diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index e7896eeeb305..0e13ba44c446 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -162,6 +162,11 @@ public function index(Request $request) : array
 
         if ($request->filled('filter')) {
             $filter = json_decode($request->input('filter'), true);
+
+            if (is_null($filter)) {
+                $filter = [];
+            }
+
             $filter = array_filter($filter, function ($key) use ($allowed_columns) {
                 return in_array($key, $allowed_columns);
             }, ARRAY_FILTER_USE_KEY);
diff --git a/tests/Feature/Users/Api/IndexUsersTest.php b/tests/Feature/Users/Api/IndexUsersTest.php
index 6400469e41fc..00a7423cf0bf 100644
--- a/tests/Feature/Users/Api/IndexUsersTest.php
+++ b/tests/Feature/Users/Api/IndexUsersTest.php
@@ -57,4 +57,14 @@ public function testReturnsManagedLocationsCountCorrectly()
                 ->etc();
         });
     }
+
+    public function test_gracefully_handles_malformed_filter()
+    {
+        $this->actingAsForApi(User::factory()->viewUsers()->create())
+            ->getJson(route('api.users.index', [
+                // filter should be a json encoded array and not a string
+                'filter' => 'email:an-email-address@example.com',
+            ]))
+            ->assertOk();
+    }
 }