diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java b/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java
index 1bbc4f10ec..3435e6dbdc 100644
--- a/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java
+++ b/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java
@@ -26,6 +26,7 @@
 import org.opensearch.test.framework.cluster.LocalCluster;
 import org.opensearch.test.framework.cluster.TestRestClient;
 import org.opensearch.test.framework.cluster.TestRestClient.HttpResponse;
+import org.opensearch.test.framework.matcher.RestMatchers;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsString;
@@ -108,10 +109,10 @@ public void testPluginShouldNotBeAbleToIndexDocumentIntoSystemIndexRegisteredByO
         try (TestRestClient client = cluster.getRestClient(USER_ADMIN)) {
             HttpResponse response = client.put("try-create-and-index/" + SYSTEM_INDEX_2);
 
-            assertThat(response.getStatusCode(), equalTo(RestStatus.FORBIDDEN.getStatus()));
             assertThat(
-                response.getBody(),
-                containsString(
+                response,
+                RestMatchers.isForbidden(
+                    "/error/root_cause/0/reason",
                     "no permissions for [] and User [name=plugin:org.opensearch.security.systemindex.sampleplugin.SystemIndexPlugin1"
                 )
             );
@@ -123,8 +124,7 @@ public void testPluginShouldBeAbleToCreateSystemIndexButUserShouldNotBeAbleToInd
         try (TestRestClient client = cluster.getRestClient(USER_ADMIN)) {
             HttpResponse response = client.put("try-create-and-index/" + SYSTEM_INDEX_1 + "?runAs=user");
 
-            assertThat(response.getStatusCode(), equalTo(RestStatus.FORBIDDEN.getStatus()));
-            assertThat(response.getBody(), containsString("no permissions for [] and User [name=admin"));
+            assertThat(response, RestMatchers.isForbidden("/error/root_cause/0/reason", "no permissions for [] and User [name=admin"));
         }
     }
 
@@ -133,10 +133,10 @@ public void testPluginShouldNotBeAbleToRunClusterActions() {
         try (TestRestClient client = cluster.getRestClient(USER_ADMIN)) {
             HttpResponse response = client.get("try-cluster-health/plugin");
 
-            assertThat(response.getStatusCode(), equalTo(RestStatus.FORBIDDEN.getStatus()));
             assertThat(
-                response.getBody(),
-                containsString(
+                response,
+                RestMatchers.isForbidden(
+                    "/error/root_cause/0/reason",
                     "no permissions for [cluster:monitor/health] and User [name=plugin:org.opensearch.security.systemindex.sampleplugin.SystemIndexPlugin1"
                 )
             );
diff --git a/src/integrationTest/java/org/opensearch/test/framework/matcher/RestMatchers.java b/src/integrationTest/java/org/opensearch/test/framework/matcher/RestMatchers.java
new file mode 100644
index 0000000000..05986213ad
--- /dev/null
+++ b/src/integrationTest/java/org/opensearch/test/framework/matcher/RestMatchers.java
@@ -0,0 +1,59 @@
+package org.opensearch.test.framework.matcher;
+
+import org.hamcrest.Description;
+import org.hamcrest.DiagnosingMatcher;
+
+import org.opensearch.test.framework.cluster.TestRestClient.HttpResponse;
+
+public class RestMatchers {
+
+    private RestMatchers() {}
+
+    public static DiagnosingMatcher<HttpResponse> isForbidden(String jsonPointer, String patternString) {
+        return new DiagnosingMatcher<HttpResponse>() {
+
+            @Override
+            public void describeTo(Description description) {
+                description.appendText("Response has status 403 Forbidden with a JSON response that has the value ")
+                    .appendValue(patternString)
+                    .appendText(" at ")
+                    .appendValue(jsonPointer);
+            }
+
+            @Override
+            protected boolean matches(Object item, Description mismatchDescription) {
+                if (!(item instanceof HttpResponse)) {
+                    mismatchDescription.appendValue(item).appendText(" is not a HttpResponse");
+                    return false;
+                }
+
+                HttpResponse response = (HttpResponse) item;
+
+                if (response.getStatusCode() != 403) {
+                    mismatchDescription.appendText("Status is not 403 Forbidden: ").appendText("\n").appendValue(item);
+                    return false;
+                }
+
+                try {
+                    String value = response.getTextFromJsonBody(jsonPointer);
+
+                    if (value == null) {
+                        mismatchDescription.appendText("Could not find value at " + jsonPointer).appendText("\n").appendValue(item);
+                        return false;
+                    }
+
+                    if (value.contains(patternString)) {
+                        return true;
+                    } else {
+                        mismatchDescription.appendText("Value at " + jsonPointer + " does not match pattern: " + patternString + "\n")
+                            .appendValue(item);
+                        return false;
+                    }
+                } catch (Exception e) {
+                    mismatchDescription.appendText("Parsing request body failed with " + e).appendText("\n").appendValue(item);
+                    return false;
+                }
+            }
+        };
+    }
+}