diff --git a/services/real-time/test/acceptance/js/JoinProjectTests.js b/services/real-time/test/acceptance/js/JoinProjectTests.js
index 051c33d0c7..06ab8a2c5a 100644
--- a/services/real-time/test/acceptance/js/JoinProjectTests.js
+++ b/services/real-time/test/acceptance/js/JoinProjectTests.js
@@ -176,6 +176,69 @@ describe('joinProject', function () {
     })
   })
 
+  describe('when not authorized and web replies with a 403', function () {
+    before(function (done) {
+      return async.series(
+        [
+          (cb) => {
+            return FixturesManager.setUpProject(
+              {
+                project_id: 'forbidden',
+                privilegeLevel: 'owner',
+                project: {
+                  name: 'Test Project'
+                }
+              },
+              (e, { project_id, user_id }) => {
+                this.project_id = project_id
+                this.user_id = user_id
+                cb(e)
+              }
+            )
+          },
+
+          (cb) => {
+            this.client = RealTimeClient.connect()
+            this.client.on('connectionAccepted', cb)
+          },
+
+          (cb) => {
+            this.client.emit(
+              'joinProject',
+              { project_id: this.project_id },
+              (error, project, privilegeLevel, protocolVersion) => {
+                this.error = error
+                this.project = project
+                this.privilegeLevel = privilegeLevel
+                this.protocolVersion = protocolVersion
+                cb()
+              }
+            )
+          }
+        ],
+        done
+      )
+    })
+
+    it('should return an error', function () {
+      this.error.message.should.equal(
+        'Something went wrong in real-time service'
+      )
+    })
+
+    it('should not have joined the project room', function (done) {
+      RealTimeClient.getConnectedClient(
+        this.client.socket.sessionid,
+        (error, client) => {
+          expect(Array.from(client.rooms).includes(this.project_id)).to.equal(
+            false
+          )
+          done()
+        }
+      )
+    })
+  })
+
   return describe('when over rate limit', function () {
     before(function (done) {
       return async.series(
diff --git a/services/real-time/test/acceptance/js/helpers/MockWebServer.js b/services/real-time/test/acceptance/js/helpers/MockWebServer.js
index a2cf5af50b..8cd9d4be58 100644
--- a/services/real-time/test/acceptance/js/helpers/MockWebServer.js
+++ b/services/real-time/test/acceptance/js/helpers/MockWebServer.js
@@ -38,6 +38,9 @@ module.exports = MockWebServer = {
   joinProjectRequest(req, res, next) {
     const { project_id } = req.params
     const { user_id } = req.query
+    if (project_id === 'forbidden') {
+      return res.status(403).send()
+    }
     if (project_id === 'rate-limited') {
       return res.status(429).send()
     } else {
diff --git a/services/real-time/test/unit/js/WebApiManagerTests.js b/services/real-time/test/unit/js/WebApiManagerTests.js
index 4435bc14f9..c2cbd3925f 100644
--- a/services/real-time/test/unit/js/WebApiManagerTests.js
+++ b/services/real-time/test/unit/js/WebApiManagerTests.js
@@ -91,6 +91,30 @@ describe('WebApiManager', function () {
       })
     })
 
+    describe('when web replies with a 403', function () {
+      beforeEach(function () {
+        this.request.post = sinon
+          .stub()
+          .callsArgWith(1, null, { statusCode: 403 }, null)
+        this.WebApiManager.joinProject(
+          this.project_id,
+          this.user_id,
+          this.callback
+        )
+      })
+
+      it('should call the callback with an error', function () {
+        this.callback
+          .calledWith(
+            sinon.match({
+              message: 'non-success status code from web',
+              info: { statusCode: 403 }
+            })
+          )
+          .should.equal(true)
+      })
+    })
+
     describe('with an error from web', function () {
       beforeEach(function () {
         this.request.post = sinon