diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index ca65148a35..307ed38882 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -414,8 +414,11 @@ func reqBasicOrRevProxyAuth() func(ctx *context.APIContext) {
 		if ctx.IsSigned && setting.Service.EnableReverseProxyAuthAPI && ctx.Data["AuthedMethod"].(string) == auth.ReverseProxyMethodName {
 			return
 		}
-		if !ctx.IsBasicAuth {
-			ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "auth required")
+
+		// Require basic authorization method to be used and that basic
+		// authorization used password login to verify the user.
+		if passwordLogin, ok := ctx.Data["IsPasswordLogin"].(bool); !ok || !passwordLogin {
+			ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "auth method not allowed")
 			return
 		}
 	}
diff --git a/services/auth/basic.go b/services/auth/basic.go
index f259ad5f69..4ffe712744 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -151,6 +151,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 
 	log.Trace("Basic Authorization: Logged in user %-v", u)
 
+	store.GetData()["IsPasswordLogin"] = true
 	return u, nil
 }