diff --git a/changelogs/unreleased/fix-user-api-confirm-param.yml b/changelogs/unreleased/fix-user-api-confirm-param.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4264257663480b762e0698a1fd5fabc712e47ed1
--- /dev/null
+++ b/changelogs/unreleased/fix-user-api-confirm-param.yml
@@ -0,0 +1,4 @@
+---
+title: Fix 500 error when POSTing to Users API with optional confirm param
+merge_request:
+author:
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 0db76ec78773fbfc44edee037f973edcd60d610e..11a7368b4c0f4a6872be41764d1724725a59c4c0 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -93,7 +93,7 @@ module API
         # Filter out params which are used later
         user_params = declared_params(include_missing: false)
         identity_attrs = user_params.slice(:provider, :extern_uid)
-        confirm = params.delete(:confirm)
+        confirm = user_params.delete(:confirm)
 
         user = User.new(user_params.except(:extern_uid, :provider))
         user.skip_confirmation! unless confirm
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 2c2e17eddb047dae954257aef24be1952a220d01..5bf5bf0739e4b871c32097239a93a2bf636ff505 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -137,6 +137,15 @@ describe API::Users, api: true  do
       expect(new_user.can_create_group).to eq(true)
     end
 
+    it "creates user with optional attributes" do
+      optional_attributes = { confirm: true }
+      attributes = attributes_for(:user).merge(optional_attributes)
+
+      post api('/users', admin), attributes
+
+      expect(response).to have_http_status(201)
+    end
+
     it "creates non-admin user" do
       post api('/users', admin), attributes_for(:user, admin: false, can_create_group: false)
       expect(response).to have_http_status(201)