diff --git a/webapp/serializers.py b/webapp/serializers.py
index 25517ae..765f40a 100644
--- a/webapp/serializers.py
+++ b/webapp/serializers.py
@@ -3,7 +3,7 @@ from webapp.models import *
 
 
 class SignupFormSerializer(serializers.HyperlinkedModelSerializer):
-    questions = serializers.JSONField(binary=True)
+    questions = serializers.JSONField()
 
     class Meta:
         model = SignupForm
@@ -56,7 +56,7 @@ class SignupSerializer(serializers.ModelSerializer):
         source="signupForm",
         queryset=SignupForm.objects.all()
     )
-    answer = serializers.JSONField(binary=True)
+    answer = serializers.JSONField()
 
     class Meta:
         model = Signup
@@ -69,7 +69,7 @@ class SignupSerializer(serializers.ModelSerializer):
 
 
 class SavedQuestionsSerializer(serializers.ModelSerializer):
-    question = serializers.JSONField(binary=True)
+    question = serializers.JSONField()
 
     class Meta:
         model = TemplateQuestion
diff --git a/webapp/tests/signup_fixture.py b/webapp/tests/signup_fixture.py
index 5a71a9a..39856e3 100644
--- a/webapp/tests/signup_fixture.py
+++ b/webapp/tests/signup_fixture.py
@@ -30,8 +30,8 @@ def createSignupObject(form, answer):
     )
 
 
-def createSignupJSON(form_id, answer):
+def createSignupRequest(form_id, answer):
     return {
         "signupForm_id": form_id,
-        "answer": json.dumps(answer)
+        "answer": answer
     }
diff --git a/webapp/tests/test_signup.py b/webapp/tests/test_signup.py
index 025284d..ea4bfa9 100644
--- a/webapp/tests/test_signup.py
+++ b/webapp/tests/test_signup.py
@@ -7,7 +7,7 @@ from rest_framework.test import APITestCase, force_authenticate
 from webapp.serializers import SignupSerializer, SignupFormSerializer
 from webapp.models import Signup
 from webapp.tests.event_fixture import createEventObject
-from webapp.tests.signup_fixture import createSignupForm, createSignupObject, createSignupJSON, ALL_QUESTION_TYPES, ALL_QUESTION_TYPES_ANSWER
+from webapp.tests.signup_fixture import createSignupForm, createSignupObject, createSignupRequest, ALL_QUESTION_TYPES, ALL_QUESTION_TYPES_ANSWER
 
 
 URL = "/api/signup/"
@@ -59,20 +59,20 @@ class SignupTestCase(APITestCase):
         self.assertEqual(response.data, expected.data)
 
     def test_create_signup(self):
-        new = createSignupJSON(self.signupForm.id, ALL_QUESTION_TYPES_ANSWER)
+        new = createSignupRequest(self.signupForm.id, ALL_QUESTION_TYPES_ANSWER)
         response = self.client.post(URL, new, format="json")
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
         self.assertEqual(Signup.objects.count(), 3)
 
     def test_create_signup_404_or_hidden(self):
-        new = createSignupJSON(3001, ALL_QUESTION_TYPES_ANSWER)
+        new = createSignupRequest(3001, ALL_QUESTION_TYPES_ANSWER)
         response = self.client.post(URL, new, format="json")
-        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
         self.assertEqual(Signup.objects.count(), 2)
 
-        new = createSignupJSON(self.hiddenForm.id, ALL_QUESTION_TYPES_ANSWER)
+        new = createSignupRequest(self.hiddenForm.id, ALL_QUESTION_TYPES_ANSWER)
         response = self.client.post(URL, new, format="json")
-        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
         self.assertEqual(Signup.objects.count(), 2)
 
     @skip("NotImplemented")
@@ -81,47 +81,47 @@ class SignupTestCase(APITestCase):
 
