diff --git a/public/controllers/dev-tools.js b/public/controllers/dev-tools.js
index 1e527d5fb..833e6305d 100644
--- a/public/controllers/dev-tools.js
+++ b/public/controllers/dev-tools.js
@@ -238,7 +238,8 @@ app.controller('devToolsController', function($scope, $rootScope, errorHandler,
             }
 
             const path   = req.includes('?') ? req.split('?')[0] : req;
-            const params = req.includes('?') ? parseParams(req.split('?')[1]) : {}
+            const params = { devTools: true }
+            if(typeof JSONraw === 'object') JSONraw.devTools = true;
             const output = await apiReq.request(method, path, validJSON && !req.includes('?') ? JSONraw : params)
 
             apiOutputBox.setValue(
diff --git a/server/controllers/wazuh-api.js b/server/controllers/wazuh-api.js
index 4504ed840..70d2f04f3 100644
--- a/server/controllers/wazuh-api.js
+++ b/server/controllers/wazuh-api.js
@@ -321,6 +321,13 @@ export default class WazuhApi {
         } else if (!req.payload.path) {
             return ErrorResponse('Missing param: path', 3016, 400, reply);   
         } else {
+            if(req.payload.method !== 'GET' && req.payload.body && req.payload.body.devTools){
+                const configuration = getConfiguration();
+                if(!configuration || (configuration && !configuration['devtools.allowall'])){
+                    return ErrorResponse('Allowed method: [GET]', 3023, 400, reply);   
+                }
+            }
+            if(req.payload.body.devTools) delete req.payload.body.devTools;
             return this.makeRequest(req.payload.method, req.payload.path, req.payload.body, req.payload.id, reply);
         }
     }