diff --git a/arlas-iam-core/src/main/java/io/arlas/iam/util/ArlasMessage.java b/arlas-iam-core/src/main/java/io/arlas/iam/util/ArlasMessage.java
new file mode 100644
index 0000000..6b1fa71
--- /dev/null
+++ b/arlas-iam-core/src/main/java/io/arlas/iam/util/ArlasMessage.java
@@ -0,0 +1,17 @@
+package io.arlas.iam.util;
+
+
+public class ArlasMessage {
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
+    public String message;
+    public ArlasMessage(String message) {
+        this.message = message;
+    }
+}
diff --git a/arlas-iam-rest/src/main/java/io/arlas/iam/rest/service/IAMRestService.java b/arlas-iam-rest/src/main/java/io/arlas/iam/rest/service/IAMRestService.java
index 0ca10c2..2183454 100644
--- a/arlas-iam-rest/src/main/java/io/arlas/iam/rest/service/IAMRestService.java
+++ b/arlas-iam-rest/src/main/java/io/arlas/iam/rest/service/IAMRestService.java
@@ -14,6 +14,7 @@
 import io.arlas.iam.rest.model.input.*;
 import io.arlas.iam.rest.model.output.*;
 import io.arlas.iam.util.ArlasAuthServerConfiguration;
+import io.arlas.iam.util.ArlasMessage;
 import io.dropwizard.hibernate.UnitOfWork;
 import io.swagger.annotations.*;
 import org.slf4j.Logger;
@@ -96,11 +97,11 @@ private void logUAM(HttpServletRequest request, HttpHeaders headers, String oid,
     @Timed
     @Path("auth")
     @GET
-    @Produces(MediaType.TEXT_PLAIN)
+    @Produces(UTF8JSON)
     @Consumes(UTF8JSON)
     @ApiOperation(authorizations = @Authorization("JWT"),
             value = "Validate authentication to another URI",
-            produces = MediaType.TEXT_PLAIN,
+            produces = UTF8JSON,
             consumes = UTF8JSON
     )
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Successful operation", response = String.class),
@@ -113,8 +114,8 @@ public Response forwardAuth(
             @Context UriInfo uriInfo
     ) {
         return Response.ok(uriInfo.getRequestUriBuilder().build())
-                .entity("ok")
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .entity(new ArlasMessage("ok"))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 
@@ -185,7 +186,7 @@ public Response logout(
         return Response.ok(uriInfo.getRequestUriBuilder().build())
                 .entity("Session deleted.")
                 .header("Set-Cookie", "refresh_token=; Max-Age=0")
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 
@@ -298,8 +299,8 @@ public Response deleteApiKey(
         authService.deleteApiKey(getUser(headers), UUID.fromString(uid), UUID.fromString(oid), UUID.fromString(kid));
         logUAM(request, headers,  "users", String.format("delete-api-key (id=%s)", kid));
         return Response.accepted(uriInfo.getRequestUriBuilder().build())
-                .entity("Api key deleted.")
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .entity(new ArlasMessage("Api key deleted."))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
 
     }
@@ -361,8 +362,8 @@ public Response askPasswordReset(
         authService.askPasswordReset(email);
         logUAM(request, headers,  "users", "ask-password-reset");
         return Response.ok(uriInfo.getRequestUriBuilder().build())
-                .entity("ok")
-                .type(MediaType.TEXT_PLAIN)
+                .entity(new ArlasMessage("ok"))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 
@@ -499,8 +500,8 @@ public Response deleteUser(
         authService.deleteUser(UUID.fromString(id));
         logUAM(request, headers,  "users", "delete-user-account");
         return Response.accepted(uriInfo.getRequestUriBuilder().build())
-                .entity("User deleted.")
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .entity(new ArlasMessage("User deleted."))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
 
     }
@@ -631,8 +632,8 @@ public Response deleteOrganisation(
         authService.deleteOrganisation(getUser(headers), UUID.fromString(oid));
         logUAM(request, headers,  oid, "organisations", "delete-organisation");
         return Response.accepted(uriInfo.getRequestUriBuilder().build())
-                .entity("organisation deleted")
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .entity(new ArlasMessage("organisation deleted"))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 
@@ -920,8 +921,8 @@ public Response removeNameFromForbiddenOrganisation(
         authService.removeForbiddenOrganisation(getUser(headers), name);
         logUAM(request, headers,  "stoplist", String.format("remove-forbidden-name (name=%s)", name));
         return Response.accepted(uriInfo.getRequestUriBuilder().build())
-                .entity("ok")
-                .type(MediaType.TEXT_PLAIN)
+                .entity(new ArlasMessage("ok"))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 
@@ -1775,7 +1776,7 @@ public Response getPermissionToken(
     ) throws ArlasException {
         return Response.ok(uriInfo.getRequestUriBuilder().build())
                 .entity(authService.createPermissionToken(headers, orgFilter))
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }