diff --git a/CHANGELOG.md b/CHANGELOG.md
index e655bbe97..b2841bb7f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * `[pre.4]` — Fixes bug preventing server updates from occurring by the system due to undefined `Auth::user()` in the event listener.
 * `[pre.4]` — Fixes `Server::byUuid()` caching to actually clear the cache for *all* users, rather than the logged in user by using cache tags.
 * `[pre.4]` — Fixes server listing on frontend not displaying a page selector when more than 10 servers exist.
+* `[pre.4]` — Fixes non-admin users being unable to create personal API keys.
 
 ### Added
 * Ability to assign multiple allocations at once when creating a new server.
diff --git a/app/Http/Controllers/Base/APIController.php b/app/Http/Controllers/Base/APIController.php
index 68045a722..f4133bc7f 100644
--- a/app/Http/Controllers/Base/APIController.php
+++ b/app/Http/Controllers/Base/APIController.php
@@ -52,7 +52,7 @@ class APIController extends Controller
     {
         try {
             $repo = new APIRepository($request->user());
-            $secret = $repo->create($request->only([
+            $secret = $repo->create($request->intersect([
                 'memo', 'allowed_ips',
                 'adminPermissions', 'permissions',
             ]));