diff --git a/docs/astakos-api-guide.rst b/docs/astakos-api-guide.rst
index a58560aad5e75728346736d762db0ed3a7b38f2f..882c29d97316ef0c1fbdfbc5c81b87c01db60ab4 100644
--- a/docs/astakos-api-guide.rst
+++ b/docs/astakos-api-guide.rst
@@ -484,7 +484,7 @@ Example xml response:
 Return Code                 Description
 =========================== =====================
 200 (OK)                    The request succeeded
-400 (Bad Request)           Method not allowed or invalid request format or missing expected input
+400 (Bad Request)           Method not allowed or invalid request format or missing expected input or not consistent tenantName
 401 (Unauthorized)          Invalid token or invalid creadentials or tenantName does not comply with the provided token
 500 (Internal Server Error) The request cannot be completed because of an internal error
 =========================== =====================
diff --git a/snf-astakos-app/astakos/api/tokens.py b/snf-astakos-app/astakos/api/tokens.py
index fd0a882c19804a66955b80fc441587b4d05302cd..780910a1582b6480e5aaa465700103ad43e8c1fe 100644
--- a/snf-astakos-app/astakos/api/tokens.py
+++ b/snf-astakos-app/astakos/api/tokens.py
@@ -68,10 +68,13 @@ def authenticate(request):
                 token_id = req['auth']['passwordCredentials']['password']
                 uuid = req['auth']['passwordCredentials']['username']
             except KeyError:
-                raise faults.BadRequest('Malformed request')
+                raise faults.BadRequest(
+                    'Malformed request: missing credentials')
+
+        tenant = req['auth'].get('tenantName')
 
         if token_id is None:
-            raise faults.BadRequest('Malformed request')
+            raise faults.BadRequest('Malformed request: missing token')
 
         try:
             user = AstakosUser.objects.get(auth_token=token_id)
@@ -84,6 +87,10 @@ def authenticate(request):
             if user.uuid != uuid:
                 raise faults.Unauthorized('Invalid credentials')
 
+        if tenant is not None:
+            if user.uuid != tenant:
+                raise faults.BadRequest('Not conforming tenantName')
+
         d["access"]["token"] = {
             "id": user.auth_token,
             "expires": utils.isoformat(user.auth_token_expires),
diff --git a/snf-astakos-app/astakos/im/tests/api.py b/snf-astakos-app/astakos/im/tests/api.py
index 28b420611461571cd0febf258ef9205140a5b2e0..495e9c0af185500343900bdac0f1e5012a5e6580 100644
--- a/snf-astakos-app/astakos/im/tests/api.py
+++ b/snf-astakos-app/astakos/im/tests/api.py
@@ -462,8 +462,8 @@ class TokensApiTest(TestCase):
         r = client.post(url, post_data, content_type='application/json')
         self.assertEqual(r.status_code, 400)
         body = json.loads(r.content)
-        self.assertEqual(body['badRequest']['message'],
-                         'Malformed request')
+        self.assertTrue(body['badRequest']['message'].
+                        startswith('Malformed request'))
 
         # Check malformed request: missing username
         url = reverse('astakos.api.tokens.authenticate')
@@ -473,8 +473,8 @@ class TokensApiTest(TestCase):
         r = client.post(url, post_data, content_type='application/json')
         self.assertEqual(r.status_code, 400)
         body = json.loads(r.content)
-        self.assertEqual(body['badRequest']['message'],
-                         'Malformed request')
+        self.assertTrue(body['badRequest']['message'].
+                        startswith('Malformed request'))
 
         # Check invalid pass
         url = reverse('astakos.api.tokens.authenticate')
@@ -520,6 +520,28 @@ class TokensApiTest(TestCase):
         except Exception, e:
             self.fail(e)
 
+        # Check malformed request: missing token
+        url = reverse('astakos.api.tokens.authenticate')
+        post_data = """{"auth":{"auth_token":{"id":"%s"},
+                                "tenantName":"%s"}}""" % (
+            self.user1.auth_token, self.user1.uuid)
+        r = client.post(url, post_data, content_type='application/json')
+        self.assertEqual(r.status_code, 400)
+        body = json.loads(r.content)
+        self.assertTrue(body['badRequest']['message'].
+                        startswith('Malformed request'))
+
+        # Check bad request: inconsistent tenant
+        url = reverse('astakos.api.tokens.authenticate')
+        post_data = """{"auth":{"token":{"id":"%s"},
+                                "tenantName":"%s"}}""" % (
+            self.user1.auth_token, self.user2.uuid)
+        r = client.post(url, post_data, content_type='application/json')
+        self.assertEqual(r.status_code, 400)
+        body = json.loads(r.content)
+        self.assertEqual(body['badRequest']['message'],
+                         'Not conforming tenantName')
+
         # Check successful json response
         url = reverse('astakos.api.tokens.authenticate')
         post_data = """{"auth":{"passwordCredentials":{"username":"%s",
@@ -560,5 +582,3 @@ class TokensApiTest(TestCase):
 #            body = minidom.parseString(r.content)
 #        except Exception, e:
 #            self.fail(e)
-
-        # test public mode: json response