diff --git a/app/dao/template_folder_dao.py b/app/dao/template_folder_dao.py
index 7df47c6ff..a162f79c0 100644
--- a/app/dao/template_folder_dao.py
+++ b/app/dao/template_folder_dao.py
@@ -3,8 +3,11 @@ from app.dao.dao_utils import transactional
 from app.models import TemplateFolder
 
 
-def dao_get_template_folder_by_id(template_folder_id):
-    return TemplateFolder.query.filter(TemplateFolder.id == template_folder_id).one()
+def dao_get_template_folder_by_id_and_service_id(template_folder_id, service_id):
+    return TemplateFolder.query.filter(
+        TemplateFolder.id == template_folder_id,
+        TemplateFolder.service_id == service_id
+    ).one()
 
 
 @transactional
diff --git a/app/template_folder/rest.py b/app/template_folder/rest.py
index 2499ea933..9105ed621 100644
--- a/app/template_folder/rest.py
+++ b/app/template_folder/rest.py
@@ -4,7 +4,7 @@ from sqlalchemy.orm.exc import NoResultFound
 
 from app.dao.template_folder_dao import (
     dao_create_template_folder,
-    dao_get_template_folder_by_id,
+    dao_get_template_folder_by_id_and_service_id,
     dao_update_template_folder,
     dao_delete_template_folder
 )
@@ -49,13 +49,10 @@ def create_template_folder(service_id):
 
     if data.get('parent_id') is not None:
         try:
-            parent_folder = dao_get_template_folder_by_id(data['parent_id'])
+            dao_get_template_folder_by_id_and_service_id(data['parent_id'], service_id)
         except NoResultFound:
             raise InvalidRequest("parent_id not found", status_code=400)
 
-        if parent_folder.service_id != service_id:
-            raise InvalidRequest("parent_id belongs to a different service", status_code=400)
-
     template_folder = TemplateFolder(
         service_id=service_id,
         name=data['name'].strip(),
@@ -73,7 +70,7 @@ def rename_template_folder(service_id, template_folder_id):
 
     validate(data, post_rename_template_folder_schema)
 
-    template_folder = dao_get_template_folder_by_id(template_folder_id)
+    template_folder = dao_get_template_folder_by_id_and_service_id(template_folder_id, service_id)
     template_folder.name = data['name']
 
     dao_update_template_folder(template_folder)
@@ -83,7 +80,7 @@ def rename_template_folder(service_id, template_folder_id):
 
 @template_folder_blueprint.route('/<uuid:template_folder_id>', methods=['DELETE'])
 def delete_template_folder(service_id, template_folder_id):
-    template_folder = dao_get_template_folder_by_id(template_folder_id)
+    template_folder = dao_get_template_folder_by_id_and_service_id(template_folder_id, service_id)
 
     # don't allow deleting if there's anything in the folder (even if it's just more empty subfolders)
     if template_folder.subfolders or template_folder.templates:
diff --git a/tests/app/template_folder/test_template_folder_rest.py b/tests/app/template_folder/test_template_folder_rest.py
index b3dcaf431..a85ea8664 100644
--- a/tests/app/template_folder/test_template_folder_rest.py
+++ b/tests/app/template_folder/test_template_folder_rest.py
@@ -97,7 +97,7 @@ def test_create_template_folder_fails_if_parent_id_from_different_service(admin_
     )
 
     assert resp['result'] == 'error'
-    assert resp['message'] == 'parent_id belongs to a different service'
+    assert resp['message'] == 'parent_id not found'
 
 
 def test_rename_template_folder(admin_request, sample_service):