diff --git a/app/authentication/auth.py b/app/authentication/auth.py
index 0f4100e6d..8cf9e187c 100644
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -1,10 +1,11 @@
-from flask import request, jsonify, _request_ctx_stack
+from flask import request, jsonify, _request_ctx_stack, current_app
 from client.authentication import decode_jwt_token, get_token_issuer
 from client.errors import TokenDecodeError, TokenRequestError, TokenExpiredError, TokenPayloadError
 from app.dao.api_key_dao import get_unsigned_secrets
 
 
 def authentication_response(message, code):
+    current_app.logger.info(message)
     return jsonify(
         error=message
     ), code
@@ -27,8 +28,7 @@ def requires_auth():
         return authentication_response("Invalid token: signature", 403)
     if api_client is None:
         authentication_response("Invalid credentials", 403)
-    # If the api_client does not have any secrets return response saying that
-    errors_resp = authentication_response("Invalid token: api client has no secrets", 403)
+
     for secret in api_client['secret']:
         try:
             decode_jwt_token(
@@ -53,7 +53,6 @@ def requires_auth():
 
 
 def fetch_client(client):
-    from flask import current_app
     if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'):
         return {
             "client": client,
diff --git a/tests/app/authentication/test_authentication.py b/tests/app/authentication/test_authentication.py
index ea6567a8a..74c67c4ef 100644
--- a/tests/app/authentication/test_authentication.py
+++ b/tests/app/authentication/test_authentication.py
@@ -214,6 +214,26 @@ def test_authentication_returns_token_expired_when_service_uses_expired_key_and_
             assert data['error'] == 'Invalid token: signature'
 
 
+def test_authentication_returns_error_when_api_client_has_no_secrets(notify_api,
+                                                                     notify_db,
+                                                                     notify_db_session):
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            api_secret = notify_api.config.get('ADMIN_CLIENT_SECRET')
+            token = create_jwt_token(request_method="GET",
+                                     request_path=url_for('service.get_service'),
+                                     secret=api_secret,
+                                     client_id=notify_api.config.get('ADMIN_CLIENT_USER_NAME')
+                                     )
+            notify_api.config['ADMIN_CLIENT_SECRET'] = ''
+            response = client.get(url_for('service.get_service'),
+                                  headers={'Authorization': 'Bearer {}'.format(token)})
+            assert response.status_code == 403
+            error_message = json.loads(response.get_data())
+            assert error_message['error'] == 'Invalid token: signature'
+            notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret
+
+
 def __create_get_token(service_id):
     if service_id:
         return create_jwt_token(request_method="GET",