diff --git a/src/routers/config-strategy.js b/src/routers/config-strategy.js
index 54fb43b..c2b6a46 100644
--- a/src/routers/config-strategy.js
+++ b/src/routers/config-strategy.js
@@ -1,5 +1,5 @@
 import express from 'express';
-import { check } from 'express-validator';
+import { check, query } from 'express-validator';
 import History from '../models/history';
 import { EnvType } from '../models/environment';
 import { validate, verifyInputUpdateParameters } from '../middleware/validators';
@@ -27,7 +27,10 @@ router.post('/configstrategy/create', auth, [
 // GET /configstrategy?limit=10&skip=20
 // GET /configstrategy?sortBy=createdAt:desc
 // GET /configstrategy?config=ID&env=QA
-router.get('/configstrategy', auth, async (req, res) => {
+router.get('/configstrategy', auth, [
+    query('config').isMongoId(),
+    query('env').optional().isLength({ max: 30 })
+], validate, async (req, res) => {
     try {
         const config = await getConfigById(req.query.config);
 
diff --git a/src/routers/metric.js b/src/routers/metric.js
index e37bf6c..2f072c5 100644
--- a/src/routers/metric.js
+++ b/src/routers/metric.js
@@ -1,7 +1,7 @@
 import express from 'express';
 import { Metric } from '../models/metric';
 import { getConfig } from '../services/config';
-import { check } from 'express-validator';
+import { check, query } from 'express-validator';
 import { auth } from '../middleware/auth';
 import { verifyOwnership } from '../helpers';
 import { ActionTypes, RouterTypes } from '../models/permission';
@@ -58,15 +58,23 @@ router.get('/metric/data/', auth, [
 });
 
 router.get('/metric/statistics/', auth, [
-    check('domainid').isMongoId(),
-    check('statistics', 'add one or more options {swicthers,components,reasons,all} separed by comma').isLength({ min: 3 })
+    query('domainid').isMongoId(),
+    query('statistics', 'add one or more options {swicthers,components,reasons,all} separed by comma').isLength({ min: 3 }),
+    query('dateGroupPattern', 'e.g. YYYY-MM-DD HH:mm').optional().isLength({ max: 16 }),
+    query('key').optional().isLength({ max: 30 }),
+    query('environment').optional().isLength({ max: 30 }),
+    query('result').optional().isBoolean(),
+    query('component').optional().isLength({ max: 50 }),
+    query('group').optional().isLength({ max: 30 }),
+    query('dateBefore').optional().isDate(),
+    query('dateAfter').optional().isDate()
 ], validate, async (req, res) => {
     try {
         const switcher = buildMetricsFilter(req);
         const components = buildMetricsFilter(req);
         const reasons = buildMetricsFilter(req);
 
-        const dateGroupPattern =  req.query.dateGroupPattern ? 
+        const dateGroupPattern = req.query.dateGroupPattern ? 
             req.query.dateGroupPattern : 'YYYY-MM';
 
         if (req.query.key) { 
diff --git a/tests/config-strategy.test.js b/tests/config-strategy.test.js
index 849e5b5..3e5e439 100644
--- a/tests/config-strategy.test.js
+++ b/tests/config-strategy.test.js
@@ -359,7 +359,14 @@ describe('Testing reading strategies #1', () => {
         await request(app)
             .get('/configstrategy?config=INVALID_ID_VALUE')
             .set('Authorization', `Bearer ${adminMasterAccountToken}`)
-            .send().expect(500);
+            .send().expect(422);
+    });
+
+    test('STRATEGY_SUITE - Should NOT get Config Strategy information - Invalid Environment query', async () => {
+        await request(app)
+            .get(`/configstrategy?config=${configId1}&env=${'a'.repeat(50)}`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(422);
     });
 });
 
diff --git a/tests/metric.test.js b/tests/metric.test.js
index 21b7312..5869c9a 100644
--- a/tests/metric.test.js
+++ b/tests/metric.test.js
@@ -93,6 +93,80 @@ describe('Fetch overall statistics', () => {
             .set('Authorization', `Bearer ${adminMasterAccountToken}`)
             .send().expect(422);
     });
+
+    test('METRIC_SUITE - Should NOT return statistics - Invalid queries', async () => {
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&environment=${'a'.repeat(31)}`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(422);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&component=${'a'.repeat(51)}`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(422);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&key=${'a'.repeat(31)}`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(422);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&group=${'a'.repeat(31)}`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(422);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&result=not_true`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(422);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&dateBefore=2020`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(422);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&dateAfter=2020`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(422);
+    });
+
+    test('METRIC_SUITE - Should return statistics - Valid queries', async () => {
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&environment=${'a'.repeat(30)}`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(200);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&component=${'a'.repeat(50)}`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(200);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&key=${'a'.repeat(30)}`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(200);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&group=${'a'.repeat(30)}`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(200);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&result=true`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(200);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&dateBefore=2020-10-10`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(200);
+
+        await request(app)
+            .get(`/metric/statistics?domainid=${domainId}&statistics=all&dateAfter=2020-10-10`)
+            .set('Authorization', `Bearer ${adminMasterAccountToken}`)
+            .send().expect(200);
+    });
 });
 
 describe('Fetch metrics', () => {