode, 400);
+});
+
+test('GET /contacts should return 401 for unauthorized access', async () => {
+  const response = await app.inject({
+    method: 'GET',
+    url: '/contacts'
+  });
+
+  assert.strictEqual(response.statusCode, 401);
 });
\ No newline at end of file
diff --git a/backend/src/routes/contacts.js b/backend/src/routes/contacts.js
index db4080b..bc97b6f 100644
--- a/backend/src/routes/contacts.js
+++ b/backend/src/routes/contacts.js
@@ -147,4 +147,19 @@ router.get('/deal/:dealId', requireAuth, async (req, res) => {
   }
 });
 
+// Add validation for GET /contacts
+router.get('/', requireAuth, async (req, res) => {
+  try {
+    const [rows] = await pool.query(
+      `SELECT id, name, email, phone_encrypted FROM contacts WHERE user_id = ?`,
+      [req.user.userId]
+    );
+
+    res.json(rows);
+  } catch (error) {
+    console.error('Error in contacts get route:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
 export default router;
\ No newline at end of file