diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/validate_user.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/validate_user.py
index 917c4ccbb7458c8683f135b4463558037c222f5f..6e7aeb41ecc4e924d4b97c9e7e5cf0e7c7b717db 100644
--- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/validate_user.py
+++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/validate_user.py
@@ -6,7 +6,7 @@ from ..encoder import CustomJSONEncoder
 from ..models.problem_details import ProblemDetails
 from ..util import serialize_clean_camel_case
 from .resources import Resource
-from .responses import internal_server_error
+from .responses import forbidden_error, internal_server_error, unauthorized_error
 
 
 class ControlAccess(Resource):
@@ -16,14 +16,14 @@ class ControlAccess(Resource):
         cert_col = self.db.get_col_by_name(self.db.certs_col)
 
         try:
-            my_query = {'invoker_id':api_invoker_id}
+            my_query = {'id':api_invoker_id}
             cert_entry = cert_col.find_one(my_query)
 
-            if cert_entry is not None:
-                if cert_entry["cert_signature"] != cert_signature:
-                    prob = ProblemDetails(title="Unauthorized", detail="User not authorized", cause="You are not the owner of this resource")
-                    prob = serialize_clean_camel_case(prob)
-                    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype="application/json")
+            if cert_entry is None:
+                return unauthorized_error(detail="Please provide an existing Network App ID", cause="Certificate not found for invoker")
+            
+            if cert_entry["cert_signature"] != cert_signature:
+                return forbidden_error(detail="User not authorized", cause="You are not the owner of this resource")
 
         except Exception as e:
             exception = "An exception occurred in validate invoker"
diff --git a/tests/features/CAPIF Api Invoker Management/capif_api_invoker_managenet.robot b/tests/features/CAPIF Api Invoker Management/capif_api_invoker_managenet.robot
index 3052e19447524d5aa45797bbe9d0358e0b8c6240..ed52f8f6fb40c69944399bb78c716d2c3d08ee55 100644
--- a/tests/features/CAPIF Api Invoker Management/capif_api_invoker_managenet.robot	
+++ b/tests/features/CAPIF Api Invoker Management/capif_api_invoker_managenet.robot	
@@ -97,11 +97,11 @@ Update Not Onboarded Network App
     ...    username=${INVOKER_USERNAME}
 
     # Check Results
-    Check Response Variable Type And Values    ${resp}    404    ProblemDetails
-    ...    status=404
-    ...    title=Not Found
+    Check Response Variable Type And Values    ${resp}    401    ProblemDetails
+    ...    status=401
+    ...    title=Unauthorized
     ...    detail=Please provide an existing Network App ID
-    ...    cause=Not exist Network App ID
+    ...    cause=Certificate not found for invoker
 
 Offboard Network App
     [Tags]    capif_api_invoker_management-5
@@ -131,11 +131,11 @@ Offboard Not Previously Onboarded Network App
     ...    username=${INVOKER_USERNAME}
 
     # Check Results
-    Check Response Variable Type And Values    ${resp}    404    ProblemDetails
-    ...    status=404
-    ...    title=Not Found
+    Check Response Variable Type And Values    ${resp}    401    ProblemDetails
+    ...    status=401
+    ...    title=Unauthorized
     ...    detail=Please provide an existing Network App ID
-    ...    cause=Not exist Network App ID
+    ...    cause=Certificate not found for invoker
 
 Update Onboarded Network App Certificate
     [Tags]    capif_api_invoker_management-7
@@ -183,6 +183,30 @@ Update Onboarded Network App Certificate
     Check Response Variable Type And Values    ${resp}    200    APIInvokerEnrolmentDetails
     ...    notificationDestination=${new_notification_destination}
 
+    #Revert to old invoker username and certificate
+    ${csr_request_old}=    Create User Csr    ${INVOKER_USERNAME}    invoker
+
+    ${old_onboarding_notification_body}=    Create Onboarding Notification Body
+    ...    http://${CAPIF_CALLBACK_IP}:${CAPIF_CALLBACK_PORT}/netapp_callback
+    ...    ${csr_request_old}
+    ...    ${INVOKER_USERNAME_NEW}
+
+    Set To Dictionary
+    ...    ${request_body}
+    ...    onboardingInformation=${old_onboarding_notification_body['onboardingInformation']}
+
+    ${resp}=    Put Request Capif
+    ...    ${url.path}
+    ...    ${request_body}
+    ...    server=${CAPIF_HTTPS_URL}
+    ...    verify=ca.crt
+    ...    username=${INVOKER_USERNAME_NEW}
+
+    Check Response Variable Type And Values    ${resp}    200    APIInvokerEnrolmentDetails
+
+    Store In File    ${INVOKER_USERNAME}.crt    ${resp.json()['onboardingInformation']['apiInvokerCertificate']}
+    
+
 Onboard invoker without supported_features
     [Tags]    capif_api_invoker_management-8
     # Default Invoker Registration and Onboarding