diff --git a/freqtrade/rpc/api_server/api_backtest.py b/freqtrade/rpc/api_server/api_backtest.py
index 485c74119..428fea1c9 100644
--- a/freqtrade/rpc/api_server/api_backtest.py
+++ b/freqtrade/rpc/api_server/api_backtest.py
@@ -30,7 +30,7 @@ from freqtrade.rpc.api_server.api_schemas import (
     BacktestRequest,
     BacktestResponse,
 )
-from freqtrade.rpc.api_server.deps import get_config
+from freqtrade.rpc.api_server.deps import get_config, verify_strategy
 from freqtrade.rpc.api_server.webserver_bgwork import ApiBG
 from freqtrade.rpc.rpc import RPCException
 
@@ -134,8 +134,7 @@ async def api_start_backtest(
     if ApiBG.bgtask_running:
         raise RPCException("Bot Background task already running")
 
-    if ":" in bt_settings.strategy:
-        raise HTTPException(status_code=500, detail="base64 encoded strategies are not allowed.")
+    verify_strategy(bt_settings.strategy)
 
     btconfig = deepcopy(config)
     remove_exchange_credentials(btconfig["exchange"], True)
diff --git a/freqtrade/rpc/api_server/api_v1.py b/freqtrade/rpc/api_server/api_v1.py
index 0816c5a64..1b2959795 100644
--- a/freqtrade/rpc/api_server/api_v1.py
+++ b/freqtrade/rpc/api_server/api_v1.py
@@ -22,7 +22,13 @@ from freqtrade.rpc.api_server.api_schemas import (
     SysInfo,
     Version,
 )
-from freqtrade.rpc.api_server.deps import get_config, get_exchange, get_rpc, get_rpc_optional
+from freqtrade.rpc.api_server.deps import (
+    get_config,
+    get_exchange,
+    get_rpc,
+    get_rpc_optional,
+    verify_strategy,
+)
 from freqtrade.rpc.rpc import RPCException
 
 
@@ -146,8 +152,7 @@ def markets(
 def get_strategy(
     strategy: str, config=Depends(get_config), rpc: RPC | None = Depends(get_rpc_optional)
 ):
-    if ":" in strategy:
-        raise HTTPException(status_code=422, detail="base64 encoded strategies are not allowed.")
+    verify_strategy(strategy)
 
     if not rpc or config["runmode"] == RunMode.WEBSERVER:
         # webserver mode
diff --git a/freqtrade/rpc/api_server/deps.py b/freqtrade/rpc/api_server/deps.py
index 0991366ce..c2352308c 100644
--- a/freqtrade/rpc/api_server/deps.py
+++ b/freqtrade/rpc/api_server/deps.py
@@ -75,3 +75,12 @@ def is_trading_mode(config=Depends(get_config)):
     if config["runmode"] not in TRADE_MODES:
         raise HTTPException(status_code=503, detail="Bot is not in the correct state.")
     return None
+
+
+def verify_strategy(strategy: str | None):
+    """Verify that the strategy name is valid (not base64 encoded).
+    This is a security measure to prevent potential attacks using base64 encoded strategies.
+    This should be called for every endpoint that accepts a strategy name as a parameter.
+    """
+    if strategy is not None and ":" in strategy:
+        raise HTTPException(status_code=422, detail="base64 encoded strategies are not allowed.")