diff --git a/api/handlers/collectionshandler.py b/api/handlers/collectionshandler.py
index 7708cb5b0ac28462d1af041d1e0ed8259b47bb10..d35720a57ec7ad3034fe32988468d5ac51680a9b 100644
--- a/api/handlers/collectionshandler.py
+++ b/api/handlers/collectionshandler.py
@@ -57,6 +57,8 @@ class CollectionsHandler(ContainerHandler):
         mongo_validator, payload_validator = self._get_validators()
 
         payload = self.request.json_body or {}
+        if not payload:
+            self.abort(400, 'Bad Request')
         contents = payload.pop('contents', None)
         payload_validator(payload, 'PUT')
         permchecker = self._get_permchecker(container=container)
diff --git a/api/handlers/containerhandler.py b/api/handlers/containerhandler.py
index 53134b0155216110dd05a3dbbb2e9e154bc8feba..b2f942cd1a6446036f50410c028493e58b738aec 100644
--- a/api/handlers/containerhandler.py
+++ b/api/handlers/containerhandler.py
@@ -435,6 +435,8 @@ class ContainerHandler(base.RequestHandler):
         mongo_validator, payload_validator = self._get_validators()
 
         payload = self.request.json_body
+        if not payload:
+            self.abort(400, 'Bad Request')
         payload_validator(payload, 'PUT')
 
         # Check if any payload keys are any propogated property, add to r_payload
diff --git a/api/handlers/grouphandler.py b/api/handlers/grouphandler.py
index ab3a20ed575761be8473dfc760854a2888708e43..c43a230bca7b80bb2b101faa36dd954da6406874 100644
--- a/api/handlers/grouphandler.py
+++ b/api/handlers/grouphandler.py
@@ -50,13 +50,14 @@ class GroupHandler(base.RequestHandler):
         group = self._get_group(_id)
         permchecker = groupauth.default(self, group)
         payload = self.request.json_body
+        if not payload:
+            self.abort(400, 'Bad Request')
         mongo_schema_uri = validators.schema_uri('mongo', 'group.json')
         mongo_validator = validators.decorator_from_schema_path(mongo_schema_uri)
         payload_schema_uri = validators.schema_uri('input', 'group-update.json')
         payload_validator = validators.from_schema_path(payload_schema_uri)
         payload_validator(payload, 'PUT')
-        if payload != {}:
-            payload['modified'] = datetime.datetime.utcnow()
+        payload['modified'] = datetime.datetime.utcnow()
         result = mongo_validator(permchecker(self.storage.exec_op))('PUT', _id=_id, payload=payload)
         if result.modified_count == 1:
             return {'modified': result.modified_count}
diff --git a/api/handlers/userhandler.py b/api/handlers/userhandler.py
index 607c1f4856126fc4c28b9e8e89414ed3dc1819a5..9f08bd9e2cda7aa50d922e3849e6690d481a89a7 100644
--- a/api/handlers/userhandler.py
+++ b/api/handlers/userhandler.py
@@ -69,6 +69,8 @@ class UserHandler(base.RequestHandler):
         user = self._get_user(_id)
         permchecker = userauth.default(self, user)
         payload = self.request.json_body
+        if not payload:
+            self.abort(400, 'Bad Request')
         mongo_schema_uri = validators.schema_uri('mongo', 'user.json')
         mongo_validator = validators.decorator_from_schema_path(mongo_schema_uri)
         payload_schema_uri = validators.schema_uri('input', 'user-update.json')
diff --git a/test/integration_tests/python/test_collection.py b/test/integration_tests/python/test_collection.py
index 6ae873ac594d2b4024dc14feb3fdfe4b492a230f..92d5fcc3a8f08d15f169e41c60138de5119d12e1 100644
--- a/test/integration_tests/python/test_collection.py
+++ b/test/integration_tests/python/test_collection.py
@@ -19,6 +19,10 @@ def test_collections(data_builder, as_admin):
     r = as_admin.get('/collections/' + collection)
     assert r.ok
 
+    # test empty update
+    r = as_admin.put('/collections/' + collection, json={})
+    assert r.status_code == 400
+
     # add session to collection
     r = as_admin.put('/collections/' + collection, json={
         'contents': {
diff --git a/test/integration_tests/python/test_containers.py b/test/integration_tests/python/test_containers.py
index e5d213ba2e65518bb1efe38e56a7ab3e6e244001..633625873105a7d46f3e0cbfc17627f799a499d9 100644
--- a/test/integration_tests/python/test_containers.py
+++ b/test/integration_tests/python/test_containers.py
@@ -336,6 +336,10 @@ def test_put_container(data_builder, as_admin):
     session = data_builder.create_session()
     session_2 = data_builder.create_session()
 
+    # test empty update
+    r = as_admin.put('/sessions/' + session, json={})
+    assert r.status_code == 400
+
     # update session w/ timestamp
     r = as_admin.put('/sessions/' + session, json={
         'timestamp': '1979-01-01T00:00:00+00:00'
diff --git a/test/integration_tests/python/test_groups.py b/test/integration_tests/python/test_groups.py
index f7801e369e833e7545b7894e69bde4b7b035e584..cb10e4d8c8cd5b1f2ae4038d0359f5771ea90a56 100644
--- a/test/integration_tests/python/test_groups.py
+++ b/test/integration_tests/python/test_groups.py
@@ -95,9 +95,9 @@ def test_groups(as_admin, data_builder):
     d8 = parse(eight_modified)
     assert d8 > d7
 
-    # Empty put request should 500
+    # Empty put request should 400
     r = as_admin.put('/groups/' + group, json={})
-    assert r.status_code == 500
+    assert r.status_code == 400
 
     r = as_admin.get('/groups/' + group)
     assert r.ok
diff --git a/test/integration_tests/python/test_users.py b/test/integration_tests/python/test_users.py
index 18bf61fcfcb803682fa57b044d9671dacb078116..2ccdd958ba9617b66a1151b16b63026cc327e220 100644
--- a/test/integration_tests/python/test_users.py
+++ b/test/integration_tests/python/test_users.py
@@ -69,6 +69,10 @@ def test_users(as_root, as_admin, as_user, as_public):
     r = as_root.put('/users/nonexistent@user.com', json={'firstname': 'Realname'})
     assert r.status_code == 404
 
+    # Try empty update
+    r = as_root.put('/users/' + new_user_id, json={})
+    assert r.status_code == 400
+
     # Update existing user
     r = as_root.put('/users/' + new_user_id, json={'firstname': 'Realname'})
     assert r.ok