diff --git a/app/models/carto/api_key.rb b/app/models/carto/api_key.rb
index 33978eefcf..f684fe9a03 100644
--- a/app/models/carto/api_key.rb
+++ b/app/models/carto/api_key.rb
@@ -75,6 +75,9 @@ module Carto
     after_destroy :drop_db_role, if: :regular?
     after_destroy :remove_from_redis
 
+    scope :master, ->() { where(type: TYPE_MASTER) }
+    scope :default_public, ->() { where(type: TYPE_DEFAULT_PUBLIC) }
+
     private_class_method :new, :create, :create!
 
     def self.create_master_key!(user: Carto::User.find(scope_attributes['user_id']))
diff --git a/app/models/user.rb b/app/models/user.rb
index ac3e33e2c7..569aeb235b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1833,7 +1833,7 @@ class User < Sequel::Model
   end
 
   def sync_master_key
-    master_key = Carto::ApiKey.where(user_id: id, type: Carto::ApiKey::TYPE_MASTER).first
+    master_key = Carto::ApiKey.where(user_id: id).master.first
     return unless master_key
 
     # Workaround: User save is not yet commited, so AR doesn't see the new api_key
@@ -1842,7 +1842,7 @@ class User < Sequel::Model
   end
 
   def sync_default_public_key
-    default_key = Carto::ApiKey.where(user_id: id, type: Carto::ApiKey::TYPE_DEFAULT_PUBLIC).first
+    default_key = Carto::ApiKey.where(user_id: id).default_public.first
     return unless default_key
 
     # Workaround: User save is not yet commited, so AR doesn't see the new database_schema
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index 8288d07b89..ed71f0247a 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -309,7 +309,7 @@ Warden::Strategies.add(:auth_api) do
     return fail! unless user_name == CartoDB.extract_subdomain(request)
 
     user_id = $users_metadata.HGET("rails:users:#{user_name}", 'id')
-    return fail! unless Carto::ApiKey.where(user_id: user_id, type: Carto::ApiKey::TYPE_MASTER, token: token).exists?
+    return fail! unless Carto::ApiKey.where(user_id: user_id, token: token).master.exists?
 
     success!(::User[user_id])
   rescue
diff --git a/spec/models/carto/api_key_spec.rb b/spec/models/carto/api_key_spec.rb
index 8796328dbb..671ec0fbfb 100644
--- a/spec/models/carto/api_key_spec.rb
+++ b/spec/models/carto/api_key_spec.rb
@@ -253,7 +253,7 @@ describe Carto::ApiKey do
       end
 
       it 'shows public tables' do
-        api_key = @carto_user1.api_keys.find_by_type(Carto::ApiKey::TYPE_DEFAULT_PUBLIC)
+        api_key = @carto_user1.api_keys.default_public.first
 
         api_key_permissions(api_key, @public_table.database_schema, @public_table.name).permissions.should eq ['select']
       end
@@ -261,7 +261,7 @@ describe Carto::ApiKey do
 
     describe 'master api key' do
       it 'user has a master key with the user db_role' do
-        api_key = @carto_user1.api_keys.find_by_type(Carto::ApiKey::TYPE_MASTER)
+        api_key = @carto_user1.api_keys.master.first
         api_key.should be
         api_key.db_role.should eq @carto_user1.database_username
         api_key.db_password.should eq @carto_user1.database_password
@@ -280,7 +280,7 @@ describe Carto::ApiKey do
       end
 
       it 'token must match user api key' do
-        api_key = @carto_user1.api_keys.find_by_type(Carto::ApiKey::TYPE_MASTER)
+        api_key = @carto_user1.api_keys.master.first
         api_key.token = 'wadus'
         api_key.save.should be_false
         api_key.errors.full_messages.should include "Token must match user model for master keys"
@@ -289,7 +289,7 @@ describe Carto::ApiKey do
 
