diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index c43317fd79..dcdd805ed3 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -113,6 +113,12 @@ class ProfileController extends Controller
      * @return View
      */
     public function api() {
+
+        // Make sure the self.api permission has been granted
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+        
         return view('account/api');
     }