diff --git a/frontend/src/routes/household/staples/+server.ts b/frontend/src/routes/household/staples/+server.ts
index 6c5eab4..c22cb44 100644
--- a/frontend/src/routes/household/staples/+server.ts
+++ b/frontend/src/routes/household/staples/+server.ts
@@ -10,6 +10,10 @@ export const PATCH: RequestHandler = async ({ request, fetch }) => {
 		return json({ error: 'id is required' }, { status: 400 });
 	}
 
+	if (typeof isStaple !== 'boolean') {
+		return json({ error: 'isStaple must be a boolean' }, { status: 400 });
+	}
+
 	const api = apiClient(fetch);
 	const { error } = await api.PATCH('/v1/ingredients/{id}', {
 		params: { path: { id } },
diff --git a/frontend/src/routes/household/staples/server.test.ts b/frontend/src/routes/household/staples/server.test.ts
index 36d7045..81418dc 100644
--- a/frontend/src/routes/household/staples/server.test.ts
+++ b/frontend/src/routes/household/staples/server.test.ts
@@ -60,4 +60,18 @@ describe('household staples PATCH handler', () => {
 		expect(response.status).toBe(400);
 		expect(mockPatch).not.toHaveBeenCalled();
 	});
+
+	it('returns 400 when isStaple is missing', async () => {
+		const response = await PATCH(createRequest({ id: 'ing-1' }));
+
+		expect(response.status).toBe(400);
+		expect(mockPatch).not.toHaveBeenCalled();
+	});
+
+	it('returns 400 when isStaple is not a boolean', async () => {
+		const response = await PATCH(createRequest({ id: 'ing-1', isStaple: 'yes' }));
+
+		expect(response.status).toBe(400);
+		expect(mockPatch).not.toHaveBeenCalled();
+	});
 });