diff --git a/app/api/users.py b/app/api/users.py
index 96b7cdbf..5c249b15 100644
--- a/app/api/users.py
+++ b/app/api/users.py
@@ -306,8 +306,8 @@ def role_permission_remove(role_name: str, perm_name: str):
     return jsonify(role.to_dict())
 
 
-@bp.route("/role/<string:role_name>/create", methods=["POST"])
-@api_web_bp.route("/role/<string:role_name>/create", methods=["POST"])
+@bp.route("/role/create/<string:role_name>", methods=["POST"])
+@api_web_bp.route("/role/create/<string:role_name>", methods=["POST"])
 @login_required
 @scodoc
 @permission_required(Permission.ScoSuperAdmin)
diff --git a/tests/api/test_api_users.py b/tests/api/test_api_users.py
index 5ddc3846..8174a9fe 100644
--- a/tests/api/test_api_users.py
+++ b/tests/api/test_api_users.py
@@ -105,7 +105,7 @@ def test_roles(api_admin_headers):
     uid = user["id"]
     ans = POST_JSON(f"/user/{uid}/role/Secr/add", headers=admin_h)
     assert ans["user_name"] == "test_roles"
-    role = POST_JSON("/role/Test_X/create", headers=admin_h)
+    role = POST_JSON("/role/create/Test_X", headers=admin_h)
     assert role["role_name"] == "Test_X"
     assert role["permissions"] == []
     role = GET("/role/Test_X", headers=admin_h)