diff --git a/app/api/auth.py b/app/api/auth.py
index 20dd7ded..0832e135 100644
--- a/app/api/auth.py
+++ b/app/api/auth.py
@@ -30,6 +30,8 @@ from functools import wraps
 from flask import abort
 from flask import g
 from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth
+
+from app import log
 from app.auth.models import User
 from app.api.errors import error_response
 
@@ -71,10 +73,15 @@ def token_permission_required(permission):
     def decorator(f):
         @wraps(f)
         def decorated_function(*args, **kwargs):
+            abort(501)
             scodoc_dept = getattr(g, "scodoc_dept", None)
-            if hasattr(g, "current_user") and not g.current_user.has_permission(
+            if not hasattr(g, "current_user") or not g.current_user.has_permission(
                 permission, scodoc_dept
             ):
+                if hasattr(g, "current_user"):
+                    log(f"API permission denied (user {g.current_user})")
+                else:
+                    log(f"API permission denied (no user supplied)")
                 abort(403)
             return f(*args, **kwargs)
 
diff --git a/app/api/tokens.py b/app/api/tokens.py
index f36ec7b0..32f5a8f4 100644
--- a/app/api/tokens.py
+++ b/app/api/tokens.py
@@ -1,5 +1,5 @@
 from flask import jsonify
-from app import db
+from app import db, log
 from app.api import bp
 from app.api.auth import basic_auth, token_auth
 
@@ -8,6 +8,7 @@ from app.api.auth import basic_auth, token_auth
 @basic_auth.login_required
 def get_token():
     token = basic_auth.current_user().get_token()
+    log(f"API: giving token to {basic_auth.current_user()}")
     db.session.commit()
     return jsonify({"token": token})
 
diff --git a/sco_version.py b/sco_version.py
index f4ef3e98..f6933b48 100644
--- a/sco_version.py
+++ b/sco_version.py
@@ -1,7 +1,7 @@
 # -*- mode: python -*-
 # -*- coding: utf-8 -*-
 
-SCOVERSION = "9.2.15"
+SCOVERSION = "9.2.16"
 
 SCONAME = "ScoDoc"