diff --git a/README.md b/README.md
index 4dde100..d35fd17 100755
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ Configuration for the application is at config/default.js and config/production.
 - AUTH_SECRET: TC Authentication secret
 - VALID_ISSUERS: valid issuers for TC authentication
 - PAGE_SIZE: the default pagination limit
+- MAX_PAGE_SIZE: the maximum pagination size
 - API_VERSION: the API version
 - AWS_ACCESS_KEY_ID: The AWS access key
 - AWS_SECRET_ACCESS_KEY: The AWS secret key
diff --git a/config/default.js b/config/default.js
index af863d0..8ae692e 100755
--- a/config/default.js
+++ b/config/default.js
@@ -11,6 +11,7 @@ module.exports = {
     : '["https://topcoder-dev.auth0.com/", "https://api.topcoder.com"]',
 
   PAGE_SIZE: process.env.PAGE_SIZE || 20,
+  MAX_PAGE_SIZE: parseInt(process.env.MAX_PAGE_SIZE) || 100,
   API_VERSION: process.env.API_VERSION || 'api/1.0',
 
   AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID,
diff --git a/src/bootstrap.js b/src/bootstrap.js
index d4bf725..b8ba978 100755
--- a/src/bootstrap.js
+++ b/src/bootstrap.js
@@ -2,9 +2,14 @@
  * add logger and joi to services
  */
 
+const config = require('config')
 const fs = require('fs')
 const path = require('path')
 const logger = require('./common/logger')
+const joi = require('@hapi/joi')
+
+joi.id = () => joi.number().integer().min(1)
+joi.pageSize = () => joi.number().integer().min(1).max(config.get('MAX_PAGE_SIZE'))
 
 /**
  * add logger and joi schema to service
diff --git a/src/common/service-helper.js b/src/common/service-helper.js
index c51804b..072a0b8 100644
--- a/src/common/service-helper.js
+++ b/src/common/service-helper.js
@@ -285,7 +285,11 @@ function getServiceMethods (Model, createSchema, patchSchema, searchSchema, buil
   }
 
   search.schema = {
-    query: searchSchema,
+    query: {
+      page: joi.id(),
+      perPage: joi.pageSize(),
+      ...searchSchema
+    },
     auth: joi.object()
   }