diff --git a/src/routes/test/profile-test.js b/src/routes/test/profile-test.js
index eb70c0c3b..630c59b9a 100644
--- a/src/routes/test/profile-test.js
+++ b/src/routes/test/profile-test.js
@@ -246,7 +246,8 @@ describe('Profile API', function () {
 
         it('can get secret', async function () {
             const response = await superagent.post(`${serverUrl}/api/v1/profile/twofactorauthentication_secret`)
-                .query({ access_token: user.token });
+                .query({ access_token: user.token })
+                .send({});
 
             secret = response.body.secret;
         });
diff --git a/src/server.js b/src/server.js
index 798d52bf7..ccac73d7e 100644
--- a/src/server.js
+++ b/src/server.js
@@ -205,9 +205,9 @@ async function initializeExpressSync() {
     router.post('/api/v1/users/:userId/password',      json, token, authorizeUserManager, routes.users.load, routes.users.setPassword);
     router.post('/api/v1/users/:userId/ghost',         json, token, authorizeAdmin,       routes.users.load, routes.users.setGhost);
     router.put ('/api/v1/users/:userId/groups',        json, token, authorizeUserManager, routes.users.load, routes.users.setLocalGroups);
-    router.get ('/api/v1/users/:userId/password_reset_link',       json, token, authorizeUserManager, routes.users.load, routes.users.getPasswordResetLink);
+    router.get ('/api/v1/users/:userId/password_reset_link',             token, authorizeUserManager, routes.users.load, routes.users.getPasswordResetLink);
     router.post('/api/v1/users/:userId/send_password_reset_email', json, token, authorizeUserManager, routes.users.load, routes.users.sendPasswordResetEmail);
-    router.get ('/api/v1/users/:userId/invite_link',               json, token, authorizeUserManager, routes.users.load, routes.users.getInviteLink);
+    router.get ('/api/v1/users/:userId/invite_link',                     token, authorizeUserManager, routes.users.load, routes.users.getInviteLink);
     router.post('/api/v1/users/:userId/send_invite_email',         json, token, authorizeUserManager, routes.users.load, routes.users.sendInviteEmail);
     router.post('/api/v1/users/:userId/twofactorauthentication_disable', json, token, authorizeUserManager, routes.users.load, routes.users.disableTwoFactorAuthentication);