diff --git a/lib/API/JSON/API.php b/lib/API/JSON/API.php
index 5df022d8f8..9ebab1a9c8 100644
--- a/lib/API/JSON/API.php
+++ b/lib/API/JSON/API.php
@@ -130,6 +130,10 @@ class API {
 
       $endpoint = new $this->_request_endpoint_class();
 
+      if(!method_exists($endpoint, $this->_request_method)) {
+        throw new \Exception(__('Invalid API endpoint method.', 'mailpoet'));
+      }
+
       // check the accessibility of the requested endpoint's action
       // by default, an endpoint's action is considered "private"
       if(!$this->validatePermissions($this->_request_method, $endpoint->permissions)) {
diff --git a/tests/unit/API/JSON/APITest.php b/tests/unit/API/JSON/APITest.php
index f92856ce21..8af732cc9f 100644
--- a/tests/unit/API/JSON/APITest.php
+++ b/tests/unit/API/JSON/APITest.php
@@ -221,6 +221,26 @@ class APITest extends \MailPoetTest {
     expect($api->validatePermissions('test', $permissions))->true();
   }
 
+  function testItThrowsExceptionWhenInvalidEndpointMethodIsCalled() {
+    $this->api = API::JSON(new AccessControl());
+    $namespace = array(
+      'name' => 'MailPoet\API\JSON\v2',
+      'version' => 'v2'
+    );
+    $this->api->addEndpointNamespace($namespace['name'], $namespace['version']);
+
+    $data = array(
+      'endpoint' => 'a_p_i_test_namespaced_endpoint_stub_v2',
+      'api_version' => 'v2',
+      'method' => 'fakeMethod'
+    );
+    $this->api->setRequestData($data);
+    $response = $this->api->processRoute();
+
+    expect($response->status)->equals(Response::STATUS_BAD_REQUEST);
+    expect($response->errors[0]['message'])->equals('Invalid API endpoint method.');
+  }
+
   function _after() {
     WPHooksHelper::releaseAllHooks();
     wp_delete_user($this->wp_user_id);