diff --git a/CHANGELOG.md b/CHANGELOG.md
index a059f195a..03a2b95e8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - support for repository-level concurrency limits.
 - support for gitlab and github internal visibility on initial sync.
 
+### Fixed
+- create machine user with a custom API token.
+
 ## [1.10.0]
 ### Added
 - support for starlark scripts in core.
diff --git a/handler/api/users/create.go b/handler/api/users/create.go
index 4b697b732..d12c1d045 100644
--- a/handler/api/users/create.go
+++ b/handler/api/users/create.go
@@ -35,7 +35,7 @@ type userWithToken struct {
 // to create the named user account in the system.
 func HandleCreate(users core.UserStore, service core.UserService, sender core.WebhookSender) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		in := new(core.User)
+		in := new(userWithToken)
 		err := json.NewDecoder(r.Body).Decode(in)
 		if err != nil {
 			render.BadRequest(w, err)
diff --git a/handler/api/users/create_test.go b/handler/api/users/create_test.go
index 14a7c66b8..f57798362 100644
--- a/handler/api/users/create_test.go
+++ b/handler/api/users/create_test.go
@@ -67,6 +67,58 @@ func TestCreate(t *testing.T) {
 	}
 }
 
+func TestCreateWithToken(t *testing.T) {
+	controller := gomock.NewController(t)
+	defer controller.Finish()
+
+	users := mock.NewMockUserStore(controller)
+	users.EXPECT().Create(gomock.Any(), gomock.Any()).Do(func(_ context.Context, in *core.User) error {
+		if got, want := in.Login, "octocat"; got != want {
+			t.Errorf("Want user login %s, got %s", want, got)
+		}
+		if got, want := in.Machine, true; got != want {
+			t.Errorf("Want user machine %v, got %v", want, got)
+		}
+		if got, want := in.Hash, "abc123"; got != want {
+			t.Errorf("Want user hash %s, got %s", want, got)
+		}
+		return nil
+	})
+
+	webhook := mock.NewMockWebhookSender(controller)
+	webhook.EXPECT().Send(gomock.Any(), gomock.Any()).Return(nil)
+
+	service := mock.NewMockUserService(controller)
+
+	in := new(bytes.Buffer)
+	json.NewEncoder(in).Encode(&userWithToken{&core.User{Login: "octocat", Machine: true}, "abc123"})
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest("POST", "/", in)
+
+	HandleCreate(users, service, webhook)(w, r)
+	if got, want := w.Code, 200; want != got {
+		t.Errorf("Want response code %d, got %d", want, got)
+	}
+
+	out := new(userWithToken)
+	json.NewDecoder(w.Body).Decode(out)
+	if got, want := out.Login, "octocat"; got != want {
+		t.Errorf("Want user login %s, got %s", want, got)
+	}
+	if got, want := out.Active, true; got != want {
+		t.Errorf("Want user active %v, got %v", want, got)
+	}
+	if got := out.Created; got == 0 {
+		t.Errorf("Want user created set to current unix timestamp, got %v", got)
+	}
+	if got := out.Updated; got == 0 {
+		t.Errorf("Want user updated set to current unix timestamp, got %v", got)
+	}
+	if got, want := out.Token, "abc123"; got != want {
+		t.Errorf("Want user token %s, got %s", want, got)
+	}
+}
+
 func TestCreate_CorrectName(t *testing.T) {
 	controller := gomock.NewController(t)
 	defer controller.Finish()