diff --git a/apps/emqx_management/src/emqx_mgmt_api_clients.erl b/apps/emqx_management/src/emqx_mgmt_api_clients.erl
index cf80f7e73..a43728a35 100644
--- a/apps/emqx_management/src/emqx_mgmt_api_clients.erl
+++ b/apps/emqx_management/src/emqx_mgmt_api_clients.erl
@@ -916,7 +916,8 @@ client_msgs_params() ->
                     " The only exception to this rule is when the first message payload"
                     " is already larger than the limit."
                     " In this case, the first message will be returned in the response."
-                >>
+                >>,
+                validator => fun max_bytes_validator/1
             })},
         hoconsc:ref(emqx_dashboard_swagger, 'after'),
         hoconsc:ref(emqx_dashboard_swagger, limit)
@@ -1152,6 +1153,11 @@ cont_encoding(inflight_msgs) -> ?URL_PARAM_INTEGER;
 %% binary message id
 cont_encoding(mqueue_msgs) -> ?URL_PARAM_BINARY.
 
+max_bytes_validator(MaxBytes) when is_integer(MaxBytes), MaxBytes > 0 ->
+    ok;
+max_bytes_validator(_MaxBytes) ->
+    {error, "must be higher than 0"}.
+
 %%--------------------------------------------------------------------
 %% QueryString to Match Spec
 
diff --git a/apps/emqx_management/test/emqx_mgmt_api_clients_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_api_clients_SUITE.erl
index a007de829..055910743 100644
--- a/apps/emqx_management/test/emqx_mgmt_api_clients_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_api_clients_SUITE.erl
@@ -985,6 +985,24 @@ test_messages(Path, Topic, Count, AuthHeader, PayloadEncoding) ->
     ?assertMatch(
         {error, {_, 400, _}},
         emqx_mgmt_api_test_util:request_api(get, Path, "limit=limit", AuthHeader)
+    ),
+
+    %% Invalid max_paylod_bytes param
+    ?assertMatch(
+        {error, {_, 400, _}},
+        emqx_mgmt_api_test_util:request_api(get, Path, "max_payload_bytes=0", AuthHeader)
+    ),
+    ?assertMatch(
+        {error, {_, 400, _}},
+        emqx_mgmt_api_test_util:request_api(get, Path, "max_payload_bytes=-1", AuthHeader)
+    ),
+    ?assertMatch(
+        {error, {_, 400, _}},
+        emqx_mgmt_api_test_util:request_api(get, Path, "max_payload_bytes=-1MB", AuthHeader)
+    ),
+    ?assertMatch(
+        {error, {_, 400, _}},
+        emqx_mgmt_api_test_util:request_api(get, Path, "max_payload_bytes=0MB", AuthHeader)
     ).
 
 decode_payload(Payload, base64) ->