diff --git a/tests/Feature/AuthorizationTest.php b/tests/Feature/AuthorizationTest.php
new file mode 100644
index 0000000..10fe7e0
--- /dev/null
+++ b/tests/Feature/AuthorizationTest.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\AuthToken;
+use Illuminate\Foundation\Testing\DatabaseTransactions;
+use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Str;
+use Tests\TestCase;
+
+class AuthorizationTest extends TestCase
+{
+    use DatabaseTransactions;
+
+    private $authToken;
+
+    protected function setUp(): void {
+        parent::setUp();
+        if (!config('chaosapi.middleware-enabled'))
+            Config::set('chaosapi.middleware-enabled', true);
+
+        $this->authToken = AuthToken::create([
+            'name' => 'AuthorizationTestToken'.Str::random(10),
+            'token' => Str::random(config('chaosapi.token-length'))
+        ]);
+    }
+
+    public function test400OnBearerFormattedIncorrect()
+    {
+        $this->withHeader('Authorization', 'asdf')->get('/api/v1/status')->assertStatus(400);
+        $this->withHeader('Authorization', $this->authToken->token)->get('/api/v1/status')->assertStatus(400);
+    }
+
+    public function test401OnAuthorizationWrong()
+    {
+        $this->withHeader('Authorization', 'Bearer '.$this->authToken->token.'a')->get('/api/v1/status')->assertUnauthorized();
+    }
+
+    public function test403OnAuthorizationMissing()
+    {
+        $this->get('/api/v1/status')->assertForbidden();
+    }
+
+    public function test200OnAuthorizationCorrect()
+    {
+        $this->withHeader('Authorization', 'Bearer '.$this->authToken->token)->get('/api/v1/status')->assertOk();
+    }
+}