diff --git a/app/api/server/settings.js b/app/api/server/settings.js
index afc90469617d..f4a7413a8fb9 100644
--- a/app/api/server/settings.js
+++ b/app/api/server/settings.js
@@ -8,6 +8,7 @@ settings.addGroup('General', function() {
 		this.add('API_Enable_Direct_Message_History_EndPoint', false, { type: 'boolean', public: false });
 		this.add('API_Enable_Shields', true, { type: 'boolean', public: false });
 		this.add('API_Shield_Types', '*', { type: 'string', public: false, enableQuery: { _id: 'API_Enable_Shields', value: true } });
+		this.add('API_Shield_user_require_auth', false, { type: 'boolean', public: false, enableQuery: { _id: 'API_Enable_Shields', value: true } });
 		this.add('API_Enable_CORS', false, { type: 'boolean', public: false });
 		this.add('API_CORS_Origin', '*', { type: 'string', public: false, enableQuery: { _id: 'API_Enable_CORS', value: true } });
 	});
diff --git a/app/api/server/v1/misc.js b/app/api/server/v1/misc.js
index 59d043e79dd1..033bc3b9b055 100644
--- a/app/api/server/v1/misc.js
+++ b/app/api/server/v1/misc.js
@@ -88,6 +88,9 @@ API.v1.addRoute('shield.svg', { authRequired: false, rateLimiterOptions: { numRe
 				text = `#${ channel }`;
 				break;
 			case 'user':
+				if (settings.get('API_Shield_user_require_auth') && !this.getLoggedInUser()) {
+					return API.v1.failure('You must be logged in to do this.');
+				}
 				const user = this.getUserFromParams();
 
 				// Respect the server's choice for using their real names or not
diff --git a/packages/rocketchat-i18n/i18n/en.i18n.json b/packages/rocketchat-i18n/i18n/en.i18n.json
index 24ce3be9a4bc..33b5e24608c0 100644
--- a/packages/rocketchat-i18n/i18n/en.i18n.json
+++ b/packages/rocketchat-i18n/i18n/en.i18n.json
@@ -335,6 +335,7 @@
   "API_Personal_Access_Tokens_Regenerate_It": "Regenerate token",
   "API_Shield_Types": "Shield Types",
   "API_Shield_Types_Description": "Types of shields to enable as a comma separated list, choose from `online`, `channel` or `*` for all",
+  "API_Shield_user_require_auth": "Require authentication for users shields",
   "API_Token": "API Token",
   "API_Tokenpass_URL": "Tokenpass Server URL",
   "API_Tokenpass_URL_Description": "Example: https://domain.com (excluding trailing slash)",
diff --git a/packages/rocketchat-i18n/i18n/pt-BR.i18n.json b/packages/rocketchat-i18n/i18n/pt-BR.i18n.json
index cd0e6f4b00b6..c95d3a7d09ae 100644
--- a/packages/rocketchat-i18n/i18n/pt-BR.i18n.json
+++ b/packages/rocketchat-i18n/i18n/pt-BR.i18n.json
@@ -325,6 +325,7 @@
   "API_Personal_Access_Tokens_Regenerate_It": "Renovar código",
   "API_Shield_Types": "Tipos de escudo",
   "API_Shield_Types_Description": "Tipos de escudos para habilitar como uma lista separada por vírgulas, escolha entre \"on-line\", \"canal\" ou \"*\" para todos",
+  "API_Shield_user_require_auth": "Exigir autenticaçāo para escudos de usuários",
   "API_Token": "API Token",
   "API_Tokenpass_URL": "URL do Servidor Tokenpass",
   "API_Tokenpass_URL_Description": "Exemplo: https://domain.com (excluindo a barra diagonal)",