diff --git a/ucloud-pay.py b/ucloud-pay.py
index 33faee6..2b8e33d 100644
--- a/ucloud-pay.py
+++ b/ucloud-pay.py
@@ -226,6 +226,15 @@ class ProductOrder(Resource):
                 return {"message": "Wrong Credentials"}, 403
 
             # Validate the given product is ok
+            product_id = data["product_id"]
+            product = client.get_prefix(
+                "/v1/products/{}/".format(product_id), value_in_json=True
+            )
+            if not product:
+                logging.debug("User chose invalid product {}".format(product))
+                return {"message": "Invalid product"}, 400
+
+            logging.debug("Got product {}".format(str(product)))
 
             # Check the user has a payment source added