diff --git a/keyserver/src/socket/tunnelbroker.js b/keyserver/src/socket/tunnelbroker.js
--- a/keyserver/src/socket/tunnelbroker.js
+++ b/keyserver/src/socket/tunnelbroker.js
@@ -7,6 +7,8 @@
   type TBKeyserverConnectionInitializationMessage,
   type TBMessage,
 } from 'lib/types/tunnelbroker-messages.js';
+import { TBRefreshKeysValidator } from 'lib/types/tunnelbroker-messages.js';
+import { ServerError } from 'lib/utils/errors.js';
 import sleep from 'lib/utils/sleep.js';
 
 import { fetchOlmAccount } from '../updaters/olm-account-updater.js';
@@ -26,17 +28,28 @@
   );
 }
 
-function handleTBMessageEvent(event: MessageEvent): Promise<void> {
+async function handleTBMessage(message: TBMessage): Promise<void> {
+  // Currently, there is only one message type which is sent from tunnelbroker
+  if (TBRefreshKeysValidator.is(message)) {
+    return await uploadNewOneTimeKeys(message.numberOfKeys);
+  }
+
+  throw new ServerError('invalid_tunnelbroker_message');
+}
+
+async function handleTBMessageEvent(event: MessageEvent): Promise<void> {
   invariant(
     typeof event.data === 'string',
     'Messages from tunnelbroker should be a string',
   );
 
-  // Currently, there is only one message type which is sent from tunnelbroker
-  const content: string = event.data;
-  const message: TBMessage = JSON.parse(content);
+  const message: TBMessage = JSON.parse(event.data);
 
-  return uploadNewOneTimeKeys(message.numberOfKeys);
+  try {
+    await handleTBMessage(message);
+  } catch (e) {
+    console.error('Failed to handle tunnelbroker message: ', e);
+  }
 }
 
 function openTunnelbrokerConnection(
diff --git a/lib/types/tunnelbroker-messages.js b/lib/types/tunnelbroker-messages.js
--- a/lib/types/tunnelbroker-messages.js
+++ b/lib/types/tunnelbroker-messages.js
@@ -1,5 +1,9 @@
 // @flow
 
+import t, { type TInterface, type TUnion } from 'tcomb';
+
+import { tShape, tString } from '../utils/validation-utils.js';
+
 type TBSharedConnectionInitializationMessage = {
   +type: 'sessionRequest',
   +deviceId: string,
@@ -31,10 +35,17 @@
 
 export type TBRefreshKeysRequest = {
   +type: 'refreshKeysRequest',
-  +deviceId: string,
+  +deviceID: string,
   +numberOfKeys: number,
 };
 
+export const TBRefreshKeysValidator: TInterface<TBRefreshKeysRequest> =
+  tShape<TBRefreshKeysRequest>({
+    type: tString('refreshKeysRequest'),
+    deviceID: t.String,
+    numberOfKeys: t.Number,
+  });
+
 // Disjoint enumeration of all messages
 // Currently, only a single message
 export type TBMessage = TBRefreshKeysRequest;