diff --git a/api/src/controllers/permission.ts b/api/src/controllers/permission.ts
index 7431cd8..ce04f52 100644
--- a/api/src/controllers/permission.ts
+++ b/api/src/controllers/permission.ts
@@ -209,7 +209,9 @@ const createPermission = async ({
       clientId = clientInDB.clientId
       break
     default:
-      throw new Error('Invalid principal type.')
+      throw new Error(
+        'Invalid principal type. Valid types are user, group and client.'
+      )
   }
 
   const savedPermission = await permission.save()
diff --git a/api/src/routes/api/spec/permission.spec.ts b/api/src/routes/api/spec/permission.spec.ts
index 03ece1f..77e4095 100644
--- a/api/src/routes/api/spec/permission.spec.ts
+++ b/api/src/routes/api/spec/permission.spec.ts
@@ -252,6 +252,22 @@ describe('permission', () => {
       expect(res.text).toEqual('Error: Client not found.')
       expect(res.body).toEqual({})
     })
+
+    it('should respond with forbidden Request (403) if principal type is not valid', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalType: 'invalid'
+        })
+        .expect(403)
+
+      expect(res.text).toEqual(
+        'Error: Invalid principal type. Valid types are user, group and client.'
+      )
+      expect(res.body).toEqual({})
+    })
   })
 
   describe('update', () => {