diff --git a/templates/zerver/api/changelog.md b/templates/zerver/api/changelog.md
index d94f4b02a8..c04818bd59 100644
--- a/templates/zerver/api/changelog.md
+++ b/templates/zerver/api/changelog.md
@@ -11,6 +11,12 @@ below features are supported.
 
 ## Changes in Zulip 5.0
 
+**Feature level 103**
+
+* [`POST /register`](/api/register-queue): Added `create_web_public_stream_policy`
+  policy for which users can create web public streams.
+* [`PATCH /realm`]: Added support for updating `create_web_public_stream_policy`.
+
 **Feature level 102**
 
 * [`POST /register`](/api/register-queue), `PATCH /realm`: The
diff --git a/zerver/migrations/0361_realm_create_web_public_stream_policy.py b/zerver/migrations/0361_realm_create_web_public_stream_policy.py
new file mode 100644
index 0000000000..5610c16a5a
--- /dev/null
+++ b/zerver/migrations/0361_realm_create_web_public_stream_policy.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.7 on 2021-10-04 06:23
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("zerver", "0360_merge_0358_0359"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="realm",
+            name="create_web_public_stream_policy",
+            field=models.PositiveSmallIntegerField(default=7),
+        ),
+    ]
diff --git a/zerver/models.py b/zerver/models.py
index d59d582932..bb3b042f1c 100644
--- a/zerver/models.py
+++ b/zerver/models.py
@@ -263,6 +263,7 @@ class Realm(models.Model):
     POLICY_MODERATORS_ONLY = 4
     POLICY_EVERYONE = 5
     POLICY_NOBODY = 6
+    POLICY_OWNERS_ONLY = 7
 
     COMMON_POLICY_TYPES = [
         POLICY_MEMBERS_ONLY,
@@ -287,6 +288,16 @@ class Realm(models.Model):
         POLICY_NOBODY,
     ]
 
+    # We don't allow granting roles less than Moderator access to
+    # create web-public streams, since it's a sensitive feature that
+    # can be used to send spam.
+    CREATE_WEB_PUBLIC_STREAM_POLICY_TYPES = [
+        POLICY_ADMINS_ONLY,
+        POLICY_MODERATORS_ONLY,
+        POLICY_OWNERS_ONLY,
+        POLICY_NOBODY,
+    ]
+
     DEFAULT_COMMUNITY_TOPIC_EDITING_LIMIT_SECONDS = 259200
 
     # Who in the organization is allowed to add custom emojis.
@@ -297,6 +308,9 @@ class Realm(models.Model):
     create_private_stream_policy: int = models.PositiveSmallIntegerField(
         default=POLICY_MEMBERS_ONLY
     )
+    create_web_public_stream_policy: int = models.PositiveSmallIntegerField(
+        default=POLICY_OWNERS_ONLY
+    )
 
     # Who in the organization is allowed to delete messages they themselves sent.
     delete_own_message_policy: bool = models.PositiveSmallIntegerField(default=POLICY_ADMINS_ONLY)
@@ -611,6 +625,7 @@ class Realm(models.Model):
         bot_creation_policy=int,
         create_public_stream_policy=int,
         create_private_stream_policy=int,
+        create_web_public_stream_policy=int,
         invite_to_stream_policy=int,
         move_messages_between_streams_policy=int,
         default_language=str,
diff --git a/zerver/openapi/zulip.yaml b/zerver/openapi/zulip.yaml
index 3c5c640d24..4ba274ad74 100644
--- a/zerver/openapi/zulip.yaml
+++ b/zerver/openapi/zulip.yaml
@@ -10405,6 +10405,25 @@ paths:
 
