diff --git a/src/app.py b/src/app.py
index 2f9269da..bb752b7d 100644
--- a/src/app.py
+++ b/src/app.py
@@ -2294,6 +2294,9 @@ def validate_constraints():
     if not request.is_json:
         bad_request_error("A json body and appropriate Content-Type header are required")
     json_entry = request.get_json()
+    is_valid = constraints_json_is_valid(json_entry)
+    if is_valid is not True:
+        bad_request_error(is_valid)
     is_match = request.values.get('match')
     order = request.values.get('order')
 
@@ -4343,6 +4346,35 @@ def internal_server_error(err_msg):
     abort(500, description = err_msg)
 
 
+"""
+Validates the incoming json for the endpoint /constraints. 
+Returns true if the json matches the required format. If 
+invalid, returns a string explaining why.
+"""
+def constraints_json_is_valid(json_entry):
+    if not isinstance(json_entry, list):
+        return "JSON body expects a list."
+    
+    for constraint in json_entry:
+        if not isinstance(constraint, dict):
+            return "Each constraint in the list must be a JSON object."
+
+        for key in constraint:
+            if key not in ["ancestors", "descendants"]:
+                return f"Invalid key '{key}'. Allowed keys are 'ancestors' and 'descendants'."
+            
+            value = constraint[key]
+            if isinstance(value, dict):
+                continue
+            elif isinstance(value, list):
+                for item in value:
+                    if not isinstance(item, dict):
+                        return f"The value for '{key}' must be represented as a JSON object or as a list of objects"
+            else:
+                return f"The value for '{key}' must be a JSON object or a list of JSON objects."
+    return True
+
+
 """
 Parse the token from Authorization header