diff --git a/app/Http/Controllers/ClientController.php b/app/Http/Controllers/ClientController.php
index 64fc4da9cb47..72a82fbf4b08 100644
--- a/app/Http/Controllers/ClientController.php
+++ b/app/Http/Controllers/ClientController.php
@@ -16,6 +16,7 @@ use App\Events\Client\ClientWasUpdated;
 use App\Factory\ClientFactory;
 use App\Filters\ClientFilters;
 use App\Http\Requests\Client\AdjustClientLedgerRequest;
+use App\Http\Requests\Client\BulkClientRequest;
 use App\Http\Requests\Client\CreateClientRequest;
 use App\Http\Requests\Client\DestroyClientRequest;
 use App\Http\Requests\Client\EditClientRequest;
@@ -494,16 +495,12 @@ class ClientController extends BaseController
      *       ),
      *     )
      */
-    public function bulk()
+    public function bulk(BulkClientRequest $request)
     {
-        $action = request()->input('action');
 
         $ids = request()->input('ids');
         $clients = Client::withTrashed()->whereIn('id', $this->transformKeys($ids))->cursor();
-
-        if (! in_array($action, ['restore', 'archive', 'delete'])) {
-            return response()->json(['message' => 'That action is not available.'], 400);
-        }
+        $action = $request->action;
 
         $clients->each(function ($client, $key) use ($action) {
             if (auth()->user()->can('edit', $client)) {
diff --git a/app/Http/Requests/Client/BulkClientRequest.php b/app/Http/Requests/Client/BulkClientRequest.php
new file mode 100644
index 000000000000..ecc11e2cbe50
--- /dev/null
+++ b/app/Http/Requests/Client/BulkClientRequest.php
@@ -0,0 +1,37 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2022. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://www.elastic.co/licensing/elastic-license
+ */
+
+namespace App\Http\Requests\Client;
+
+use App\Http\Requests\Request;
+
+class BulkClientRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize() : bool
+    {
+        return true;
+    }
+
+    public function rules()
+    {
+
+        return [
+            'ids' => 'required|bail|array',
+            'action' => 'in:archive,restore,delete'
+        ];
+
+    }
+}
diff --git a/tests/Feature/ClientApiTest.php b/tests/Feature/ClientApiTest.php
index 5d561c346d8f..6406414d04cb 100644
--- a/tests/Feature/ClientApiTest.php
+++ b/tests/Feature/ClientApiTest.php
@@ -15,7 +15,6 @@ use App\DataMapper\ClientSettings;
 use App\Factory\ClientFactory;
 use App\Http\Requests\Client\StoreClientRequest;
 use App\Models\Client;
-use App\Models\Country;
 use App\Repositories\ClientContactRepository;
 use App\Repositories\ClientRepository;
 use App\Utils\Number;
@@ -51,6 +50,48 @@ class ClientApiTest extends TestCase
         $this->faker = \Faker\Factory::create();
 
         Model::reguard();
+
+    }
+
+    public function testClientBulkActionValidation()
+    {
+        $data = [
+            'action' => 'muppet',
+            'ids' => [
+                $this->client->hashed_id
+            ]
+        ];
+
+        $rules = [
+            'ids' => 'required|bail|array',
+            'action' => 'in:archive,restore,delete'
+        ];
+
+        $v = $this->app['validator']->make($data, $rules);
+        $this->assertFalse($v->passes());
+
+        $data = [
+            'action' => 'archive',
+            'ids' => [
+                $this->client->hashed_id
+            ]
+        ];
+
+        $v = $this->app['validator']->make($data, $rules);
+        $this->assertTrue($v->passes());
+
+
+        $data = [
+            'action' => 'archive',
+            'ids' => 
+                $this->client->hashed_id
+            
+        ];
+
+        $v = $this->app['validator']->make($data, $rules);
+        $this->assertFalse($v->passes());
+
+
     }
 
     public function testClientStatement()