diff --git a/swh/web/admin/origin_save.py b/swh/web/admin/origin_save.py
--- a/swh/web/admin/origin_save.py
+++ b/swh/web/admin/origin_save.py
@@ -184,17 +184,17 @@
 @staff_member_required(view_func=None, login_url=settings.LOGIN_URL)
 def _admin_origin_save_request_reject(request, visit_type, origin_url):
     try:
-        SaveUnauthorizedOrigin.objects.get(url=origin_url)
+        sor = SaveOriginRequest.objects.get(
+            visit_type=visit_type, origin_url=origin_url, status=SAVE_REQUEST_PENDING
+        )
     except ObjectDoesNotExist:
-        SaveUnauthorizedOrigin.objects.create(url=origin_url)
-    sor = SaveOriginRequest.objects.get(
-        visit_type=visit_type, origin_url=origin_url, status=SAVE_REQUEST_PENDING
-    )
-
-    sor.status = SAVE_REQUEST_REJECTED
-    sor.note = json.loads(request.body).get("note")
-    sor.save()
-    return HttpResponse(status=200)
+        status_code = 404
+    else:
+        status_code = 200
+        sor.status = SAVE_REQUEST_REJECTED
+        sor.note = json.loads(request.body).get("note")
+        sor.save()
+    return HttpResponse(status=status_code)
 
 
 @admin_route(
diff --git a/swh/web/tests/admin/test_origin_save.py b/swh/web/tests/admin/test_origin_save.py
--- a/swh/web/tests/admin/test_origin_save.py
+++ b/swh/web/tests/admin/test_origin_save.py
@@ -164,6 +164,20 @@
     assert response.data[0]["note"] is None
 
 
+def test_reject_pending_save_request_not_found(client, staff_user, swh_scheduler):
+
+    visit_type = "git"
+    origin_url = "https://example.org"
+
+    reject_request_url = reverse(
+        "admin-origin-save-request-reject",
+        url_args={"visit_type": visit_type, "origin_url": origin_url},
+    )
+
+    client.force_login(staff_user)
+    check_http_post_response(client, reject_request_url, status_code=404)
+
+
 def test_reject_pending_save_request_with_note(client, staff_user, swh_scheduler):
 
     visit_type = "git"