diff --git a/src/Http/Controllers/API/ApiController.php b/src/Http/Controllers/API/ApiController.php
index 30c6fd568c..a5984a848a 100644
--- a/src/Http/Controllers/API/ApiController.php
+++ b/src/Http/Controllers/API/ApiController.php
@@ -31,8 +31,7 @@ protected function abortIfUnpublished(Request $request, $item)
             return;
         }
 
-        // todo: we should also be checking that allowed_filters contains 'status'
-        if ($request->boolean('draft')) {
+        if (in_array('status', $this->allowedFilters()) && $request->boolean('draft')) {
             return;
         }
 
diff --git a/src/Http/Controllers/API/CollectionEntriesController.php b/src/Http/Controllers/API/CollectionEntriesController.php
index 3ebd339d7f..baaa1143f2 100644
--- a/src/Http/Controllers/API/CollectionEntriesController.php
+++ b/src/Http/Controllers/API/CollectionEntriesController.php
@@ -39,6 +39,7 @@ public function show(Request $request, $collection, $handle)
         $this->abortIfDisabled();
 
         $entry = Entry::find($handle);
+        $this->collectionHandle = $entry?->collectionHandle();
 
         $this->abortIfInvalid($entry, $collection);
         $this->abortIfUnpublished($request, $entry);