diff --git a/app/controllers/admin/subscription_line_items_controller.rb b/app/controllers/admin/subscription_line_items_controller.rb
index a87ddebe45..27ec3611a1 100644
--- a/app/controllers/admin/subscription_line_items_controller.rb
+++ b/app/controllers/admin/subscription_line_items_controller.rb
@@ -11,7 +11,7 @@ module Admin
     respond_to :json
 
     def build
-      @subscription_line_item.assign_attributes(params[:subscription_line_item])
+      @subscription_line_item.assign_attributes(subscription_line_item_params)
       @subscription_line_item.price_estimate = price_estimate
       render json: @subscription_line_item, serializer: Api::Admin::SubscriptionLineItemSerializer,
              shop: @shop, schedule: @schedule
@@ -27,7 +27,7 @@ module Admin
       @shop = Enterprise.managed_by(spree_current_user).find_by(id: params[:shop_id])
       @schedule = permissions.editable_schedules.find_by(id: params[:schedule_id])
       @order_cycle = @schedule.andand.current_or_next_order_cycle
-      @variant = variant_if_eligible(params[:subscription_line_item][:variant_id]) if @shop.present?
+      @variant = variant_if_eligible(subscription_line_item_params[:variant_id]) if @shop.present?
     end
 
     def new_actions
@@ -58,5 +58,9 @@ module Admin
     def variant_if_eligible(variant_id)
       SubscriptionVariantsService.eligible_variants(@shop).find_by(id: variant_id)
     end
+
+    def subscription_line_item_params
+      params.require(:subscription_line_item).permit(:quantity, :variant_id)
+    end
   end
 end