diff --git a/app/api/task_definitions_api.rb b/app/api/task_definitions_api.rb
index 08edf62e5..f5bc0131a 100644
--- a/app/api/task_definitions_api.rb
+++ b/app/api/task_definitions_api.rb
@@ -142,18 +142,23 @@ class TaskDefinitionsApi < Grape::API
                                                 :upload_requirements
                                               )
 
-    task_params[:upload_requirements] = params[:task_def][:upload_requirements].present? ? JSON.parse(params[:task_def][:upload_requirements]) : []
+    if params[:task_def][:upload_requirements].present?
+      upload_reqs = JSON.parse(params[:task_def][:upload_requirements])
+      task_params[:upload_requirements] = upload_reqs
+
+      # Ensure we permit all of the passed in upload requirements
+      if task_params[:upload_requirements].is_a? Array
+        # Force permit - the model validates the details
+        task_params[:upload_requirements].each(&:permit!)
+      end
 
-    # Ensure changes to a TD defined as a 'draft task definition' are validated
-    if unit.draft_task_definition_id == params[:id]
-      if task_params[:upload_requirements]
-        requirements = task_params[:upload_requirements]
-        if requirements.length != 1 || requirements[0]['type'] != 'document'
-          error!({ error: 'Task is marked as the draft learning summary task definition. A draft learning summary task can only contain a single document upload.' }, 403)
-        end
+      # Ensure changes to a TD defined as a 'draft task definition' are validated
+      if unit.draft_task_definition_id == params[:id] && (upload_reqs.length != 1 || upload_reqs[0]['type'] != 'document')
+        error!({ error: 'Task is marked as the draft learning summary. A draft learning summary task can only contain a single document upload.' }, 403)
       end
     end
 
+    # Bulk update task definition with permitted parameters
     task_def.update!(task_params)
 
     # Set the tutorial stream