diff --git a/api/http/security/bouncer.go b/api/http/security/bouncer.go
index e6a8fc962..76b47aaea 100644
--- a/api/http/security/bouncer.go
+++ b/api/http/security/bouncer.go
@@ -12,6 +12,7 @@ type (
 	// RequestBouncer represents an entity that manages API request accesses
 	RequestBouncer struct {
 		jwtService            portainer.JWTService
+		userService           portainer.UserService
 		teamMembershipService portainer.TeamMembershipService
 		authDisabled          bool
 	}
@@ -27,9 +28,10 @@ type (
 )
 
 // NewRequestBouncer initializes a new RequestBouncer
-func NewRequestBouncer(jwtService portainer.JWTService, teamMembershipService portainer.TeamMembershipService, authDisabled bool) *RequestBouncer {
+func NewRequestBouncer(jwtService portainer.JWTService, userService portainer.UserService, teamMembershipService portainer.TeamMembershipService, authDisabled bool) *RequestBouncer {
 	return &RequestBouncer{
 		jwtService:            jwtService,
+		userService:           userService,
 		teamMembershipService: teamMembershipService,
 		authDisabled:          authDisabled,
 	}
@@ -136,6 +138,15 @@ func (bouncer *RequestBouncer) mwCheckAuthentication(next http.Handler) http.Han
 				httperror.WriteErrorResponse(w, err, http.StatusUnauthorized, nil)
 				return
 			}
+
+			_, err = bouncer.userService.User(tokenData.ID)
+			if err != nil && err == portainer.ErrUserNotFound {
+				httperror.WriteErrorResponse(w, portainer.ErrUnauthorized, http.StatusUnauthorized, nil)
+				return
+			} else if err != nil {
+				httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, nil)
+				return
+			}
 		} else {
 			tokenData = &portainer.TokenData{
 				Role: portainer.AdministratorRole,
diff --git a/api/http/server.go b/api/http/server.go
index d429044b2..fc5f08972 100644
--- a/api/http/server.go
+++ b/api/http/server.go
@@ -41,7 +41,7 @@ type Server struct {
 
 // Start starts the HTTP server
 func (server *Server) Start() error {
-	requestBouncer := security.NewRequestBouncer(server.JWTService, server.TeamMembershipService, server.AuthDisabled)
+	requestBouncer := security.NewRequestBouncer(server.JWTService, server.UserService, server.TeamMembershipService, server.AuthDisabled)
 	proxyManager := proxy.NewManager(server.ResourceControlService, server.TeamMembershipService, server.SettingsService)
 
 	var fileHandler = handler.NewFileHandler(filepath.Join(server.AssetsPath, "public"))