diff --git a/api/index.php b/api/index.php
index 77b28904..672bbf8b 100644
--- a/api/index.php
+++ b/api/index.php
@@ -16,6 +16,11 @@ function handle404() {
 }
 
 function before() {
+    if (defined('HESK_DEMO') && $_SERVER['REQUEST_METHOD'] !== 'GET') {
+        print_error('Demo Mode', 'Only read-only commands are available in demo mode!', null, 401);
+        die();
+    }
+
     $internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
 
     if ($internalUse === 'true') {