diff --git a/include/api.php b/include/api.php
index 567e3cc43..eb02a6bfa 100644
--- a/include/api.php
+++ b/include/api.php
@@ -25,7 +25,6 @@
 
 use Friendica\App;
 use Friendica\Content\ContactSelector;
-use Friendica\Content\Feature;
 use Friendica\Content\Text\BBCode;
 use Friendica\Content\Text\HTML;
 use Friendica\Core\Hook;
@@ -42,7 +41,6 @@ use Friendica\Model\Item;
 use Friendica\Model\Mail;
 use Friendica\Model\Notify;
 use Friendica\Model\Photo;
-use Friendica\Model\Profile;
 use Friendica\Model\User;
 use Friendica\Model\UserItem;
 use Friendica\Network\FKOAuth1;
@@ -5920,7 +5918,7 @@ function api_friendica_notification_seen($type)
 	$id = (!empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0);
 
 	try {
-		$notify = DI::notify()->getByID($id);
+		$notify = DI::notify()->getByID($id, api_user());
 		DI::notify()->setSeen(true, $notify);
 
 		if ($notify->otype === Notify\ObjectType::ITEM) {
diff --git a/src/Module/Notifications/Notification.php b/src/Module/Notifications/Notification.php
index 63e9291b9..2dc008248 100644
--- a/src/Module/Notifications/Notification.php
+++ b/src/Module/Notifications/Notification.php
@@ -107,7 +107,7 @@ class Notification extends BaseModule
 		$request_id = $parameters['id'] ?? false;
 
 		if ($request_id) {
-			$notify = DI::notify()->getByID($request_id);
+			$notify = DI::notify()->getByID($request_id, local_user());
 			DI::notify()->setSeen(true, $notify);
 
 			if (!empty($notify->link)) {
diff --git a/src/Repository/Notify.php b/src/Repository/Notify.php
index d8887affd..b72ccecf0 100644
--- a/src/Repository/Notify.php
+++ b/src/Repository/Notify.php
@@ -23,9 +23,9 @@ namespace Friendica\Repository;
 
 use Exception;
 use Friendica\BaseRepository;
+use Friendica\Collection;
 use Friendica\Core\Hook;
 use Friendica\Model;
-use Friendica\Collection;
 use Friendica\Network\HTTPException\InternalServerErrorException;
 use Friendica\Network\HTTPException\NotFoundException;
 use Friendica\Util\DateTimeFormat;
@@ -61,14 +61,17 @@ class Notify extends BaseRepository
 	}
 
 	/**
-	 * {@inheritDoc}
+	 * Return one notify instance based on ID / UID
+	 *
+	 * @param int $id The ID of the notify instance
+	 * @param int $uid The user ID, bound to this notify instance (= security check)
 	 *
 	 * @return Model\Notify
 	 * @throws NotFoundException
 	 */
-	public function getByID(int $id)
+	public function getByID(int $id, int $uid)
 	{
-		return $this->selectFirst(['id' => $id, 'uid' => local_user()]);
+		return $this->selectFirst(['id' => $id, 'uid' => $uid]);
 	}
 
 	/**