diff --git a/lib/units/api/helpers/securityHandlers.js b/lib/units/api/helpers/securityHandlers.js
index 9c5fa3ee..f0b8ef88 100644
--- a/lib/units/api/helpers/securityHandlers.js
+++ b/lib/units/api/helpers/securityHandlers.js
@@ -16,46 +16,59 @@ function accessTokenAuth(req, res, next) {
       , tokenId = authHeader[1]
 
     if (format !== 'bearer') {
-      res.status(401).json({
+      return res.status(401).json({
         success: false
       , description: 'Authorization header should be in "bearer $AUTH_TOKEN" format'
       })
     }
 
-    if (tokenId) {
-      dbapi.loadAccessToken(tokenId)
-        .then(function(token) {
-          var jwt = token.jwt
-            , data = jwtutil.decode(jwt, req.options.secret)
+    if (!tokenId) {
+      log.error('Bad Access Token Header')
+      return res.status(401).json({
+        success: false
+      , description: 'Bad Credentials'
+      })
+    }
 
-          if (data) {
-            dbapi.loadUser(data.email)
-              .then(function(user) {
-                if (user) {
-                  req.user = user
-                  next()
-                }
-              })
+    dbapi.loadAccessToken(tokenId)
+      .then(function(token) {
+        if (!token) {
+          return res.status(401).json({
+            success: false
+          , description: 'Bad Credentials'
+          })
+        }
+
+        var jwt = token.jwt
+          , data = jwtutil.decode(jwt, req.options.secret)
+
+        if (!data) {
+          return res.status(500).json({
+            success: false
+          })
+        }
+        dbapi.loadUser(data.email)
+          .then(function(user) {
+            if (user) {
+              req.user = user
+              next()
             } else {
-              res.status(500).json({
+              return res.status(500).json({
                 success: false
               })
             }
           })
-        .catch(function(err) {
-          log.error('Failed to load token: ', err.stack)
-          res.status(401).json({
-            success: false,
-            description: 'Bad Credentials'
+          .catch(function(err) {
+            log.error('Failed to load user: ', err.stack)
           })
-        })
-    } else {
-      log.error('Bad Access Token Header')
-      res.status(401).json({
-        success: false,
-        description: 'Bad Credentials'
       })
-    }
+      .catch(function(err) {
+        log.error('Failed to load token: ', err.stack)
+        return res.status(401).json({
+          success: false
+        , description: 'Bad Credentials'
+        })
+      })
   }
   // Request is coming from browser app
   // TODO: Remove this once frontend become stateless
@@ -68,7 +81,7 @@ function accessTokenAuth(req, res, next) {
           next()
         }
         else {
-          res.json(500, {
+          return res.status(500).json({
             success: false
           })
         }
@@ -77,8 +90,8 @@ function accessTokenAuth(req, res, next) {
   }
   else {
     res.status(401).json({
-      success: false,
-      description: 'Requires Authentication'
+      success: false
+    , description: 'Requires Authentication'
     })
   }
 }