diff --git a/docs/api/rest-api.md b/docs/api/rest-api.md
index eeb90abfb4..9e57bb802a 100644
--- a/docs/api/rest-api.md
+++ b/docs/api/rest-api.md
@@ -38,6 +38,19 @@ A particular OpenAPI spec can be easily imported into [Postman](https://www.post
 curl http://localhost:8645/debug/v1/info -s | jq
 ```
 
+#### [`get_waku_v2_store_v3_messages`](https://rfc.vac.dev/spec/16/#get_waku_v2_store_v3_messages)
+
+```bash
+curl -v -X GET "http://127.0.0.1:49153/store/v3/messages?includeData=true&pubsubTopic=/waku/2/rs/3/0&pageSize=20&ascending=true"
+```
+
+or call it encoded
+
+```bash
+curl -v -X GET "http://127.0.0.1:5213/store/v3/messages?includeData=true&pubsubTopic=%2Fwaku%2F2%2Frs%2F3%2F0&pageSize=20&ascending=true"
+```
+
+In both cases, it works and retrieves the message with the correct topic name.
 
 ### Node configuration
 Find details [here](https://github.com/waku-org/nwaku/tree/master/docs/operators/how-to/configure-rest-api.md)
diff --git a/waku/waku_api/rest/rest_serdes.nim b/waku/waku_api/rest/rest_serdes.nim
index 1b6d5a98d3..5d8c07cb7d 100644
--- a/waku/waku_api/rest/rest_serdes.nim
+++ b/waku/waku_api/rest/rest_serdes.nim
@@ -53,6 +53,18 @@ func decodeRequestBody*[T](
       )
     )
 
+  # Validate and enforce URL encoding for pubsubTopic and contentTopics
+  if T.hasKey("pubsubTopic"):
+    let pubsubTopic = T["pubsubTopic"]
+    if pubsubTopic != encodeUrl(pubsubTopic):
+      return err(RestApiResponse.badRequest("Invalid or non-URL-encoded pubsubTopic parameter"))
+
+  if T.hasKey("contentTopics"):
+    let contentTopics = T["contentTopics"]
+    for topic in contentTopics:
+      if topic != encodeUrl(topic):
+        return err(RestApiResponse.badRequest("Invalid or non-URL-encoded content_topic parameter"))
+
   return ok(requestResult.get())
 
 proc decodeBytes*(
diff --git a/waku/waku_api/rest/store/handlers.nim b/waku/waku_api/rest/store/handlers.nim
index 663d796eab..1d72e5b7f4 100644
--- a/waku/waku_api/rest/store/handlers.nim
+++ b/waku/waku_api/rest/store/handlers.nim
@@ -99,6 +99,8 @@ proc createStoreQuery(
     let decodedPubsubTopic = decodeUrl(pubsubTopic.get())
     if decodedPubsubTopic != "":
       parsedPubsubTopic = some(decodedPubsubTopic)
+    else:
+      return err("Invalid or non-encoded pubsubTopic parameter")
 
   # Parse the content topics
   var parsedContentTopics = newSeq[ContentTopic](0)
@@ -106,6 +108,8 @@ proc createStoreQuery(
     let ctList = decodeUrl(contentTopics.get())
     if ctList != "":
       for ct in ctList.split(','):
+        if ct == "":
+          return err("Invalid or non-encoded content_topic parameter")
         parsedContentTopics.add(ct)
 
   # Parse start time