diff --git a/src/test/scala/uk/gov/nationalarchives/tdr/transfer/service/api/TransferServiceServerSpec.scala b/src/test/scala/uk/gov/nationalarchives/tdr/transfer/service/api/TransferServiceServerSpec.scala
index 971d696..86472c6 100644
--- a/src/test/scala/uk/gov/nationalarchives/tdr/transfer/service/api/TransferServiceServerSpec.scala
+++ b/src/test/scala/uk/gov/nationalarchives/tdr/transfer/service/api/TransferServiceServerSpec.scala
@@ -82,10 +82,6 @@ class TransferServiceServerSpec extends ExternalServicesSpec with Matchers {
       )
       .unsafeRunSync()
 
-    val expectedResponse = Json.obj(
-      "message" := "Invalid token issuer. Expected 'http://localhost:8000/auth/realms/tdr'"
-    )
-
     response.status shouldBe Status.Unauthorized
     response.as[Json].unsafeRunSync() shouldEqual invalidTokenExpectedResponse
   }
@@ -125,4 +121,39 @@ class TransferServiceServerSpec extends ExternalServicesSpec with Matchers {
     response.status shouldBe Status.Unauthorized
     response.as[Json].unsafeRunSync() shouldEqual invalidTokenExpectedResponse
   }
+
+  "unknown source system in endpoint" should "return 400 response with correct authorisation header" in {
+    graphqlOkJson()
+    val validToken = validUserToken()
+    val bearer = CIString("Authorization")
+    val authHeader = Header.Raw.apply(bearer, s"$validToken")
+    val fakeHeaders = Headers.apply(authHeader)
+    val response = LoadController
+      .apply()
+      .initiateLoadRoute
+      .orNotFound
+      .run(
+        Request(method = Method.POST, uri = uri"/load/unknown/initiate", headers = fakeHeaders)
+      )
+      .unsafeRunSync()
+
+    response.status shouldBe Status.BadRequest
+  }
+
+  "unknown source system in endpoint endpoint" should "return 400 response with incorrect authorisation header" in {
+    val token = invalidToken
+    val bearer = CIString("Authorization")
+    val authHeader = Header.Raw.apply(bearer, s"$token")
+    val fakeHeaders = Headers.apply(authHeader)
+    val response = LoadController
+      .apply()
+      .initiateLoadRoute
+      .orNotFound
+      .run(
+        Request(method = Method.POST, uri = uri"/load/unknown/initiate", headers = fakeHeaders)
+      )
+      .unsafeRunSync()
+
+    response.status shouldBe Status.BadRequest
+  }
 }