diff --git a/app/controllers/api/v1/polls/votes_controller.rb b/app/controllers/api/v1/polls/votes_controller.rb
index 513b937ef2d..ad1b82cb522 100644
--- a/app/controllers/api/v1/polls/votes_controller.rb
+++ b/app/controllers/api/v1/polls/votes_controller.rb
@@ -8,7 +8,7 @@ class Api::V1::Polls::VotesController < Api::BaseController
   before_action :set_poll
 
   def create
-    VoteService.new.call(current_account, @poll, vote_params[:choices])
+    VoteService.new.call(current_account, @poll, vote_params)
     render json: @poll, serializer: REST::PollSerializer
   end
 
@@ -22,6 +22,6 @@ class Api::V1::Polls::VotesController < Api::BaseController
   end
 
   def vote_params
-    params.permit(choices: [])
+    params.require(:choices)
   end
 end
diff --git a/spec/requests/api/v1/polls/votes_spec.rb b/spec/requests/api/v1/polls/votes_spec.rb
index e2b22708be8..669f64b6e45 100644
--- a/spec/requests/api/v1/polls/votes_spec.rb
+++ b/spec/requests/api/v1/polls/votes_spec.rb
@@ -10,9 +10,10 @@ RSpec.describe 'API V1 Polls Votes' do
 
   describe 'POST /api/v1/polls/:poll_id/votes' do
     let(:poll) { Fabricate(:poll) }
+    let(:params) { { choices: %w(1) } }
 
     before do
-      post "/api/v1/polls/#{poll.id}/votes", params: { choices: %w(1) }, headers: headers
+      post "/api/v1/polls/#{poll.id}/votes", params: params, headers: headers
     end
 
     it 'creates a vote', :aggregate_failures do
@@ -24,6 +25,14 @@ RSpec.describe 'API V1 Polls Votes' do
       expect(poll.reload.cached_tallies).to eq [0, 1]
     end
 
+    context 'when the required choices param is not provided' do
+      let(:params) { {} }
+
+      it 'returns http bad request' do
+        expect(response).to have_http_status(400)
+      end
+    end
+
     private
 
     def vote