diff --git a/admin/src/portr_admin/tests/api_tests/test_config.py b/admin/src/portr_admin/tests/api_tests/test_config.py
new file mode 100644
index 00000000..d7e4c2be
--- /dev/null
+++ b/admin/src/portr_admin/tests/api_tests/test_config.py
@@ -0,0 +1,40 @@
+from portr_admin.tests import TestClient
+from tortoise.contrib import test
+from portr_admin.config import settings
+from portr_admin.tests.factories import TeamUserFactory, UserFactory
+
+
+class ConfigTests(test.TestCase):
+    async def asyncSetUp(self) -> None:
+        await super().asyncSetUp()
+        self.client = await TestClient.get_client()
+        self.user = await UserFactory.create()
+        self.team_user = await TeamUserFactory.create()
+        self.team_user_auth_client = await TestClient.get_logged_in_client(
+            auth_user=self.team_user
+        )
+
+    def test_setup_script_without_logged_in_should_fail(self):
+        resp = self.client.get("/api/v1/config/setup-script")
+        assert resp.status_code == 401
+        assert resp.json() == {"message": "Not authenticated"}
+
+    def test_setup_script_should_pass(self):
+        resp = self.team_user_auth_client.get("/api/v1/config/setup-script")
+        assert resp.json() == {
+            "message": f"./portr auth set --token {self.team_user.secret_key} --remote {settings.server_url}"
+        }
+
+    def test_download_config_should_pass(self):
+        resp = self.team_user_auth_client.post(
+            "/api/v1/config/download", json={"secret_key": self.team_user.secret_key}
+        )
+        assert resp.json() == {
+            "message": f"server_url: {settings.server_url}\nssh_url: {settings.ssh_url}\nsecret_key: {self.team_user.secret_key}\ntunnels:\n  - name: portr\n    subdomain: portr\n    port: 4321"
+        }
+
+    def test_download_config_with_wrong_secret_key_should_fail(self):
+        resp = self.team_user_auth_client.post(
+            "/api/v1/config/download", json={"secret_key": "random-secret-key"}
+        )
+        assert resp.json() == {"message": "Invalid secret key"}
diff --git a/admin/src/portr_admin/tests/api_tests/test_settings.py b/admin/src/portr_admin/tests/api_tests/test_settings.py
new file mode 100644
index 00000000..765e7571
--- /dev/null
+++ b/admin/src/portr_admin/tests/api_tests/test_settings.py
@@ -0,0 +1,70 @@
+from portr_admin.models.settings import GlobalSettings
+from portr_admin.services.settings import (
+    DEFAULT_ADD_USER_EMAIL_BODY,
+    DEFAULT_ADD_USER_EMAIL_SUBJECT,
+    populate_global_settings,
+)
+from portr_admin.tests import TestClient
+from tortoise.contrib import test
+from portr_admin.tests.factories import UserFactory
+
+
+class SettingsTests(test.TestCase):
+    async def asyncSetUp(self) -> None:
+        await super().asyncSetUp()
+        self.client = await TestClient.get_client()
+        self.non_superuser = await UserFactory.create()
+        self.superuser = await UserFactory.create(is_superuser=True)
+        self.superuser_client = await TestClient.get_logged_in_client(self.superuser)
+        self.non_superuser_client = await TestClient.get_logged_in_client(
+            self.non_superuser
+        )
+
+        # move this to conftest.py
+        await populate_global_settings()
+
+    async def test_get_settings_with_no_login_should_fail(self):
+        resp = self.client.get("/api/v1/settings/")
+        assert resp.status_code == 401
+        assert resp.json() == {"message": "Not authenticated"}
+
+    async def test_get_settings_with_non_superuser_should_fail(self):
+        resp = self.non_superuser_client.get("/api/v1/settings/")
+        assert resp.status_code == 403
+        assert resp.json() == {"message": "Only superuser can perform this action"}
+
+    async def test_update_settings_with_no_login_should_fail(self):
+        resp = self.client.patch("/api/v1/settings/")
+        assert resp.status_code == 401
+        assert resp.json() == {"message": "Not authenticated"}
+
+    async def test_update_settings_with_non_superuser_should_fail(self):
+        resp = self.non_superuser_client.patch("/api/v1/settings/")
+        assert resp.status_code == 403
+        assert resp.json() == {"message": "Only superuser can perform this action"}
+
+    async def test_get_settings_with_superuser_should_pass(self):
+        resp = self.superuser_client.get("/api/v1/settings/")
+        assert resp.status_code == 200
+        data = resp.json()
+
+        assert data["smtp_enabled"] is False
+        assert data["smtp_host"] is None
+        assert data["smtp_port"] is None
+        assert data["smtp_username"] is None
+        assert data["smtp_password"] is None
+        assert data["from_address"] is None
+        assert data["add_user_email_subject"] == DEFAULT_ADD_USER_EMAIL_SUBJECT
+        assert data["add_user_email_body"] == DEFAULT_ADD_USER_EMAIL_BODY
+
+    async def test_update_settings_with_superuser_should_pass(self):
+        resp = self.superuser_client.patch(
+            "/api/v1/settings/", json={"smtp_enabled": True}
+        )
+        assert resp.status_code == 200
+        data = resp.json()
+
+        assert data["smtp_enabled"] is True
+
+        updated_settings = await GlobalSettings.first()
+        assert updated_settings.smtp_enabled is True