diff --git a/changelog/unreleased/www-authenticate-header.md b/changelog/unreleased/www-authenticate-header.md
new file mode 100644
index 000000000..257989729
--- /dev/null
+++ b/changelog/unreleased/www-authenticate-header.md
@@ -0,0 +1,6 @@
+Bugfix: Fix authenticate headers for API requests
+
+We changed the www-authenticate header which should not be sent when the `XMLHttpRequest` header is set.
+
+https://github.com/owncloud/ocis/pull/5992
+https://github.com/owncloud/ocis/issues/5986
diff --git a/services/proxy/pkg/middleware/authentication.go b/services/proxy/pkg/middleware/authentication.go
index a8746b33f..260161adb 100644
--- a/services/proxy/pkg/middleware/authentication.go
+++ b/services/proxy/pkg/middleware/authentication.go
@@ -147,7 +147,9 @@ func configureSupportedChallenges(options Options) {
 func writeSupportedAuthenticateHeader(w http.ResponseWriter, r *http.Request) {
 	caser := cases.Title(language.Und)
 	for _, s := range SupportedAuthStrategies {
-		w.Header().Add(WwwAuthenticate, fmt.Sprintf("%v realm=\"%s\", charset=\"UTF-8\"", caser.String(s), r.Host))
+		if r.Header.Get("X-Requested-With") != "XMLHttpRequest" {
+			w.Header().Add(WwwAuthenticate, fmt.Sprintf("%v realm=\"%s\", charset=\"UTF-8\"", caser.String(s), r.Host))
+		}
 	}
 }