diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java
index 129b35802..6ef7a9bc3 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java
@@ -276,6 +276,7 @@ public class ArchiveController {
   public record SetPublicKeyRequest(
       @JsonSerialize(using = ECPublicKeyAdapter.Serializer.class)
       @JsonDeserialize(using = ECPublicKeyAdapter.Deserializer.class)
+      @NotNull
       @Schema(type = "string", description = "The public key, serialized in libsignal's elliptic-curve public key format, and encoded in standard padded base64.")
       ECPublicKey backupIdPublicKey) {}
 
@@ -304,7 +305,7 @@ public class ArchiveController {
       @NotNull
       @HeaderParam(X_SIGNAL_ZK_AUTH_SIGNATURE) final BackupAuthCredentialPresentationSignature signature,
 
-      @NotNull SetPublicKeyRequest setPublicKeyRequest) {
+      @Valid @NotNull SetPublicKeyRequest setPublicKeyRequest) {
     return backupManager
         .setPublicKey(presentation.presentation, signature.signature, setPublicKeyRequest.backupIdPublicKey)
         .thenApply(Util.ASYNC_EMPTY_RESPONSE);
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/ArchiveControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/ArchiveControllerTest.java
index 066ad4989..683f503e7 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/ArchiveControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/ArchiveControllerTest.java
@@ -170,6 +170,21 @@ public class ArchiveControllerTest {
     assertThat(response.getStatus()).isEqualTo(400);
   }
 
+  @Test
+  public void setMissingPublicKey() throws VerificationFailedException {
+    when(backupManager.setPublicKey(any(), any(), any())).thenReturn(CompletableFuture.completedFuture(null));
+
+    final BackupAuthCredentialPresentation presentation = backupAuthTestUtil.getPresentation(
+        BackupTier.MEDIA, backupKey, aci);
+    final Response response = resources.getJerseyTest()
+        .target("v1/archives/keys")
+        .request()
+        .header("X-Signal-ZK-Auth", Base64.getEncoder().encodeToString(presentation.serialize()))
+        .header("X-Signal-ZK-Auth-Signature", "aaa")
+        .put(Entity.entity("{}", MediaType.APPLICATION_JSON_TYPE));
+    assertThat(response.getStatus()).isEqualTo(422);
+  }
+
   @Test
   public void setPublicKey() throws VerificationFailedException {
     when(backupManager.setPublicKey(any(), any(), any())).thenReturn(CompletableFuture.completedFuture(null));