diff --git a/src/routes/index.js b/src/routes/index.js
index faff537df5..514bcee696 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -99,7 +99,7 @@ module.exports = async function (app, middleware) {
 	var ensureLoggedIn = require('connect-ensure-login');
 
 	router.all('(/+api|/+api/*?)', middleware.prepareAPI);
-	router.all('(/+api/admin|/+api/admin/*?)', middleware.admin.checkPrivileges);
+	router.all('(/+api/admin|/+api/admin/*?)', middleware.authenticate, middleware.admin.checkPrivileges);
 	router.all('(/+admin|/+admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.admin.checkPrivileges);
 
 	app.use(middleware.stripLeadingSlashes);