diff --git a/app/controllers/api/taxons_controller.rb b/app/controllers/api/taxons_controller.rb
index f6693fbaee..e389caea7b 100644
--- a/app/controllers/api/taxons_controller.rb
+++ b/app/controllers/api/taxons_controller.rb
@@ -22,7 +22,7 @@ module Api
 
     def create
       authorize! :create, Spree::Taxon
-      @taxon = Spree::Taxon.new(params[:taxon])
+      @taxon = Spree::Taxon.new(taxon_params[:taxon])
       @taxon.taxonomy_id = params[:taxonomy_id]
       taxonomy = Spree::Taxonomy.find_by(id: params[:taxonomy_id])
 
@@ -42,7 +42,7 @@ module Api
 
     def update
       authorize! :update, Spree::Taxon
-      if taxon.update(params[:taxon])
+      if taxon.update(taxon_params)
         render json: taxon, serializer: Api::TaxonSerializer, status: :ok
       else
         invalid_resource!(taxon)
@@ -66,5 +66,9 @@ module Api
     def taxon
       @taxon ||= taxonomy.taxons.find(params[:id])
     end
+
+    def taxon_params
+      params.permit(taxon: [:name, :parent_id])
+    end
   end
 end