diff --git a/core/server/services/auth/api-key/admin.js b/core/server/services/auth/api-key/admin.js
index fe51762986..f835d2b39c 100644
--- a/core/server/services/auth/api-key/admin.js
+++ b/core/server/services/auth/api-key/admin.js
@@ -78,7 +78,7 @@ const authenticateWithUrl = (req, res, next) => {
  * - the "Audience" claim should match the requested API path
  *   https://tools.ietf.org/html/rfc7519#section-4.1.3
  */
-const authenticateWithToken = (req, res, next, {token, JWT_OPTIONS}) => {
+const authenticateWithToken = async (req, res, next, {token, JWT_OPTIONS}) => {
     const decoded = jwt.decode(token, {complete: true});
 
     if (!decoded || !decoded.header) {
@@ -97,7 +97,9 @@ const authenticateWithToken = (req, res, next, {token, JWT_OPTIONS}) => {
         }));
     }
 
-    models.ApiKey.findOne({id: apiKeyId}).then((apiKey) => {
+    try {
+        const apiKey = await models.ApiKey.findOne({id: apiKeyId});
+
         if (!apiKey) {
             return next(new errors.UnauthorizedError({
                 message: i18n.t('errors.middleware.auth.unknownAdminApiKey'),
@@ -145,21 +147,23 @@ const authenticateWithToken = (req, res, next, {token, JWT_OPTIONS}) => {
 
         if (apiKey.get('user_id')) {
             // fetch the user and store it on the request for later checks and logging
-            return models.User.findOne(
+            const user = await models.User.findOne(
                 {id: apiKey.get('user_id'), status: 'active'},
                 {require: true}
-            ).then((user) => {
-                req.user = user;
-                next();
-            });
+            );
+
+            req.user = user;
+
+            next();
         }
 
         // store the api key on the request for later checks and logging
         req.api_key = apiKey;
+
         next();
-    }).catch((err) => {
+    } catch (err) {
         next(new errors.InternalServerError({err}));
-    });
+    }
 };
 
 module.exports = {
diff --git a/core/server/services/auth/api-key/content.js b/core/server/services/auth/api-key/content.js
index 27ad6c8364..47d70576f8 100644
--- a/core/server/services/auth/api-key/content.js
+++ b/core/server/services/auth/api-key/content.js
@@ -2,7 +2,7 @@ const models = require('../../../models');
 const errors = require('@tryghost/errors');
 const {i18n} = require('../../../lib/common');
 
-const authenticateContentApiKey = function authenticateContentApiKey(req, res, next) {
+const authenticateContentApiKey = async function authenticateContentApiKey(req, res, next) {
     // allow fallthrough to other auth methods or final ensureAuthenticated check
     if (!req.query || !req.query.key) {
         return next();
@@ -17,7 +17,9 @@ const authenticateContentApiKey = function authenticateContentApiKey(req, res, n
 
     let key = req.query.key;
 
-    models.ApiKey.findOne({secret: key}).then((apiKey) => {
+    try {
+        const apiKey = await models.ApiKey.findOne({secret: key});
+
         if (!apiKey) {
             return next(new errors.UnauthorizedError({
                 message: i18n.t('errors.middleware.auth.unknownContentApiKey'),
@@ -34,10 +36,11 @@ const authenticateContentApiKey = function authenticateContentApiKey(req, res, n
 
         // authenticated OK, store the api key on the request for later checks and logging
         req.api_key = apiKey;
+
         next();
-    }).catch((err) => {
+    } catch (err) {
         next(new errors.InternalServerError({err}));
-    });
+    }
 };
 
 module.exports = {