diff --git a/integrations/api_team_user_test.go b/integrations/api_team_user_test.go
new file mode 100644
index 0000000000..70d52c1360
--- /dev/null
+++ b/integrations/api_team_user_test.go
@@ -0,0 +1,36 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"testing"
+	"time"
+
+	"code.gitea.io/gitea/models"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/routers/api/v1/convert"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAPITeamUser(t *testing.T) {
+	prepareTestEnv(t)
+
+	normalUsername := "user2"
+	session := loginUser(t, normalUsername)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequest(t, "GET", "/api/v1/teams/1/members/user1?token="+token)
+	session.MakeRequest(t, req, http.StatusNotFound)
+
+	req = NewRequest(t, "GET", "/api/v1/teams/1/members/user2?token="+token)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	var user2 *api.User
+	DecodeJSON(t, resp, &user2)
+	user2.Created = user2.Created.In(time.Local)
+	user2.LastLogin = user2.LastLogin.In(time.Local)
+	user := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
+
+	assert.Equal(t, convert.ToUser(user, true, false), user2)
+}
diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go
index 3357c07251..7b8fd12fba 100644
--- a/routers/api/v1/org/team.go
+++ b/routers/api/v1/org/team.go
@@ -287,6 +287,15 @@ func GetTeamMember(ctx *context.APIContext) {
 	if ctx.Written() {
 		return
 	}
+	teamID := ctx.ParamsInt64("teamid")
+	isTeamMember, err := models.IsUserInTeams(u.ID, []int64{teamID})
+	if err != nil {
+		ctx.Error(500, "IsUserInTeams", err)
+		return
+	} else if !isTeamMember {
+		ctx.NotFound()
+		return
+	}
 	ctx.JSON(200, convert.ToUser(u, ctx.IsSigned, ctx.User.IsAdmin))
 }