diff --git a/lib/travis/api/v3/router.rb b/lib/travis/api/v3/router.rb
index 96303c10..956d3db9 100644
--- a/lib/travis/api/v3/router.rb
+++ b/lib/travis/api/v3/router.rb
@@ -17,7 +17,7 @@ module Travis::API::V3
 
       raise NotFound unless factory
 
-      service         = factory.new(access_control, env_params.merge(params))
+      service         = factory.new(access_control, factory.filter_params(env_params).merge(params))
       result          = service.run
       render(result, env_params, env)
     rescue Error => error
diff --git a/lib/travis/api/v3/service.rb b/lib/travis/api/v3/service.rb
index 01e2f61c..020a6aaf 100644
--- a/lib/travis/api/v3/service.rb
+++ b/lib/travis/api/v3/service.rb
@@ -1,5 +1,8 @@
 module Travis::API::V3
   class Service
+    DEFAULT_PARAMS = [ "include".freeze, "@type".freeze ]
+    private_constant :DEFAULT_PARAMS
+
     def self.result_type(type = nil)
       @result_type   = type if type
       @result_type ||= parent.result_type if parent and parent.respond_to? :result_type
@@ -7,6 +10,20 @@ module Travis::API::V3
       @result_type
     end
 
+    def self.filter_params(params)
+      wanted = self.params
+      params.select { |key| wanted.include? key }
+    end
+
+    def self.params(*list, prefix: nil)
+      @params ||= superclass.respond_to?(:params) ? superclass.params.dup : DEFAULT_PARAMS
+      list.each do |entry|
+        @params << entry.to_s
+        @params << "#{prefix || result_type}.#{entry}" if entry.is_a? Symbol
+      end
+      @params
+    end
+
     attr_accessor :access_control, :params
 
     def initialize(access_control, params)
diff --git a/lib/travis/api/v3/services/organizations/for_current_user.rb b/lib/travis/api/v3/services/organizations/for_current_user.rb
index 42104de7..b99af28f 100644
--- a/lib/travis/api/v3/services/organizations/for_current_user.rb
+++ b/lib/travis/api/v3/services/organizations/for_current_user.rb
@@ -1,5 +1,5 @@
 module Travis::API::V3
-  class Services::Repositories::ForCurrentUser < Service
+  class Services::Organizations::ForCurrentUser < Service
     def run!
       raise LoginRequired unless access_control.logged_in?
       query.for_member(access_control.user)
diff --git a/lib/travis/api/v3/services/repositories/for_current_user.rb b/lib/travis/api/v3/services/repositories/for_current_user.rb
index b99af28f..925a605c 100644
--- a/lib/travis/api/v3/services/repositories/for_current_user.rb
+++ b/lib/travis/api/v3/services/repositories/for_current_user.rb
@@ -1,5 +1,7 @@
 module Travis::API::V3
-  class Services::Organizations::ForCurrentUser < Service
+  class Services::Repositories::ForCurrentUser < Service
+    params :active, :private, prefix: :repository
+
     def run!
       raise LoginRequired unless access_control.logged_in?
       query.for_member(access_control.user)
diff --git a/lib/travis/api/v3/services/requests/create.rb b/lib/travis/api/v3/services/requests/create.rb
index c651a03e..2ff6f156 100644
--- a/lib/travis/api/v3/services/requests/create.rb
+++ b/lib/travis/api/v3/services/requests/create.rb
@@ -5,6 +5,7 @@ module Travis::API::V3
     private_constant :TIME_FRAME, :LIMIT
 
     result_type :request
+    params "request", "user", :config, :message, :branch
 
     def run
       raise LoginRequired                              unless access_control.logged_in? or access_control.full_access?
diff --git a/spec/v3/services/account/find_spec.rb b/spec/v3/services/account/find_spec.rb
index e2c0b2a6..a114efd0 100644
--- a/spec/v3/services/account/find_spec.rb
+++ b/spec/v3/services/account/find_spec.rb
@@ -26,17 +26,14 @@ describe Travis::API::V3::Services::Account::Find do
 
       before  { get("/v3/account/example-org?organization.id=#{other.id}") }
       example { expect(last_response).to be_ok   }
-
-      pending "param whitelisting not yet implemented" do
-        example { expect(JSON.load(body)).to be == {
-          "@type"     => "organization",
-          "@href"     => "/v3/org/#{org.id}",
-          "id"        => org.id,
-          "login"     => "example-org",
-          "name"      => nil,
-          "github_id" => nil
-        }}
-      end
+      example { expect(JSON.load(body)).to be == {
+        "@type"     => "organization",
+        "@href"     => "/v3/org/#{org.id}",
+        "id"        => org.id,
+        "login"     => "example-org",
+        "name"      => nil,
+        "github_id" => nil
+      }}
     end
   end
 
@@ -65,21 +62,18 @@ describe Travis::API::V3::Services::Account::Find do
       before      { other.save!                   }
       after       { other.delete                  }
 
-      before  { get("/v3/account/example-org?user.id=#{other.id}") }
+      before  { get("/v3/account/example-user?user.id=#{other.id}") }
       example { expect(last_response).to be_ok   }
-
-      pending "param whitelisting not yet implemented" do
-        example { expect(JSON.load(body)).to be == {
-          "@type"     => "user",
-          "@href"     => "/v3/user/#{user.id}",
-          "id"        => user.id,
-          "login"     => "example-user",
-          "name"      => nil,
-          "github_id" => nil,
-          "is_syncing"=> nil,
-          "synced_at" => nil
-        }}
-      end
+      example { expect(JSON.load(body)).to be == {
+        "@type"     => "user",
+        "@href"     => "/v3/user/#{user.id}",
+        "id"        => user.id,
+        "login"     => "example-user",
+        "name"      => nil,
+        "github_id" => nil,
+        "is_syncing"=> nil,
+        "synced_at" => nil
+      }}
     end
   end
 end