diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/v3/CallbackUrlBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/v3/CallbackUrlBehavior.java
index 186591b54..a98418142 100644
--- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/v3/CallbackUrlBehavior.java
+++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/v3/CallbackUrlBehavior.java
@@ -158,20 +158,22 @@ public UpdateCallbackUrlResponse updateCallbackUrl(UpdateCallbackUrlRequest requ
         // Retain existing passwords in case new password is not set
         HttpAuthenticationPrivate authRequest = request.getAuthentication();
         HttpAuthenticationPrivate authExisting = entity.getAuthentication();
-        if (authRequest.getCertificate() != null && authExisting.getCertificate() != null) {
-            if (authExisting.getCertificate().getKeyStorePassword() != null && authRequest.getCertificate().getKeyStorePassword() == null) {
-                authRequest.getCertificate().setKeyStorePassword(authExisting.getCertificate().getKeyStorePassword());
-            }
-            if (authExisting.getCertificate().getKeyPassword() != null && authRequest.getCertificate().getKeyPassword() == null) {
-                authRequest.getCertificate().setKeyPassword(authExisting.getCertificate().getKeyPassword());
-            }
-            if (authExisting.getCertificate().getTrustStorePassword() != null && authRequest.getCertificate().getTrustStorePassword() == null) {
-                authRequest.getCertificate().setTrustStorePassword(authExisting.getCertificate().getTrustStorePassword());
+        if (authRequest != null) {
+            if (authRequest.getCertificate() != null && authExisting.getCertificate() != null) {
+                if (authExisting.getCertificate().getKeyStorePassword() != null && authRequest.getCertificate().getKeyStorePassword() == null) {
+                    authRequest.getCertificate().setKeyStorePassword(authExisting.getCertificate().getKeyStorePassword());
+                }
+                if (authExisting.getCertificate().getKeyPassword() != null && authRequest.getCertificate().getKeyPassword() == null) {
+                    authRequest.getCertificate().setKeyPassword(authExisting.getCertificate().getKeyPassword());
+                }
+                if (authExisting.getCertificate().getTrustStorePassword() != null && authRequest.getCertificate().getTrustStorePassword() == null) {
+                    authRequest.getCertificate().setTrustStorePassword(authExisting.getCertificate().getTrustStorePassword());
+                }
             }
-        }
-        if (authRequest.getHttpBasic() != null && authExisting.getHttpBasic() != null) {
-            if (authExisting.getHttpBasic().getPassword() != null && authRequest.getHttpBasic().getPassword() == null) {
-                authRequest.getHttpBasic().setPassword(authExisting.getHttpBasic().getPassword());
+            if (authRequest.getHttpBasic() != null && authExisting.getHttpBasic() != null) {
+                if (authExisting.getHttpBasic().getPassword() != null && authRequest.getHttpBasic().getPassword() == null) {
+                    authRequest.getHttpBasic().setPassword(authExisting.getHttpBasic().getPassword());
+                }
             }
         }
         entity.setAuthentication(authRequest);