diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/BaseController.java b/rest-api/src/main/java/lcsb/mapviewer/api/BaseController.java
index 2e4fb4f7f538d99ada224d448c3d8effe20b86c8..5b22b3c2ed9e23c1ca61e6a1984ef102ac640fb7 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/BaseController.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/BaseController.java
@@ -17,7 +17,7 @@ public abstract class BaseController {
 			return new ResponseEntity<Object>("{\"error\" : \"Access denied.\",\"reason\":\"" + e.getMessage() + "\"}", new HttpHeaders(), HttpStatus.FORBIDDEN);
 		} else if (e instanceof QueryException) {
 			return new ResponseEntity<Object>(
-					"{\"error\" : \"Query server error.\",\"reason\":\"" + e.getMessage() + "\"}", new HttpHeaders(), HttpStatus.INTERNAL_SERVER_ERROR);
+					"{\"error\" : \"Query server error.\",\"reason\":\"" + e.getMessage() + "\"}", new HttpHeaders(), HttpStatus.BAD_REQUEST);
 		} else {
 			return new ResponseEntity<Object>(
 					"{\"error\" : \"Internal server error.\",\"reason\":\"" + e.getMessage() + "\"}", new HttpHeaders(), HttpStatus.INTERNAL_SERVER_ERROR);
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/overlay/OverlayRestImpl.java b/rest-api/src/main/java/lcsb/mapviewer/api/overlay/OverlayRestImpl.java
index 1851bc9eebd0121e0cdb8f6b4e84de07fac4fd14..d13401b4b9aff83d91b499ea22039f26d75dc821 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/overlay/OverlayRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/overlay/OverlayRestImpl.java
@@ -9,8 +9,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 
 import lcsb.mapviewer.api.QueryException;
-import lcsb.mapviewer.model.Project;
 import lcsb.mapviewer.model.cache.FileEntry;
+import lcsb.mapviewer.model.map.layout.Layout;
 import lcsb.mapviewer.model.map.model.Model;
 import lcsb.mapviewer.services.SecurityException;
 import lcsb.mapviewer.services.interfaces.ILayoutService;
@@ -135,7 +135,16 @@ public class OverlayRestImpl {
 		if (model == null) {
 			throw new QueryException("Project with given id doesn't exist");
 		}
-		return layoutService.getLayoutDataById(Integer.valueOf(overlayId), authenticationToken).getInputData();
+		try {
+			Integer id = Integer.valueOf(overlayId);
+			Layout layout = layoutService.getLayoutDataById(id, authenticationToken);
+			if (layout == null) {
+				throw new QueryException("Invalid overlay id");
+			}
+			return layout.getInputData();
+		} catch (NumberFormatException e) {
+			throw new QueryException("Invalid overlay id");
+		}
 	}
 
 }
diff --git a/service/src/main/java/lcsb/mapviewer/services/impl/LayoutService.java b/service/src/main/java/lcsb/mapviewer/services/impl/LayoutService.java
index d5637d2e94a0b4fb9b89416e8923cddd003906db..6de79f3787d546a5f4729845781c602bcbc15d46 100644
--- a/service/src/main/java/lcsb/mapviewer/services/impl/LayoutService.java
+++ b/service/src/main/java/lcsb/mapviewer/services/impl/LayoutService.java
@@ -917,6 +917,9 @@ public class LayoutService implements ILayoutService {
 
 	private Layout getLayoutById(int layoutId, AuthenticationToken token) throws SecurityException {
 		Layout layout = layoutDao.getById(layoutId);
+		if (layout == null) {
+			return null;
+		}
 		User user = userService.getUserByToken(token);
 		if (!userCanViewOverlay(layout, user)) {
 			throw new SecurityException("User doesn't have access to overlay");