diff --git a/src/routes/blossom.rs b/src/routes/blossom.rs
index 55b9c12..33d2345 100644
--- a/src/routes/blossom.rs
+++ b/src/routes/blossom.rs
@@ -1,6 +1,3 @@
-use std::collections::HashMap;
-use std::fs;
-
 use log::error;
 use nostr::prelude::hex;
 use nostr::{Alphabet, SingleLetterTag, TagKind};
@@ -10,6 +7,8 @@ use rocket::response::Responder;
 use rocket::serde::json::Json;
 use rocket::{routes, Data, Request, Response, Route, State};
 use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
+use std::fs;
 
 use crate::auth::blossom::BlossomAuth;
 use crate::db::{Database, FileUpload};
@@ -84,6 +83,9 @@ enum BlossomResponse {
     BlobDescriptorList(Json<Vec<BlobDescriptor>>),
 
     StatusOnly(Status),
+    
+    #[response(status = 403)]
+    Forbidden(Json<BlossomError>),
 }
 
 impl BlossomResponse {
@@ -269,7 +271,9 @@ async fn process_upload(
     // check whitelist
     if let Some(wl) = &settings.whitelist {
         if !wl.contains(&auth.event.pubkey.to_hex()) {
-            return BlossomResponse::error("Not on whitelist");
+            return BlossomResponse::Forbidden(Json(BlossomError::new(
+                "Not on whitelist".to_string(),
+            )));
         }
     }
     match fs
diff --git a/src/routes/nip96.rs b/src/routes/nip96.rs
index b1db319..5d80ff8 100644
--- a/src/routes/nip96.rs
+++ b/src/routes/nip96.rs
@@ -76,23 +76,18 @@ enum Nip96Response {
 
     #[response(status = 200)]
     FileList(Json<PagedResult<Nip94Event>>),
+
+    #[response(status = 403)]
+    Forbidden(Json<Nip96UploadResult>),
 }
 
 impl Nip96Response {
     pub(crate) fn error(msg: &str) -> Self {
-        Nip96Response::GenericError(Json(Nip96UploadResult {
-            status: "error".to_string(),
-            message: Some(msg.to_string()),
-            ..Default::default()
-        }))
+        Nip96Response::GenericError(Json(Nip96UploadResult::error(msg)))
     }
 
     fn success(msg: &str) -> Self {
-        Nip96Response::UploadResult(Json(Nip96UploadResult {
-            status: "success".to_string(),
-            message: Some(msg.to_string()),
-            ..Default::default()
-        }))
+        Nip96Response::UploadResult(Json(Nip96UploadResult::success(msg)))
     }
 }
 
@@ -116,6 +111,22 @@ impl Nip96UploadResult {
             ..Default::default()
         }
     }
+
+    pub fn success(msg: &str) -> Self {
+        Nip96UploadResult {
+            status: "error".to_string(),
+            message: Some(msg.to_string()),
+            ..Default::default()
+        }
+    }
+
+    pub fn error(msg: &str) -> Self {
+        Nip96UploadResult {
+            status: "error".to_string(),
+            message: Some(msg.to_string()),
+            ..Default::default()
+        }
+    }
 }
 
 #[derive(FromForm)]
@@ -194,7 +205,7 @@ async fn upload(
     // check whitelist
     if let Some(wl) = &settings.whitelist {
         if !wl.contains(&auth.event.pubkey.to_hex()) {
-            return Nip96Response::error("Not on whitelist");
+            return Nip96Response::Forbidden(Json(Nip96UploadResult::error("Not on whitelist")));
         }
     }
     match fs