diff --git a/seahub/api2/views.py b/seahub/api2/views.py
index f09fbe78f2..3423348f79 100644
--- a/seahub/api2/views.py
+++ b/seahub/api2/views.py
@@ -3592,13 +3592,10 @@ class RepoTokensView(APIView):
         if any([not _REPO_ID_PATTERN.match(repo) for repo in repos]):
             return api_error(status.HTTP_400_BAD_REQUEST, "Libraries ids are invalid")
 
-        if any([not seafile_api.check_repo_access_permission(
-                repo, request.user.username) for repo in repos]):
-            return api_error(status.HTTP_403_FORBIDDEN,
-                             "You do not have permission to access those libraries")
-
         tokens = {}
         for repo in repos:
+            if not seafile_api.check_repo_access_permission(repo, request.user.username):
+                continue
             tokens[repo] = seafile_api.generate_repo_token(repo, request.user.username)
 
         return tokens
diff --git a/tests/api/test_repos.py b/tests/api/test_repos.py
index 046e2f187a..827d743941 100644
--- a/tests/api/test_repos.py
+++ b/tests/api/test_repos.py
@@ -3,6 +3,7 @@
 Test repos api.
 """
 
+import uuid
 import unittest
 
 from tests.api.apitestbase import ApiTestBase
@@ -163,10 +164,12 @@ class ReposApiTest(ApiTestBase):
     def test_generate_repo_tokens(self):
         with self.get_tmp_repo() as ra:
             with self.get_tmp_repo() as rb:
-                repo_ids = ','.join([ra.repo_id, rb.repo_id])
+                fake_repo_id = str(uuid.uuid4())
+                repo_ids = ','.join([ra.repo_id, rb.repo_id, fake_repo_id])
                 tokens = self.get(GET_REPO_TOKENS_URL + '?repos=%s' % repo_ids).json()
                 assert ra.repo_id in tokens
                 assert rb.repo_id in tokens
+                assert fake_repo_id not in tokens
                 for repo_id, token in tokens.iteritems():
                     self._get_repo_info(token, repo_id)