diff --git a/src/api/endpoints/posts/likes/create.js b/src/api/endpoints/posts/likes/create.js
index d148c99d41..8963b482bf 100644
--- a/src/api/endpoints/posts/likes/create.js
+++ b/src/api/endpoints/posts/likes/create.js
@@ -28,6 +28,11 @@ module.exports = (params, user) =>
 		return rej('post_id is required');
 	}
 
+	// Validate id
+	if (!mongo.ObjectID.isValid(postId)) {
+		return rej('incorrect post_id');
+	}
+
 	// Get likee
 	const post = await Post.findOne({
 		_id: new mongo.ObjectID(postId)