diff --git a/packages/worker/src/api/controllers/admin/configs.js b/packages/worker/src/api/controllers/admin/configs.js
index bf9259f953..0a2e2feccb 100644
--- a/packages/worker/src/api/controllers/admin/configs.js
+++ b/packages/worker/src/api/controllers/admin/configs.js
@@ -48,7 +48,7 @@ exports.save = async function (ctx) {
 exports.fetch = async function (ctx) {
   const db = new CouchDB(GLOBAL_DB)
   const response = await db.allDocs(
-    getConfigParams(undefined, {
+    getConfigParams({ type: ctx.params.type }, {
       include_docs: true,
     })
   )
@@ -61,11 +61,10 @@ exports.fetch = async function (ctx) {
  */
 exports.find = async function (ctx) {
   const db = new CouchDB(GLOBAL_DB)
-  const userId = ctx.params.user && ctx.params.user._id
 
-  const { group } = ctx.query
-  if (group) {
-    const group = await db.get(group)
+  const { userId, groupId } = ctx.query
+  if (groupId && userId) {
+    const group = await db.get(groupId)
     const userInGroup = group.users.some(groupUser => groupUser === userId)
     if (!ctx.user.admin && !userInGroup) {
       ctx.throw(400, `User is not in specified group: ${group}.`)
@@ -77,7 +76,7 @@ exports.find = async function (ctx) {
     const scopedConfig = await determineScopedConfig(db, {
       type: ctx.params.type,
       user: userId,
-      group,
+      group: groupId,
     })
 
     if (scopedConfig) {
diff --git a/packages/worker/src/api/routes/admin/configs.js b/packages/worker/src/api/routes/admin/configs.js
index 5865259a29..1b5150ef27 100644
--- a/packages/worker/src/api/routes/admin/configs.js
+++ b/packages/worker/src/api/routes/admin/configs.js
@@ -54,14 +54,21 @@ function buildConfigSaveValidation() {
           { is: Configs.GOOGLE, then: googleValidation() }
         ],
       }),
-    }),
+    }).required(),
   )
 }
 
+function buildConfigGetValidation() {
+  // prettier-ignore
+  return joiValidator.params(Joi.object({
+    type: Joi.string().valid(...Object.values(Configs)).required()
+  }).unknown(true).required())
+}
+
 router
   .post("/api/admin/configs", buildConfigSaveValidation(), controller.save)
   .delete("/api/admin/configs/:id", controller.destroy)
-  .get("/api/admin/configs", controller.fetch)
-  .get("/api/admin/configs/:type", controller.find)
+  .get("/api/admin/configs/all/:type", buildConfigGetValidation(), controller.fetch)
+  .get("/api/admin/configs/:type", buildConfigGetValidation(), controller.find)
 
 module.exports = router