     def test_create_malformed_answer(self):
         # Empty body
-        response = self.client.post(URL, createSignupJSON(self.signupForm.id, {}), format="json")
+        response = self.client.post(URL, createSignupRequest(self.signupForm.id, {}), format="json")
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
         # Array
-        response = self.client.post(URL, createSignupJSON(self.signupForm.id, []), format="json")
+        response = self.client.post(URL, createSignupRequest(self.signupForm.id, []), format="json")
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
         # Extra ids
         testInput = ALL_QUESTION_TYPES_ANSWER.copy()
         testInput["newId"] = "Oon extraa"
-        response = self.client.post(URL, createSignupJSON(self.signupForm.id, testInput), format="json")
+        response = self.client.post(URL, createSignupRequest(self.signupForm.id, testInput), format="json")
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
         # Bad id
-        response = self.client.post(URL, createSignupJSON(self.signupFormText.id, { "malformed": "Tekstiä" }), format="json")
+        response = self.client.post(URL, createSignupRequest(self.signupFormText.id, { "malformed": "Tekstiä" }), format="json")
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
         # Wrong data type for text
-        response = self.client.post(URL, createSignupJSON(self.signupFormText.id, {"j5CeRZDvl": 123}), format="json")
+        response = self.client.post(URL, createSignupRequest(self.signupFormText.id, {"j5CeRZDvl": 123}), format="json")
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
         # Wrong data for checkbox
-        response = self.client.post(URL, createSignupJSON(self.signupFormCheck.id, {
+        response = self.client.post(URL, createSignupRequest(self.signupFormCheck.id, {
             "i10d426d5": ["D"]
         }), format="json")
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
         # Wrong data type for checkbox
-        response = self.client.post(URL, createSignupJSON(self.signupFormCheck.id, {
+        response = self.client.post(URL, createSignupRequest(self.signupFormCheck.id, {
             "i10d426d5": {"j5CeRZDvl": { "asd": "123" }}
         }), format="json")
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
         # Wrong data for radiobutton
-        response = self.client.post(URL, createSignupJSON(self.signupFormRadio.id, {
+        response = self.client.post(URL, createSignupRequest(self.signupFormRadio.id, {
             "RHJhSoaLD": []
         }), format="json")
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
         # Wrong data type for radiobutton
-        response = self.client.post(URL, createSignupJSON(self.signupFormRadio.id, {
+        response = self.client.post(URL, createSignupRequest(self.signupFormRadio.id, {
             "RHJhSoaLD": { "asd": "123" }
         }), format="json")
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
diff --git a/webapp/views.py b/webapp/views.py
index 72fcef4..0890501 100644
--- a/webapp/views.py
+++ b/webapp/views.py
@@ -6,16 +6,18 @@ from django.utils import timezone
 from dealer.git import git
 from django.conf import settings
 from django.contrib.auth import authenticate
-from django.http import HttpResponseBadRequest, HttpResponse
+from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse
 from django.shortcuts import redirect, render
 from django.views.decorators.http import require_http_methods
 from django_filters import rest_framework as filters
+from django.core.exceptions import ObjectDoesNotExist
 from rest_framework import permissions, routers, viewsets
 from rest_framework.filters import OrderingFilter, SearchFilter
-from rest_framework.permissions import IsAuthenticatedOrReadOnly, AllowAny
+from rest_framework.permissions import IsAuthenticatedOrReadOnly
 from rest_framework.response import Response
 from rest_framework.reverse import reverse
 from jsonschema import validate
+from jsonschema.exceptions import ValidationError
 import logging
 
 from webapp.models import Event, SignupForm, Signup, TemplateQuestion, Feed, Committee, Occupation, Tag
@@ -74,24 +76,26 @@ class SignupFormViewSet(viewsets.ModelViewSet):
 class SignupViewSet(viewsets.ModelViewSet):
     queryset = Signup.objects.all()
     serializer_class = SignupSerializer
-    permission_classes = [AllowAny]
-    # permission_classes = [IsPostOrIsAuthenticated]
+    permission_classes = [IsPostOrIsAuthenticated]
     # filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter)
     # filter_fields = '__all__'
     # search_fields = '__all__'
 
     def create(self, request, *args, **kwargs):
         try:
-            form = SignupForm.objects.get(id=request.data["signupForm_id"])
+            id = request.data["signupForm_id"]
+            answer = request.data["answer"]
+            form = SignupForm.objects.get(id=id)
             if (form.visible):
-                signup = json.loads(request.data["answer"])
-                # Throws error if not valid
-                validate(instance=signup, schema=form.schema)
+                # Throws ValidationError if not valid
+                validate(instance=answer, schema=form.schema)
                 return super().create(request, *args, **kwargs)
-        except Exception as inst:
-            return HttpResponseBadRequest()
+        except ValidationError as inst:
+            return JsonResponse(status=400, data={"error": inst.message})
+        except ObjectDoesNotExist:
+            return JsonResponse(status=404, data={"error": f"SignupForm {id} not found"})
         else:
-            return HttpResponseBadRequest()
+            return JsonResponse(status=404, data={"error": f"SignupForm {id} not found"})
 
     def update(self, request, *args, **kwargs):
         return super().update(request, *args, **kwargs)