diff --git a/src/clients.js b/src/clients.js
index 2135546b8..ec71db86e 100644
--- a/src/clients.js
+++ b/src/clients.js
@@ -66,10 +66,22 @@ util.inherits(ClientsError, Error);
 ClientsError.INVALID_SCOPE = 'Invalid scope';
 ClientsError.INVALID_CLIENT = 'Invalid client';
 ClientsError.INVALID_TOKEN = 'Invalid token';
+ClientsError.BAD_FIELD = 'Bad field';
 ClientsError.NOT_FOUND = 'Not found';
 ClientsError.INTERNAL_ERROR = 'Internal Error';
 ClientsError.NOT_ALLOWED = 'Not allowed to remove this client';
 
+function validateName(name) {
+    assert.strictEqual(typeof name, 'string');
+
+    if (name.length < 1) return new ClientsError(ClientsError.BAD_FIELD, 'Name must be atleast 1 character');
+    if (name.length > 128) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');
+
+    if (/[^a-zA-Z0-9\-]/.test(name)) return new ClientsError(ClientsError.BAD_FIELD, 'Username can only contain alphanumerals and dash');
+
+    return null;
+}
+
 function validateScope(scope) {
     assert.strictEqual(typeof scope, 'string');
 
@@ -105,6 +117,10 @@ function add(appId, type, redirectURI, scope, callback) {
     var error = validateScope(scope);
     if (error) return callback(error);
 
+    // appId is also client name
+    error = validateName(appId);
+    if (error) return callback(error);
+
     var id = 'cid-' + uuid.v4();
     var clientSecret = hat(8 * 128);
 
diff --git a/src/routes/clients.js b/src/routes/clients.js
index 26f9d1583..1f745d363 100644
--- a/src/routes/clients.js
+++ b/src/routes/clients.js
@@ -29,6 +29,7 @@ function add(req, res, next) {
 
     clients.add(data.appId, clients.TYPE_EXTERNAL, data.redirectURI, data.scope, function (error, result) {
         if (error && error.reason === ClientsError.INVALID_SCOPE) return next(new HttpError(400, error.message));
+        if (error && error.reason === ClientsError.BAD_FIELD) return next(new HttpError(400, error.message));
         if (error) return next(new HttpError(500, error));
         next(new HttpSuccess(201, result));
     });
diff --git a/src/routes/test/clients-test.js b/src/routes/test/clients-test.js
index 1cde57092..8e61fa514 100644
--- a/src/routes/test/clients-test.js
+++ b/src/routes/test/clients-test.js
@@ -163,6 +163,26 @@ describe('OAuth Clients API', function () {
                 });
             });
 
+            it('fails with invalid name', function (done) {
+                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
+                       .query({ access_token: token })
+                       .send({ appId: '$"$%^45asdfasdfadf.adf.', redirectURI: 'http://foobar.com', scope: 'profile' })
+                       .end(function (error, result) {
+                    expect(result.statusCode).to.equal(400);
+                    done();
+                });
+            });
+
+            it('succeeds with dash', function (done) {
+                superagent.post(SERVER_URL + '/api/v1/oauth/clients')
+                       .query({ access_token: token })
+                       .send({ appId: 'fo-1234-bar', redirectURI: 'http://foobar.com', scope: 'profile' })
+                       .end(function (error, result) {
+                    expect(result.statusCode).to.equal(201);
+                    done();
+                });
+            });
+
             it('succeeds', function (done) {
                 superagent.post(SERVER_URL + '/api/v1/oauth/clients')
                        .query({ access_token: token })