diff --git a/src/services/turnilo_dashboards.py b/src/services/turnilo_dashboards.py
index 6940488..58e4f5c 100644
--- a/src/services/turnilo_dashboards.py
+++ b/src/services/turnilo_dashboards.py
@@ -19,7 +19,7 @@ class GetQueryParams(BaseModel):
     def is_valid_param(self, s: str) -> bool:
         if len(s) > 256:
             return False
-        pattern = r'^[a-zA-Z0-9_-]+$'
+        pattern = r'^[a-zA-Z0-9_.-]+$'
         return bool(re.match(pattern, s))
 
     def validate(self):
diff --git a/test/unit_test.py b/test/unit_test.py
index 4a9e3c9..671cad9 100644
--- a/test/unit_test.py
+++ b/test/unit_test.py
@@ -130,7 +130,9 @@ def test_get_all_dashboards_query_params(sample_dashboard: dict[str, Any]) -> No
     assert res.status_code == 400
     res = get_dashboard(HOST, PORT, dataCube="name;test")
     assert res.status_code == 400
-    res = get_dashboard(HOST, PORT, shortName="name?test")
+    res = get_dashboard(HOST, PORT, dataCube="name:test")
+    assert res.status_code == 400
+    res = get_dashboard(HOST, PORT, shortName="name:test")
     assert res.status_code == 400
     res = get_dashboard(HOST, PORT, dataCube="name?test")
     assert res.status_code == 400
@@ -142,12 +144,28 @@ def test_get_all_dashboards_query_params(sample_dashboard: dict[str, Any]) -> No
     assert res.status_code == 400
     res = get_dashboard(HOST, PORT, dataCube="name\"test")
     assert res.status_code == 400
+    res = get_dashboard(HOST, PORT, shortName="name/test")
+    assert res.status_code == 400
+    res = get_dashboard(HOST, PORT, dataCube="name/test")
+    assert res.status_code == 400
+    res = get_dashboard(HOST, PORT, shortName="name?test")
+    assert res.status_code == 400
+    res = get_dashboard(HOST, PORT, dataCube="name?test")
+    assert res.status_code == 400
+
+    # Invalid length
     long_name = 's' * 280
     res = get_dashboard(HOST, PORT, shortName=long_name)
     assert res.status_code == 400
     res = get_dashboard(HOST, PORT, dataCube=long_name)
     assert res.status_code == 400
 
+    # Make sure -,_. is allowed
+    res = get_dashboard(HOST, PORT, shortName="name.test_hello-2")
+    assert res.status_code == 200
+    res = get_dashboard(HOST, PORT, dataCube="name.test_hello-2")
+    assert res.status_code == 200
+
     # Now validate functionality
 
     # Name only