diff --git a/src/NuGetGallery/Controllers/ApiController.cs b/src/NuGetGallery/Controllers/ApiController.cs
index 4ed74b15da..f2e9da80bf 100644
--- a/src/NuGetGallery/Controllers/ApiController.cs
+++ b/src/NuGetGallery/Controllers/ApiController.cs
@@ -1227,7 +1227,11 @@ private HttpStatusCodeWithBodyResult GetHttpResultFromFailedApiScopeEvaluationHe
             }
 
             string message;
-            if (result.PermissionsCheckResult == PermissionsCheckResult.Allowed && !result.IsOwnerConfirmed)
+            if (!result.ScopesAreValid)
+            {
+                message = Strings.ApiKeyNotAuthorized_PackageIdScopeMismatch;
+            }
+            else if (result.PermissionsCheckResult == PermissionsCheckResult.Allowed && !result.IsOwnerConfirmed)
             {
                 message = Strings.ApiKeyOwnerUnconfirmed;
             }
diff --git a/src/NuGetGallery/Strings.resx b/src/NuGetGallery/Strings.resx
index c3be3e3533..3fd4c5cb4e 100644
--- a/src/NuGetGallery/Strings.resx
+++ b/src/NuGetGallery/Strings.resx
@@ -138,6 +138,9 @@
   <data name="ApiKeyNotAuthorized" xml:space="preserve">
     <value>The specified API key is invalid, has expired, or does not have permission to access the specified package.</value>
   </data>
+  <data name="ApiKeyNotAuthorized_PackageIdScopeMismatch" xml:space="preserve">
+    <value>The specified API key does not have permission to perform this action on this package. The API key may have a package ID scope that does not include this package ID, or it may not allow the requested action.</value>
+  </data>
   <data name="PackageExistsAndCannotBeModified" xml:space="preserve">
     <value>A package with ID '{0}' and version '{1}' already exists and cannot be modified.</value>
   </data>
diff --git a/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs
index cdbe6ddef3..ad39907c39 100644
--- a/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs
@@ -205,7 +205,7 @@ public static IEnumerable<object[]> InvalidScopes_Data
         {
             get
             {
-                yield return MemberDataHelper.AsData(new ApiScopeEvaluationResult(null, PermissionsCheckResult.Unknown, scopesAreValid: false), HttpStatusCode.Forbidden, Strings.ApiKeyNotAuthorized);
+                yield return MemberDataHelper.AsData(new ApiScopeEvaluationResult(null, PermissionsCheckResult.Unknown, scopesAreValid: false), HttpStatusCode.Forbidden, Strings.ApiKeyNotAuthorized_PackageIdScopeMismatch);
 
                 foreach (var result in Enum.GetValues(typeof(PermissionsCheckResult)).Cast<PermissionsCheckResult>())
                 {