diff --git a/zerver/decorator.py b/zerver/decorator.py
index 1c74dbbdeb..f0b8706505 100644
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@@ -883,13 +883,13 @@ def authenticated_json_view(
         *args: ParamT.args,
         **kwargs: ParamT.kwargs,
     ) -> HttpResponse:
-        if not skip_rate_limiting:
-            rate_limit(request)
-
         if not request.user.is_authenticated:
             raise UnauthorizedError()
 
         user_profile = request.user
+        if not skip_rate_limiting:
+            rate_limit(request)
+
         validate_account_and_subdomain(request, user_profile)
 
         if user_profile.is_incoming_webhook: