diff --git a/app/models/user.rb b/app/models/user.rb
index c5a5c7910..3f4c25156 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -305,6 +305,27 @@ class User < ActiveRecord::Base
     end
   end
   
+  module ApiMethods
+    def hidden_attributes
+      super + [:password_hash, :email, :email_verification_key]
+    end
+    
+    def serializable_hash(options = {})
+      options ||= {}
+      options[:except] ||= []
+      options[:except] += hidden_attributes
+      super(options)
+    end
+    
+    def to_xml(options = {}, &block)
+      # to_xml ignores the serializable_hash method
+      options ||= {}
+      options[:except] ||= []
+      options[:except] += hidden_attributes
+      super(options, &block)
+    end
+  end
+  
   include BanMethods
   include NameMethods
   include PasswordMethods
@@ -316,6 +337,7 @@ class User < ActiveRecord::Base
   include ForumMethods
   include LimitMethods
   include InvitationMethods
+  include ApiMethods
   
   def initialize_default_image_size
     self.default_image_size = "Medium"
@@ -324,10 +346,5 @@ class User < ActiveRecord::Base
   def can_update?(object, foreign_key = :user_id)
     is_moderator? || is_admin? || object.__send__(foreign_key) == id
   end
-  
-  def serializable_hash(options = {})
-    options = {:except => [:password_hash, :email, :email_verification_key]}.merge(options ||= {})
-    super(options)
-  end
 end
 
diff --git a/config/initializers/active_record_api_extensions.rb b/config/initializers/active_record_api_extensions.rb
new file mode 100644
index 000000000..24243dad6
--- /dev/null
+++ b/config/initializers/active_record_api_extensions.rb
@@ -0,0 +1,30 @@
+module Danbooru
+  module Extensions
+    module ActiveRecordApi
+      extend ActiveSupport::Concern
+      
+      def serializable_hash(options = {})
+        options ||= {}
+        options[:except] ||= []
+        options[:except] += hidden_attributes
+        super(options)
+      end
+      
+      def to_xml(options = {}, &block)
+        # to_xml ignores serializable_hash
+        options ||= {}
+        options[:except] ||= []
+        options[:except] += hidden_attributes
+        super(options, &block)
+      end
+      
+      def hidden_attributes
+        [:uploader_ip_addr, :updater_ip_addr, :creator_ip_addr, :ip_addr]
+      end
+    end
+  end
+end
+
+class ActiveRecord::Base
+  include Danbooru::Extensions::ActiveRecordApi
+end
diff --git a/config/initializers/active_record_extensions.rb b/config/initializers/active_record_extensions.rb
index a4d0483a2..480bdc69d 100644
--- a/config/initializers/active_record_extensions.rb
+++ b/config/initializers/active_record_extensions.rb
@@ -44,11 +44,6 @@ module Danbooru
         
         "case #{table_name}.id " + conditions.join(" ") + " end"
       end
-      
-      def serializable_hash(options = {})
-        options = {:except => [:uploader_ip_addr, :updater_ip_addr, :creator_ip_addr, :ip_addr]}.merge(options ||= {})
-        super(options)
-      end
     end
   end
 end