diff --git a/src/allmende_payment_system/api/admin.py b/src/allmende_payment_system/api/admin.py
index b25244f..f920da9 100644
--- a/src/allmende_payment_system/api/admin.py
+++ b/src/allmende_payment_system/api/admin.py
@@ -32,15 +32,17 @@ async def user_list(request: Request, session: SessionDep, user: UserDep):
 
 @admin_router.post("/users/{user_id}/add_group")
 async def user_add_group(
-    request: Request, session: SessionDep, loggend_in_user: UserDep, user_id: int
+    request: Request,
+    session: SessionDep,
+    loggend_in_user: UserDep,
+    user_id: int,
+    group_id: Annotated[int, Form()],
 ):
     if not loggend_in_user.has_permission("user", "edit"):
         raise HTTPException(status_code=403, detail="Insufficient permissions")
 
-    data = await request.form()
-
     group = session.execute(
-        select(UserGroup).where(UserGroup.id == data["group_id"])
+        select(UserGroup).where(UserGroup.id == group_id)
     ).scalar_one()
     user = session.execute(select(User).where(User.id == user_id)).scalar_one()
     user.user_groups.append(group)
@@ -86,13 +88,16 @@ async def group_list(request: Request, session: SessionDep, user: UserDep):
 
 @admin_router.post("/groups/{group_id}/add_permission")
 async def group_add_permission(
-    request: Request, session: SessionDep, user: UserDep, group_id: int
+    request: Request,
+    session: SessionDep,
+    user: UserDep,
+    group_id: int,
+    permission: Annotated[str, Form()],
 ):
     if not user.has_permission("user", "edit"):
         raise HTTPException(status_code=403, detail="Insufficient permissions")
 
-    data = await request.form()
-    scope_action = data["permission"].split(":")
+    scope_action = permission.split(":")
     if len(scope_action) != 2:
         raise HTTPException(
             status_code=400, detail="Permission must be in the format 'scope:action'"
@@ -132,12 +137,16 @@ async def group_remove_permission(
 
 
 @admin_router.post("/groups/create")
-async def create_group(request: Request, session: SessionDep, user: UserDep):
+async def create_group(
+    request: Request,
+    session: SessionDep,
+    user: UserDep,
+    group_data: Annotated[types.UserGroup, Form()],
+):
     if not user.has_permission("user", "edit"):
         raise HTTPException(status_code=403, detail="Insufficient permissions")
 
-    data = await request.form()
-    group = UserGroup(name=data["name"], description=data["description"])
+    group = UserGroup(name=group_data.name, description=group_data.description)
     session.add(group)
 
     return RedirectResponse(url="/admin/groups", status_code=status.HTTP_303_SEE_OTHER)
diff --git a/src/allmende_payment_system/api/types.py b/src/allmende_payment_system/api/types.py
index 17070ed..916d993 100644
--- a/src/allmende_payment_system/api/types.py
+++ b/src/allmende_payment_system/api/types.py
@@ -18,3 +18,8 @@ class Product(BaseModel):
     vat_rate: Decimal
     allow_fractional: bool = False
     unit_of_measure: UnitsOfMeasure
+
+
+class UserGroup(BaseModel):
+    name: str
+    description: typing.Optional[str] = None