diff --git a/src/gateway/control-ui.http.test.ts b/src/gateway/control-ui.http.test.ts
index aa8c923aed9..06bca5e35e9 100644
--- a/src/gateway/control-ui.http.test.ts
+++ b/src/gateway/control-ui.http.test.ts
@@ -326,6 +326,21 @@ describe("handleControlUiHttpRequest", () => {
     });
   });
 
+  it("does not handle /api paths when basePath is empty", async () => {
+    await withControlUiRoot({
+      fn: async (tmp) => {
+        for (const apiPath of ["/api", "/api/sessions", "/api/channels/nostr"]) {
+          const { handled } = runControlUiRequest({
+            url: apiPath,
+            method: "GET",
+            rootPath: tmp,
+          });
+          expect(handled, `expected ${apiPath} to not be handled`).toBe(false);
+        }
+      },
+    });
+  });
+
   it("rejects absolute-path escape attempts under basePath routes", async () => {
     await withBasePathRootFixture({
       siblingDir: "ui-secrets",
diff --git a/src/gateway/control-ui.ts b/src/gateway/control-ui.ts
index ed7b7330e91..18b8fb98753 100644
--- a/src/gateway/control-ui.ts
+++ b/src/gateway/control-ui.ts
@@ -292,6 +292,9 @@ export function handleControlUiHttpRequest(
       respondNotFound(res);
       return true;
     }
+    if (pathname === "/api" || pathname.startsWith("/api/")) {
+      return false;
+    }
   }
 
   if (basePath) {