diff --git a/test/api/v3/integration/user/GET-user.test.js b/test/api/v3/integration/user/GET-user.test.js
index f828d4fbb2..555672b079 100644
--- a/test/api/v3/integration/user/GET-user.test.js
+++ b/test/api/v3/integration/user/GET-user.test.js
@@ -27,4 +27,13 @@ describe('GET /user', () => {
     expect(returnedUser.auth.local.salt).to.not.exist;
     expect(returnedUser.apiToken).to.not.exist;
   });
+
+  it('returns only user properties requested', async () => {
+    let returnedUser = await user.get('/user?userFields=achievements,items.mounts');
+
+    expect(returnedUser._id).to.equal(user._id);
+    expect(returnedUser.achievements).to.exist;
+    expect(returnedUser.items.mounts).to.exist;
+    expect(returnedUser.stats).to.not.exist;
+  });
 });
diff --git a/website/server/controllers/api-v3/user.js b/website/server/controllers/api-v3/user.js
index 37362f6c9b..edc4b4055b 100644
--- a/website/server/controllers/api-v3/user.js
+++ b/website/server/controllers/api-v3/user.js
@@ -80,11 +80,13 @@ api.getUser = {
     // Remove apiToken from response TODO make it private at the user level? returned in signup/login
     delete userToJSON.apiToken;
 
-    let {daysMissed} = user.daysUserHasMissed(new Date(), req);
-    userToJSON.needsCron = false;
-    if (daysMissed > 0) userToJSON.needsCron = true;
+    if (!req.query.userFields) {
+      let {daysMissed} = user.daysUserHasMissed(new Date(), req);
+      userToJSON.needsCron = false;
+      if (daysMissed > 0) userToJSON.needsCron = true;
+      user.addComputedStatsToJSONObj(userToJSON.stats);
+    }
 
-    user.addComputedStatsToJSONObj(userToJSON.stats);
     return res.respond(200, userToJSON);
   },
 };
diff --git a/website/server/middlewares/auth.js b/website/server/middlewares/auth.js
index dbd810f823..012d52584a 100644
--- a/website/server/middlewares/auth.js
+++ b/website/server/middlewares/auth.js
@@ -5,9 +5,22 @@ import {
   model as User,
 } from '../models/user';
 import nconf from 'nconf';
+import url from 'url';
 
 const COMMUNITY_MANAGER_EMAIL = nconf.get('EMAILS:COMMUNITY_MANAGER_EMAIL');
 
+function getUserFields (userFieldProjection, req) {
+  if (userFieldProjection) return `notifications ${userFieldProjection}`;
+
+  const urlPath = url.parse(req.url).pathname;
+  if (!req.query.userFields || urlPath !== '/user') return '';
+
+  const userFieldOptions = req.query.userFields.split(',');
+  if (userFieldOptions.length === 0) return '';
+
+  return `notifications ${userFieldOptions.join(' ')}`;
+}
+
 // Strins won't be translated here because getUserLanguage has not run yet
 
 // Authenticate a request through the x-api-user and x-api key header
@@ -27,8 +40,7 @@ export function authWithHeaders (optional = false, userFieldProjection = '') {
       apiToken,
     };
 
-    let fields = '';
-    if (userFieldProjection) fields = `notifications ${userFieldProjection}`;
+    const fields = getUserFields(userFieldProjection, req);
     const findPromise = fields ? User.findOne(userQuery, fields) : User.findOne(userQuery);
 
     return findPromise