diff --git a/src/routes/getLockCategoriesByHash.ts b/src/routes/getLockCategoriesByHash.ts
index 227f68a..1aee441 100644
--- a/src/routes/getLockCategoriesByHash.ts
+++ b/src/routes/getLockCategoriesByHash.ts
@@ -44,14 +44,25 @@ const mergeLocks = (source: DBLock[], actionTypes: ActionType[]): LockResultByHa
 
 export async function getLockCategoriesByHash(req: Request, res: Response): Promise<Response> {
     let hashPrefix = req.params.prefix as VideoIDHash;
-    const actionTypes: ActionType[] = req.query.actionTypes
-        ? JSON.parse(req.query.actionTypes as string)
-        : req.query.actionType
-            ? Array.isArray(req.query.actionType)
-                ? req.query.actionType
-                : [req.query.actionType]
-            : [ActionType.Skip, ActionType.Mute];
+    let actionTypes: ActionType[] = [];
+    try {
+        actionTypes = req.query.actionTypes
+            ? JSON.parse(req.query.actionTypes as string)
+            : req.query.actionType
+                ? Array.isArray(req.query.actionType)
+                    ? req.query.actionType
+                    : [req.query.actionType]
+                : [ActionType.Skip, ActionType.Mute];
+        if (!Array.isArray(actionTypes)) {
+            //invalid request
+            return res.sendStatus(400);
+        }
+    } catch (err) {
+        //invalid request
+        return res.status(400).send("Invalid request: JSON parse error (actionTypes)");
+    }
     if (!hashPrefixTester(req.params.prefix)) {
+
         return res.status(400).send("Hash prefix does not match format requirements."); // Exit early on faulty prefix
     }
     hashPrefix = hashPrefix.toLowerCase() as VideoIDHash;
@@ -62,7 +73,7 @@ export async function getLockCategoriesByHash(req: Request, res: Response): Prom
         if (lockedRows.length === 0 || !lockedRows[0]) return res.sendStatus(404);
         // merge all locks
         return res.send(mergeLocks(lockedRows, actionTypes));
-    } catch (err) {
+    } catch (err) /* istanbul ignore next */ {
         Logger.error(err as string);
         return res.sendStatus(500);
     }
diff --git a/src/routes/getLockReason.ts b/src/routes/getLockReason.ts
index ef4e5a3..59ab528 100644
--- a/src/routes/getLockReason.ts
+++ b/src/routes/getLockReason.ts
@@ -32,18 +32,24 @@ export async function getLockReason(req: Request, res: Response): Promise<Respon
         return res.status(400).send("No videoID provided");
     }
     let categories: Category[] = [];
-    const actionTypes: ActionType[] = req.query.actionTypes
-        ? JSON.parse(req.query.actionTypes as string)
-        : req.query.actionType
-            ? Array.isArray(req.query.actionType)
-                ? req.query.actionType
-                : [req.query.actionType]
-            : [ActionType.Skip, ActionType.Mute];
-    const possibleCategories = filterActionType(actionTypes);
-    if (!Array.isArray(actionTypes)) {
-        //invalid request
-        return res.status(400).send("actionTypes parameter does not match format requirements");
+    let actionTypes: ActionType[] = [];
+    try {
+        actionTypes = req.query.actionTypes
+            ? JSON.parse(req.query.actionTypes as string)
+            : req.query.actionType
+                ? Array.isArray(req.query.actionType)
+                    ? req.query.actionType
+                    : [req.query.actionType]
+                : [ActionType.Skip, ActionType.Mute];
+        if (!Array.isArray(actionTypes)) {
+            //invalid request
+            return res.status(400).send("actionTypes parameter does not match format requirements");
+        }
+    } catch (error) {
+        return res.status(400).send("Bad parameter: actionTypes (invalid JSON)");
     }
+    const possibleCategories = filterActionType(actionTypes);
+
     try {
         categories = req.query.categories
             ? JSON.parse(req.query.categories as string)
@@ -64,11 +70,6 @@ export async function getLockReason(req: Request, res: Response): Promise<Respon
         : categories.filter(x =>
             possibleCategories.includes(x));
 
-    if (!videoID || !Array.isArray(actionTypes)) {
-        //invalid request
-        return res.sendStatus(400);
-    }
-
     try {
         // Get existing lock categories markers
         const row = await db.prepare("all", 'SELECT "category", "reason", "actionType", "userID" from "lockCategories" where "videoID" = ?', [videoID]) as {category: Category, reason: string, actionType: ActionType, userID: string }[];
@@ -115,7 +116,7 @@ export async function getLockReason(req: Request, res: Response): Promise<Respon
         }
 
         return res.send(results);
-    } catch (err) {
+    } catch (err) /* istanbul ignore next */ {
         Logger.error(err as string);
         return res.sendStatus(500);
     }
diff --git a/src/routes/getTopUsers.ts b/src/routes/getTopUsers.ts
index 5a2b86c..b4b83a3 100644
--- a/src/routes/getTopUsers.ts
+++ b/src/routes/getTopUsers.ts
@@ -73,11 +73,6 @@ export async function getTopUsers(req: Request, res: Response): Promise<Response
     const sortType = parseInt(req.query.sortType as string);
     const categoryStatsEnabled = req.query.categoryStats;
 
-    if (sortType == undefined) {
-        //invalid request
-        return res.sendStatus(400);
-    }
-
     //setup which sort type to use
     let sortBy = "";
     if (sortType == 0) {