diff --git a/app/src/Controller/TierApiController.php b/app/src/Controller/TierApiController.php
index ee498f682..eda938e60 100644
--- a/app/src/Controller/TierApiController.php
+++ b/app/src/Controller/TierApiController.php
@@ -547,16 +547,27 @@ public function isAuthorized(Array $user) {
     
     // Authorization is as follows:
     
-    // (0) Make sure the Matchgrid is active.
+    // (0) Make sure the Matchgrid is active and the requested SOR exists.
     
     if(!$this->cur_mg) {
       Log::write('debug', "TierApiController::isAuthorized() Requested matchgrid " . $mgid . " not found");
-      return false;
+      throw new \Cake\Http\Exception\ForbiddenException("Requested matchgrid " . $mgid . " not found");
     }
     
     if($this->cur_mg->status != StatusEnum::Active) {
       Log::write('debug', "TierApiController::isAuthorized() Requested matchgrid " . $mgid . " is not Active");
-      return false;
+      throw new \Cake\Http\Exception\ForbiddenException("Requested matchgrid " . $mgid . " is not Active");
+    }
+    
+    if($sor && $mgid) {
+      $this->loadModel('SystemsOfRecord');
+      
+      $count = $this->SystemsOfRecord->find()->where(['matchgrid_id' => $mgid, 'label' => $sor])->count();
+      
+      if($count == 0) {
+        Log::write('debug', "TierApiController::isAuthorized() Requested SOR " . $sor . " not found");
+        throw new \Cake\Http\Exception\ForbiddenException("Requested SOR " . $sor . " not found");
+      }
     }
     
     // (1) A Platform API user ($user['matchgrid_id'] is NULL) may perform any action.