diff --git a/api/views.py b/api/views.py
index d72857b..59e608b 100644
--- a/api/views.py
+++ b/api/views.py
@@ -3,7 +3,7 @@ from rest_framework import viewsets
 
 from .serializers import ContestSerializer, BandSerializer, FrequencySerializer, EntryCategorySerializer, \
     ReferenceSerializer, QSOSerializer, ShadowCallSerializer, UserSerializer
-from contest.models import Contest, Band, Frequency, EntryCategory, Reference, QSO, ShadowCall
+from contest.models import Contest, Band, Frequency, EntryCategory, Reference, QSO, ShadowCall, User
 
 
 class ContestViewSet(viewsets.ReadOnlyModelViewSet):
@@ -62,17 +62,26 @@ class QSOViewSet(viewsets.ModelViewSet):
         return serializer.save(owner=self.request.user)
 
 
-class UserProfileViewSet(generics.UpdateAPIView, viewsets.GenericViewSet):
+class UserProfileViewSet(viewsets.ModelViewSet):
+    """
+    Resource to view user-profiles, currently restricted to the current user's profile.
+    Use `me/` to get the profile of the currently logged in user.
+    """
     permission_classes = [IsAuthenticated]
     serializer_class = UserSerializer
 
-    def list(self, request, format=None):
-        user = request.user
-        serializer = UserSerializer(user)
-        return Response(serializer.data)
-
     def get_queryset(self):
-        return self.request.user
+        return User.objects.filter(id=self.request.user.id)
+
+    def get_object(self):
+        lookup_url_kwarg = self.lookup_url_kwarg or self.lookup_field
+        if self.kwargs.get(lookup_url_kwarg) == "me":
+            obj = self.request.user
+            self.check_object_permissions(self.request, obj)
+        else:
+            obj = super(ContestViewSet, self).get_object()
+
+        return obj
 
 
 class ShadowCallViewSet(viewsets.ReadOnlyModelViewSet):