diff --git a/src/account/account.rs b/src/account/account.rs
index e83a1be..d93e529 100644
--- a/src/account/account.rs
+++ b/src/account/account.rs
@@ -35,6 +35,15 @@ const INVALID_TOKEN_ERRORS: Errors<'static> = Errors{
     ]
 };
 
+const INVALID_TOKEN_ERRORS_DBG: Errors<'static> = Errors{
+    error: &[
+        Error{
+            message: "Test err 1",
+            code: "0305"
+        }
+    ]
+};
+
 // optimization note: add token caching
 pub struct User {
     pub pid: i32,
@@ -199,7 +208,7 @@ impl<'r, const FORCE_BEARER_AUTH: bool> FromRequest<'r> for Auth<FORCE_BEARER_AU
         let user = match auth_type{
             "Basic" if !FORCE_BEARER_AUTH => read_basic_auth_token(pool, token).await,
             "Bearer" => read_bearer_auth_token(pool, token).await,
-            _ => return Outcome::Error((Status::BadRequest, INVALID_TOKEN_ERRORS)),
+            _ => return Outcome::Error((Status::BadRequest, INVALID_TOKEN_ERRORS_DBG)),
         };
 
         let Some(user) = user else {
diff --git a/src/nnid/people.rs b/src/nnid/people.rs
index 0e98ac6..f95db56 100644
--- a/src/nnid/people.rs
+++ b/src/nnid/people.rs
@@ -265,7 +265,7 @@ pub fn get_own_profile(user: Auth<false>) -> Ds<Xml<GetOwnProfileData>>{
 }
 
 #[get("/v1/api/people/@me/devices/owner")]
-pub fn get_device_owner(user: Auth<true>) -> Ds<Xml<GetOwnProfileData>>{
+pub fn get_device_owner(user: Auth<false>) -> Ds<Xml<GetOwnProfileData>>{
     build_own_profile(user.into())
 }
 
@@ -356,6 +356,6 @@ fn build_own_profile(user: User) -> Ds<Xml<GetOwnProfileData>> {
 
 #[put("/v1/api/people/@me/miis/@primary")]
 pub fn change_mii() {
-    // stubbed(tecnically requires auth but this doesnt do anything so theres no harm in not doing auth here rn)
+    // stubbed(technically requires auth but this doesnt do anything so theres no harm in not doing auth here rn)
 }
 
diff --git a/src/nnid/provider.rs b/src/nnid/provider.rs
index fc33ac0..889e5b7 100644
--- a/src/nnid/provider.rs
+++ b/src/nnid/provider.rs
@@ -4,7 +4,8 @@ use rocket::{get, State};
 use serde::Serialize;
 use sqlx::types::ipnetwork::IpNetwork::V4;
 use crate::account::account::Auth;
-use crate::nnid::oauth::generate_token::create_token;
+use crate::error::{Error, Errors};
+use crate::nnid::oauth::generate_token::{create_token, TokenRequestReturnData};
 use crate::nnid::oauth::generate_token::token_type::NEX_TOKEN;
 use crate::nnid::provider::Test::{A, B};
 use crate::Pool;
@@ -15,6 +16,24 @@ enum Test{
     B(i32)
 }
 
+const NO_IPV4_ERROR: Errors = Errors{
+    error: &[
+        Error{
+            code: "1022",
+            message: "Server is not a valid IPv4 address"
+        }
+    ]
+};
+
+const NO_SERVER_ERROR: Errors = Errors{
+    error: &[
+        Error{
+            code: "1021",
+            message: "The requested game server was not found"
+        }
+    ]
+};
+
 
 #[derive(Serialize)]
 #[serde(rename = "nex_token")]
@@ -33,7 +52,7 @@ pub struct ServiceToken{
 }
 
 #[get("/v1/api/provider/service_token/@me")]
-pub async fn get_service_token(pool: &State<Pool>, auth: Auth<true>) -> Option<Xml<ServiceToken>>{
+pub async fn get_service_token(pool: &State<Pool>, auth: Auth<true>) -> Result<Xml<ServiceToken>, Option<Errors<'static>>>{
     // just gonna put this here as a side note for the future:
     // we could also be using key derivation to derive the nex token as if it were a key
     // that way we could reduce the data the database needs to store and also reduce the transfer
@@ -47,7 +66,7 @@ pub async fn get_service_token(pool: &State<Pool>, auth: Auth<true>) -> Option<X
 
 
 
-    Some(
+    Ok(
         Xml(
             ServiceToken{
                 token
@@ -57,7 +76,7 @@ pub async fn get_service_token(pool: &State<Pool>, auth: Auth<true>) -> Option<X
 }
 
 #[get("/v1/api/provider/nex_token/@me?<game_server_id>")]
-pub async fn get_nex_token(pool: &State<Pool>, auth: Auth<true>, game_server_id: &str) -> Option<Xml<NexToken>>{
+pub async fn get_nex_token(pool: &State<Pool>, auth: Auth<true>, game_server_id: &str) -> Result<Xml<NexToken>, Option<Errors<'static>>>{
     // just gonna put this here as a side note for the future:
     // we could also be using key derivation to derive the nex token as if it were a key
     // that way we could reduce the data the database needs to store and also reduce the transfer
@@ -68,19 +87,28 @@ pub async fn get_nex_token(pool: &State<Pool>, auth: Auth<true>, game_server_id:
     let pool = pool.inner();
 
     let server = sqlx::query!(
-        "select address, port from nex_servers where game_server_id = $1",
-        game_server_id
-    )   .fetch_one(pool).await.unwrap();
+    "select address, port from nex_servers where game_server_id = $1",
+    game_server_id
+    )
+        .fetch_optional(pool)
+        .await
+        .expect("database error"); // only crash on db failure (not missing row)
+
+    let server = match server {
+        Some(server) => server,
+        None => return Err(Some(NO_SERVER_ERROR)), // or custom error
+    };
+
 
     let token = create_token(pool, auth.pid, NEX_TOKEN, None).await;
 
     let V4(host) = server.address else {
-        return None
+        return Err(Some(NO_IPV4_ERROR));
     };
 
     let host = host.ip();
 
-    Some(
+    Ok(
         Xml(
             NexToken{
                 host,