diff --git a/rhodecode/controllers/api/__init__.py b/rhodecode/controllers/api/__init__.py
--- a/rhodecode/controllers/api/__init__.py
+++ b/rhodecode/controllers/api/__init__.py
@@ -114,7 +114,7 @@ class JSONRPCController(WSGIController):
             return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \
                                  % (e, urllib.unquote_plus(raw_body)))
 
-        #check AUTH based on API KEY
+        # check AUTH based on API KEY
         try:
             self._req_api_key = json_body['api_key']
             self._req_method = json_body['method']
@@ -125,9 +125,11 @@ class JSONRPCController(WSGIController):
         except KeyError, e:
             return jsonrpc_error(message='Incorrect JSON query missing %s' % e)
 
-        #check if we can find this session using api_key
+        # check if we can find this session using api_key
         try:
             u = User.get_by_api_key(self._req_api_key)
+            if u is None:
+                return jsonrpc_error(message='Invalid API KEY')
             auth_u = AuthUser(u.user_id, self._req_api_key)
         except Exception, e:
             return jsonrpc_error(message='Invalid API KEY')
diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py
--- a/rhodecode/model/db.py
+++ b/rhodecode/model/db.py
@@ -324,7 +324,7 @@ class User(Base, BaseModel):
         if cache:
             q = q.options(FromCache("sql_cache_short",
                                     "get_api_key_%s" % api_key))
-        q.one()
+        return q.scalar()
 
     def update_lastlogin(self):
         """Update user lastlogin"""
diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py
--- a/rhodecode/model/user.py
+++ b/rhodecode/model/user.py
@@ -70,13 +70,7 @@ class UserModel(BaseModel):
         return user.scalar()
 
     def get_by_api_key(self, api_key, cache=False):
-
-        user = self.sa.query(User)\
-                .filter(User.api_key == api_key)
-        if cache:
-            user = user.options(FromCache("sql_cache_short",
-                                          "get_user_%s" % api_key))
-        return user.scalar()
+        return User.get_by_api_key(api_key, cache)
 
     def create(self, form_data):
         try:
diff --git a/rhodecode/tests/functional/test_login.py b/rhodecode/tests/functional/test_login.py
--- a/rhodecode/tests/functional/test_login.py
+++ b/rhodecode/tests/functional/test_login.py
@@ -247,7 +247,6 @@ class TestLoginController(TestController
         # GOOD KEY
 
         key = User.get_by_username(username).api_key
-
         response = self.app.get(url(controller='login',
                                     action='password_reset_confirmation',
                                     key=key))