diff --git a/UPGRADE-1.8.md b/UPGRADE-1.8.md
index 6db31af0244..41c085137c9 100644
--- a/UPGRADE-1.8.md
+++ b/UPGRADE-1.8.md
@@ -1,5 +1,7 @@
 # UPGRADE FROM `v1.8.4` TO `v1.8.6`
 
+1. Api is disabled by default, to enable it you need to set flag ``sylius_api.enabled`` to ``true`` in ``app/config/packages/_sylius.yaml``.
+
 1. Change configuration of new ApiBundle in your `config/packages/security.yaml` file:
 
     ```diff
diff --git a/config/packages/_sylius.yaml b/config/packages/_sylius.yaml
index 79f5ce6c751..0c8986f4031 100644
--- a/config/packages/_sylius.yaml
+++ b/config/packages/_sylius.yaml
@@ -11,6 +11,9 @@ imports:
 parameters:
     sylius_core.public_dir: '%kernel.project_dir%/public'
 
+sylius_api:
+    enabled: false
+
 sylius_shop:
     product_grid:
         include_all_descendants: true
diff --git a/config/packages/test/_sylius.yaml b/config/packages/test/_sylius.yaml
new file mode 100644
index 00000000000..cd01aaf7048
--- /dev/null
+++ b/config/packages/test/_sylius.yaml
@@ -0,0 +1,2 @@
+sylius_api:
+    enabled: true
diff --git a/config/packages/test_cached/_sylius.yaml b/config/packages/test_cached/_sylius.yaml
new file mode 100644
index 00000000000..cd01aaf7048
--- /dev/null
+++ b/config/packages/test_cached/_sylius.yaml
@@ -0,0 +1,2 @@
+sylius_api:
+    enabled: true
diff --git a/docs/api/unified_api/introduction.rst b/docs/api/unified_api/introduction.rst
index 0e4971ea839..6e64b5f182d 100644
--- a/docs/api/unified_api/introduction.rst
+++ b/docs/api/unified_api/introduction.rst
@@ -5,6 +5,7 @@ Introduction
 
     The new, unified Sylius API is still under development, that's why the whole ``ApiBundle`` is tagged with ``@experimental``.
     This means that all code from ``ApiBundle`` is excluded from :doc:`Backward Compatibility Promise </book/organization/backward-compatibility-promise>`.
+    You can enable entire API by changing the flag ``sylius_api.enabled`` to ``true`` in ``app/config/packages/_sylius.yaml``.
 
 We have decided that we should rebuild our API and use API Platform to build a truly mature, multi-purpose API
 which can define a new standard for headless e-commerce backends.
diff --git a/psalm.xml b/psalm.xml
index 44fd2a52943..d1b21214816 100644
--- a/psalm.xml
+++ b/psalm.xml
@@ -123,6 +123,7 @@
                 <referencedMethod name="Symfony\Component\Intl\Intl::getLocaleBundle" />
                 <referencedMethod name="Symfony\Component\Intl\Intl::getRegionBundle" />
                 <referencedMethod name="Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent::getException" />
+                <referencedMethod name="Faker\Generator::__get"/>
             </errorLevel>
         </DeprecatedMethod>
 
diff --git a/src/Sylius/Bundle/ApiBundle/DependencyInjection/Configuration.php b/src/Sylius/Bundle/ApiBundle/DependencyInjection/Configuration.php
index d7bb70c125c..5ed913b6b85 100644
--- a/src/Sylius/Bundle/ApiBundle/DependencyInjection/Configuration.php
+++ b/src/Sylius/Bundle/ApiBundle/DependencyInjection/Configuration.php
@@ -27,6 +27,14 @@ public function getConfigTreeBuilder(): TreeBuilder
         /** @var ArrayNodeDefinition $rootNode */
         $rootNode = $treeBuilder->getRootNode();
 
+        $rootNode
+            ->children()
+                ->booleanNode('enabled')
+                    ->defaultTrue()
+                ->end()
+            ->end()
+        ;
+
         return $treeBuilder;
     }
 }
diff --git a/src/Sylius/Bundle/ApiBundle/DependencyInjection/SyliusApiExtension.php b/src/Sylius/Bundle/ApiBundle/DependencyInjection/SyliusApiExtension.php
index 157c6a6d1f1..77c4c3f221d 100644
--- a/src/Sylius/Bundle/ApiBundle/DependencyInjection/SyliusApiExtension.php
+++ b/src/Sylius/Bundle/ApiBundle/DependencyInjection/SyliusApiExtension.php
@@ -26,6 +26,8 @@ public function load(array $configs, ContainerBuilder $container): void
         $config = $this->processConfiguration($this->getConfiguration([], $container), $configs);
         $loader = new XmlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config'));
 
