diff --git a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
new file mode 100644
index 0000000000..071680b325
--- /dev/null
+++ b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
@@ -0,0 +1,28 @@
+using Umbraco.Web.BackOffice.Filters;
+using Umbraco.Web.Common.Attributes;
+using Umbraco.Web.Common.Controllers;
+using Umbraco.Web.Common.Filters;
+
+namespace Umbraco.Web.BackOffice.Controllers
+{
+    /// <summary>
+    /// Provides a base class for authorized auto-routed Umbraco API controllers.
+    /// </summary>
+    /// <remarks>
+    /// This controller will also append a custom header to the response if the user
+    /// is logged in using forms authentication which indicates the seconds remaining
+    /// before their timeout expires.
+    /// </remarks>
+    [IsBackOffice]
+    [UmbracoUserTimeoutFilter]
+    [UmbracoAuthorize]
+    [DisableBrowserCache]
+    [UmbracoWebApiRequireHttps]
+    [CheckIfUserTicketDataIsStale]
+    [UnhandedExceptionLoggerConfiguration]
+    [EnableDetailedErrors]
+    public abstract class UmbracoAuthorizedApiController : UmbracoApiController
+    {
+
+    }
+}
diff --git a/src/Umbraco.Web.BackOffice/Filters/UmbracoWebApiRequireHttpsAttribute.cs b/src/Umbraco.Web.BackOffice/Filters/UmbracoWebApiRequireHttpsAttribute.cs
new file mode 100644
index 0000000000..7c7652c532
--- /dev/null
+++ b/src/Umbraco.Web.BackOffice/Filters/UmbracoWebApiRequireHttpsAttribute.cs
@@ -0,0 +1,73 @@
+using System;
+using System.Net;
+using System.Net.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Umbraco.Core.Configuration;
+
+namespace Umbraco.Web.BackOffice.Filters
+{
+    /// <summary>
+    /// If Umbraco.Core.UseHttps property in web.config is set to true, this filter will redirect any http access to https.
+    /// </summary>
+    /// <remarks>
+    /// This will only redirect Head/Get requests, otherwise will respond with text
+    ///
+    /// References:
+    /// http://issues.umbraco.org/issue/U4-8542
+    /// https://blogs.msdn.microsoft.com/carlosfigueira/2012/03/09/implementing-requirehttps-with-asp-net-web-api/
+    /// </remarks>
+    public class UmbracoWebApiRequireHttpsAttribute : TypeFilterAttribute
+    {
+        public UmbracoWebApiRequireHttpsAttribute() : base(typeof(UmbracoWebApiRequireHttpsFilter))
+        {
+            Arguments = Array.Empty<object>();
+        }
+    }
+
+    public  class UmbracoWebApiRequireHttpsFilter: IAuthorizationFilter
+    {
+        private readonly IGlobalSettings _globalSettings;
+
+        public UmbracoWebApiRequireHttpsFilter(IGlobalSettings globalSettings)
+        {
+            _globalSettings = globalSettings;
+        }
+
+        public void OnAuthorization(AuthorizationFilterContext context)
+        {
+            var request = context.HttpContext.Request;
+            if (_globalSettings.UseHttps && request.Scheme != Uri.UriSchemeHttps)
+            {
+                var uri = new UriBuilder()
+                {
+                    Scheme = Uri.UriSchemeHttps,
+                    Host = request.Host.Value,
+                    Path = request.Path,
+                    Query = request.QueryString.ToUriComponent(),
+                    Port = 443
+                };
+                var body = string.Format("<p>The resource can be found at <a href =\"{0}\">{0}</a>.</p>",
+                    uri.Uri.AbsoluteUri);
+                if (request.Method.Equals(HttpMethod.Get.ToString()) || request.Method.Equals(HttpMethod.Head.ToString()))
+                {
+                    context.HttpContext.Response.Headers.Add("Location", uri.Uri.ToString());
+                    context.Result = new ObjectResult(body)
