diff --git a/pkg/apiclient/auth.go b/pkg/apiclient/auth.go
index 47acc15c2..1a244092f 100644
--- a/pkg/apiclient/auth.go
+++ b/pkg/apiclient/auth.go
@@ -149,7 +149,11 @@ func (t *JWTTransport) refreshJwtToken() error {
 	defer resp.Body.Close()
 
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		return fmt.Errorf("received response status %q when fetching %v", resp.Status, req.URL)
+		log.Debugf("received response status %q when fetching %v", resp.Status, req.URL)
+		err = CheckResponse(resp)
+		if err != nil {
+			return err
+		}
 	}
 
 	if err := json.NewDecoder(resp.Body).Decode(&response); err != nil {
diff --git a/pkg/apiclient/auth_service_test.go b/pkg/apiclient/auth_service_test.go
index ae18b4c89..7c217b70a 100644
--- a/pkg/apiclient/auth_service_test.go
+++ b/pkg/apiclient/auth_service_test.go
@@ -88,7 +88,7 @@ func TestWatcherAuth(t *testing.T) {
 		MachineID: &mycfg.MachineID,
 		Password:  &mycfg.Password,
 	})
-	assert.Contains(t, err.Error(), "403 Forbidden")
+	assert.Contains(t, err.Error(), "API error: access forbidden")
 
 }
 
diff --git a/pkg/apiclient/client_test.go b/pkg/apiclient/client_test.go
index 92e1b0309..187f44365 100644
--- a/pkg/apiclient/client_test.go
+++ b/pkg/apiclient/client_test.go
@@ -106,7 +106,7 @@ func TestNewClientKo(t *testing.T) {
 	})
 
 	_, _, err = client.Alerts.List(context.Background(), AlertsListOpts{})
-	assert.Contains(t, err.Error(), `received response status "401 Unauthorized"`)
+	assert.Contains(t, err.Error(), `API error: bad login/password`)
 	log.Printf("err-> %s", err)
 }