diff --git a/app/controllers/admin/registrars_controller.rb b/app/controllers/admin/registrars_controller.rb
index e4119e109..ac9b407e5 100644
--- a/app/controllers/admin/registrars_controller.rb
+++ b/app/controllers/admin/registrars_controller.rb
@@ -40,9 +40,10 @@ module Admin
     def edit; end
 
     def show
-      method =  params[:records].present? ? params[:records] : 'api_users'
-      @result = @registrar.send(method)
-      render_by_format('admin/registrars/show', "#{@registrar.name.parameterize}_#{method}")
+      method = allowed_method(params[:records]) || 'api_users'
+      @result = @registrar.send(method.to_sym)
+      partial_name = "#{@registrar.name.parameterize}_#{method}"
+      render_by_format('admin/registrars/show', partial_name)
     end
 
     def update
@@ -176,5 +177,10 @@ module Admin
     def iban_max_length
       Iban.max_length
     end
+
+    def allowed_method(records_param)
+      allowed_methods = %w[api_users white_ips]
+      records_param if allowed_methods.include?(records_param)
+    end
   end
 end
diff --git a/app/models/api_user.rb b/app/models/api_user.rb
index 952ae09e7..73e0f6c4e 100644
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@@ -100,7 +100,7 @@ class ApiUser < User
       active,
       accredited?,
       accreditation_expire_date,
-      created_at, updated_at,
+      created_at, updated_at
     ]
   end