diff --git a/src/language/en-GB/en-GB.plg_api_users.ini b/src/language/en-GB/en-GB.plg_api_users.ini
index 1e75e9c..f066eb6 100755
--- a/src/language/en-GB/en-GB.plg_api_users.ini
+++ b/src/language/en-GB/en-GB.plg_api_users.ini
@@ -2,7 +2,7 @@ PLG_API_USERS="API - Users"
 PLG_API_USERS_DESCRIPTION="This plugin exposes users to the Joomla! API. Supports creation, listing and login for users."
 PLG_API_USERS_BAD_REQUEST_MESSAGE="Bad request"
 PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE="Required data is empty"
-PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE="Congratulations! Your account has been created successfully"
+PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE="Congratulations! Account has been created successfully."
 PLG_API_USERS_PROFILE_CREATED_SUCCESSFULLY_MESSAGE="profile created successfully"
 PLG_API_USERS_UNABLE_CREATE_PROFILE_MESSAGE="Unable to create profile"
 PLG_API_USERS_EASYSOCIAL_NOT_INSTALL_MESSAGE="Easysocial is not installed properly"
@@ -15,3 +15,7 @@ PLG_API_USERS_UNSUPPORTED_METHOD_POST="unsupported method,please use get method"
 PLG_API_USERS_USERS="users/"
 PLG_API_USERS_IN_DELETE="in delete"
 PLG_API_USERS_IN_POST="in post"
+
+; Since v2.0.1
+PLG_API_USERS_ACCOUNT_UPDATED_SUCCESSFULLY_MESSAGE="Account details updated successfully"
+PLG_API_USERS_USER_DELETE_MESSAGE="Account details deleted successfully"
diff --git a/src/users/user.php b/src/users/user.php
index bee8825..2412884 100644
--- a/src/users/user.php
+++ b/src/users/user.php
@@ -28,29 +28,22 @@ class UsersApiResourceUser extends ApiResource
 	 */
 	public function post()
 	{
-		$app = JFactory::getApplication();
-		$userIdentifier = $app->input->get('id', 0, 'String');
-		$formData = $app->input->getArray();
-		$params = JComponentHelper::getParams("com_users");
-		$response = new stdClass;
-
-		$xidentifier = $app->input->server->get('HTTP_X_IDENTIFIER');
-		$fidentifier = $app->input->server->get('HTTP_FORCECREATE');
-
-		if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '')
-		{
-			ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'));
-
-			return;
-		}
+		$app            = JFactory::getApplication();
+		$params         = JComponentHelper::getParams("com_users");
+		$formData       = $app->input->getArray();
+		$userIdentifier = $app->input->get('id', 0, 'string');
+		$xIdentifier    = $app->input->server->get('HTTP_X_IDENTIFIER');
+		$fIdentifier    = $app->input->server->get('HTTP_FORCECREATE');
 
 		// Get current logged in user.
-		$my = JFactory::getUser();
+		$me = JFactory::getUser();
+
+		// Check if $userIdentifier is not set - POST / CREATE user case
 
-		// Check if $userIdentifier is not set
 		if (empty($userIdentifier))
 		{
-			if ($formData['password'] == '')
+			// Validate required fields
+			if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '' || $formData['password'] == '')
 			{
 				ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'));
 
@@ -72,33 +65,33 @@ public function post()
 
 			return;
 		}
+		// PATCH / EDIT user case
 		else
 		{
-			// Get a user object
-			$user = $this->retriveUser($xidentifier, $userIdentifier);
-			$passedUserGroups = array();
+			// Get a user object from xIdentifier
+			$user = $this->retriveUser($xIdentifier, $userIdentifier);
 
 			// If user is already present then update it according to access.
 			if (!empty($user->id))
 			{
-				$iAmSuperAdmin	= $my->authorise('core.admin');
+				$iAmSuperAdmin = $me->authorise('core.admin');
 
-				// Check if regular user is tring to update himself.
-				if ($my->id == $user->id || $iAmSuperAdmin)
+				// Check if regular user is trying to update his/her own profile OR if user is superadmin
+				if ($me->id == $user->id || $iAmSuperAdmin)
 				{
-					// If present then update or else dont include.
+					// If password present then update password2 or else dont include.
 					if (!empty($formData['password']))
 					{
 						$formData['password2'] = $formData['password'];
 					}
 
-					// Add newly added groups and keep the old one as it is.
+					/*// Add newly added groups and keep the old one as it is.
 					if (!empty($formData['groups']))
 					{
-						$passedUserGroups['groups'] = array_unique(array_merge($user->groups, $formData['groups']));
-					}
+						$formData['groups'] = array_unique(array_merge($user->groups, $formData['groups']));
+					}*/
 
-					$response = $this->storeUser($user, $passedUserGroups);
+					$response = $this->storeUser($user, $formData);
 					$this->plugin->setResponse($response);
 
 					return;
@@ -112,11 +105,12 @@ public function post()
 			}
 			else
 			{
-				if ($fidentifier)
+				// Forced user creation
+				if ($fIdentifier)
 				{
 					$user = new JUser;
 
-					if ($formData['password'] == '')
+					if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '' || $formData['password'] == '')
 					{
 						ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'));
 
