diff --git a/selfprivacy_api/resources/api_auth/recovery_token.py b/selfprivacy_api/resources/api_auth/recovery_token.py
index dd5f28c2..fbd80d98 100644
--- a/selfprivacy_api/resources/api_auth/recovery_token.py
+++ b/selfprivacy_api/resources/api_auth/recovery_token.py
@@ -131,6 +131,8 @@ class RecoveryToken(Resource):
                 }, 400
         else:
             expiration = None
+        if args["uses"] != None and args["uses"] < 1:
+            return {"message": "Uses must be greater than 0"}, 400
         # Generate recovery token
         token = generate_recovery_token(expiration, args["uses"])
         return {"token": token}
diff --git a/tests/test_auth.py b/tests/test_auth.py
index 6a49da0e..efa0ae61 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -504,3 +504,25 @@ def test_generate_recovery_token_with_limited_uses(
     assert recovery_response.status_code == 404
 
     assert read_json(tokens_file)["recovery_token"]["uses_left"] == 0
+
+def test_generate_recovery_token_with_negative_uses(
+    authorized_client, client, tokens_file
+):
+    # Generate token with limited uses
+    response = authorized_client.post(
+        "/auth/recovery_token",
+        json={"uses": -2},
+    )
+    assert response.status_code == 400
+    assert "recovery_token" not in read_json(tokens_file)
+
+def test_generate_recovery_token_with_zero_uses(
+    authorized_client, client, tokens_file
+):
+    # Generate token with limited uses
+    response = authorized_client.post(
+        "/auth/recovery_token",
+        json={"uses": 0},
+    )
+    assert response.status_code == 400
+    assert "recovery_token" not in read_json(tokens_file)