diff --git a/src/appstore.js b/src/appstore.js
index 5cca3092f..10051a878 100644
--- a/src/appstore.js
+++ b/src/appstore.js
@@ -413,11 +413,9 @@ function createTicket(info, auditSource, callback) {
             if (error) return callback(error);
             if (result) info.app = result;
 
-            let url = settings.apiServerOrigin() + '/api/v1/ticket';
-
             info.supportEmail = constants.SUPPORT_EMAIL; // destination address for tickets
 
-            superagent.post(url).query({ accessToken: token }).send(info).timeout(10 * 1000).end(function (error, result) {
+            superagent.post(`${settings.apiServerOrigin()}/api/v1/ticket`).query({ accessToken: token }).send(info).timeout(10 * 1000).end(function (error, result) {
                 if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
                 if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
                 if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
diff --git a/src/routes/support.js b/src/routes/support.js
index 15775b8c7..9e88c251d 100644
--- a/src/routes/support.js
+++ b/src/routes/support.js
@@ -41,6 +41,7 @@ function createTicket(req, res, next) {
     if (typeof req.body.description !== 'string' || !req.body.description) return next(new HttpError(400, 'description must be string'));
     if (req.body.appId && typeof req.body.appId !== 'string') return next(new HttpError(400, 'appId must be string'));
     if (req.body.altEmail && typeof req.body.altEmail !== 'string') return next(new HttpError(400, 'altEmail must be string'));
+    if (req.body.enableSshSupport && typeof req.body.enableSshSupport !== 'boolean') return next(new HttpError(400, 'enableSshSupport must be a boolean'));
 
     settings.getSupportConfig(function (error, supportConfig) {
         if (error) return next(new HttpError(503, `Error getting support config: ${error.message}`));