diff --git a/include/api.php b/include/api.php
index af71e2f1cf..6e704cb125 100644
--- a/include/api.php
+++ b/include/api.php
@@ -3700,11 +3700,6 @@ api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy',
 function api_direct_messages_box($type, $box, $verbose)
 {
 	$a = get_app();
-	$user_info = api_get_user($a);
-
-	if (api_user() === false || $user_info === false) {
-		throw new ForbiddenException();
-	}
 
 	// params
 	$count = (x($_GET, 'count') ? $_GET['count'] : 20);
@@ -3726,6 +3721,10 @@ function api_direct_messages_box($type, $box, $verbose)
 	unset($_REQUEST["screen_name"]);
 	unset($_GET["screen_name"]);
 
+	$user_info = api_get_user($a);
+	if (api_user() === false || $user_info === false) {
+		throw new ForbiddenException();
+	}
 	$profile_url = $user_info["url"];
 
 	// pagination