diff --git a/pkg/auth/v3/service.go b/pkg/auth/v3/service.go
index c6b8169..eb2b512 100644
--- a/pkg/auth/v3/service.go
+++ b/pkg/auth/v3/service.go
@@ -26,7 +26,7 @@ func (ac *authContext) IsRequestAllowed(ctx context.Context, httpreq *http.Reque
 	}
 
 	// Authenticate request
-	err, succ := ac.authenticate(ctx, httpreq, req, res)
+	succ, err := ac.authenticate(ctx, httpreq, req, res)
 	if err != nil {
 		return nil, err
 	}
@@ -46,14 +46,14 @@ func (ac *authContext) IsRequestAllowed(ctx context.Context, httpreq *http.Reque
 
 // authenticate validate whether the request is from a legitimate user
 // and populate relevant information in res.
-func (ac *authContext) authenticate(ctx context.Context, httpreq *http.Request, req *commonv3.IsRequestAllowedRequest, res *commonv3.IsRequestAllowedResponse) (error, bool) {
+func (ac *authContext) authenticate(ctx context.Context, httpreq *http.Request, req *commonv3.IsRequestAllowedRequest, res *commonv3.IsRequestAllowedResponse) (bool, error) {
 	if len(req.XApiKey) > 0 && len(req.XSessionToken) == 0 {
 		resp, err := ac.ks.GetByKey(ctx, &rpcv3.ApiKeyRequest{
 			Id: req.XApiKey,
 		})
 		if err != nil {
 			_log.Infow("unable to get api key", "key", req.XApiKey, "error", err)
-			return ErrInvalidAPIKey, false
+			return false, ErrInvalidAPIKey
 		}
 		var kg httpsig.KeyGetterFunc = func(id string) interface{} {
 			return []byte(resp.Secret)
@@ -63,7 +63,7 @@ func (ac *authContext) authenticate(ctx context.Context, httpreq *http.Request,
 		verifier.SetRequiredHeaders([]string{"content-md5", "date", "host", "nonce"})
 		err = verifier.Verify(httpreq)
 		if err != nil {
-			return ErrInvalidSignature, false
+			return false, ErrInvalidSignature
 		}
 		res.Status = commonv3.RequestStatus_RequestAllowed
 		res.SessionData.Username = resp.Name
@@ -78,9 +78,9 @@ func (ac *authContext) authenticate(ctx context.Context, httpreq *http.Request,
 			if strings.Contains(err.Error(), "401 Unauthorized") {
 				res.Status = commonv3.RequestStatus_RequestNotAuthenticated
 				res.Reason = "no or invalid credentials"
-				return nil, false
+				return false, nil
 			} else {
-				return err, false
+				return false, nil
 			}
 		}
 		if session.GetActive() {
@@ -95,7 +95,7 @@ func (ac *authContext) authenticate(ctx context.Context, httpreq *http.Request,
 			res.Reason = "no active session"
 		}
 	}
-	return nil, true
+	return true, nil
 }
 
 // authorize performs authorization of the request