     describe 'default public api key' do
       it 'user has a default public key with the public_db_user role' do
-        api_key = @carto_user1.api_keys.find_by_type(Carto::ApiKey::TYPE_DEFAULT_PUBLIC)
+        api_key = @carto_user1.api_keys.default_public.first
         api_key.should be
         api_key.db_role.should eq @carto_user1.database_public_username
         api_key.db_password.should eq CartoDB::PUBLIC_DB_USER_PASSWORD
@@ -308,7 +308,7 @@ describe Carto::ApiKey do
       end
 
       it 'cannot change token' do
-        api_key = @carto_user1.api_keys.find_by_type(Carto::ApiKey::TYPE_DEFAULT_PUBLIC)
+        api_key = @carto_user1.api_keys.default_public.first
         api_key.token = 'wadus'
         api_key.save.should be_false
         api_key.errors.full_messages.should include "Token must be default_public for default public keys"
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 57a6493374..285726f878 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -2581,7 +2581,7 @@ describe User do
         api_keys = Carto::ApiKey.where(user_id: @auth_api_user.id)
         api_keys.should_not be_empty
 
-        master_api_key = Carto::ApiKey.where(user_id: @auth_api_user.id, type: Carto::ApiKey::TYPE_MASTER).first
+        master_api_key = Carto::ApiKey.where(user_id: @auth_api_user.id).master.first
         master_api_key.should be
         master_api_key.token.should eq @auth_api_user.api_key
       end
@@ -2595,7 +2595,7 @@ describe User do
     end
 
     it 'syncs api key changes with master api key' do
-      master_key = Carto::ApiKey.where(user_id: @auth_api_user.id, type: Carto::ApiKey::TYPE_MASTER).first
+      master_key = Carto::ApiKey.where(user_id: @auth_api_user.id).master.first
       expect(@auth_api_user.api_key).to eq master_key.token
 
       expect { @auth_api_user.regenerate_api_key }.to(change { @auth_api_user.api_key })
diff --git a/spec/requests/carto/api/api_keys_controller_spec.rb b/spec/requests/carto/api/api_keys_controller_spec.rb
index 08514a5c75..e00f90d757 100644
--- a/spec/requests/carto/api/api_keys_controller_spec.rb
+++ b/spec/requests/carto/api/api_keys_controller_spec.rb
@@ -262,8 +262,8 @@ describe Carto::Api::ApiKeysController do
     end
 
     it 'returns 403 if API key is master or default public' do
-      master_api_key = @carto_user.api_keys.find_by_type(Carto::ApiKey::TYPE_MASTER)
-      default_api_key = @carto_user.api_keys.find_by_type(Carto::ApiKey::TYPE_DEFAULT_PUBLIC)
+      master_api_key = @carto_user.api_keys.master.first
+      default_api_key = @carto_user.api_keys.default_public.first
 
       delete_json generate_api_key_url(user_req_params(@user), name: master_api_key.name) do |response|
         response.status.should eq 403
@@ -438,7 +438,7 @@ describe Carto::Api::ApiKeysController do
 
   describe 'header auth' do
     before(:all) do
-      @master_api_key = @carto_user.api_keys.find_by_type(Carto::ApiKey::TYPE_MASTER)
+      @master_api_key = @carto_user.api_keys.master.first
     end
 
     def json_headers_with_auth
diff --git a/spec/requests/warden_spec.rb b/spec/requests/warden_spec.rb
index 82fee1003d..d21152a798 100644
--- a/spec/requests/warden_spec.rb
+++ b/spec/requests/warden_spec.rb
@@ -12,7 +12,7 @@ describe 'Warden :auth_api Strategy' do
   before :all do
     @auth_api_feature_flag = FactoryGirl.create(:feature_flag, name: 'auth_api', restricted: false)
     @user_api_keys = FactoryGirl.create(:valid_user)
-    @master_api_key = Carto::ApiKey.where(user_id: @user_api_keys.id, type: Carto::ApiKey::TYPE_MASTER).first
+    @master_api_key = Carto::ApiKey.where(user_id: @user_api_keys.id).master.first
   end
 
   after :all do