+                    {
+                        StatusCode = (int)HttpStatusCode.Found,
+                    };
+
+                }
+                else
+                {
+                    context.Result = new ObjectResult(body)
+                    {
+                        StatusCode = (int)HttpStatusCode.NotFound
+                    };
+                }
+
+
+            }
+        }
+    }
+}
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index fd20d4ef6e..79b62c57fb 100755
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -407,7 +407,6 @@
     <Compile Include="WebApi\Filters\OutgoingNoHyphenGuidFormatAttribute.cs" />
     <Compile Include="WebApi\Filters\OverridableAuthorizationAttribute.cs" />
     <Compile Include="WebApi\Filters\SetAngularAntiForgeryTokensAttribute.cs" />
-    <Compile Include="WebApi\Filters\UmbracoWebApiRequireHttpsAttribute.cs" />
     <Compile Include="WebApi\Filters\UmbracoTreeAuthorizeAttribute.cs" />
     <Compile Include="WebApi\Filters\ValidateAngularAntiForgeryTokenAttribute.cs" />
     <Compile Include="WebApi\HttpControllerContextExtensions.cs" />
diff --git a/src/Umbraco.Web/WebApi/Filters/UmbracoWebApiRequireHttpsAttribute.cs b/src/Umbraco.Web/WebApi/Filters/UmbracoWebApiRequireHttpsAttribute.cs
deleted file mode 100644
index fbe7d5b1b4..0000000000
--- a/src/Umbraco.Web/WebApi/Filters/UmbracoWebApiRequireHttpsAttribute.cs
+++ /dev/null
@@ -1,56 +0,0 @@
-using System;
-using System.Net;
-using System.Net.Http;
-using System.Text;
-using System.Web.Http.Controllers;
-using System.Web.Http.Filters;
-using Umbraco.Core;
-using Umbraco.Web.Composing;
-
-namespace Umbraco.Web.WebApi.Filters
-{
-    /// <summary>
-    /// If Umbraco.Core.UseHttps property in web.config is set to true, this filter will redirect any http access to https.
-    /// </summary>
-    /// <remarks>
-    /// This will only redirect Head/Get requests, otherwise will respond with text
-    ///
-    /// References:
-    /// http://issues.umbraco.org/issue/U4-8542
-    /// https://blogs.msdn.microsoft.com/carlosfigueira/2012/03/09/implementing-requirehttps-with-asp-net-web-api/
-    /// </remarks>
-    public class UmbracoWebApiRequireHttpsAttribute : AuthorizationFilterAttribute
-    {
-        public override void OnAuthorization(HttpActionContext actionContext)
-        {
-            var request = actionContext.Request;
-            if (Current.Configs.Global().UseHttps && request.RequestUri.Scheme != Uri.UriSchemeHttps)
-            {
-                HttpResponseMessage response;
-                var uri = new UriBuilder(request.RequestUri)
-                {
-                    Scheme = Uri.UriSchemeHttps,
-                    Port = 443
-                };
-                var body = string.Format("<p>The resource can be found at <a href =\"{0}\">{0}</a>.</p>",
-                uri.Uri.AbsoluteUri);
-                if (request.Method.Equals(HttpMethod.Get) || request.Method.Equals(HttpMethod.Head))
-                {
-                    response = request.CreateResponse(HttpStatusCode.Found);
-                    response.Headers.Location = uri.Uri;
-                    if (request.Method.Equals(HttpMethod.Get))
-                    {
-                        response.Content = new StringContent(body, Encoding.UTF8, "text/html");
-                    }
-                }
-                else
-                {
-                    response = request.CreateResponse(HttpStatusCode.NotFound);
-                    response.Content = new StringContent(body, Encoding.UTF8, "text/html");
-                }
-
-                actionContext.Response = response;
-            }
-        }
-    }
-}