diff --git a/rowers/views/apiviews.py b/rowers/views/apiviews.py
index 33a19dba..46301d92 100644
--- a/rowers/views/apiviews.py
+++ b/rowers/views/apiviews.py
@@ -113,7 +113,7 @@ def strokedatajson_v2(request,id):
     if request.method == 'POST':
         checkdata, r = dataprep.getrowdata_db(id=row.id)
         if not checkdata.empty:
-            return HttpResponse("Duplicate Error",status=403)
+            return HttpResponse("Duplicate Error",status=409)
 
         df = pd.DataFrame()
 
@@ -295,6 +295,7 @@ def strokedatajson_v2(request,id):
 @csrf_exempt
 @login_required()
 @api_view(['GET','POST'])
+@permission_classes([IsAuthenticated])
 def strokedatajson(request,id):
     """
     POST: Add Stroke data to workout
@@ -307,7 +308,7 @@ def strokedatajson(request,id):
     try:
         id = int(id)
     except ValueError:
-        return HttpResponse("Not a valid workout number",status=400)
+        return HttpResponse("Not a valid workout number",status=403)
 
 
     if request.method == 'GET':
@@ -326,7 +327,7 @@ def strokedatajson(request,id):
         # strokedata = request.POST['strokedata']
         # checking/validating and cleaning
         try:
-            strokedata = json.loads(request.POST['strokedata'])
+            strokedata = json.loads(request.data['strokedata'])
         except:
             return HttpResponse("No JSON object could be decoded",status=400)