diff --git a/frappe/auth.py b/frappe/auth.py
index 9e4e66dda0..f667138ea1 100644
--- a/frappe/auth.py
+++ b/frappe/auth.py
@@ -704,6 +704,9 @@ def validate_auth_via_api_keys(authorization_header):
 
 def validate_api_key_secret(api_key, api_secret, frappe_authorization_source=None):
 	"""frappe_authorization_source to provide api key and secret for a doctype apart from User"""
+	if not api_key or not api_secret:
+		raise frappe.AuthenticationError
+
 	doctype = frappe_authorization_source or "User"
 	docname = frappe.db.get_value(
 		doctype=doctype, filters={"api_key": api_key, "enabled": True}, fieldname=["name"]
@@ -711,8 +714,8 @@ def validate_api_key_secret(api_key, api_secret, frappe_authorization_source=Non
 	if not docname:
 		raise frappe.AuthenticationError
 	form_dict = frappe.local.form_dict
-	doc_secret = get_decrypted_password(doctype, docname, fieldname="api_secret")
-	if api_secret == doc_secret:
+	doc_secret = get_decrypted_password(doctype, docname, fieldname="api_secret", raise_exception=False)
+	if doc_secret and api_secret == doc_secret:
 		if doctype == "User":
 			user = frappe.db.get_value(doctype="User", filters={"api_key": api_key}, fieldname=["name"])
 		else:
diff --git a/frappe/utils/password.py b/frappe/utils/password.py
index db3e0ff09d..0393cd69dd 100644
--- a/frappe/utils/password.py
+++ b/frappe/utils/password.py
@@ -42,10 +42,9 @@ def get_decrypted_password(doctype, name, fieldname="password", raise_exception=
 
 			return None
 
-	elif raise_exception:
+	if raise_exception:
 		frappe.throw(
 			_("Password not found for {0} {1} {2}").format(doctype, name, fieldname),
-			frappe.AuthenticationError,
 		)