diff --git a/endpoints/index.py b/endpoints/index.py
index 4647d43ff..6b0cde6d8 100644
--- a/endpoints/index.py
+++ b/endpoints/index.py
@@ -174,6 +174,10 @@ def update_images(namespace, repository):
 
   if permission.can():
     repository = model.get_repository(namespace, repository)
+    if not repository:
+      # Make sure the repo actually exists.
+      abort(404)
+
     image_with_checksums = json.loads(request.data)
 
     for image in image_with_checksums:
@@ -196,6 +200,11 @@ def get_repository_images(namespace, repository):
   # TODO invalidate token?
 
   if permission.can() or model.repository_is_public(namespace, repository):
+    # We can't rely on permissions to tell us if a repo exists anymore
+    repo = model.get_repository(namespace, repository)
+    if not repo:
+      abort(404)
+
     all_images = []
     for image in model.get_repository_images(namespace, repository):
       new_image_view = {
@@ -215,8 +224,7 @@ def get_repository_images(namespace, repository):
 
     return resp
 
-  # TODO Submit a pull to docker CLI to get it to accept 403s
-  abort(404)
+  abort(403)
 
 
 @app.route('/v1/repositories/<path:repository>/images', methods=['DELETE'])