diff --git a/client/api/api.ts b/client/api/api.ts
index 5a3807f..fe9f204 100644
--- a/client/api/api.ts
+++ b/client/api/api.ts
@@ -85,8 +85,13 @@ function mergeArtists(from: number, to: number, replaceImage: boolean): Promise<
     })
 }
 function login(username: string, password: string, remember: boolean): Promise<Response> {
-    return fetch(`/apis/web/v1/login?username=${username}&password=${password}&remember_me=${remember}`, {
+    const form = new URLSearchParams 
+    form.append('username', username)
+    form.append('password', password)
+    form.append('remember_me', String(remember))
+    return fetch(`/apis/web/v1/login`, {
         method: "POST",
+        body: form,
     })
 }
 function logout(): Promise<Response> {
@@ -99,8 +104,11 @@ function getApiKeys(): Promise<ApiKey[]> {
     return fetch(`/apis/web/v1/user/apikeys`).then((r) => r.json() as Promise<ApiKey[]>)
 }
 const createApiKey = async (label: string): Promise<ApiKey> => {
-    const r = await fetch(`/apis/web/v1/user/apikeys?label=${label}`, {
-        method: "POST"
+    const form = new URLSearchParams 
+    form.append('label', label)
+    const r = await fetch(`/apis/web/v1/user/apikeys`, {
+        method: "POST",
+        body: form,
     });
     if (!r.ok) {
         let errorMessage = `error: ${r.status}`;
@@ -134,8 +142,12 @@ function deleteItem(itemType: string, id: number): Promise<Response> {
     })
 }
 function updateUser(username: string, password: string) {
-    return fetch(`/apis/web/v1/user?username=${username}&password=${password}`, {
-        method: "PATCH"
+    const form = new URLSearchParams 
+    form.append('username', username)
+    form.append('password', password)
+    return fetch(`/apis/web/v1/user`, {
+        method: "PATCH",
+        body: form,
     })
 }
 function getAliases(type: string, id: number): Promise<Alias[]> {
diff --git a/engine/handlers/auth.go b/engine/handlers/auth.go
index c8edce6..1b0fa53 100644
--- a/engine/handlers/auth.go
+++ b/engine/handlers/auth.go
@@ -20,7 +20,12 @@ func LoginHandler(store db.DB) http.HandlerFunc {
 
 		l.Debug().Msg("LoginHandler: Received login request")
 
-		r.ParseForm()
+		err := r.ParseForm()
+		if err != nil {
+			l.Debug().Msg("LoginHandler: Failed to parse request form")
+			utils.WriteError(w, "failed to parse request", http.StatusInternalServerError)
+			return
+		}
 		username := r.FormValue("username")
 		password := r.FormValue("password")
 		if username == "" || password == "" {
@@ -149,12 +154,22 @@ func UpdateUserHandler(store db.DB) http.HandlerFunc {
 			return
 		}
 
-		r.ParseForm()
+		err := r.ParseForm()
+		if err != nil {
+			l.Err(err).Msg("UpdateUserHandler: Failed to parse request form")
+			utils.WriteError(w, "failed to parse request", http.StatusInternalServerError)
+			return
+		}
 		username := r.FormValue("username")
 		password := r.FormValue("password")
 
+		if username == "" && password == "" {
+			l.Debug().Msg("UpdateUserHandler: No parameters were recieved")
+			utils.WriteError(w, "all parameters missing", http.StatusBadRequest)
+			return
+		}
 		l.Debug().Msgf("UpdateUserHandler: Updating user with ID %d", u.ID)
-		err := store.UpdateUser(ctx, db.UpdateUserOpts{
+		err = store.UpdateUser(ctx, db.UpdateUserOpts{
 			ID:       u.ID,
 			Username: username,
 			Password: password,