diff --git a/.changeset/tough-tips-judge.md b/.changeset/tough-tips-judge.md
new file mode 100644
index 0000000..8249652
--- /dev/null
+++ b/.changeset/tough-tips-judge.md
@@ -0,0 +1,7 @@
+---
+"@saleor/app-sdk": patch
+---
+
+processProtectedHandler no longer requires a full NextApiRequest object as an argument. Now only the `headers` property is required to satisfy the type safety.
+
+Thanks to that, some requests like HTML <form> with tokens in BODY can be validated. Till now only fetch/ajax calls could have been validated
diff --git a/src/handlers/next/process-protected-handler.ts b/src/handlers/next/process-protected-handler.ts
index 519eec1..e045b77 100644
--- a/src/handlers/next/process-protected-handler.ts
+++ b/src/handlers/next/process-protected-handler.ts
@@ -37,7 +37,7 @@ export type ProtectedHandlerContext = {
 };
 
 interface ProcessSaleorProtectedHandlerArgs {
-  req: NextApiRequest;
+  req: Pick<NextApiRequest, "headers">;
   apl: APL;
   requiredPermissions?: Permission[];
 }
@@ -49,6 +49,8 @@ type ProcessAsyncSaleorProtectedHandler = (
 /**
  * Perform security checks on given request and return ProtectedHandlerContext object.
  * In case of validation issues, instance of the ProtectedHandlerError will be thrown.
+ *
+ * Can pass entire next request or Headers with saleorApiUrl and token
  */
 export const processSaleorProtectedHandler: ProcessAsyncSaleorProtectedHandler = async ({
   req,