diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 71bafdb518..7394fc63c5 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -3254,6 +3254,9 @@ class WorkflowJobTemplateNodeSerializer(LaunchConfigurationBaseSerializer):
             cred = deprecated_fields['credential']
             attrs['credential'] = cred
             if cred is not None:
+                if not ujt_obj.ask_credential_on_launch:
+                    raise serializers.ValidationError({"credential": _(
+                        "Related template is not configured to accept credentials on launch.")})
                 cred = Credential.objects.get(pk=cred)
                 view = self.context.get('view', None)
                 if (not view) or (not view.request) or (view.request.user not in cred.use_role):
diff --git a/awx/main/tests/functional/api/test_workflow_node.py b/awx/main/tests/functional/api/test_workflow_node.py
index 408119f9b8..01cb29edc4 100644
--- a/awx/main/tests/functional/api/test_workflow_node.py
+++ b/awx/main/tests/functional/api/test_workflow_node.py
@@ -108,14 +108,20 @@ class TestOldCredentialField:
     TODO: remove tests when JT vault_credential / credential / other stuff
     is removed
     '''
+    @pytest.fixture
+    def job_template_ask(self, job_template):
+        job_template.ask_credential_on_launch = True
+        job_template.save()
+        return job_template
+
     def test_credential_accepted_create(self, workflow_job_template, post, admin_user,
-                                        job_template, machine_credential):
+                                        job_template_ask, machine_credential):
         r = post(
             reverse(
                 'api:workflow_job_template_workflow_nodes_list',
                 kwargs = {'pk': workflow_job_template.pk}
             ),
-            data = {'credential': machine_credential.pk, 'unified_job_template': job_template.pk},
+            data = {'credential': machine_credential.pk, 'unified_job_template': job_template_ask.pk},
             user = admin_user,
             expect = 201
         )
@@ -128,17 +134,17 @@ class TestOldCredentialField:
         ['read_role', 403]
     ])
     def test_credential_rbac(self, role, code, workflow_job_template, post, rando,
-                             job_template, machine_credential):
+                             job_template_ask, machine_credential):
         role_obj = getattr(machine_credential, role)
         role_obj.members.add(rando)
-        job_template.execute_role.members.add(rando)
+        job_template_ask.execute_role.members.add(rando)
         workflow_job_template.admin_role.members.add(rando)
         post(
             reverse(
                 'api:workflow_job_template_workflow_nodes_list',
                 kwargs = {'pk': workflow_job_template.pk}
             ),
-            data = {'credential': machine_credential.pk, 'unified_job_template': job_template.pk},
+            data = {'credential': machine_credential.pk, 'unified_job_template': job_template_ask.pk},
             user = rando,
             expect = code
         )