diff --git a/app/controllers/repp/v1/domains_controller.rb b/app/controllers/repp/v1/domains_controller.rb
index 86d8e9d76..e8fdb040f 100644
--- a/app/controllers/repp/v1/domains_controller.rb
+++ b/app/controllers/repp/v1/domains_controller.rb
@@ -214,8 +214,11 @@ module Repp
       end
 
       def domain_create_params
-        params.require(:domain).require(%i[name registrant_id period period_unit])
-        params.require(:domain).permit(%i[name registrant_id period period_unit registrar_id])
+        params.require(:domain).permit(:name, :registrant_id, :period, :period_unit, :registrar_id,
+                                       dnskeys_attributes: [%i[flags alg protocol public_key]],
+                                       nameservers_attributes: [[:hostname, ipv4: [], ipv6: []]],
+                                       admin_domain_contacts_attributes: [],
+                                       tech_domain_contacts_attributes: [])
       end
     end
   end
diff --git a/app/models/actions/domain_create.rb b/app/models/actions/domain_create.rb
index c2597cffc..883f8d33d 100644
--- a/app/models/actions/domain_create.rb
+++ b/app/models/actions/domain_create.rb
@@ -74,18 +74,13 @@ module Actions
     def assign_dnskeys
       return unless params[:dnskeys_attributes]&.any?
 
-      params[:dnskeys_attributes].each { |dk| verify_public_key_integrity(dk) }
-      params.dnskeys_attributes = params[:dnskeys_attributes]
+      params[:dnskeys_attributes].each { |dk| verify_public_key_integrity(dk[:public_key]) }
+      domain.dnskeys_attributes = params[:dnskeys_attributes]
     end
 
-    def verify_public_key_integrity(dnssec)
-      return if dnssec[:public_key].blank?
+    def verify_public_key_integrity(pub)
+      return if Dnskey.pub_key_base64?(pub)
 
-      value = dnssec[:public_key]
-      if !value.is_a?(String) || Base64.strict_encode64(Base64.strict_decode64(value)) != value
-        domain.add_epp_error(2005, nil, nil, %i[dnskeys invalid])
-      end
-    rescue ArgumentError
       domain.add_epp_error(2005, nil, nil, %i[dnskeys invalid])
     end
 
diff --git a/app/models/actions/domain_update.rb b/app/models/actions/domain_update.rb
index 7a9223c81..760ea644f 100644
--- a/app/models/actions/domain_update.rb
+++ b/app/models/actions/domain_update.rb
@@ -14,7 +14,7 @@ module Actions
       assign_new_registrant if params[:registrant]
       assign_relational_modifications
       assign_requested_statuses
-      maybe_attach_legal_doc
+      Actions::BaseAction.maybe_attach_legal_doc(domain, params[:legal_document])
 
       commit
     end
@@ -98,7 +98,7 @@ module Actions
         domain.add_epp_error('2306', nil, nil, %i[dnskeys ds_data_not_allowed])
       end
 
-      verify_public_key_integrity(key)
+      verify_public_key_integrity(key[:public_key])
 
       @dnskeys << key.except(:action)
     end
@@ -216,10 +216,6 @@ module Actions
       end
     end
 
-    def maybe_attach_legal_doc
-      Actions::BaseAction.maybe_attach_legal_doc(domain, params[:legal_document])
-    end
-
     def ask_registrant_verification
       if verify_registrant_change? && !bypass_verify &&
          Setting.request_confirmation_on_registrant_change_enabled
@@ -243,15 +239,10 @@ module Actions
       false
     end
 
-    def verify_public_key_integrity(dnssec)
-      return if dnssec[:public_key].blank?
+    def verify_public_key_integrity(pub)
+      return if Dnskey.pub_key_base64?(pub)
 
-      value = dnssec[:public_key]
-      if !value.is_a?(String) || Base64.strict_encode64(Base64.strict_decode64(value)) != value
-        domain.add_epp_error('2005', nil, nil, %i[dnskeys invalid])
-      end
-    rescue ArgumentError
-      domain.add_epp_error('2005', nil, nil, %i[dnskeys invalid])
+      domain.add_epp_error(2005, nil, nil, %i[dnskeys invalid])
     end
   end
 end
diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb
index c0f3f7491..a40225fd2 100644
--- a/app/models/dnskey.rb
+++ b/app/models/dnskey.rb
@@ -128,5 +128,13 @@ class Dnskey < ApplicationRecord
     def bin_to_hex(s)
       s.each_byte.map { |b| format('%02X', b) }.join
     end
+
+    def pub_key_base64?(pub)
+      return unless pub&.is_a?(String)
+
+      Base64.strict_encode64(Base64.strict_decode64(pub)) == pub
+    rescue ArgumentError
+      false
+    end
   end
 end
diff --git a/lib/deserializers/xml/domain_update.rb b/lib/deserializers/xml/domain_update.rb
index 62b528bd7..86250a368 100644
--- a/lib/deserializers/xml/domain_update.rb
+++ b/lib/deserializers/xml/domain_update.rb
@@ -10,13 +10,14 @@ module Deserializers
       def initialize(frame, registrar)
         @frame = frame
         @registrar = registrar
+        @legal_document ||= ::Deserializers::Xml::LegalDocument.new(frame).call
       end
 
       def call
         obj = { domain: frame.css('name')&.text, registrant: registrant, contacts: contacts,
                 auth_info: if_present('authInfo > pw'), nameservers: nameservers,
                 registrar_id: registrar, statuses: statuses, dns_keys: dns_keys,
-                reserved_pw: if_present('reserved > pw'), legal_document: legal_document }
+                reserved_pw: if_present('reserved > pw'), legal_document: @legal_document }
 
         obj.reject { |_key, val| val.blank? }
       end
@@ -78,10 +79,6 @@ module Deserializers
         s
       end
 
-      def legal_document
-        @legal_document ||= ::Deserializers::Xml::LegalDocument.new(frame).call
-      end
-
       def if_present(css_path)
         return if frame.css(css_path).blank?