diff --git a/app/Http/Middleware/Api/Client/AuthenticateClientAccess.php b/app/Http/Middleware/Api/Client/AuthenticateClientAccess.php
deleted file mode 100644
index 0a006aef0..000000000
--- a/app/Http/Middleware/Api/Client/AuthenticateClientAccess.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-
-namespace Pterodactyl\Http\Middleware\Api\Client;
-
-use Closure;
-use Illuminate\Http\Request;
-use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
-
-class AuthenticateClientAccess
-{
-    /**
-     * Authenticate that the currently authenticated user has permission
-     * to access the specified server.
-     *
-     * @param \Illuminate\Http\Request $request
-     * @param \Closure                 $next
-     * @return mixed
-     */
-    public function handle(Request $request, Closure $next)
-    {
-        if (is_null($request->user())) {
-            throw new AccessDeniedHttpException('This account does not have permission to access this resource.');
-        }
-
-        return $next($request);
-    }
-}
diff --git a/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php b/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php
new file mode 100644
index 000000000..e42417f65
--- /dev/null
+++ b/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Api\Client\Server;
+
+use Closure;
+use Illuminate\Http\Request;
+use Pterodactyl\Models\Server;
+use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
+use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+
+class AuthenticateServerAccess
+{
+    /**
+     * @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
+     */
+    private $repository;
+
+    /**
+     * AuthenticateServerAccess constructor.
+     *
+     * @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $repository
+     */
+    public function __construct(ServerRepositoryInterface $repository)
+    {
+        $this->repository = $repository;
+    }
+
+    /**
+     * Authenticate that this server exists and is not suspended or marked as installing.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        $server = $request->route()->parameter('server');
+
+        if (! $server instanceof Server) {
+            throw new NotFoundHttpException;
+        }
+
+        if ($server->suspended) {
+            throw new AccessDeniedHttpException('Cannot access a server that is marked as being suspended.');
+        }
+
+        if (! $server->isInstalled()) {
+            throw new ConflictHttpException('Server has not completed the installation process.');
+        }
+
+        $request->attributes->set('server', $server);
+
+        return $next($request);
+    }
+}
diff --git a/app/Http/Requests/Api/Client/Servers/Databases/DeleteDatabaseRequest.php b/app/Http/Requests/Api/Client/Servers/Databases/DeleteDatabaseRequest.php
index 44168999e..b43dd0d5f 100644
--- a/app/Http/Requests/Api/Client/Servers/Databases/DeleteDatabaseRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Databases/DeleteDatabaseRequest.php
@@ -18,15 +18,10 @@ class DeleteDatabaseRequest extends ClientApiRequest implements ClientPermission
     }
 
     /**
-     * Determine if the provided database even belongs to this server instance.
-     *
      * @return bool
      */
     public function resourceExists(): bool
     {
-        $server = $this->getModel(Server::class);
-        $database = $this->getModel(Database::class);
-
-        return $database->server_id === $server->id;
+        return $this->getModel(Server::class)->id === $this->getModel(Database::class)->server_id;
     }
 }
diff --git a/app/Models/Server.php b/app/Models/Server.php
index 5d42cf86b..9294a2141 100644
--- a/app/Models/Server.php
+++ b/app/Models/Server.php
@@ -143,6 +143,14 @@ class Server extends Model implements CleansAttributes, ValidableContract
         return Schema::getColumnListing($this->getTable());
     }
 
+    /**
+     * @return bool
+     */
+    public function isInstalled(): bool
+    {
+        return $this->installed === 1;
+    }
+
     /**
      * Gets the user who owns the server.
      *
diff --git a/routes/api-client.php b/routes/api-client.php
index 697f7f917..015dfa7b9 100644
--- a/routes/api-client.php
+++ b/routes/api-client.php
@@ -1,6 +1,6 @@
 <?php
 
-use Pterodactyl\Http\Middleware\Api\Client\AuthenticateClientAccess;
+use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;
 
 /*
 |--------------------------------------------------------------------------
@@ -27,7 +27,7 @@ Route::group(['prefix' => '/account'], function () {
 | Endpoint: /api/client/servers/{server}
 |
 */
-Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateClientAccess::class]], function () {
+Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateServerAccess::class]], function () {
     Route::get('/', 'Servers\ServerController@index')->name('api.client.servers.view');
     Route::get('/utilization', 'Servers\ResourceUtilizationController@index')
         ->name('api.client.servers.resources');