diff --git a/src/routes/profile.js b/src/routes/profile.js
index 6ca528eb5..c5e0b179d 100644
--- a/src/routes/profile.js
+++ b/src/routes/profile.js
@@ -82,7 +82,7 @@ function setAvatar(req, res, next) {
 function clearAvatar(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
-    users.clearAvatar(req.user, function (error) {
+    users.clearAvatar(req.user.id, function (error) {
         if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
diff --git a/src/routes/users.js b/src/routes/users.js
index 056c5ead8..84a62cbf7 100644
--- a/src/routes/users.js
+++ b/src/routes/users.js
@@ -1,18 +1,20 @@
 'use strict';
 
 exports = module.exports = {
-    get: get,
-    update: update,
-    list: list,
-    create: create,
-    remove: remove,
-    changePassword: changePassword,
-    verifyPassword: verifyPassword,
-    createInvite: createInvite,
-    sendInvite: sendInvite,
-    setGroups: setGroups,
+    get,
+    update,
+    list,
+    create,
+    remove,
+    changePassword,
+    verifyPassword,
+    createInvite,
+    sendInvite,
+    setGroups,
+    setAvatar,
+    clearAvatar,
 
-    load: load
+    load
 };
 
 var assert = require('assert'),
@@ -192,3 +194,25 @@ function changePassword(req, res, next) {
         next(new HttpSuccess(204));
     });
 }
+
+function setAvatar(req, res, next) {
+    assert.strictEqual(typeof req.resource, 'object');
+
+    if (!req.files.avatar) return next(new HttpError(400, 'avatar is missing'));
+
+    users.setAvatar(req.resource.id, req.files.avatar.path, function (error) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(202, {}));
+    });
+}
+
+function clearAvatar(req, res, next) {
+    assert.strictEqual(typeof req.resource, 'object');
+
+    users.clearAvatar(req.resource.id, function (error) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(202, {}));
+    });
+}
diff --git a/src/server.js b/src/server.js
index 378fea894..43985e254 100644
--- a/src/server.js
+++ b/src/server.js
@@ -173,6 +173,8 @@ function initializeExpressSync() {
     router.put ('/api/v1/users/:userId/groups',        json, token, authorizeUserManager, routes.users.load, routes.users.setGroups);
     router.post('/api/v1/users/:userId/send_invite',   json, token, authorizeUserManager, routes.users.load, routes.users.sendInvite);
     router.post('/api/v1/users/:userId/create_invite', json, token, authorizeUserManager, routes.users.load, routes.users.createInvite);
+    router.post('/api/v1/users/:userId/avatar',        json, token, authorizeUserManager, routes.users.load, multipart, routes.users.setAvatar);
+    router.del ('/api/v1/users/:userId/avatar',              token, authorizeUserManager, routes.users.load, routes.users.clearAvatar);
 
     // Group management
     router.get ('/api/v1/groups',                        token, authorizeUserManager, routes.groups.list);