diff --git a/backend/authentication/signature_auth.py b/backend/authentication/signature_auth.py
index fd36705..f6b280a 100644
--- a/backend/authentication/signature_auth.py
+++ b/backend/authentication/signature_auth.py
@@ -60,6 +60,8 @@ def verify_incoming_friend_request(request, raw_request_body):
         befriender_key = request.data['befriender_key']
     except KeyError:
         return False
+    if not befriender or not befriender_key:
+        return False
     if username + "@" + domain != befriender:
         return False
     if len(befriender_key) != 64:
diff --git a/backend/toolshed/api/friend.py b/backend/toolshed/api/friend.py
index efedd80..a0337c5 100644
--- a/backend/toolshed/api/friend.py
+++ b/backend/toolshed/api/friend.py
@@ -72,7 +72,7 @@ class FriendsRequests(APIView, ViewSetMixin):
                     befriender_username=befriender_username,
                     befriender_domain=befriender_domain,
                     befriender_public_key=user.public_identity.public_key,
-                    secret=secret,  # request.data['secret'] # TODO ??
+                    secret=secret,
                     befriendee_user=befriendee_user.get(),
                 )
                 return Response(status=status.HTTP_201_CREATED, data={'secret': secret, 'status': "pending"})
@@ -81,7 +81,7 @@ class FriendsRequests(APIView, ViewSetMixin):
                     befriender_user=user,
                     befriendee_username=befriendee_username,
                     befriendee_domain=befriendee_domain,
-                    secret=secret,  # request.data['secret'] # TODO ??
+                    secret=secret,
                 )
                 return Response(status=status.HTTP_201_CREATED, data={'secret': secret, 'status': "pending"})
         elif verify_incoming_friend_request(request, raw_request):