                           **Changes**: Before Zulip 5.0 (feature level 102), permission to
                           create streams was controlled by the `realm_create_stream_policy` setting.
+                      realm_create_web_public_stream_policy:
+                        type: integer
+                        description: |
+                          Present if `realm` is present in `fetch_event_types`.
+
+                          Has no effect and should not be displayed in settings UI
+                          unless the Zulip server has the `WEB_PUBLIC_STREAMS_ENABLED`
+                          server-level setting enabled.
+
+                          The policy for which users can create web
+                          public streams in this organization. Allowed
+                          values are:
+
+                          - 2 = admins only
+                          - 4 = admins and moderators only
+                          - 6 = nobody
+                          - 7 = owners only
+
+                          **Changes**: Added in Zulip 5.0 (feature level 103).
                       realm_invite_to_stream_policy:
                         type: integer
                         description: |
diff --git a/zerver/tests/test_events.py b/zerver/tests/test_events.py
index 8f84964ae6..b1ce2a15ed 100644
--- a/zerver/tests/test_events.py
+++ b/zerver/tests/test_events.py
@@ -2149,6 +2149,7 @@ class RealmPropertyActionTest(BaseAction):
             waiting_period_threshold=[10, 20],
             create_public_stream_policy=Realm.COMMON_POLICY_TYPES,
             create_private_stream_policy=Realm.COMMON_POLICY_TYPES,
+            create_web_public_stream_policy=Realm.CREATE_WEB_PUBLIC_STREAM_POLICY_TYPES,
             invite_to_stream_policy=Realm.COMMON_POLICY_TYPES,
             private_message_policy=Realm.PRIVATE_MESSAGE_POLICY_TYPES,
             user_group_edit_policy=Realm.COMMON_POLICY_TYPES,
diff --git a/zerver/tests/test_home.py b/zerver/tests/test_home.py
index ea1b148bbc..f351ed6f7f 100644
--- a/zerver/tests/test_home.py
+++ b/zerver/tests/test_home.py
@@ -116,6 +116,7 @@ class HomeTest(ZulipTestCase):
         "realm_community_topic_editing_limit_seconds",
         "realm_create_private_stream_policy",
         "realm_create_public_stream_policy",
+        "realm_create_web_public_stream_policy",
         "realm_default_code_block_language",
         "realm_default_external_accounts",
         "realm_default_language",
diff --git a/zerver/tests/test_realm.py b/zerver/tests/test_realm.py
index 4449ca64f0..d12f5d7334 100644
--- a/zerver/tests/test_realm.py
+++ b/zerver/tests/test_realm.py
@@ -497,6 +497,7 @@ class RealmTest(ZulipTestCase):
             bot_creation_policy=10,
             create_public_stream_policy=10,
             create_private_stream_policy=10,
+            create_web_public_stream_policy=10,
             invite_to_stream_policy=10,
             email_address_visibility=10,
             message_retention_days=10,
@@ -848,6 +849,7 @@ class RealmAPITest(ZulipTestCase):
             waiting_period_threshold=[10, 20],
             create_private_stream_policy=Realm.COMMON_POLICY_TYPES,
             create_public_stream_policy=Realm.COMMON_POLICY_TYPES,
+            create_web_public_stream_policy=Realm.CREATE_WEB_PUBLIC_STREAM_POLICY_TYPES,
             user_group_edit_policy=Realm.COMMON_POLICY_TYPES,
             private_message_policy=Realm.PRIVATE_MESSAGE_POLICY_TYPES,
             invite_to_stream_policy=Realm.COMMON_POLICY_TYPES,
diff --git a/zerver/views/realm.py b/zerver/views/realm.py
index 5a704f37c3..2490cc6462 100644
--- a/zerver/views/realm.py
+++ b/zerver/views/realm.py
@@ -106,6 +106,9 @@ def update_realm(
     create_private_stream_policy: Optional[int] = REQ(
         json_validator=check_int_in(Realm.COMMON_POLICY_TYPES), default=None
     ),
+    create_web_public_stream_policy: Optional[int] = REQ(
+        json_validator=check_int_in(Realm.CREATE_WEB_PUBLIC_STREAM_POLICY_TYPES), default=None
+    ),
     invite_to_stream_policy: Optional[int] = REQ(
         json_validator=check_int_in(Realm.COMMON_POLICY_TYPES), default=None
     ),