diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index 8bc2f296..85c64079 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -78,6 +78,10 @@ class Travis::Api::App
       #
       # * **github_token**: GitHub token for checking authorization (required)
       post '/github' do
+        unless params[:github_token]
+          halt 422, { "error" => "Must pass 'github_token' parameter" }
+        end
+
         { 'access_token' => github_to_travis(params[:github_token], app_id: 1, drop_token: true) }
       end
 
diff --git a/spec/unit/endpoint/authorization_spec.rb b/spec/unit/endpoint/authorization_spec.rb
index 7f1727f9..12f8529c 100644
--- a/spec/unit/endpoint/authorization_spec.rb
+++ b/spec/unit/endpoint/authorization_spec.rb
@@ -64,5 +64,11 @@ describe Travis::Api::App::Endpoint::Authorization do
     it 'does not store the token' do
       user_for('public repos').github_oauth_token.should_not == 'public repos'
     end
+
+    it "errors if no token is given" do
+      post("/auth/github").should_not be_ok
+      last_response.status.should == 422
+      body.should_not include("access_token")
+    end
   end
 end