diff --git a/monkey/tests/unit_tests/monkey_island/cc/resources/auth/test_auth.py b/monkey/tests/unit_tests/monkey_island/cc/resources/auth/test_auth.py
new file mode 100644
index 000000000..cdf0170e8
--- /dev/null
+++ b/monkey/tests/unit_tests/monkey_island/cc/resources/auth/test_auth.py
@@ -0,0 +1,69 @@
+import re
+from unittest.mock import MagicMock
+
+import pytest
+
+USERNAME = "test_user"
+PASSWORD = "test_password"
+TEST_REQUEST = f'{{"username": "{USERNAME}", "password": "{PASSWORD}"}}'
+
+
+@pytest.fixture
+def mock_authentication_service(monkeypatch):
+    mock_service = MagicMock()
+    mock_service.authenticate = MagicMock()
+
+    monkeypatch.setattr("monkey_island.cc.resources.auth.auth.AuthenticationService", mock_service)
+
+    return mock_service
+
+
+@pytest.fixture
+def make_auth_request(flask_client):
+    url = "/api/auth"
+
+    def inner(request_body):
+        return flask_client.post(url, data=request_body, follow_redirects=True)
+
+    return inner
+
+
+def test_credential_parsing(make_auth_request, mock_authentication_service):
+    make_auth_request(TEST_REQUEST)
+    mock_authentication_service.authenticate.assert_called_with(USERNAME, PASSWORD)
+
+
+def test_empty_credentials(make_auth_request, mock_authentication_service):
+    make_auth_request("{}")
+    mock_authentication_service.authenticate.assert_called_with("", "")
+
+
+def test_authentication_successful(make_auth_request, mock_authentication_service):
+    mock_authentication_service.authenticate = MagicMock(return_value=True)
+
+    response = make_auth_request(TEST_REQUEST)
+
+    assert response.status_code == 200
+    assert response.json["error"] == ""
+    assert re.match(
+        r"^[a-zA-Z0-9+/=]+\.[a-zA-Z0-9+/=]+\.[a-zA-Z0-9+/=\-_]+$", response.json["access_token"]
+    )
+
+
+def test_authentication_failure(make_auth_request, mock_authentication_service):
+    mock_authentication_service.authenticate = MagicMock(return_value=False)
+
+    response = make_auth_request(TEST_REQUEST)
+
+    assert "access_token" not in response.json
+    assert response.status_code == 401
+    assert response.json["error"] == "Invalid credentials"
+
+
+def test_authentication_error(make_auth_request, mock_authentication_service):
+    mock_authentication_service.authenticate = MagicMock(side_effect=Exception())
+
+    response = make_auth_request(TEST_REQUEST)
+
+    assert "access_token" not in response.json
+    assert response.status_code == 500
diff --git a/monkey/tests/unit_tests/monkey_island/cc/resources/conftest.py b/monkey/tests/unit_tests/monkey_island/cc/resources/conftest.py
index 3ca40a11a..eeef5b383 100644
--- a/monkey/tests/unit_tests/monkey_island/cc/resources/conftest.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/resources/conftest.py
@@ -19,6 +19,7 @@ def flask_client(monkeypatch_session):
 
 def mock_init_app():
     app = Flask(__name__)
+    app.config["SECRET_KEY"] = "test_key"
 
     api = flask_restful.Api(app)
     api.representations = {"application/json": output_json}
@@ -26,4 +27,6 @@ def mock_init_app():
     monkey_island.cc.app.init_app_url_rules(app)
     monkey_island.cc.app.init_api_resources(api)
 
+    flask_jwt_extended.JWTManager(app)
+
     return app