diff --git a/artifacts/api-server/src/app.ts b/artifacts/api-server/src/app.ts
index a88b36c..9768f4c 100644
--- a/artifacts/api-server/src/app.ts
+++ b/artifacts/api-server/src/app.ts
@@ -4,6 +4,8 @@ import router from "./routes";
 
 const app: Express = express();
 
+app.set("trust proxy", 1);
+
 app.use(cors());
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
diff --git a/artifacts/api-server/src/routes/jobs.ts b/artifacts/api-server/src/routes/jobs.ts
index e4b33f5..624f236 100644
--- a/artifacts/api-server/src/routes/jobs.ts
+++ b/artifacts/api-server/src/routes/jobs.ts
@@ -2,7 +2,7 @@ import { Router, type Request, type Response } from "express";
 import { randomUUID } from "crypto";
 import { db, jobs, invoices, type Job } from "@workspace/db";
 import { eq, and } from "drizzle-orm";
-import { CreateJobBody } from "@workspace/api-zod";
+import { CreateJobBody, GetJobParams } from "@workspace/api-zod";
 import { lnbitsService } from "../lib/lnbits.js";
 import { agentService } from "../lib/agent.js";
 import { pricingService } from "../lib/pricing.js";
@@ -190,7 +190,12 @@ router.post("/jobs", async (req: Request, res: Response) => {
 });
 
 router.get("/jobs/:id", async (req: Request, res: Response) => {
-  const { id } = req.params as { id: string };
+  const paramResult = GetJobParams.safeParse(req.params);
+  if (!paramResult.success) {
+    res.status(400).json({ error: "Invalid job id" });
+    return;
+  }
+  const { id } = paramResult.data;
 
   try {
     let job = await getJobById(id);