@@ -135,9 +129,10 @@ public function post()
 
 					return;
 				}
+				// User trying to be updated not found
 				else
 				{
-					ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_ABSENT_MESSAGE'));
+					ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_NOT_FOUND_MESSAGE'));
 
 					return;
 				}
@@ -145,6 +140,29 @@ public function post()
 		}
 	}
 
+	/**
+	 * Funtion to remove sensitive user info fields like password
+	 *
+	 * @param   Object  $user    The user object.
+	 * @param   Array   $fields  Array of fields to be unset
+	 *
+	 * @return  object|void  $user
+	 *
+	 * @since   2.0.1
+	 */
+	protected function sanitizeUserFields($user, $fields = array('password', 'password_clear', 'otpKey', 'otep'))
+	{
+		foreach ($fields as $f)
+		{
+			if (isset($user->{$f}))
+			{
+				unset($user->{$f});
+			}
+		}
+
+		return $user;
+	}
+
 	/**
 	 * Function get for user record.
 	 *
@@ -154,9 +172,9 @@ public function post()
 	 */
 	public function get()
 	{
-		$input = JFactory::getApplication()->input;
-		$id = $input->get('id', 0, 'int');
-		$xidentifier	= $input->server->get('HTTP_X_IDENTIFIER', '', 'String');
+		$input       = JFactory::getApplication()->input;
+		$id          = $input->get('id', 0, 'string');
+		$xIdentifier = $input->server->get('HTTP_X_IDENTIFIER', '', 'string');
 
 		/*
 		 * If we have an id try to fetch the user
@@ -164,17 +182,15 @@ public function get()
 		 */
 		if ($id)
 		{
-			// Get a user object
-			$user = $this->retriveUser($xidentifier, $id);
+			// Get user object
+			$user = $this->retriveUser($xIdentifier, $id);
 
-			if (! $user->id)
+			if (!$user->id)
 			{
 				ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_NOT_FOUND_MESSAGE'));
 
 				return;
 			}
-
-			$this->plugin->setResponse($user);
 		}
 		else
 		{
@@ -184,9 +200,11 @@ public function get()
 			{
 				ApiError::raiseError(400, JText::_('JERROR_ALERTNOAUTHOR'));
 			}
-
-			$this->plugin->setResponse($user);
 		}
+
+		$user = $this->sanitizeUserFields($user);
+
+		$this->plugin->setResponse($user);
 	}
 
 	/**
@@ -224,8 +242,22 @@ private function getUserId($email)
 	private function storeUser($user, $formData, $isNew = 0)
 	{
 		$response = new stdClass;
+		$ignore   = array();
+
+		// Ignore pasword field if not set to avoid warning on bind()
+		if (!isset($formData['password']))
+		{
+			$ignore[] = 'password';
+		}
+
+		// In case of edit user, set formData->id as $user->id no matter what is passed in x-identifier
+		// Otherwise - it will try to create new user
+		if (!$isNew)
+		{
+			$formData['id'] = $user->id;
+		}
 
-		if (!$user->bind($formData))
+		if (!$user->bind($formData, $ignore))
 		{
 			ApiError::raiseError(400, $user->getError());
 
@@ -239,6 +271,7 @@ private function storeUser($user, $formData, $isNew = 0)
 			return;
 		}
 
+		// Set user id to be returned
 		$response->id = $user->id;
 
 		if ($isNew)
@@ -262,16 +295,16 @@ private function storeUser($user, $formData, $isNew = 0)
 	 */
 	public function delete()
 	{
-		$app = JFactory::getApplication();
-		$userIdentifier = $app->input->get('id', 0, 'STRING');
-		$xidentifier = $app->input->server->get('HTTP_X_IDENTIFIER', '', 'String');
+		$app            = JFactory::getApplication();
+		$userIdentifier = $app->input->get('id', 0, 'string');
+		$xIdentifier    = $app->input->server->get('HTTP_X_IDENTIFIER', '', 'string');
 
 		$loggedUser = JFactory::getUser();
 
 		// Check if I am a Super Admin
 		$iAmSuperAdmin = $loggedUser->authorise('core.admin');
 
-		$userToDelete = $this->retriveUser($xidentifier, $userIdentifier);
+		$userToDelete = $this->retriveUser($xIdentifier, $userIdentifier);
 
 		if (!$userToDelete->id)
 		{
@@ -319,7 +352,7 @@ public function delete()
 	/**
 	 * Function retriveUser for get user details depending upon the identifier.
 	 *
-	 * @param   string  $xidentifier     Flag to differentiate the column value.
+	 * @param   string  $xIdentifier     Flag to differentiate the column value.
 	 *
 	 * @param   string  $userIdentifier  username
 	 *
@@ -327,11 +360,11 @@ public function delete()
 	 *
 	 * @since   2.0
 	 */
-	private function retriveUser($xidentifier, $userIdentifier)
+	private function retriveUser($xIdentifier, $userIdentifier)
 	{
 		$user = new stdClass;
 
-		switch ($xidentifier)
+		switch ($xIdentifier)
 		{
 			case 'username':
 				$userId = JUserHelper::getUserId($userIdentifier);