diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 9f07353..2012ec7 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -4,6 +4,7 @@
 
 use App\Models\Role;
 use App\Models\User;
+use App\Http\Requests\CredentialsRequest;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
 use Laravel\Sanctum\Exceptions\MissingAbilityException;
@@ -21,25 +22,19 @@ public function index() {
     /**
      * Store a newly created resource in storage.
      *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\CredentialsRequest  $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request) {
-        $creds = $request->validate([
-            'email' => 'required|email',
-            'password' => 'required',
-            'name' => 'nullable|string',
-        ]);
-
-        $user = User::where('email', $creds['email'])->first();
+    public function store(CredentialsRequest $request) {
+        $user = User::where('email', $request['email'])->first();
         if ($user) {
             return response(['error' => 1, 'message' => 'user already exists'], 409);
         }
 
         $user = User::create([
-            'email' => $creds['email'],
-            'password' => Hash::make($creds['password']),
-            'name' => $creds['name'],
+            'email' => $request['email'],
+            'password' => Hash::make($request['password']),
+            'name' => $request['name'],
         ]);
 
         $defaultRoleSlug = config('hydra.default_user_role_slug', 'user');
@@ -51,16 +46,11 @@ public function store(Request $request) {
     /**
      * Authenticate an user and dispatch token.
      *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\CredentialsRequest  $request
      * @return \Illuminate\Http\Response
      */
-    public function login(Request $request) {
-        $creds = $request->validate([
-            'email' => 'required|email',
-            'password' => 'required',
-        ]);
-
-        $user = User::where('email', $creds['email'])->first();
+    public function login(CredentialsRequest $request) {
+        $user = User::where('email', $request['email'])->first();
         if (! $user || ! Hash::check($request->password, $user->password)) {
             return response(['error' => 1, 'message' => 'invalid credentials'], 401);
         }
diff --git a/app/Http/Requests/CredentialsRequest.php b/app/Http/Requests/CredentialsRequest.php
new file mode 100644
index 0000000..972dce5
--- /dev/null
+++ b/app/Http/Requests/CredentialsRequest.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class CredentialsRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, mixed>
+     */
+    public function rules()
+    {
+        return [
+            'email' => 'required|email',
+            'password' => 'required',
+            'name' => 'nullable|string'
+        ];
+    }
+}