diff --git a/pandora/oxdjango/api/views.py b/pandora/oxdjango/api/views.py
index 3a4a2e89..ce7df892 100644
--- a/pandora/oxdjango/api/views.py
+++ b/pandora/oxdjango/api/views.py
@@ -34,8 +34,15 @@ def api(request):
         return response
     if request.META.get('CONTENT_TYPE') == 'application/json':
         r = json.loads(request.body.decode('utf-8'))
-        action = r['action']
-        data = r.get('data', {})
+        if 'action' not in r:
+            logger.error("invalid api request: %s", r)
+            response = render_to_json_response(json_response(status=400,
+                                               text='Invalid request'))
+            response['Access-Control-Allow-Origin'] = '*'
+            return response
+        else:
+            action = r['action']
+            data = r.get('data', {})
     else:
         action = request.POST['action']
         data = json.loads(request.POST.get('data', '{}'))