diff --git a/src/main/kotlin/fr/dcproject/component/workgroup/routes/CreateWorkgroup.kt b/src/main/kotlin/fr/dcproject/component/workgroup/routes/CreateWorkgroup.kt
index 4c7f2b1..fcec099 100644
--- a/src/main/kotlin/fr/dcproject/component/workgroup/routes/CreateWorkgroup.kt
+++ b/src/main/kotlin/fr/dcproject/component/workgroup/routes/CreateWorkgroup.kt
@@ -1,8 +1,9 @@
 package fr.dcproject.component.workgroup.routes
 
-import fr.dcproject.common.response.toOutput
+import fr.dcproject.application.http.badRequestIfNotValid
 import fr.dcproject.common.security.assert
 import fr.dcproject.common.utils.receiveOrBadRequest
+import fr.dcproject.common.validation.isUrl
 import fr.dcproject.component.auth.citizen
 import fr.dcproject.component.auth.citizenOrNull
 import fr.dcproject.component.auth.mustBeAuth
@@ -10,6 +11,9 @@ import fr.dcproject.component.workgroup.WorkgroupAccessControl
 import fr.dcproject.component.workgroup.database.WorkgroupForUpdate
 import fr.dcproject.component.workgroup.database.WorkgroupRepository
 import fr.dcproject.component.workgroup.routes.CreateWorkgroup.PostWorkgroupRequest.Input
+import io.konform.validation.Validation
+import io.konform.validation.jsonschema.maxLength
+import io.konform.validation.jsonschema.minLength
 import io.ktor.application.call
 import io.ktor.http.HttpStatusCode
 import io.ktor.locations.KtorExperimentalLocationsAPI
@@ -29,13 +33,30 @@ object CreateWorkgroup {
             val description: String,
             val logo: String?,
             val anonymous: Boolean?
-        )
+        ) {
+            fun validate() = Validation<Input> {
+                Input::name {
+                    minLength(5)
+                    maxLength(80)
+                }
+                Input::description {
+                    minLength(50)
+                    maxLength(6000)
+                }
+                Input::logo ifPresent {
+                    isUrl()
+                    maxLength(2048)
+                }
+            }.validate(this)
+        }
     }
 
     fun Route.createWorkgroup(repo: WorkgroupRepository, ac: WorkgroupAccessControl) {
         post<PostWorkgroupRequest> {
             mustBeAuth()
             call.receiveOrBadRequest<Input>().run {
+                validate().badRequestIfNotValid()
+
                 WorkgroupForUpdate(
                     id ?: UUID.randomUUID(),
                     name,
diff --git a/src/main/resources/openapi.yaml b/src/main/resources/openapi.yaml
index de03709..6afa21e 100644
--- a/src/main/resources/openapi.yaml
+++ b/src/main/resources/openapi.yaml
@@ -1403,6 +1403,12 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Workgroup'
+        400:
+          description: BadReqest
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/400'
   /workgroups/{workgroup}:
     parameters:
       - $ref: '#/components/parameters/workgroup'
diff --git a/src/test/kotlin/integration/Workgroup routes.kt b/src/test/kotlin/integration/Workgroup routes.kt
index c6182c4..6a7adfb 100644
--- a/src/test/kotlin/integration/Workgroup routes.kt	
+++ b/src/test/kotlin/integration/Workgroup routes.kt	
@@ -77,7 +77,7 @@ class `Workgroup routes` : BaseTest() {
                     {
                         "id":"f496d86d-6654-4068-91ff-90e1dbcc5f38",
                         "name":"Les Bouffons",
-                        "description":"La vie est belle",
+                        "description":"Pellentesque eleifend malesuada aliquam. Maecenas et urna quis nunc lacinia scelerisque.",
                         "anonymous":false
                     }
                     """
@@ -85,7 +85,7 @@ class `Workgroup routes` : BaseTest() {
             } `Then the response should be` Created and {
                 `And the response should contain`("$.id", "f496d86d-6654-4068-91ff-90e1dbcc5f38")
                 `And the response should contain`("$.name", "Les Bouffons")
-                `And the response should contain`("$.description", "La vie est belle")
+                `And the response should contain`("$.description", "Pellentesque eleifend malesuada aliquam. Maecenas et urna quis nunc lacinia scelerisque.")
                 `And the response should contain`("$.anonymous", false)
             }
 
@@ -95,6 +95,36 @@ class `Workgroup routes` : BaseTest() {
         }
     }
 
+    @Test
+    @Tag("BadRequest")
+    fun `I cannot create a workgroup with wrong request`() {
+        withIntegrationApplication {
+            `Given I have citizen`("Werner", "Heisenberg")
+            `When I send a POST request`("/workgroups") {
+                `authenticated as`("Werner", "Heisenberg")
+                `with body`(
+                    """
+                    {
+                        "id":"f496d86d-6654-4068-91ff-90e1dbcc5f38",
+                        "name":"sm",
+                        "description":"small",
+                        "anonymous":false,
+                        "logo": "www.plop.com"
+                    }
+                    """
+                )
+            } `Then the response should be` BadRequest and {
+                `And the response should not be null`()
+                `And the response should contain`("$.invalidParams[0].name", ".name")
+                `And the response should contain`("$.invalidParams[0].reason", "must have at least 5 characters")
+                `And the response should contain`("$.invalidParams[1].name", ".description")
+                `And the response should contain`("$.invalidParams[1].reason", "must have at least 50 characters")
+                `And the response should contain`("$.invalidParams[2].name", ".logo")
+                `And the response should contain`("$.invalidParams[2].reason", "is not url")
+            }
+        }
+    }
+
     @Test
     fun `I can edit a workgroup`() {
         withIntegrationApplication {