diff --git a/authenticated-json-api/functions/index.js b/authenticated-json-api/functions/index.js
index b6a4c09190..75b6dcf6d1 100644
--- a/authenticated-json-api/functions/index.js
+++ b/authenticated-json-api/functions/index.js
@@ -39,7 +39,7 @@ const app = express();
 // when decoded successfully, the ID Token content will be added as `req.user`.
 const authenticate = async (req, res, next) => {
   if (!req.headers.authorization || !req.headers.authorization.startsWith('Bearer ')) {
-    res.status(403).send('Unauthorized');
+    res.status(401).send('Unauthorized');
     return;
   }
   const idToken = req.headers.authorization.split('Bearer ')[1];
@@ -49,7 +49,7 @@ const authenticate = async (req, res, next) => {
     next();
     return;
   } catch(e) {
-    res.status(403).send('Unauthorized');
+    res.status(403).send('Forbidden');
     return;
   }
 };