diff --git a/lib/routes/api/utils.js b/lib/routes/api/utils.js
index b349232..bf796aa 100644
--- a/lib/routes/api/utils.js
+++ b/lib/routes/api/utils.js
@@ -286,7 +286,11 @@ const hasAccountPermissions = async(req, res, next) => {
       message: 'insufficient privileges'
     });
   } catch (error) {
-    throw error;
+    // return 400 on errors
+    res.status(400).json({
+      status: 'fail',
+      message: error.message
+    });
   }
 };
 
diff --git a/test/accounts.js b/test/accounts.js
index 0e657fb..95a2f01 100644
--- a/test/accounts.js
+++ b/test/accounts.js
@@ -266,6 +266,19 @@ test('account tests', async(t) => {
       t.ok(err.statusCode === 400, 'returns 400 bad request if account sid param is not a valid uuid');
     }
 
+     /* try to fetch Alerts with an invalid account SID */
+    try {
+      result = await request.get(`/Accounts/INVALID/Alerts?page=1&count=1`, {
+        auth: {bearer: accountLevelToken},
+        resolveWithFullResponse: true,
+        json: true
+      });
+      t.fail('Expected request to fail with invalid account SID');
+      console.log(result)
+    } catch (err) {
+      t.ok(err.statusCode === 400, 'returns 400 bad request if account sid param is not a valid uuid');
+    }
+
     /* query all limits for an account */
     result = await request.get(`/Accounts/${sid}/Limits`, {
       auth: authAdmin,
@@ -337,6 +350,7 @@ test('account tests', async(t) => {
     await deleteObjectBySid(request, '/VoipCarriers', voip_carrier_sid);
     await deleteObjectBySid(request, '/ServiceProviders', service_provider_sid);
     //t.end();
+
   }
   catch (err) {
     console.error(err);