diff --git a/gateway/platforms/webhook.py b/gateway/platforms/webhook.py
index 504bfd4433a..32c6e8109bd 100644
--- a/gateway/platforms/webhook.py
+++ b/gateway/platforms/webhook.py
@@ -391,7 +391,7 @@ class WebhookAdapter(BasePlatformAdapter):
             )
             return web.json_response(
                 {"error": "Webhook route is missing an HMAC secret"},
-                status=500,
+                status=403,
             )
         if secret != _INSECURE_NO_AUTH:
             if not self._validate_signature(request, raw_body, secret):
diff --git a/tests/gateway/test_webhook_adapter.py b/tests/gateway/test_webhook_adapter.py
index 510f312af9f..9cf61c3c3b5 100644
--- a/tests/gateway/test_webhook_adapter.py
+++ b/tests/gateway/test_webhook_adapter.py
@@ -508,7 +508,7 @@ class TestHTTPHandling:
         app = _create_app(adapter)
         async with TestClient(TestServer(app)) as cli:
             resp = await cli.post("/webhooks/test", json={"data": "value"})
-            assert resp.status == 500
+            assert resp.status == 403
             data = await resp.json()
             assert data["error"] == "Webhook route is missing an HMAC secret"