diff --git a/src/node/handler/APIHandler.js b/src/node/handler/APIHandler.js
index 9adc24180..a26dd2cfb 100644
--- a/src/node/handler/APIHandler.js
+++ b/src/node/handler/APIHandler.js
@@ -450,6 +450,7 @@ exports.handle = function(apiVersion, functionName, fields, req, res)
 
   if(fields["apikey"] != apikey.trim())
   {
+    res.statusCode = 401;
     res.send({code: 4, message: "no or wrong API Key", data: null});
     return;
   }
diff --git a/tests/backend/specs/api.js b/tests/backend/specs/api.js
index 685714c16..40aa2183f 100644
--- a/tests/backend/specs/api.js
+++ b/tests/backend/specs/api.js
@@ -34,10 +34,9 @@ describe('Permission', function(){
   it('errors if can connect without correct APIKey', function(done) {
     // This is broken because Etherpad doesn't handle HTTP codes properly see #2343
     // If your APIKey is password you deserve to fail all tests anyway
-    throw new Error("Erroring anyway just because the API seems broken here");
-    api.get('/api/'+apiVersion+'/createPad&apikey=password&padID=test')
-    .expect('Content-Type', /json/)
-    .expect(200, done)
+    var permErrorURL = '/api/'+apiVersion+'/createPad?apikey=password&padID=test';
+    api.get(permErrorURL)
+    .expect(401, done)
   });
 })