diff --git a/packages/server/src/api/routes/public/applications.js b/packages/server/src/api/routes/public/applications.js
index efcff45945..80b69c435f 100644
--- a/packages/server/src/api/routes/public/applications.js
+++ b/packages/server/src/api/routes/public/applications.js
@@ -1,5 +1,6 @@
 const controller = require("../../controllers/public/applications")
 const Endpoint = require("./utils/Endpoint")
+const { nameValidator } = require("../utils/validators")
 
 const read = [],
   write = []
@@ -35,7 +36,11 @@ const read = [],
  *               applications:
  *                 $ref: '#/components/examples/applications'
  */
-read.push(new Endpoint("post", "/applications/search", controller.search))
+read.push(
+  new Endpoint("post", "/applications/search", controller.search).addMiddleware(
+    nameValidator()
+  )
+)
 
 /**
  * @openapi
diff --git a/packages/server/src/api/routes/public/index.js b/packages/server/src/api/routes/public/index.js
index 6523c8e448..79162ab66b 100644
--- a/packages/server/src/api/routes/public/index.js
+++ b/packages/server/src/api/routes/public/index.js
@@ -22,6 +22,9 @@ const publicRouter = new Router({
 })
 
 function addMiddleware(endpoints, middleware) {
+  if (!Array.isArray(endpoints)) {
+    endpoints = [endpoints]
+  }
   for (let endpoint of endpoints) {
     endpoint.addMiddleware(middleware)
   }
diff --git a/packages/server/src/api/routes/public/queries.js b/packages/server/src/api/routes/public/queries.js
index edf4cbf668..4650c5a551 100644
--- a/packages/server/src/api/routes/public/queries.js
+++ b/packages/server/src/api/routes/public/queries.js
@@ -1,5 +1,6 @@
 const controller = require("../../controllers/public/queries")
 const Endpoint = require("./utils/Endpoint")
+const { nameValidator } = require("../utils/validators")
 
 const read = [],
   write = []
@@ -35,7 +36,11 @@ const read = [],
  *               queries:
  *                 $ref: '#/components/examples/queries'
  */
-read.push(new Endpoint("post", "/queries/search", controller.search))
+read.push(
+  new Endpoint("post", "/queries/search", controller.search).addMiddleware(
+    nameValidator()
+  )
+)
 
 /**
  * @openapi
diff --git a/packages/server/src/api/routes/public/tables.js b/packages/server/src/api/routes/public/tables.js
index fe2d9e82e2..666b7275d4 100644
--- a/packages/server/src/api/routes/public/tables.js
+++ b/packages/server/src/api/routes/public/tables.js
@@ -1,6 +1,6 @@
 const controller = require("../../controllers/public/tables")
 const Endpoint = require("./utils/Endpoint")
-const { tableValidator } = require("../utils/validators")
+const { tableValidator, nameValidator } = require("../utils/validators")
 
 const read = [],
   write = []
@@ -36,7 +36,11 @@ const read = [],
  *               tables:
  *                 $ref: '#/components/examples/tables'
  */
-read.push(new Endpoint("post", "/tables/search", controller.search))
+read.push(
+  new Endpoint("post", "/tables/search", controller.search).addMiddleware(
+    nameValidator()
+  )
+)
 
 /**
  * @openapi
diff --git a/packages/server/src/api/routes/public/users.js b/packages/server/src/api/routes/public/users.js
index 05d563bde2..cc2c1cb430 100644
--- a/packages/server/src/api/routes/public/users.js
+++ b/packages/server/src/api/routes/public/users.js
@@ -1,5 +1,6 @@
 const controller = require("../../controllers/public/users")
 const Endpoint = require("./utils/Endpoint")
+const { nameValidator } = require("../utils/validators")
 
 const read = [],
   write = []
@@ -32,7 +33,11 @@ const read = [],
  *               users:
  *                 $ref: '#/components/examples/users'
  */
-read.push(new Endpoint("post", "/users/search", controller.search))
+read.push(
+  new Endpoint("post", "/users/search", controller.search).addMiddleware(
+    nameValidator()
+  )
+)
 
 /**
  * @openapi
diff --git a/packages/server/src/api/routes/public/utils/Endpoint.js b/packages/server/src/api/routes/public/utils/Endpoint.js
index a026d3db2a..d163db847b 100644
--- a/packages/server/src/api/routes/public/utils/Endpoint.js
+++ b/packages/server/src/api/routes/public/utils/Endpoint.js
@@ -8,6 +8,7 @@ class Endpoint {
 
   addMiddleware(middleware) {
     this.middlewares.push(middleware)
+    return this
   }
 
   apply(router) {
diff --git a/packages/server/src/api/routes/utils/validators.js b/packages/server/src/api/routes/utils/validators.js
index ea56c86b6a..794f93b70e 100644
--- a/packages/server/src/api/routes/utils/validators.js
+++ b/packages/server/src/api/routes/utils/validators.js
@@ -5,7 +5,6 @@ const {
   BUILTIN_PERMISSION_IDS,
   PermissionLevels,
 } = require("@budibase/backend-core/permissions")
-
 const Joi = require("joi")
 
 exports.tableValidator = () => {
@@ -48,6 +47,42 @@ exports.datasourceValidator = () => {
   }).unknown(true))
 }
 
+/**
+ *    * {
+ *  "tableId": "ta_70260ff0b85c467ca74364aefc46f26d",
+ *  "query": {
+ *    "string": {},
+ *    "fuzzy": {},
+ *    "range": {
+ *      "columnName": {
+ *        "high": 20,
+ *        "low": 10,
+ *      }
+ *    },
+ *    "equal": {
+ *      "columnName": "someValue"
+ *    },
+ *    "notEqual": {},
+ *    "empty": {},
+ *    "notEmpty": {},
+ *    "oneOf": {
+ *      "columnName": ["value"]
+ *    }
+ *  },
+ *  "limit": 10,
+ *  "sort": "name",
+ *  "sortOrder": "descending",
+ *  "sortType": "string",
+ *  "paginate": true
+ * }
+ */
+exports.searchValidator = () => {
+  // prettier-ignore
+  return joiValidator.body(Joi.object({
+    tableId: Joi.string()
+  }))
+}
+
 exports.datasourceQueryValidator = () => {
   // prettier-ignore
   return joiValidator.body(Joi.object({