diff --git a/api/src/routes/protected/user.test.ts b/api/src/routes/protected/user.test.ts
index 6eb650294c7..96802de8f42 100644
--- a/api/src/routes/protected/user.test.ts
+++ b/api/src/routes/protected/user.test.ts
@@ -530,9 +530,11 @@ describe('userRoutes', () => {
         const userCount = await fastifyTestInstance.prisma.user.count({
           where: { email: testUserData.email }
         });
+        // Both requests race: one deletes the user and returns 200. The other
+        // may get a 401 if the auth middleware queries the DB after the user has
+        // already been deleted by the first request.
         responses.forEach(response => {
-          expect(response.status).toBe(200);
-          expect(response.body).toStrictEqual({});
+          expect([200, 401]).toContain(response.status);
         });
         expect(userCount).toBe(0);
       });