diff --git a/app/Api/ListingResponseBuilder.php b/app/Api/ListingResponseBuilder.php
index 02b3f680c..3dbe954b8 100644
--- a/app/Api/ListingResponseBuilder.php
+++ b/app/Api/ListingResponseBuilder.php
@@ -11,6 +11,7 @@ class ListingResponseBuilder
     protected $query;
     protected $request;
     protected $fields;
+    protected $hiddenFields;
 
     protected $filterOperators = [
         'eq'   => '=',
@@ -25,11 +26,12 @@ class ListingResponseBuilder
     /**
      * ListingResponseBuilder constructor.
      */
-    public function __construct(Builder $query, Request $request, array $fields)
+    public function __construct(Builder $query, Request $request, array $fields, array $hiddenFields )
     {
         $this->query = $query;
         $this->request = $request;
         $this->fields = $fields;
+        $this->hiddenFields = $hiddenFields;
     }
 
     /**
@@ -41,6 +43,7 @@ class ListingResponseBuilder
 
         $total = $filteredQuery->count();
         $data = $this->fetchData($filteredQuery);
+        $data = $data->makeVisible($this->hiddenFields);
 
         return response()->json([
             'data'  => $data,
diff --git a/app/Auth/UserRepo.php b/app/Auth/UserRepo.php
index ff2e91ee2..0dea41725 100644
--- a/app/Auth/UserRepo.php
+++ b/app/Auth/UserRepo.php
@@ -60,6 +60,16 @@ class UserRepo
         return User::query()->with('roles', 'avatar')->orderBy('name', 'asc')->get();
     }
 
+    /**
+     * Get all users as Builder for API
+     */
+    public function getUsersBuilder(int $id = null ) : Builder
+    {
+        $query = User::query()->select(['*'])
+            ->withLastActivityAt()
+            ->with(['roles', 'avatar']);
+        return $query;
+    }
     /**
      * Get all the users with their permissions in a paginated format.
      * Note: Due to the use of email search this should only be used when
diff --git a/app/Http/Controllers/Api/ApiController.php b/app/Http/Controllers/Api/ApiController.php
index 3f049a08c..5d6f4a926 100644
--- a/app/Http/Controllers/Api/ApiController.php
+++ b/app/Http/Controllers/Api/ApiController.php
@@ -10,14 +10,15 @@ use Illuminate\Http\JsonResponse;
 abstract class ApiController extends Controller
 {
     protected $rules = [];
+    protected $printHidden = [];
 
     /**
      * Provide a paginated listing JSON response in a standard format
      * taking into account any pagination parameters passed by the user.
      */
-    protected function apiListingResponse(Builder $query, array $fields): JsonResponse
+    protected function apiListingResponse(Builder $query, array $fields, array $protectedFieldsToPrint = []): JsonResponse
     {
-        $listing = new ListingResponseBuilder($query, request(), $fields);
+        $listing = new ListingResponseBuilder($query, request(), $fields, $protectedFieldsToPrint);
 
         return $listing->toResponse();
     }
diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php
new file mode 100644
index 000000000..328241a83
--- /dev/null
+++ b/app/Http/Controllers/Api/UserApiController.php
@@ -0,0 +1,61 @@
+<?php
+
+namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Exceptions\PermissionsException;
+use BookStack\Auth\User;
+use BookStack\Auth\UserRepo;
+use Exception;
+use Illuminate\Http\Request;
+
+class UserApiController extends ApiController
+{
+    protected $user;
+    protected $userRepo;
+
+    protected $printHidden = [
+        'email', 'created_at', 'updated_at', 'last_activity_at'
+    ];
+
+# TBD: Endpoints to create / update users
+#     protected $rules = [
+#         'create' => [
+#         ],
+#         'update' => [
+#         ],
+#     ];
+
+    public function __construct(User $user, UserRepo $userRepo)
+    {
+        $this->user = $user;
+        $this->userRepo = $userRepo;
+    }
+
+    /**
+     * Get a listing of users
+     */
+    public function list()
+    {
+        $this->checkPermission('users-manage');
+
+        $users = $this->userRepo->getUsersBuilder();
+
+        return $this->apiListingResponse($users, [
+            'id', 'name', 'slug', 'email',
+            'created_at', 'updated_at', 'last_activity_at',
+        ], $this->printHidden);
+    }
+
+    /**
+     * View the details of a single user
+     */
+    public function read(string $id)
+    {
+        $this->checkPermission('users-manage');
+
+        $singleUser = $this->userRepo->getById($id);
+        $singleUser = $singleUser->makeVisible($this->printHidden);
+
+        return response()->json($singleUser);
+    }
+}
diff --git a/routes/api.php b/routes/api.php
index 7876ba6d4..cd8dd355a 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -65,3 +65,6 @@ Route::post('shelves', [BookshelfApiController::class, 'create']);
 Route::get('shelves/{id}', [BookshelfApiController::class, 'read']);
 Route::put('shelves/{id}', [BookshelfApiController::class, 'update']);
 Route::delete('shelves/{id}', [BookshelfApiController::class, 'delete']);
+
+Route::get('users', 'UserApiController@list');
+Route::get('users/{id}', 'UserApiController@read');
\ No newline at end of file