+        $container->setParameter('sylius_api.enabled', $config['enabled']);
+
         $loader->load('services.xml');
     }
 }
diff --git a/src/Sylius/Bundle/ApiBundle/EventSubscriber/KernelRequestEventSubscriber.php b/src/Sylius/Bundle/ApiBundle/EventSubscriber/KernelRequestEventSubscriber.php
new file mode 100644
index 00000000000..f0fcf5ba960
--- /dev/null
+++ b/src/Sylius/Bundle/ApiBundle/EventSubscriber/KernelRequestEventSubscriber.php
@@ -0,0 +1,52 @@
+<?php
+
+/*
+ * This file is part of the Sylius package.
+ *
+ * (c) Paweł Jędrzejewski
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Sylius\Bundle\ApiBundle\EventSubscriber;
+
+use ApiPlatform\Core\EventListener\EventPriorities;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
+
+/** @experimental  */
+final class KernelRequestEventSubscriber implements EventSubscriberInterface
+{
+    /** @var bool */
+    private $apiEnabled;
+
+    /** @var string */
+    private $apiRoute;
+
+    public function __construct(bool $apiEnabled, string $apiRoute)
+    {
+        $this->apiEnabled = $apiEnabled;
+        $this->apiRoute = $apiRoute;
+    }
+
+    public static function getSubscribedEvents()
+    {
+        return [
+            KernelEvents::REQUEST => ['validateApi', EventPriorities::PRE_VALIDATE],
+        ];
+    }
+
+    public function validateApi(RequestEvent $event): void
+    {
+        $pathInfo = $event->getRequest()->getPathInfo();
+
+        if ($this->apiEnabled === false && strpos($pathInfo, $this->apiRoute) !== false) {
+            $event->setResponse(new Response('Route not found', 404));
+        }
+    }
+}
diff --git a/src/Sylius/Bundle/ApiBundle/Resources/config/services/event_subscribers.xml b/src/Sylius/Bundle/ApiBundle/Resources/config/services/event_subscribers.xml
index b9d6eb99780..9368f1edde0 100644
--- a/src/Sylius/Bundle/ApiBundle/Resources/config/services/event_subscribers.xml
+++ b/src/Sylius/Bundle/ApiBundle/Resources/config/services/event_subscribers.xml
@@ -16,6 +16,11 @@
            xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"
 >
     <services>
+        <service id="sylius.api.kerner_request_event_subscriber" class="Sylius\Bundle\ApiBundle\EventSubscriber\KernelRequestEventSubscriber">
+            <argument>%sylius_api.enabled%</argument>
+            <argument>%sylius.security.new_api_route%</argument>
+            <tag name="kernel.event_subscriber" />
+        </service>
         <service id="sylius.api.product_slug_event_subscriber" class="Sylius\Bundle\ApiBundle\EventSubscriber\ProductSlugEventSubscriber">
             <argument type="service" id="sylius.generator.slug" />
             <tag name="kernel.event_subscriber" />
diff --git a/src/Sylius/Bundle/ApiBundle/spec/EventSubscriber/KernelRequestEventSubscriberSpec.php b/src/Sylius/Bundle/ApiBundle/spec/EventSubscriber/KernelRequestEventSubscriberSpec.php
new file mode 100644
index 00000000000..d98b13c8bb0
--- /dev/null
+++ b/src/Sylius/Bundle/ApiBundle/spec/EventSubscriber/KernelRequestEventSubscriberSpec.php
@@ -0,0 +1,77 @@
+<?php
+
+/*
+ * This file is part of the Sylius package.
+ *
+ * (c) Paweł Jędrzejewski
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace spec\Sylius\Bundle\ApiBundle\EventSubscriber;
+
+use PhpSpec\ObjectBehavior;
+use Prophecy\Argument;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Event\KernelEvent;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+
+final class KernelRequestEventSubscriberSpec extends ObjectBehavior
+{
+    function let(): void
+    {
+        $this->beConstructedWith(true, '/new-api');
+    }
+
+    function it_does_nothing_if_api_is_enabled(
+        RequestEvent $event,
+        Request $request,
+        HttpKernelInterface $kernel
+    ): void {
+        $event->getRequest()->willReturn($request);
+
+        $request->getPathInfo()->willReturn('/new-api/any-endpoint');
+
+        $event->setResponse(new Response('Route not found', 404))->shouldNotBeCalled();
+
+        $this->validateApi($event);
+    }
+
+    function it_returns_404_if_api_is_disabled(
+        RequestEvent $event,
+        Request $request,
+        HttpKernelInterface $kernel
+    ): void {
+        $this->beConstructedWith(false, '/new-api');
+
+        $event->getRequest()->willReturn($request);
+
+        $request->getPathInfo()->willReturn('/new-api/any-endpoint');
+
+        $event->setResponse(new Response('Route not found', 404))->shouldBeCalled();
+
+        $this->validateApi($event);
+    }
+
+    function it_does_nothing_for_non_api_endpoints_when_api_is_disabled(
+        RequestEvent $event,
+        Request $request,
+        HttpKernelInterface $kernel
+    ): void {
+        $this->beConstructedWith(false, '/new-api');
+
+        $event->getRequest()->willReturn($request);
+
+        $request->getPathInfo()->willReturn('/');
+
+        $event->setResponse(new Response('Route not found', 404))->shouldNotBeCalled();
+
+        $this->validateApi($event);
+    }
+}