diff --git a/CHANGES.rst b/CHANGES.rst
index ec8c4d0180..2c7b062d8f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -15,6 +15,8 @@ Changelog
 
 **Fixed**
 
+- #772 Improved UID check in API
+
 
 **Security**
 
diff --git a/bika/lims/api/__init__.py b/bika/lims/api/__init__.py
index e1f51833af..84d56ddec6 100644
--- a/bika/lims/api/__init__.py
+++ b/bika/lims/api/__init__.py
@@ -5,6 +5,8 @@
 # Copyright 2018 by it's authors.
 # Some rights reserved. See LICENSE.rst, CONTRIBUTORS.rst.
 
+import re
+
 from Acquisition import aq_base
 from AccessControl.PermissionRole import rolesForPermissionOn
 
@@ -67,6 +69,8 @@
 
 _marker = object()
 
+UID_RX = re.compile("[a-z0-9]{32}$")
+
 
 class BikaLIMSError(Exception):
     """Base exception class for bika.lims errors."""
@@ -1161,6 +1165,8 @@ def is_uid(uid, validate=False):
         return False
     if len(uid) != 32:
         return False
+    if not UID_RX.match(uid):
+        return False
     if not validate:
         return True