diff --git a/packages/endpoint-auth/lib/controllers/consent.js b/packages/endpoint-auth/lib/controllers/consent.js
index c7f713716..1f1083588 100644
--- a/packages/endpoint-auth/lib/controllers/consent.js
+++ b/packages/endpoint-auth/lib/controllers/consent.js
@@ -45,7 +45,7 @@ export const consentController = {
    * @see {@link https://indieauth.spec.indieweb.org/#authorization-response}
    */
   post(request, response) {
-    let { scope } = request.body;
+    let scope = request.body?.scope;
     const {
       client_id,
       code_challenge,
diff --git a/packages/endpoint-auth/lib/controllers/introspection.js b/packages/endpoint-auth/lib/controllers/introspection.js
index 9ac5aad39..290e009b7 100644
--- a/packages/endpoint-auth/lib/controllers/introspection.js
+++ b/packages/endpoint-auth/lib/controllers/introspection.js
@@ -10,7 +10,7 @@ export const introspectionController = {
    */
   post(request, response) {
     try {
-      let { token } = request.body;
+      let token = request.body?.token;
 
       if (!token) {
         // Remove ‘Bearer ’ from authorization header
diff --git a/packages/endpoint-posts/lib/middleware/post-data.js b/packages/endpoint-posts/lib/middleware/post-data.js
index 8e1911195..67b90c5e4 100644
--- a/packages/endpoint-posts/lib/middleware/post-data.js
+++ b/packages/endpoint-posts/lib/middleware/post-data.js
@@ -16,7 +16,7 @@ export const postData = {
 
     // Create new post object with default values
     const postType = request.query.type || "note";
-    const properties = request?.body || {};
+    const properties = request.body || {};
 
     // Get post type config
     const { name, fields, h } = publication.postTypes[postType];
diff --git a/packages/endpoint-syndicate/lib/token.js b/packages/endpoint-syndicate/lib/token.js
index 671653eca..22aa7d173 100644
--- a/packages/endpoint-syndicate/lib/token.js
+++ b/packages/endpoint-syndicate/lib/token.js
@@ -3,14 +3,14 @@ import { IndiekitError } from "@indiekit/error";
 import jwt from "jsonwebtoken";
 
 export const findBearerToken = (request) => {
-  if (request.headers?.["x-webhook-signature"] && request?.body?.url) {
+  if (request.headers?.["x-webhook-signature"] && request.body?.url) {
     const signature = request.headers["x-webhook-signature"];
     const verifiedToken = verifyToken(signature);
     const bearerToken = signToken(verifiedToken, request.body.url);
     return bearerToken;
   }
 
-  if (request?.body?.access_token) {
+  if (request.body?.access_token) {
     const bearerToken = request.body.access_token;
     delete request.body.access_token;
     return bearerToken;