diff --git a/docs/api/api.rst b/docs/api/api.rst
--- a/docs/api/api.rst
+++ b/docs/api/api.rst
@@ -212,13 +212,13 @@ INPUT::
 OUTPUT::
 
     id : <id_given_in_input>
-    result : {  
+    result : {
                  "repo": "<reponame>",
                  "locked": "<bool true|false>",
                  "locked_since": "<float lock_time>",
                  "locked_by": "<username>",
                  "msg": "User `<username>` set lock state for repo `<reponame>` to `<false|true>`"
-             }               
+             }
     error :  null
 
 
@@ -354,7 +354,7 @@ INPUT::
     args :    {
                 "username" :  "<username>",
                 "email" :     "<useremail>",
-                "password" :  "<password>",
+                "password" :  "<password = Optional(None)>",
                 "firstname" : "<firstname> = Optional(None)",
                 "lastname" :  "<lastname> = Optional(None)",
                 "active" :    "<bool> = Optional(True)",
diff --git a/rhodecode/controllers/api/api.py b/rhodecode/controllers/api/api.py
--- a/rhodecode/controllers/api/api.py
+++ b/rhodecode/controllers/api/api.py
@@ -407,7 +407,7 @@ class ApiController(JSONRPCController):
         return result
 
     @HasPermissionAllDecorator('hg.admin')
-    def create_user(self, apiuser, username, email, password,
+    def create_user(self, apiuser, username, email, password=Optional(None),
                     firstname=Optional(None), lastname=Optional(None),
                     active=Optional(True), admin=Optional(False),
                     ldap_dn=Optional(None)):
diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py
--- a/rhodecode/model/user.py
+++ b/rhodecode/model/user.py
@@ -133,7 +133,7 @@ class UserModel(BaseModel):
             new_user.admin = admin
             # set password only if creating an user or password is changed
             if not edit or user.password != password:
-                new_user.password = get_crypt_password(password)
+                new_user.password = get_crypt_password(password) if password else None
                 new_user.api_key = generate_api_key(username)
             new_user.email = email
             new_user.active = active
diff --git a/rhodecode/tests/api/api_base.py b/rhodecode/tests/api/api_base.py
--- a/rhodecode/tests/api/api_base.py
+++ b/rhodecode/tests/api/api_base.py
@@ -477,6 +477,27 @@ class BaseTestApi(object):
         UserModel().delete(usr.user_id)
         Session().commit()
 
+    def test_api_create_user_without_password(self):
+        username = 'test_new_api_user_passwordless'
+        email = username + "@foo.com"
+
+        id_, params = _build_data(self.apikey, 'create_user',
+                                  username=username,
+                                  email=email)
+        response = api_call(self, params)
+
+        usr = UserModel().get_by_username(username)
+        ret = dict(
+            msg='created new user `%s`' % username,
+            user=jsonify(usr.get_api_data())
+        )
+
+        expected = ret
+        self._compare_ok(id_, expected, given=response.body)
+
+        UserModel().delete(usr.user_id)
+        Session().commit()
+
     @mock.patch.object(UserModel, 'create_or_update', crash)
     def test_api_create_user_when_exception_happened(self):