diff --git a/apps/api/src/api-v1/consumers/update-consumer.ts b/apps/api/src/api-v1/consumers/update-consumer.ts
index 5c8759cb..ffbdfa41 100644
--- a/apps/api/src/api-v1/consumers/update-consumer.ts
+++ b/apps/api/src/api-v1/consumers/update-consumer.ts
@@ -15,7 +15,8 @@ import { parseZodSchema } from '@/lib/utils'
 import { consumerIdParamsSchema } from './schemas'
 
 const route = createRoute({
-  description: "Updates a consumer's subscription to a project.",
+  description:
+    "Updates a consumer's subscription to a different deployment or pricing plan.",
   tags: ['consumers'],
   operationId: 'updateConsumer',
   method: 'post',
diff --git a/apps/api/src/api-v1/projects/create-project.ts b/apps/api/src/api-v1/projects/create-project.ts
index ef5f6141..fdc7d5ca 100644
--- a/apps/api/src/api-v1/projects/create-project.ts
+++ b/apps/api/src/api-v1/projects/create-project.ts
@@ -60,9 +60,9 @@ export function registerV1ProjectsCreateProject(
       .insert(schema.projects)
       .values({
         ...body,
+        id,
         teamId: teamMember?.teamId,
         userId: user.id,
-        id,
         _secret: sha256(),
         _providerToken: createProviderToken({ id })
       })
diff --git a/apps/api/src/api-v1/projects/update-project.ts b/apps/api/src/api-v1/projects/update-project.ts
index c6399c03..252e6b29 100644
--- a/apps/api/src/api-v1/projects/update-project.ts
+++ b/apps/api/src/api-v1/projects/update-project.ts
@@ -2,6 +2,7 @@ import { createRoute, type OpenAPIHono } from '@hono/zod-openapi'
 
 import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
+import { acl } from '@/lib/acl'
 import {
   openapiAuthenticatedSecuritySchemas,
   openapiErrorResponse404,
@@ -50,7 +51,15 @@ export function registerV1ProjectsUpdateProject(
     const { projectId } = c.req.valid('param')
     const body = c.req.valid('json')
 
-    const [project] = await db
+    // First ensure the project exists and the user has access to it
+    let project = await db.query.projects.findFirst({
+      where: eq(schema.projects.id, projectId)
+    })
+    assert(project, 404, `Project not found "${projectId}"`)
+    await acl(c, project, { label: 'Project' })
+
+    // Update the project
+    ;[project] = await db
       .update(schema.projects)
       .set(body)
       .where(eq(schema.projects.id, projectId))
diff --git a/apps/api/src/api-v1/teams/members/create-team-member.ts b/apps/api/src/api-v1/teams/members/create-team-member.ts
index 3e8a0a48..3c5c8356 100644
--- a/apps/api/src/api-v1/teams/members/create-team-member.ts
+++ b/apps/api/src/api-v1/teams/members/create-team-member.ts
@@ -78,7 +78,7 @@ export function registerV1TeamsMembersCreateTeamMember(
     })
     assert(
       teamMember,
-      400,
+      500,
       `Failed to create team member "${body.userId}"for team "${teamSlug}"`
     )
 
diff --git a/apps/api/src/api-v1/teams/members/delete-team-member.ts b/apps/api/src/api-v1/teams/members/delete-team-member.ts
index a41c256f..5c2267f0 100644
--- a/apps/api/src/api-v1/teams/members/delete-team-member.ts
+++ b/apps/api/src/api-v1/teams/members/delete-team-member.ts
@@ -57,7 +57,7 @@ export function registerV1TeamsMembersDeleteTeamMember(
       .returning()
     assert(
       teamMember,
-      404,
+      400,
       `Failed to update team member "${userId}" for team "${teamSlug}"`
     )
 
diff --git a/apps/api/src/lib/billing/upsert-consumer.ts b/apps/api/src/lib/billing/upsert-consumer.ts
index c43b9f21..5f1c27e4 100644
--- a/apps/api/src/lib/billing/upsert-consumer.ts
+++ b/apps/api/src/lib/billing/upsert-consumer.ts
@@ -24,6 +24,7 @@ export async function upsertConsumer(
   }
 ) {
   assert(consumerId || deploymentId, 400, 'Missing required "deploymentId"')
+  const logger = c.get('logger')
   const userId = c.get('userId')
   let projectId: string | undefined
 
@@ -147,7 +148,6 @@ export async function upsertConsumer(
   // consumer._stripeAccount = project._stripeAccount
   await upsertStripeConnectCustomer({ stripeCustomer, consumer, project })
 
-  const logger = c.get('logger')
   logger.info('SUBSCRIPTION', existingConsumer ? 'UPDATE' : 'CREATE', {
     project,
     deployment,
diff --git a/apps/api/src/lib/ensure-unique-team-slug.ts b/apps/api/src/lib/ensure-unique-team-slug.ts
index 87a824a4..b937d4ff 100644
--- a/apps/api/src/lib/ensure-unique-team-slug.ts
+++ b/apps/api/src/lib/ensure-unique-team-slug.ts
@@ -18,6 +18,6 @@ export async function ensureUniqueTeamSlug(slug: string) {
   assert(
     !existingUser && !existingTeam,
     409,
-    `Team slug [${slug}] is not available`
+    `Team slug "${slug}" is not available`
   )
 }