diff --git a/auditmiddleware/_api.py b/auditmiddleware/_api.py
index 1d97234..45a81da 100644
--- a/auditmiddleware/_api.py
+++ b/auditmiddleware/_api.py
@@ -776,7 +776,26 @@ def _get_action_from_payload(self, request, res_spec, res_id):
         """Determine the CADF action from the payload."""
         try:
             payload = request.json
+
+            # Handle case where payload is a string (JSON-encoded)
+            if isinstance(payload, str):
+                try:
+                    payload = json.loads(payload)
+                except json.JSONDecodeError:
+                    self._log.warning(
+                        "Invalid JSON string payload for path: %s",
+                        request.path)
+                    return None
+
             if payload:
+                # Type checking for payload
+                if not isinstance(payload, dict):
+                    self._log.warning(
+                        "Unexpected payload type %s for path: %s",
+                        type(payload), request.path
+                    )
+                    return None
+
                 rest_action = next(iter(payload))
                 # check for individual mapping of action
                 action = res_spec.custom_actions.get(rest_action)
diff --git a/test-requirements.txt b/test-requirements.txt
index 4737ee8..e0ed2a9 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -11,6 +11,7 @@ coverage!=4.4,>=4.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
 mock>=3.0.0 # BSD
 oslotest>=3.8.0 # Apache-2.0
+pytz==2024.2 # MIT
 requests-mock>=1.2.0 # Apache-2.0
 #stevedore>=1.20.0 # Apache-2.0
 stestr>=2.0.0  # Apache-2.0