diff --git a/config/routes.rb b/config/routes.rb
index c79649eaadd..b4d4e9db409 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -251,7 +251,6 @@
     get '/second_mfa_setup' => 'users/mfa_selection#index'
     patch '/second_mfa_setup' => 'users/mfa_selection#update'
     get '/phone_setup' => 'users/phone_setup#index'
-    patch '/phone_setup' => 'users/phone_setup#create' # TODO: Remove after next deploy
     post '/phone_setup' => 'users/phone_setup#create'
     get '/users/two_factor_authentication' => 'users/two_factor_authentication#show',
         as: :user_two_factor_authentication # route name is used by two_factor_authentication gem
diff --git a/spec/requests/rack_attack_spec.rb b/spec/requests/rack_attack_spec.rb
index c186f48f0fe..a9aba39ce8e 100644
--- a/spec/requests/rack_attack_spec.rb
+++ b/spec/requests/rack_attack_spec.rb
@@ -394,7 +394,7 @@
     context 'when the number of requests is under the limit' do
       it 'does not throttle the request' do
         (phone_setups_per_ip_limit - 1).times do
-          patch '/phone_setup', headers: { REMOTE_ADDR: '1.2.3.4' }
+          post '/phone_setup', headers: { REMOTE_ADDR: '1.2.3.4' }
         end
 
         expect(response.status).to eq(302)
@@ -404,7 +404,7 @@
     context 'when the number of requests is over the limit' do
       it 'throttles the request' do
         (phone_setups_per_ip_limit + 1).times do
-          patch '/phone_setup', headers: { REMOTE_ADDR: '1.2.3.4' }
+          post '/phone_setup', headers: { REMOTE_ADDR: '1.2.3.4' }
         end
 
         expect(response.status).to eq(429)