diff --git a/app/Http/Controllers/AccountApiController.php b/app/Http/Controllers/AccountApiController.php
index fc909461353f..193cf2d7c5ef 100644
--- a/app/Http/Controllers/AccountApiController.php
+++ b/app/Http/Controllers/AccountApiController.php
@@ -36,14 +36,14 @@ class AccountApiController extends BaseAPIController
     {
         if ( ! env(API_SECRET) || $request->api_secret !== env(API_SECRET)) {
             sleep(ERROR_DELAY);
-            return 'Invalid secret';
+            return $this->errorResponse(['message'=>'Invalid secret'],401);
         }
 
         if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
             return $this->processLogin($request);
         } else {
             sleep(ERROR_DELAY);
-            return 'Invalid credentials';
+            return $this->errorResponse(['message'=>'Invalid credentials'],401);
         }
     }
 
diff --git a/app/Http/Controllers/BaseAPIController.php b/app/Http/Controllers/BaseAPIController.php
index f7ebf9b20d7e..af603a9c8f53 100644
--- a/app/Http/Controllers/BaseAPIController.php
+++ b/app/Http/Controllers/BaseAPIController.php
@@ -107,13 +107,13 @@ class BaseAPIController extends Controller
         return Response::make($response, 200, $headers);
     }
 
-    protected  function errorResponse($response)
+    protected  function errorResponse($response, $httpErrorCode = 400)
     {
         $error['error'] = $response;
         $error = json_encode($error, JSON_PRETTY_PRINT);
         $headers = Utils::getApiHeaders();
 
-        return Response::make($error, 400, $headers);
+        return Response::make($error, $httpErrorCode, $headers);
 
     }