diff --git a/truthseeker/routes/routes_api.py b/truthseeker/routes/routes_api.py
index 647b3a1..def7d41 100644
--- a/truthseeker/routes/routes_api.py
+++ b/truthseeker/routes/routes_api.py
@@ -2,6 +2,7 @@ import flask
 
 import truthseeker
 from truthseeker.logic import game_logic
+from truthseeker.utils import check_username
 
 
 routes_api = flask.Blueprint("api", __name__)
@@ -11,7 +12,8 @@ def create_game():
     username = flask.request.values.get("username")
     if username==None:
         return {"error": 1, "msg": "username not set"}
-
+    if not check_username(username):
+        return {"error": 1, "msg": "invalid username"}
 
     response = {}
     response["error"] = 0
@@ -30,6 +32,8 @@ def join_game():
     username = flask.request.values.get("username")
     if game_id==None or username==None:
         return {"error": 1, "msg": "username or game id not set"}
+    if not check_username(username):
+        return {"error": 1, "msg": "invalid username"}
 
     game = game_logic.get_game(game_id)
     if game == None:
diff --git a/truthseeker/utils.py b/truthseeker/utils.py
new file mode 100644
index 0000000..7cce76e
--- /dev/null
+++ b/truthseeker/utils.py
@@ -0,0 +1,9 @@
+def check_username(username):
+    if not username:
+        return False
+    if not username == username.strip():
+        return False
+    if not len(username) < 16:
+        return False
+    
+    return True