diff --git a/api/src/api/routes/resources.py b/api/src/api/routes/resources.py
index 68c7e755ffa990ce19bf433cfd7f7fde7dd2be39..ea478f20c766889c8ba257ea032cc49ada13958e 100644
--- a/api/src/api/routes/resources.py
+++ b/api/src/api/routes/resources.py
@@ -21,7 +21,7 @@ if _FILE_URI_PREFIX_PATH is None:
 _API_RESOURCE_RATE_LIMITERS = create_configured_host_rate_limiters("resources", api.config["API_RESOURCES_RATE_LIMIT"])
 
 
-def _check_access_medium_file(course_handle: str, medium_file_id: int) -> MediumFile:
+def _check_access_medium_file(course_handle: str, medium_file_id: int, not_found_as_unauthorized: bool = False) -> MediumFile:
     is_mod = is_moderator()
     medium_file = database.query_one_or_none_and_expunge(
         MediumFile.select(
@@ -40,7 +40,10 @@ def _check_access_medium_file(course_handle: str, medium_file_id: int) -> Medium
         medium_file = None
     
     if medium_file is None:
-        raise ApiClientException(ERROR_UNKNOWN_OBJECT_OR_NO_ACCESS)
+        if not_found_as_unauthorized:
+            raise ApiClientException(ERROR_UNAUTHORIZED)
+        else:
+            raise ApiClientException(ERROR_UNKNOWN_OBJECT_OR_NO_ACCESS)
     
     if not are_view_permissions_fulfilled(medium_file.lecture.effective_view_permissions):
         raise ApiClientException(ERROR_UNAUTHORIZED)
@@ -99,7 +102,7 @@ def api_route_resource_internal_auth_check():
     except ValueError:
         raise ApiClientException(ERROR_REQUEST_INVALID_PARAMETER("URL.co_ha", "Unable to parse handle"))
 
-    medium_file = _check_access_medium_file(course_handle, medium_file_id)
+    medium_file = _check_access_medium_file(course_handle, medium_file_id, not_found_as_unauthorized=True)
     
     if url_result.path != f"{_FILE_URI_PREFIX_PATH}/{medium_file.file_path}":
         raise ApiClientException(ERROR_BAD_REQUEST("Url does not match medium location"))