diff --git a/src/handlers/update_fcm_v1.rs b/src/handlers/update_fcm_v1.rs
index 27c3eccf..3a8ddd3e 100644
--- a/src/handlers/update_fcm_v1.rs
+++ b/src/handlers/update_fcm_v1.rs
@@ -34,14 +34,14 @@ pub async fn handler(
     headers: HeaderMap,
     mut form_body: Multipart,
 ) -> Result<Json<UpdateTenantFcmV1Response>, Error> {
-    // -- check if tenant is real
-    let _existing_tenant = state.tenant_store.get_tenant(&id).await?;
-
     // JWT token verification
     #[cfg(feature = "cloud")]
     let jwt_verification_result =
         validate_tenant_request(&state.jwt_validation_client, &headers, &id).await;
 
+    // -- check if tenant is real
+    let _existing_tenant = state.tenant_store.get_tenant(&id).await?;
+
     #[cfg(not(feature = "cloud"))]
     let jwt_verification_result = validate_tenant_request(&state.jwt_validation_client, &headers);
 
diff --git a/tests/context/mod.rs b/tests/context/mod.rs
index 269538f9..9cad39e6 100644
--- a/tests/context/mod.rs
+++ b/tests/context/mod.rs
@@ -41,8 +41,9 @@ impl TestContext for ConfigContext {
             log_level_otel: "info,echo-server=trace".into(),
             disable_header: true,
             validate_signatures: false,
-            // TODO setting this to avoid hex parsing errors; I don't think it's used
             relay_public_key: env::var("RELAY_PUBLIC_KEY").unwrap_or(
+                // Default relay public key if env not set
+                // TODO I don't think this is used in the tests, so this should be refactored/removed
                 "ff469faa970df23c23a6542765ce8dba2a907538522833b2327a153e365d138e".to_string(),
             ),
             database_url: env::var("DATABASE_URL")