diff --git a/packages/backend/src/core/activitypub/ApResolverService.ts b/packages/backend/src/core/activitypub/ApResolverService.ts
index 7997eccced..0956db7852 100644
--- a/packages/backend/src/core/activitypub/ApResolverService.ts
+++ b/packages/backend/src/core/activitypub/ApResolverService.ts
@@ -187,7 +187,7 @@ export class Resolver {
 		}
 
 		// This ensures the input has a string ID, protecting against type confusion and rejecting anonymous objects.
-		const id = getApId(value);
+		const id = getApId(value, sentFromUri);
 
 		// Check if we can use the provided object as-is.
 		// Our security requires that the object ID matches the host authority that sent it, otherwise it can't be trusted.
@@ -329,7 +329,7 @@ export class Resolver {
 
 		// The object ID is already validated to match the final URL's authority by signedGet / getActivityJson.
 		// We only need to validate that it also matches the original URL's authority, in case of redirects.
-		const objectId = getApId(object);
+		const objectId = getApId(object, value);
 
 		// We allow some limited cross-domain redirects, which means the host may have changed during fetch.
 		// Additional checks are needed to validate the scope of cross-domain redirects.
diff --git a/packages/backend/src/core/activitypub/ApUtilityService.ts b/packages/backend/src/core/activitypub/ApUtilityService.ts
index 3c125c6cd9..227dc3b9b3 100644
--- a/packages/backend/src/core/activitypub/ApUtilityService.ts
+++ b/packages/backend/src/core/activitypub/ApUtilityService.ts
@@ -24,7 +24,7 @@ export class ApUtilityService {
 	public assertIdMatchesUrlAuthority(object: IObject, url: string): void {
 		// This throws if the ID is missing or invalid, but that's ok.
 		// Anonymous objects are impossible to verify, so we don't allow fetching them.
-		const id = getApId(object);
+		const id = getApId(object, url);
 
 		// Make sure the object ID matches the final URL (which is where it actually exists).
 		// The caller (ApResolverService) will verify the ID against the original / entry URL, which ensures that all three match.
diff --git a/packages/backend/src/core/activitypub/type.ts b/packages/backend/src/core/activitypub/type.ts
index 60f49d046d..cc7599d394 100644
--- a/packages/backend/src/core/activitypub/type.ts
+++ b/packages/backend/src/core/activitypub/type.ts
@@ -75,14 +75,17 @@ export function getOneApId(value: ApObject): string {
 /**
  * Get ActivityStreams Object id
  */
-export function getApId(source: string | IObject | [string | IObject]): string {
-	const value = getNullableApId(source);
+export function getApId(value: string | IObject | [string | IObject], sourceForLogs?: string): string {
+	const id = getNullableApId(value);
 
-	if (value == null) {
-		throw new IdentifiableError('ad2dc287-75c1-44c4-839d-3d2e64576675', `invalid AP object ${value}: missing or invalid id`);
+	if (id == null) {
+		const message = sourceForLogs
+			? `invalid AP object ${value} (sent from ${sourceForLogs}): missing id`
+			: `invalid AP object ${value}: missing id`;
+		throw new IdentifiableError('ad2dc287-75c1-44c4-839d-3d2e64576675', message);
 	}
 
-	return value;
+	return id;
 }
 
 /**