diff --git a/app/controllers/api/customers_controller.rb b/app/controllers/api/customers_controller.rb
index 172d4580b8..796032e763 100644
--- a/app/controllers/api/customers_controller.rb
+++ b/app/controllers/api/customers_controller.rb
@@ -11,11 +11,15 @@ module Api
       @customer = Customer.find(params[:id])
       authorize! :update, @customer
 
-      if @customer.update(params[:customer])
+      if @customer.update(customer_params)
         render json: @customer, serializer: CustomerSerializer, status: :ok
       else
         invalid_resource!(@customer)
       end
     end
+
+    def customer_params
+      params.require(:customer).permit(:code, :email, :enterprise_id, :allow_charges)
+    end
   end
 end