diff --git a/collector/utils/extensions/Confluence/ConfluenceLoader/index.js b/collector/utils/extensions/Confluence/ConfluenceLoader/index.js
index a1a223b0..687cf2a0 100644
--- a/collector/utils/extensions/Confluence/ConfluenceLoader/index.js
+++ b/collector/utils/extensions/Confluence/ConfluenceLoader/index.js
@@ -131,7 +131,9 @@ class ConfluencePagesLoader {
       /\n{3,}/g,
       "\n\n"
     );
-    const pageUrl = `${this.baseUrl}${this.cloud ? "/wiki" : ""}/spaces/${this.spaceKey}/pages/${page.id}`;
+    const pageUrl = `${this.baseUrl}${this.cloud ? "/wiki" : ""}/spaces/${
+      this.spaceKey
+    }/pages/${page.id}`;
 
     return {
       pageContent: textWithPreservedStructure,
diff --git a/server/endpoints/api/document/index.js b/server/endpoints/api/document/index.js
index ae8093b4..ca75472d 100644
--- a/server/endpoints/api/document/index.js
+++ b/server/endpoints/api/document/index.js
@@ -20,12 +20,34 @@ const documentsPath =
     ? path.resolve(__dirname, "../../../storage/documents")
     : path.resolve(process.env.STORAGE_DIR, `documents`);
 
+/**
+ * Runs a simple validation check on the addToWorkspaces query parameter to ensure it is a string of comma-separated workspace slugs.
+ * @param {*} request
+ * @param {*} response
+ * @param {*} next
+ * @returns
+ */
+function validateWorkspaceSlugQuery(request, response, next) {
+  const { addToWorkspaces = "" } = reqBody(request);
+  if (!addToWorkspaces) return next();
+  if (typeof addToWorkspaces !== "string") {
+    return response
+      .status(422)
+      .json({
+        success: false,
+        error: `addToWorkspaces must be a string of comma-separated workspace slugs. Got ${typeof addToWorkspaces}`,
+      })
+      .end();
+  }
+  next();
+}
+
 function apiDocumentEndpoints(app) {
   if (!app) return;
 
   app.post(
     "/v1/document/upload",
-    [validApiKey, handleAPIFileUpload],
+    [validApiKey, handleAPIFileUpload, validateWorkspaceSlugQuery],
     async (request, response) => {
       /*
     #swagger.tags = ['Documents']
@@ -150,7 +172,7 @@ function apiDocumentEndpoints(app) {
 
   app.post(
     "/v1/document/upload/:folderName",
-    [validApiKey, handleAPIFileUpload],
+    [validApiKey, handleAPIFileUpload, validateWorkspaceSlugQuery],
     async (request, response) => {
       /*
       #swagger.tags = ['Documents']
@@ -331,7 +353,7 @@ function apiDocumentEndpoints(app) {
 
   app.post(
     "/v1/document/upload-link",
-    [validApiKey],
+    [validApiKey, validateWorkspaceSlugQuery],
     async (request, response) => {
       /*
     #swagger.tags = ['Documents']
@@ -455,7 +477,7 @@ function apiDocumentEndpoints(app) {
 
   app.post(
     "/v1/document/raw-text",
-    [validApiKey],
+    [validApiKey, validateWorkspaceSlugQuery],
     async (request, response) => {
       /*
      #swagger.tags = ['Documents']
diff --git a/server/swagger/openapi.json b/server/swagger/openapi.json
index 17cfa3c0..aa829ee5 100644
--- a/server/swagger/openapi.json
+++ b/server/swagger/openapi.json
@@ -890,6 +890,9 @@
               }
             }
           },
+          "422": {
+            "description": "Unprocessable Entity"
+          },
           "500": {
             "description": "Internal Server Error"
           }
@@ -994,6 +997,9 @@
               }
             }
           },
+          "422": {
+            "description": "Unprocessable Entity"
+          },
           "500": {
             "description": "Internal Server Error",
             "content": {
@@ -1099,6 +1105,9 @@
               }
             }
           },
+          "422": {
+            "description": "Unprocessable Entity"
+          },
           "500": {
             "description": "Internal Server Error"
           }