diff --git a/api/src/controllers/UserController.kt b/api/src/controllers/UserController.kt
index f8800f8..304181f 100644
--- a/api/src/controllers/UserController.kt
+++ b/api/src/controllers/UserController.kt
@@ -36,11 +36,11 @@ class UserController(kodein: Kodein) : KodeinController(kodein) {
                 .where { Users.username eq credential.username }
                 .map { row -> row[Users.email]!! to row[Users.password]!! }
                 .firstOrNull()
-                ?: return@post call.respond(HttpStatusCode.BadRequest, ApiError.InvalidCredentialError)
+                ?: return@post call.respond(HttpStatusCode.Unauthorized, ApiError.InvalidCredentialError)
 
 
             if (!BCrypt.checkpw(credential.password, password)) {
-                return@post call.respond(HttpStatusCode.BadRequest, ApiError.InvalidCredentialError)
+                return@post call.respond(HttpStatusCode.Unauthorized, ApiError.InvalidCredentialError)
             }
 
             return@post call.respond(Response(simpleJwt.sign(email)))