diff --git a/src/Module/Api/Mastodon/Apps.php b/src/Module/Api/Mastodon/Apps.php
index 3d06cdbb0..0f0837c78 100644
--- a/src/Module/Api/Mastodon/Apps.php
+++ b/src/Module/Api/Mastodon/Apps.php
@@ -43,7 +43,7 @@ class Apps extends BaseApi
 		$website  = !isset($_REQUEST['website']) ? '' : $_REQUEST['website'];
 
 		if (empty($name) || empty($redirect)) {
-			DI::mstdnError()->RecordNotFound();
+			DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Missing parameters'));
 		}
 
 		$client_id     = bin2hex(random_bytes(32));
@@ -60,7 +60,7 @@ class Apps extends BaseApi
 		}
 
 		if (!DBA::insert('application', $fields)) {
-			DI::mstdnError()->RecordNotFound();
+			DI::mstdnError()->InternalError();
 		}
 
 		System::jsonExit(DI::mstdnApplication()->createFromApplicationId(DBA::lastInsertId()));
diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php
index bd42e373d..a0139c637 100644
--- a/src/Module/BaseApi.php
+++ b/src/Module/BaseApi.php
@@ -193,15 +193,23 @@ class BaseApi extends BaseModule
 
 	public static function getApplication()
 	{
-		$redirect_uri = !isset($_REQUEST['redirect_uri']) ? '' : $_REQUEST['redirect_uri'];
-		$client_id    = !isset($_REQUEST['client_id']) ? '' : $_REQUEST['client_id'];
+		$redirect_uri  = !isset($_REQUEST['redirect_uri']) ? '' : $_REQUEST['redirect_uri'];
+		$client_id     = !isset($_REQUEST['client_id']) ? '' : $_REQUEST['client_id'];
+		$client_secret = !isset($_REQUEST['client_secret']) ? '' : $_REQUEST['client_secret'];
 
-		if (empty($redirect_uri) || empty($client_id)) {
-			Logger::warning('Incomplete request');
+		if ((empty($redirect_uri) && empty($client_secret)) || empty($client_id)) {
+			Logger::warning('Incomplete request', ['request' => $_REQUEST]);
 			return [];
 		}
 
-		$condition = ['redirect_uri' => $redirect_uri, 'client_id' => $client_id];
+		$condition = ['client_id' => $client_id];
+		if (!empty($client_secret)) {
+			$condition['client_secret'] = $client_secret;
+		}
+		if (!empty($redirect_uri)) {
+			$condition['redirect_uri'] = $redirect_uri;
+		}
+
 		$application = DBA::selectFirst('application', [], $condition);
 		if (!DBA::isResult($application)) {
 			Logger::warning('Application not found', $condition);
diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php
index 1d0b43cd6..44a862630 100644
--- a/src/Module/OAuth/Token.php
+++ b/src/Module/OAuth/Token.php
@@ -39,18 +39,18 @@ class Token extends BaseApi
 		$grant_type    = !isset($_REQUEST['grant_type']) ? '' : $_REQUEST['grant_type'];
 
 		if ($grant_type != 'authorization_code') {
-			Logger::warning('Wrong or missing grant type', ['grant_type' => $grant_type]);
-			DI::mstdnError()->RecordNotFound();
+			Logger::warning('Unsupported or missing grant type', ['request' => $_REQUEST]);
+			DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Unsupported or missing grant type'));
 		}
 
 		$application = self::getApplication();
 		if (empty($application)) {
-			DI::mstdnError()->RecordNotFound();
+			DI::mstdnError()->UnprocessableEntity();
 		}
 
 		if ($application['client_secret'] != $client_secret) {
 			Logger::warning('Wrong client secret', $client_secret);
-			DI::mstdnError()->RecordNotFound();
+			DI::mstdnError()->Unauthorized();
 		}
 
 		$condition = ['application-id' => $application['id'], 'code' => $code];
@@ -58,7 +58,7 @@ class Token extends BaseApi
 		$token = DBA::selectFirst('application-token', ['access_token', 'created_at'], $condition);
 		if (!DBA::isResult($token)) {
 			Logger::warning('Token not found', $condition);
-			DI::mstdnError()->RecordNotFound();
+			DI::mstdnError()->Unauthorized();
 		}
 
 		// @todo Use entity class