diff --git a/pkg/services/common/ape/checker.go b/pkg/services/common/ape/checker.go
index 0f342df46..595a2490d 100644
--- a/pkg/services/common/ape/checker.go
+++ b/pkg/services/common/ape/checker.go
@@ -104,7 +104,7 @@ func (c *checkerCoreImpl) CheckAPE(ctx context.Context, prm CheckPrm) error {
 	if found && status == apechain.Allow {
 		return nil
 	}
-	return newChainRouterError(rt, prm.Request, status)
+	return NewChainRouterError(rt, prm.Request, status)
 }
 
 // isValidBearer checks whether bearer token was correctly signed by authorized
diff --git a/pkg/services/common/ape/error.go b/pkg/services/common/ape/error.go
index c881fc076..441c85a1c 100644
--- a/pkg/services/common/ape/error.go
+++ b/pkg/services/common/ape/error.go
@@ -21,7 +21,7 @@ func (e *ChainRouterError) Error() string {
 	return fmt.Sprintf("access to operation %s is denied by access policy engine: %s", e.request.Operation(), e.status)
 }
 
-func newChainRouterError(target policyengine.RequestTarget, request aperequest.Request, status apechain.Status) *ChainRouterError {
+func NewChainRouterError(target policyengine.RequestTarget, request aperequest.Request, status apechain.Status) *ChainRouterError {
 	return &ChainRouterError{
 		target:  target,
 		request: request,