diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 889e8f2..bfad44d 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -1,91 +1,91 @@
 class ApiController < ApplicationController
   rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
   rescue_from ActionController::ParameterMissing, with: :parameter_missing
 
   # This a private trusted API
   skip_before_action :verify_authenticity_token
 
   before_action :authenticate_token, except: :ping
   before_action :domain, only: [:list, :bulk]
 
   # GET /ping
   def ping
     render json: { ok: true, response: :pong }
   end
 
   # GET /whoami
   def  whoami
     render json: { ok: true, response: current_user.to_api }
   end
 
   # GET domain/<name>/list
   def list
     records = Record.smart_order(@domain.records).map(&:to_api)
     render json: { ok: true, response: records }
   end
 
   # POST domain/<name>/list
   def bulk
     api_params = params.require(:api).permit!
     ops, err, bulk_ops = domain.api_bulk(api_params)
 
     if err.empty?
       notify_record_bulk(domain, bulk_ops)
 
       render json: { ok: true,
                      response: {
                        operations: ops
                      }
                    }
     else
       render json: { ok: false,
                      errors: err,
                      response: {
                        operations: ops
                      }
-                   }
+                   }, status: :bad_request
     end
   end
 
   # GET domains
   def domains
     domains = show_domain_scope.includes(:group).all
     render json: {
              ok: true,
              response: domains.map { |d| d.to_api }
            }
   end
 
   private
 
   def authenticate_token
     if user = User.find_by_token(params.require(:token))
       warden.set_user(user, store: false)
     else
-      render json: { ok: false, error: "invalid-token" }
+      render json: { ok: false, error: "invalid-token" }, status: :bad_request
     end
   end
 
   def domain
     if params[:domain] =~ /^[0-9]+$/
       params[:domain_id] = params[:domain]
     else
       params[:domain_id] = Domain.find_by_name!(params[:domain]).id
     end
 
     super
   end
 
   def record_not_found
-    render json: { ok: false, error: :record_not_found }
+    render json: { ok: false, error: :record_not_found }, status: :not_found
   end
 
   def parameter_missing
-    render json: { ok: false, error: :parameter_missing }
+    render json: { ok: false, error: :parameter_missing }, status: :bad_request
   end
 
   def notify_record_bulk(*args)
     notification.notify_record_bulk(current_user, *args) if WebDNS.settings[:notifications]
   end
 
 end