diff --git a/src/controller/registry-user.controller/index.js b/src/controller/registry-user.controller/index.js
index 872c6fe11..4bb60022f 100644
--- a/src/controller/registry-user.controller/index.js
+++ b/src/controller/registry-user.controller/index.js
@@ -3,7 +3,7 @@ const router = express.Router()
 const mw = require('../../middleware/middleware')
 const { param, query } = require('express-validator')
 const controller = require('./registry-user.controller')
-const { parseGetParams, parsePostParams, parseDeleteParams } = require('./registry-user.middleware')
+const { parseGetParams, parsePostParams, parseDeleteParams, parseError } = require('./registry-user.middleware')
 const getConstants = require('../../constants').getConstants
 const CONSTANTS = getConstants()
 
@@ -69,7 +69,7 @@ router.get('/registryUser',
   mw.onlySecretariat,
   query(['page']).optional().isInt({ min: CONSTANTS.PAGINATOR_PAGE }),
   query(['page']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
-  // parseError,
+  parseError,
   parseGetParams,
   controller.ALL_USERS
 )
@@ -140,7 +140,7 @@ router.get('/registryUser/:identifier',
   mw.validateUser,
   mw.onlySecretariat,
   param(['identifier']).isString().trim(),
-  // parseError,
+  parseError,
   parseGetParams,
   controller.SINGLE_USER
 )
@@ -212,6 +212,8 @@ router.post('/registryUser/:shortname',
   */
   mw.validateUser,
   mw.onlySecretariat,
+  param(['shortname']).isString().trim(),
+  parseError,
   parsePostParams,
   controller.CREATE_USER
 )
@@ -299,7 +301,7 @@ router.put('/registryUser/:identifier',
   mw.onlySecretariat,
   param(['identifier']).isString().trim(),
   // TODO: do more validation here
-  // parseError,
+  parseError,
   parsePostParams,
   controller.UPDATE_USER
 )
@@ -387,7 +389,7 @@ router.delete(
   mw.validateUser,
   mw.onlySecretariat,
   param(['identifier']).isString().trim(),
-  // parseError,
+  parseError,
   parseDeleteParams,
   controller.DELETE_USER
 )
diff --git a/src/controller/registry-user.controller/registry-user.middleware.js b/src/controller/registry-user.controller/registry-user.middleware.js
index 6b30b69e0..e39b721c0 100644
--- a/src/controller/registry-user.controller/registry-user.middleware.js
+++ b/src/controller/registry-user.controller/registry-user.middleware.js
@@ -1,8 +1,11 @@
 const utils = require('../../utils/utils')
+const { validationResult } = require('express-validator')
+const errors = require('../registry-org.controller/error')
+const error = new errors.RegistryOrgControllerError()
 
 function parsePostParams (req, res, next) {
   utils.reqCtxMapping(req, 'body', [])
-  utils.reqCtxMapping(req, 'params', ['identifier'])
+  utils.reqCtxMapping(req, 'params', ['identifier', 'shortname'])
   utils.reqCtxMapping(req, 'query', [
     'new_username',
     'name.first', 'name.last', 'name.middle', 'name.suffix',
@@ -23,8 +26,19 @@ function parseDeleteParams (req, res, next) {
   next()
 }
 
+function parseError (req, res, next) {
+  const err = validationResult(req).formatWith(({ location, msg, param, value, nestedErrors }) => {
+    return { msg: msg, param: param, location: location }
+  })
+  if (!err.isEmpty()) {
+    return res.status(400).json(error.badInput(err.array()))
+  }
+  next()
+}
+
 module.exports = {
   parsePostParams,
   parseGetParams,
-  parseDeleteParams
+  parseDeleteParams,
+  parseError
 }
diff --git a/test/integration-tests/registry-user/registryUserCRUDTest.js b/test/integration-tests/registry-user/registryUserCRUDTest.js
new file mode 100644
index 000000000..84a76d36d
--- /dev/null
+++ b/test/integration-tests/registry-user/registryUserCRUDTest.js
@@ -0,0 +1,64 @@
+const chai = require('chai')
+const expect = chai.expect
+chai.use(require('chai-http'))
+
+const constants = require('../constants.js')
+const app = require('../../../src/index.js')
+
+const secretariatHeaders = { ...constants.headers, 'content-type': 'application/json' }
+
+describe('Testing /registryUser endpoints', () => {
+  context('Positive Tests', () => {
+    // TODO
+  })
+  context('Negative Tests', () => {
+    it('Fails when page query parameter is not an integer', async () => {
+      await chai.request(app)
+        .get('/api/registryUser')
+        .set(secretariatHeaders) // Must be secretariat to reach validation
+        .query({ page: 'not-a-number' }) // Invalid data
+        .then((res) => {
+          expect(res).to.have.status(400)
+          expect(res.body.message).to.equal('Parameters were invalid')
+        })
+    })
+
+    it('Fails when page query parameter is below the minimum', async () => {
+      await chai.request(app)
+        .get('/api/registryUser')
+        .set(secretariatHeaders)
+        .query({ page: 0 }) // Assuming min is 1
+        .then((res) => {
+          expect(res).to.have.status(400)
+        })
+    })
+
+    it('Fails when identifier contains invalid characters', async () => {
+      await chai.request(app)
+        .get('/api/registryUser/uuid<script>') // violates containsNoInvalidCharacters if applied
+        .set(secretariatHeaders)
+        .then((res) => {
+          expect(res).to.have.status(400)
+        })
+    })
+
+    it('Fails when creating a user with an invalid username', async () => {
+      await chai.request(app)
+        .post('/api/registryUser/win_5')
+        .set(secretariatHeaders)
+        .send({ username: 'ab' }) // Too short (minLength is 3)
+        .then((res) => {
+          expect(res).to.have.status(400)
+        })
+    })
+
+    it('Fails when deleting a user that doesn\'t exist', async () => {
+      await chai.request(app)
+        .delete('/api/registryUser/user_with_!') // Invalid string/trim logic
+        .set(secretariatHeaders)
+        .then((res) => {
+          expect(res).to.have.status(404)
+        })
+    })
+  })
+})