diff --git a/lib/api.js b/lib/api.js
index 2df9f584..d8966374 100644
--- a/lib/api.js
+++ b/lib/api.js
@@ -5,6 +5,7 @@
 var fs = require('fs');
 var assert = require("assert");
 var async = require('async');
+var moment = require('moment-timezone');
 
 var Class = require("pixl-class");
 var Tools = require("pixl-tools");
@@ -259,6 +260,15 @@ module.exports = Class.create({
 			}
 		} // timing
 		
+		// timezone must be one of the supported moment timezones
+		if (event.timezone) {
+			var zones = moment.tz.names();
+			if (!zones.includes(event.timezone)) {
+				this.doError('api', "Malformed or unknown timezone: " + event.timezone, callback);
+				return false;
+			}
+		}
+		
 		return true;
 	},
 	
diff --git a/lib/test.js b/lib/test.js
index 0e90daf6..12ddaeba 100644
--- a/lib/test.js
+++ b/lib/test.js
@@ -795,6 +795,34 @@ module.exports = {
 			} );
 		},
 		
+		function testAPIUpdateEventBadTimezone(test) {
+			// test app/update_event api with a bad tz (should error out)
+			var self = this;
+			var params = {
+				"id": this.event_id,
+				"timezone": "THIS IS BAD",
+				"session_id": session_id
+			};
+			
+			request.json( api_url + '/app/update_event', params, function(err, resp, data) {
+				
+				test.ok( !err, "No error requesting API" );
+				test.ok( "code" in data, "Found code prop in JSON response" );
+				test.ok( data.code == 'api', "Code is api" );
+				
+				// make sure event didn't get saved in storage
+				storage.listFind( 'global/schedule', { id: self.event_id }, function(err, event) {
+					test.ok( !err, "No error fetching data" );
+					test.ok( !!event, "Data record record is non-null" );
+					test.ok( event.username == "admin", "Username is correct" );
+					test.ok( event.created > 0, "Record creation date is non-zero" );
+					test.ok( event.timezone == cronicle.tz, "New timezone is correct (not changed)" );
+					
+					test.done();
+				} );
+			} );
+		},
+		
 		// app/get_schedule
 		
 		function testAPIGetSchedule(test) {
diff --git a/package.json b/package.json
index a6b333cf..818630f1 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "Cronicle",
-	"version": "0.9.19",
+	"version": "0.9.20",
 	"description": "A simple, distributed task scheduler and runner with a web based UI.",
 	"author": "Joseph Huckaby <jhuckaby@gmail.com>",
 	"homepage": "https://github.com/jhuckaby/Cronicle",