diff --git a/packages/cms/lib/modules/api-proxy/index.js b/packages/cms/lib/modules/api-proxy/index.js
old mode 100644
new mode 100755
index e352c2032..ee19222a8
--- a/packages/cms/lib/modules/api-proxy/index.js
+++ b/packages/cms/lib/modules/api-proxy/index.js
@@ -21,6 +21,15 @@ module.exports = {
             pathRewrite: {['^' + apiPath]: '/api'},
             onProxyReq: (proxyReq, req, res) => {
 
+                const siteId = req.data.global.siteId;
+                let path = req.path;
+                let match = path.match(/\/api\/site\/(\d+)\/?/);
+                if (match && match[1] != siteId) {
+                    return res.status(403).json({
+                        'message' : self.apos.i18n.__('The api call is for another site')
+                    });
+                }
+            
                 /**
                  * Validate the request with captcha if send by a form
                  */