diff --git a/src/server/api/call.ts b/src/server/api/call.ts
index b1e166876..9257ed590 100644
--- a/src/server/api/call.ts
+++ b/src/server/api/call.ts
@@ -8,6 +8,10 @@ export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any,
 
 	const ep = typeof endpoint == 'string' ? endpoints.find(e => e.name == endpoint) : endpoint;
 
+	if (ep.name.includes('.') {
+		return rej('INVALID_ENDPOINT');
+	}
+
 	if (ep.secure && !isSecure) {
 		return rej('ACCESS_DENIED');
 	}