diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 2ce45fb1c2..83719f1dba 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -1970,7 +1970,7 @@ class JobLaunchSerializer(BaseSerializer):
     variables_needed_to_start = serializers.ReadOnlyField()
     credential_needed_to_start = serializers.SerializerMethodField()
     survey_enabled = serializers.SerializerMethodField()
-    extra_vars = VerbatimField(required=False)
+    extra_vars = VerbatimField(required=False, write_only=True)
 
     class Meta:
         model = JobTemplate
@@ -1978,18 +1978,11 @@ class JobLaunchSerializer(BaseSerializer):
                   'ask_variables_on_launch', 'survey_enabled', 'variables_needed_to_start',
                   'credential', 'credential_needed_to_start',)
         read_only_fields = ('ask_variables_on_launch',)
-        write_only_fields = ('credential', 'extra_vars',)
-
-    def to_representation(self, obj):
-        res = super(JobLaunchSerializer, self).to_representation(obj)
-        view = self.context.get('view', None)
-        if obj and hasattr(view, '_raw_data_form_marker'):
-            if obj.passwords_needed_to_start:
-                password_keys = dict([(p, u'') for p in obj.passwords_needed_to_start])
-                res.update(password_keys)
-            if self.get_credential_needed_to_start(obj) is True:
-                res.update(dict(credential=''))
-        return res
+        extra_kwargs = {
+            'credential': {
+                'write_only': True,
+            },
+        }
 
     def get_credential_needed_to_start(self, obj):
         return not (obj and obj.credential and obj.credential.active)
diff --git a/awx/api/views.py b/awx/api/views.py
index 28697ee58a..1a6e306419 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1876,6 +1876,21 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView):
     is_job_start = True
     always_allow_superuser = False
 
+    def update_raw_data(self, data):
+        obj = self.get_object()
+        extra_vars = data.get('extra_vars') or {}
+        if obj:
+            for p in obj.passwords_needed_to_start:
+                data[p] = u''
+            if obj.credential and obj.credential.active:
+                data.pop('credential', None)
+            else:
+                data['credential'] = None
+            for v in obj.variables_needed_to_start:
+                extra_vars.setdefault(v, u'')
+        data['extra_vars'] = extra_vars
+        return data
+
     def post(self, request, *args, **kwargs):
         obj = self.get_object()
         if not request.user.can_access(self.model, 'start', obj):