diff --git a/src/api/groups.js b/src/api/groups.js
new file mode 100644
index 000000000000..3f251d189c20
--- /dev/null
+++ b/src/api/groups.js
@@ -0,0 +1,49 @@
+'use strict';
+
+const privileges = require('../privileges');
+const events = require('../events');
+const groups = require('../groups');
+
+const groupsAPI = module.exports;
+
+groupsAPI.create = async function (caller, data) {
+	if (!caller.uid) {
+		throw new Error('[[error:no-privileges]]');
+	} else if (typeof data.name !== 'string' || groups.isPrivilegeGroup(data.name)) {
+		throw new Error('[[error:invalid-group-name]]');
+	}
+
+	const canCreate = await privileges.global.can('group:create', caller.uid);
+	if (!canCreate) {
+		throw new Error('[[error:no-privileges]]');
+	}
+	data.ownerUid = caller.uid;
+	data.system = false;
+	const groupData = await groups.create(data);
+	logGroupEvent(caller, 'group-create', {
+		groupName: data.name,
+	});
+
+	return groupData;
+};
+
+// groupsAPI.join = async function (caller, data) {
+// 	// TODO:
+// };
+
+// groupsAPI.leave = async function (caller, data) {
+// 	// TODO:
+// };
+
+// groupsAPI.delete = async function (caller, data) {
+// 	// TODO:
+// };
+
+function logGroupEvent(caller, event, additional) {
+	events.log({
+		type: event,
+		uid: caller.uid,
+		ip: caller.ip,
+		...additional,
+	});
+}
diff --git a/src/api/index.js b/src/api/index.js
new file mode 100644
index 000000000000..4be8b235e334
--- /dev/null
+++ b/src/api/index.js
@@ -0,0 +1,5 @@
+'use strict';
+
+module.exports = {
+	groups: require('./groups'),
+};
diff --git a/src/controllers/write/groups.js b/src/controllers/write/groups.js
index 96a744cff649..3b887122c133 100644
--- a/src/controllers/write/groups.js
+++ b/src/controllers/write/groups.js
@@ -8,28 +8,15 @@ const events = require('../../events');
 const meta = require('../../meta');
 const slugify = require('../../slugify');
 const notifications = require('../../notifications');
+const api = require('../../api');
 
 const helpers = require('../helpers');
 
 const Groups = module.exports;
 
 Groups.create = async (req, res) => {
-	if (typeof req.body.name !== 'string' || groups.isPrivilegeGroup(req.body.name)) {
-		throw new Error('[[error:invalid-group-name]]');
-	}
-
-	if (!res.locals.privileges['group:create']) {
-		throw new Error('[[error:no-privileges]]');
-	}
-
-	req.body.ownerUid = req.user.uid;
-	req.body.system = false;
-
-	const groupObj = await groups.create(req.body);
+	const groupObj = await api.groups.create(req, req.body);
 	helpers.formatApiResponse(200, res, groupObj);
-	logGroupEvent(req, 'group-create', {
-		groupName: req.body.name,
-	});
 };
 
 Groups.delete = async (req, res) => {
diff --git a/src/routes/write/groups.js b/src/routes/write/groups.js
index 57cd56e539d5..00cfb5f22631 100644
--- a/src/routes/write/groups.js
+++ b/src/routes/write/groups.js
@@ -10,7 +10,7 @@ const setupApiRoute = routeHelpers.setupApiRoute;
 module.exports = function () {
 	const middlewares = [middleware.authenticate];
 
-	setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['name']), middleware.exposePrivilegeSet], 'post', controllers.write.groups.create);
+	setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['name'])], 'post', controllers.write.groups.create);
 	setupApiRoute(router, '/:slug', middleware, [...middlewares, middleware.assert.group, middleware.exposePrivileges], 'delete', controllers.write.groups.delete);
 	setupApiRoute(router, '/:slug/membership/:uid', middleware, [...middlewares, middleware.assert.group, middleware.exposePrivileges], 'put', controllers.write.groups.join);
 	setupApiRoute(router, '/:slug/membership/:uid', middleware, [...middlewares, middleware.assert.group, middleware.exposePrivileges], 'delete', controllers.write.groups.leave);
diff --git a/src/socket.io/groups.js b/src/socket.io/groups.js
index 9aebf738cfa1..d7e72ede6aaf 100644
--- a/src/socket.io/groups.js
+++ b/src/socket.io/groups.js
@@ -7,7 +7,7 @@ const user = require('../user');
 const utils = require('../utils');
 const slugify = require('../slugify');
 const events = require('../events');
-const privileges = require('../privileges');
+const api = require('../api');
 const notifications = require('../notifications');
 const sockets = require('.');
 
@@ -284,24 +284,7 @@ SocketGroups.kick = async (socket, data) => {
 
 SocketGroups.create = async (socket, data) => {
 	sockets.warnDeprecated(socket, 'POST /api/v3/groups');
-
-	if (!socket.uid) {
-		throw new Error('[[error:no-privileges]]');
-	} else if (typeof data.name !== 'string' || groups.isPrivilegeGroup(data.name)) {
-		throw new Error('[[error:invalid-group-name]]');
-	}
-
-	const canCreate = await privileges.global.can('group:create', socket.uid);
-	if (!canCreate) {
-		throw new Error('[[error:no-privileges]]');
-	}
-	data.ownerUid = socket.uid;
-	data.system = false;
-	const groupData = await groups.create(data);
-	logGroupEvent(socket, 'group-create', {
-		groupName: data.name,
-	});
-
+	const groupData = await api.groups.create(socket, data);
 	return groupData;
 };
 
diff --git a/src/socket.io/index.js b/src/socket.io/index.js
index 1938333da7d7..21744deca743 100644
--- a/src/socket.io/index.js
+++ b/src/socket.io/index.js
@@ -266,4 +266,5 @@ Sockets.warnDeprecated = (socket, replacement) => {
 			replacement: replacement,
 		});
 	}
+	winston.warn('[deprecated]\n ' + (new Error('-').stack.split('\n').slice(2, 3).join('\n')) + '\n     use ' + replacement);
 };