diff --git a/rhodecode/api/__init__.py b/rhodecode/api/__init__.py
--- a/rhodecode/api/__init__.py
+++ b/rhodecode/api/__init__.py
@@ -183,33 +183,36 @@ def request_view(request):
     # search not expired tokens only
 
     try:
-        u = User.get_by_auth_token(request.rpc_api_key)
+        api_user = User.get_by_auth_token(request.rpc_api_key)
 
-        if u is None:
+        if api_user is None:
             return jsonrpc_error(
                 request, retid=request.rpc_id, message='Invalid API KEY')
 
-        if not u.active:
+        if not api_user.active:
             return jsonrpc_error(
                 request, retid=request.rpc_id,
                 message='Request from this user not allowed')
 
         # check if we are allowed to use this IP
         auth_u = AuthUser(
-            u.user_id, request.rpc_api_key, ip_addr=request.rpc_ip_addr)
+            api_user.user_id, request.rpc_api_key, ip_addr=request.rpc_ip_addr)
         if not auth_u.ip_allowed:
             return jsonrpc_error(
                 request, retid=request.rpc_id,
                 message='Request from IP:%s not allowed' % (
-                request.rpc_ip_addr,))
+                    request.rpc_ip_addr,))
         else:
             log.info('Access for IP:%s allowed' % (request.rpc_ip_addr,))
 
+        # register our auth-user
+        request.rpc_user = auth_u
+
         # now check if token is valid for API
         role = UserApiKeys.ROLE_API
         extra_auth_tokens = [
-            x.api_key for x in User.extra_valid_auth_tokens(u, role=role)]
-        active_tokens = [u.api_key] + extra_auth_tokens
+            x.api_key for x in User.extra_valid_auth_tokens(api_user, role=role)]
+        active_tokens = [api_user.api_key] + extra_auth_tokens
 
         log.debug('Checking if API key has proper role')
         if request.rpc_api_key not in active_tokens:
diff --git a/rhodecode/events/base.py b/rhodecode/events/base.py
--- a/rhodecode/events/base.py
+++ b/rhodecode/events/base.py
@@ -38,15 +38,30 @@ class RhodecodeEvent(object):
         self.utc_timestamp = datetime.utcnow()
 
     @property
+    def auth_user(self):
+        if not self.request:
+            return
+
+        user = getattr(self.request, 'user', None)
+        if user:
+            return user
+
+        api_user = getattr(self.request, 'rpc_user', None)
+        if api_user:
+            return api_user
+
+    @property
     def actor(self):
-        if self.request:
-            return self.request.user.get_instance()
+        auth_user = self.auth_user
+        if auth_user:
+            return auth_user.get_instance()
         return SYSTEM_USER
 
     @property
     def actor_ip(self):
-        if self.request:
-            return self.request.user.ip_addr
+        auth_user = self.auth_user
+        if auth_user:
+            return auth_user.ip_addr
         return '<no ip available>'
 
     @property