diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 3eb6c2405..fd3cf0b95 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -22,7 +22,6 @@ use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
 use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
 use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
 use Pterodactyl\Http\Middleware\Api\PreventUnboundModels;
-use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
 use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
@@ -32,6 +31,7 @@ use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
 use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;
 use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance;
 use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
+use Pterodactyl\Http\Middleware\Api\Application\SubstituteApplicationApiBindings;
 
 class Kernel extends HttpKernel
 {
@@ -69,8 +69,10 @@ class Kernel extends HttpKernel
             IsValidJson::class,
             EnsureFrontendRequestsAreStateful::class,
             'auth:sanctum',
-            ApiSubstituteBindings::class,
+            SubstituteApplicationApiBindings::class,
+            PreventUnboundModels::class,
             AuthenticateApplicationUser::class,
+            RequireTwoFactorAuthentication::class,
         ],
         'client-api' => [
             IsValidJson::class,
diff --git a/app/Http/Middleware/Api/ApiSubstituteBindings.php b/app/Http/Middleware/Api/ApiSubstituteBindings.php
deleted file mode 100644
index e67956aa4..000000000
--- a/app/Http/Middleware/Api/ApiSubstituteBindings.php
+++ /dev/null
@@ -1,77 +0,0 @@
-<?php
-
-namespace Pterodactyl\Http\Middleware\Api;
-
-use Closure;
-use Pterodactyl\Models\Egg;
-use Pterodactyl\Models\Nest;
-use Pterodactyl\Models\Node;
-use Pterodactyl\Models\User;
-use Pterodactyl\Models\Server;
-use Pterodactyl\Models\Database;
-use Pterodactyl\Models\Location;
-use Pterodactyl\Models\Allocation;
-use Illuminate\Routing\Middleware\SubstituteBindings;
-use Illuminate\Database\Eloquent\ModelNotFoundException;
-
-class ApiSubstituteBindings extends SubstituteBindings
-{
-    /**
-     * Mappings to automatically assign route parameters to a model.
-     *
-     * @var array
-     */
-    protected static $mappings = [
-        'allocation' => Allocation::class,
-        'database' => Database::class,
-        'egg' => Egg::class,
-        'location' => Location::class,
-        'nest' => Nest::class,
-        'node' => Node::class,
-        'server' => Server::class,
-        'user' => User::class,
-    ];
-
-    /**
-     * @var \Illuminate\Routing\Router
-     */
-    protected $router;
-
-    /**
-     * Perform substitution of route parameters without triggering
-     * a 404 error if a model is not found.
-     *
-     * @param \Illuminate\Http\Request $request
-     *
-     * @return mixed
-     */
-    public function handle($request, Closure $next)
-    {
-        $route = $request->route();
-
-        foreach (self::$mappings as $key => $model) {
-            if (!is_null($this->router->getBindingCallback($key))) {
-                continue;
-            }
-
-            $this->router->model($key, $model, function () use ($request) {
-                $request->attributes->set('is_missing_model', true);
-            });
-        }
-
-        $this->router->substituteBindings($route);
-
-        // Attempt to resolve bindings for this route. If one of the models
-        // cannot be resolved do not immediately return a 404 error. Set a request
-        // attribute that can be checked in the base API request class to only
-        // trigger a 404 after validating that the API key making the request is valid
-        // and even has permission to access the requested resource.
-        try {
-            $this->router->substituteImplicitBindings($route);
-        } catch (ModelNotFoundException $exception) {
-            $request->attributes->set('is_missing_model', true);
-        }
-
-        return $next($request);
-    }
-}
diff --git a/app/Http/Middleware/Api/Application/SubstituteApplicationApiBindings.php b/app/Http/Middleware/Api/Application/SubstituteApplicationApiBindings.php
new file mode 100644
index 000000000..bb6bc5ece
--- /dev/null
+++ b/app/Http/Middleware/Api/Application/SubstituteApplicationApiBindings.php
@@ -0,0 +1,68 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Api\Application;
+
+use Closure;
+use Pterodactyl\Models\Egg;
+use Pterodactyl\Models\Nest;
+use Pterodactyl\Models\Node;
+use Pterodactyl\Models\User;
+use Pterodactyl\Models\Server;
+use Pterodactyl\Models\Database;
+use Pterodactyl\Models\Location;
+use Pterodactyl\Models\Allocation;
+use Illuminate\Contracts\Routing\Registrar;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
+
+class SubstituteApplicationApiBindings
+{
+    protected Registrar $router;
+
+    /**
+     * Mappings to automatically assign route parameters to a model.
+     *
+     * @var array
+     */
+    protected static array $mappings = [
+        'allocation' => Allocation::class,
+        'database' => Database::class,
+        'egg' => Egg::class,
+        'location' => Location::class,
+        'nest' => Nest::class,
+        'node' => Node::class,
+        'server' => Server::class,
+        'user' => User::class,
+    ];
+
+    public function __construct(Registrar $router)
+    {
+        $this->router = $router;
+    }
+
+    /**
+     * Perform substitution of route parameters without triggering
+     * a 404 error if a model is not found.
+     *
+     * @param \Illuminate\Http\Request $request
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        foreach (self::$mappings as $key => $class) {
+            $this->router->bind($key, $class);
+        }
+
+        try {
+            $this->router->substituteImplicitBindings($route = $request->route());
+        } catch (ModelNotFoundException $exception) {
+            if (isset($route) && $route->getMissing()) {
+                $route->getMissing()($request);
+            }
+
+            throw $exception;
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php b/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php
index 49f9dfc7d..9988e3675 100644
--- a/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php
+++ b/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php
@@ -13,7 +13,7 @@ use Illuminate\Database\Eloquent\ModelNotFoundException;
 
 class SubstituteClientApiBindings
 {
-    private Registrar $router;
+    protected Registrar $router;
 
     public function __construct(Registrar $router)
     {