diff --git a/packages/backend/src/server/api/api-handler.ts b/packages/backend/src/server/api/api-handler.ts
index 9146b2180..956096367 100644
--- a/packages/backend/src/server/api/api-handler.ts
+++ b/packages/backend/src/server/api/api-handler.ts
@@ -47,11 +47,15 @@ export default (endpoint: IEndpoint, ctx: Koa.Context) => new Promise<void>((res
 		});
 	}).catch(e => {
 		if (e instanceof AuthenticationError) {
-			reply(403, new ApiError({
-				message: 'Authentication failed. Please ensure your token is correct.',
+			ctx.response.status = 403;
+			ctx.response.set('WWW-Authenticate', 'Bearer');
+			ctx.response.body = {
+				message: 'Authentication failed: ' + e.message,
 				code: 'AUTHENTICATION_FAILED',
 				id: 'b0a7f5f8-dc2f-4171-b91f-de88ad238e14',
-			}));
+				kind: 'client',
+			};
+			res();
 		} else {
 			reply(500, new ApiError());
 		}
diff --git a/packages/backend/src/server/api/authenticate.ts b/packages/backend/src/server/api/authenticate.ts
index 192f20ebc..39be06c29 100644
--- a/packages/backend/src/server/api/authenticate.ts
+++ b/packages/backend/src/server/api/authenticate.ts
@@ -42,7 +42,7 @@ export default async (authorization: string | null | undefined, bodyToken: strin
 			() => Users.findOneBy({ token }) as Promise<ILocalUser | null>);
 
 		if (user == null) {
-			throw new AuthenticationError('user not found');
+			throw new AuthenticationError('unknown token');
 		}
 
 		return [user, null];
@@ -56,7 +56,7 @@ export default async (authorization: string | null | undefined, bodyToken: strin
 		});
 
 		if (accessToken == null) {
-			throw new AuthenticationError('invalid signature');
+			throw new AuthenticationError('unknown token');
 		}
 
 		AccessTokens.update(accessToken.id, {