diff --git a/app/views/users/index.api.rsb b/app/views/users/index.api.rsb
index 66b104f46..4b51ba47a 100644
--- a/app/views/users/index.api.rsb
+++ b/app/views/users/index.api.rsb
@@ -11,6 +11,7 @@ api.array :users, api_meta(:total_count => @user_count, :offset => @offset, :lim
       api.updated_on user.updated_on
       api.last_login_on     user.last_login_on
       api.passwd_changed_on user.passwd_changed_on
+      api.twofa_scheme user.twofa_scheme
 
       render_api_custom_values user.visible_custom_field_values, api
     end
diff --git a/app/views/users/show.api.rsb b/app/views/users/show.api.rsb
index 3bc77e3be..5fe3d5b1c 100644
--- a/app/views/users/show.api.rsb
+++ b/app/views/users/show.api.rsb
@@ -9,6 +9,7 @@ api.user do
   api.updated_on @user.updated_on
   api.last_login_on     @user.last_login_on
   api.passwd_changed_on @user.passwd_changed_on
+  api.twofa_scheme      @user.twofa_scheme
   api.api_key    @user.api_key if User.current.admin? || (User.current == @user)
   api.status     @user.status if User.current.admin?
 
diff --git a/test/integration/api_test/users_test.rb b/test/integration/api_test/users_test.rb
index 1c669c9f5..b79791a7c 100644
--- a/test/integration/api_test/users_test.rb
+++ b/test/integration/api_test/users_test.rb
@@ -23,25 +23,35 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
   fixtures :users, :email_addresses, :members, :member_roles, :roles, :projects
 
   test "GET /users.xml should return users" do
+    users = User.active.order('login')
+    users.last.update(twofa_scheme: 'totp')
     get '/users.xml', :headers => credentials('admin')
 
     assert_response :success
     assert_equal 'application/xml', response.media_type
     assert_select 'users' do
-      users = User.active.order('login')
       assert_select 'user', :count => users.size do |nodeset|
         nodeset.zip(users) do |user_element, user|
           assert_select user_element, 'id', :text => user.id.to_s
           assert_select user_element, 'updated_on', :text => user.updated_on.iso8601
+          assert_select user_element, 'twofa_scheme', :text => user.twofa_scheme.to_s
 
           # No one has changed password.
           assert_select user_element, 'passwd_changed_on', :text => ''
+
+          if user == users.last
+            assert_select user_element, 'twofa_scheme', :text => 'totp'
+          else
+            assert_select user_element, 'twofa_scheme', :text => ''
+          end
         end
       end
     end
   end
 
   test "GET /users.json should return users" do
+    users = User.active.order('login')
+    users.last.update(twofa_scheme: 'totp')
     get '/users.json', :headers => credentials('admin')
 
     assert_response :success
@@ -58,6 +68,12 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
 
       # No one has changed password.
       assert_nil user_json['passwd_changed_on']
+
+      if user == users.last
+        assert_equal 'totp', user_json['twofa_scheme']
+      else
+        assert_nil user_json['twofa_scheme']
+      end
     end
   end
 
@@ -68,6 +84,7 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
     assert_select 'user id', :text => '2'
     assert_select 'user updated_on', :text => Time.zone.parse('2006-07-19T20:42:15Z').iso8601
     assert_select 'user passwd_changed_on', :text => ''
+    assert_select 'user twofa_scheme', :text => ''
   end
 
   test "GET /users/:id.json should return the user" do
@@ -80,6 +97,7 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
     assert_equal 2, json['user']['id']
     assert_equal Time.zone.parse('2006-07-19T20:42:15Z').iso8601, json['user']['updated_on']
     assert_nil json['user']['passwd_changed_on']
+    assert_nil json['user']['twofa_scheme']
   end
 
   test "GET /users/:id.xml with include=memberships should include memberships" do