diff --git a/tests/APIEndpoints.test.ts b/tests/APIEndpoints.test.ts
new file mode 100644
index 0000000..26feb3a
--- /dev/null
+++ b/tests/APIEndpoints.test.ts
@@ -0,0 +1,64 @@
+import { describe, test, expect, vi } from 'vitest';
+import { GET } from '../src/routes/api/list/+server';
+
+vi.mock('$lib/server/vorgangService', () => ({
+	getVorgaenge: vi.fn()
+}));
+
+import { getVorgaenge } from '$lib/server/vorgangService';
+
+const event = {
+	locals: {
+		user: { id: 'admin', admin: true }
+	}
+};
+
+describe('API-Endpoints: list', () => {
+	test('Unerlaubter Zugriff', async () => {
+		const event = {
+			locals: {
+				user: null
+			}
+		};
+
+		const response = await GET(event);
+		expect(response.status).toBe(401);
+
+		const json = await response.json();
+		const errorObj = { error: 'Unauthorized' }
+		expect(json).toEqual(errorObj);
+	});
+
+	test('Leere Liste wenn keine Vorgänge existieren', async () => {
+		vi.mocked(getVorgaenge).mockReturnValueOnce([]);
+
+		const response = await GET(event);
+		expect(response.status).toBe(200);
+
+		const json = await response.json();
+		expect(json).toEqual([]);
+	});
+
+	test('Liste mit existierenden Vorgängen', async () => {
+		const testVorgaenge = [
+			{
+				vorgangToken: '19f1d34e-4f31-48e8-830f-c4e42c29085e',
+				vorgangName: 'xyz-123',
+				vorgangPIN: 'pin-123'
+			},
+			{
+				vorgangToken: '7596e4d5-c51f-482d-a4aa-ff76434305fc',
+				vorgangName: 'vorgang-2',
+				vorgangPIN: 'pin-2'
+			}
+		];
+
+		vi.mocked(getVorgaenge).mockReturnValueOnce(testVorgaenge);
+
+		const response = await GET(event);
+		expect(response.status).toBe(200);
+
+		const json = await response.json();
+		expect(json).toEqual(testVorgaenge);
+	});
+});
\ No newline at end of file