diff --git a/apps/api/src/controllers/paymentController.js b/apps/api/src/controllers/paymentController.js
index 138f909e21..bca6955adf 100644
--- a/apps/api/src/controllers/paymentController.js
+++ b/apps/api/src/controllers/paymentController.js
@@ -1,6 +1,8 @@
 import { ok } from "../utils/response.js";
 import { createPaymentIntent } from "../services/paymentService.js";
+import { createPaymentSchema } from "../validators/payment.js";
 
 export async function createPayment(req, res) {
-  return ok(res, await createPaymentIntent(req.body), 201);
+  const payload = createPaymentSchema.parse(req.body);
+  return ok(res, await createPaymentIntent(payload), 201);
 }
diff --git a/apps/api/src/validators/payment.js b/apps/api/src/validators/payment.js
new file mode 100644
index 0000000000..d9f3ba683f
--- /dev/null
+++ b/apps/api/src/validators/payment.js
@@ -0,0 +1,6 @@
+import { z } from "zod";
+
+export const createPaymentSchema = z.object({
+  amount: z.number().positive("Amount must be a positive number"),
+  currency: z.string().length(3).default("usd")
+});