diff --git a/src/routes/apps.js b/src/routes/apps.js
index 9e337a881..987adf399 100644
--- a/src/routes/apps.js
+++ b/src/routes/apps.js
@@ -138,9 +138,9 @@ async function getAppIcon(req, res, next) {
 }
 
 async function install(req, res, next) {
-    assert.strictEqual(typeof req.body, 'object');
+    assert(typeof req.body === 'object' || typeof req.fields === 'object');
 
-    const data = req.body;
+    const data = req.body || req.fields;
 
     // atleast one
     if ('manifest' in data && typeof data.manifest !== 'object') return next(new HttpError(400, 'manifest must be an object'));
@@ -194,7 +194,7 @@ async function install(req, res, next) {
     if ('enableRedis' in data && typeof data.enableRedis !== 'boolean') return next(new HttpError(400, 'enableRedis must be boolean'));
 
     if ('cpuQuota' in data && data.cpuQuota !== 'number') return next(new HttpError(400, 'cpuQuota is not a number'));
-    if ('operators' in req.body && typeof req.body.operators !== 'object') return next(new HttpError(400, 'operators must be an object'));
+    if ('operators' in data && typeof data.operators !== 'object') return next(new HttpError(400, 'operators must be an object'));
 
     let [error, result] = await safe(appstore.downloadManifest(data.appStoreId, data.manifest));
     if (error) return next(BoxError.toHttpError(error));
diff --git a/src/server.js b/src/server.js
index 29cd5f245..b1ace00d8 100644
--- a/src/server.js
+++ b/src/server.js
@@ -41,7 +41,8 @@ async function initializeExpressSync() {
 
     const REQUEST_TIMEOUT = 60000; // timeout for all requests (see also setTimeout on the httpServer)
 
-    const json = middleware.json({ strict: true, limit: QUERY_LIMIT }); // forces json content-type
+    const json = middleware.json({ strict: true, limit: QUERY_LIMIT }, true); // forces json content-type
+    const jsonOptional = middleware.json({ strict: true, limit: QUERY_LIMIT }, false);
 
     app.set('json spaces', 2); // pretty json
     app.enable('trust proxy'); // trust the X-Forwarded-* headers
@@ -264,8 +265,8 @@ async function initializeExpressSync() {
     router.get ('/api/v1/appstore/apps/:appstoreId/versions/:versionId',       token, authorizeAdmin, routes.appstore.getAppVersion);
 
     // app routes
-    router.post('/api/v1/apps/install',                          json, token,                   authorizeAdmin,    routes.apps.install);  // DEPRECATED from 8.1 on in favor of route below
-    router.post('/api/v1/apps',                                  json, token,                   authorizeAdmin,    routes.apps.install);
+    router.post('/api/v1/apps/install',                          jsonOptional, token, multipart,authorizeAdmin,    routes.apps.install);  // DEPRECATED from 8.1 on in favor of route below
+    router.post('/api/v1/apps',                                  jsonOptional, token, multipart,authorizeAdmin,    routes.apps.install);
     router.get ('/api/v1/apps',                                        token,                   authorizeUser,     routes.apps.listByUser);
     router.get ('/api/v1/apps/:id',                                    token, routes.apps.load, authorizeOperator, routes.apps.getApp);
     router.get ('/api/v1/apps/:id/icon',                                      routes.apps.load,                    routes.apps.getAppIcon);