diff --git a/changelog/unreleased/pr-24590.toml b/changelog/unreleased/pr-24590.toml
new file mode 100644
index 000000000000..2d61f4defc92
--- /dev/null
+++ b/changelog/unreleased/pr-24590.toml
@@ -0,0 +1,4 @@
+type = "f"
+message = "Return 404 instead of HTML for non-existent API methods."
+
+pulls = ["24590"]
diff --git a/graylog2-server/src/main/java/org/graylog2/configuration/HttpConfiguration.java b/graylog2-server/src/main/java/org/graylog2/configuration/HttpConfiguration.java
index bb807b83dde3..67d2afcc8e2a 100644
--- a/graylog2-server/src/main/java/org/graylog2/configuration/HttpConfiguration.java
+++ b/graylog2-server/src/main/java/org/graylog2/configuration/HttpConfiguration.java
@@ -47,7 +47,8 @@ public class HttpConfiguration {
     private static final int GRAYLOG_DEFAULT_PORT = 9000;
 
     public static final String OVERRIDE_HEADER = "X-Graylog-Server-URL";
-    public static final String PATH_API = "api/";
+    public static final String API_PREFIX = "api";
+    public static final String PATH_API = API_PREFIX + "/";
 
     @Documentation("""
             ## HTTP bind address
diff --git a/graylog2-server/src/main/java/org/graylog2/web/resources/WebInterfaceAssetsResource.java b/graylog2-server/src/main/java/org/graylog2/web/resources/WebInterfaceAssetsResource.java
index 19c164aa0b9d..ed72abcd823e 100644
--- a/graylog2-server/src/main/java/org/graylog2/web/resources/WebInterfaceAssetsResource.java
+++ b/graylog2-server/src/main/java/org/graylog2/web/resources/WebInterfaceAssetsResource.java
@@ -162,6 +162,10 @@ private String removeTrailingSlash(String basePath) {
     @Path("{filename:.*}")
     public Response getIndex(@Context ContainerRequest request,
                              @Context HttpHeaders headers) {
+        // If we end up here, the request should go to the API, but no resource class matched it, so we return a 404.
+        if (request.getAbsolutePath().getPath().startsWith("/" + HttpConfiguration.API_PREFIX)) {
+            return Response.status(Response.Status.NOT_FOUND).build();
+        }
         final URI originalLocation = request.getRequestUri();
         return get(request, headers, originalLocation.getPath());
     }