diff --git a/.env b/.env
index 93b084e..15ed30f 100644
--- a/.env
+++ b/.env
@@ -19,7 +19,7 @@ APP_ENV=dev
 APP_SECRET=EDIT_ME
 ###< symfony/framework-bundle ###
 
-APP_VERSION=1.3.0
+APP_VERSION=1.3.1
 
 APP_NAME=KevaChat
 
@@ -49,7 +49,7 @@ APP_KEVACOIN_EXPLORER_URL=https://keva.one/explorer/address/
 # Address to receive kevacoin powers (make others able to fill node balance)
 APP_KEVACOIN_BOOST_ADDRESS=EDIT_ME
 
-# Allowed room namespaces, separated with | (must be owned to accept posts)
+# Pinned room namespaces, separated with |
 APP_KEVACOIN_ROOM_NAMESPACES_PINNED=EDIT_ME
 
 # Allowed room namespaces for read only (e.g. project news) separated with |
@@ -76,5 +76,8 @@ APP_ADD_POST_REMOTE_IP_MODERATORS=
 # Skip access limits for banned IPs separated by |
 APP_ADD_POST_REMOTE_IP_DENIED=
 
+# Post ID rules (for kevacoin key) do not change to keep external KevaChat nodes compatibility
+APP_ADD_POST_KEY_REGEX=/^([\d]+)@([A-z0-9\.\:\[\]]+)$/
+
 # Post content rules (for kevacoin value)
 APP_ADD_POST_VALUE_REGEX=/^[\w\s\:\.\,\'\"\/\!\?\@\#\%\(\)\[\]\+\-\*\$\%]{2,3072}$/ui
\ No newline at end of file
diff --git a/config/services.yaml b/config/services.yaml
index fb38fa0..edaf413 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -28,6 +28,7 @@ parameters:
     app.add.post.remote.ip.delay: '%env(APP_ADD_POST_REMOTE_IP_DELAY)%'
     app.add.post.remote.ip.moderators: '%env(APP_ADD_POST_REMOTE_IP_MODERATORS)%'
     app.add.post.remote.ip.denied: '%env(APP_ADD_POST_REMOTE_IP_DENIED)%'
+    app.add.post.key.regex: '%env(APP_ADD_POST_KEY_REGEX)%'
     app.add.post.value.regex: '%env(APP_ADD_POST_VALUE_REGEX)%'
 
 services:
diff --git a/src/Controller/RoomController.php b/src/Controller/RoomController.php
index 6d63631..04f92d3 100644
--- a/src/Controller/RoomController.php
+++ b/src/Controller/RoomController.php
@@ -512,21 +512,30 @@ class RoomController extends AbstractController
 
     private function _post(array $data): ?object
     {
-        if (false === preg_match('/^([\d]+)@(.*)$/', $data['key'], $matches))
+        // Validate key format allowed in settings
+        if (false === preg_match((string) $this->getParameter('app.add.post.key.regex'), $data['key'], $matches))
         {
             return null;
         }
 
+        // Timestamp required in key
         if (empty($matches[1]))
         {
             return null;
         }
 
+        // Username required in key
         if (empty($matches[2]))
         {
             return null;
         }
 
+        // Validate value format allowed in settings
+        if (false === preg_match((string) $this->getParameter('app.add.post.value.regex'), $data['value']))
+        {
+            return null;
+        }
+
         return (object)
         [
             'id'      => $data['txid'],