diff --git a/_regroup/test-etapi/basic-auth.http b/_regroup/test-etapi/basic-auth.http
deleted file mode 100644
index cf79c357e..000000000
--- a/_regroup/test-etapi/basic-auth.http
+++ /dev/null
@@ -1,21 +0,0 @@
-GET {{triliumHost}}/etapi/app-info
-Authorization: Basic etapi {{authToken}}
-
-> {%
-    client.assert(response.status === 200);
-    client.assert(response.body.clipperProtocolVersion === "1.0");
-%}
-
-###
-
-GET {{triliumHost}}/etapi/app-info
-Authorization: Basic etapi wrong
-
-> {% client.assert(response.status === 401); %}
-
-###
-
-GET {{triliumHost}}/etapi/app-info
-Authorization: Basic wrong {{authToken}}
-
-> {% client.assert(response.status === 401); %}
diff --git a/apps/server/spec/etapi/basic-auth.spec.ts b/apps/server/spec/etapi/basic-auth.spec.ts
new file mode 100644
index 000000000..b3fbc837d
--- /dev/null
+++ b/apps/server/spec/etapi/basic-auth.spec.ts
@@ -0,0 +1,41 @@
+import { Application } from "express";
+import { beforeAll, describe, expect, it } from "vitest";
+import supertest from "supertest";
+import { login } from "./utils.js";
+import config from "../../src/services/config.js";
+
+let app: Application;
+let token: string;
+
+const USER = "etapi";
+const URL = "/etapi/notes/root";
+
+describe("basic-auth", () => {
+    beforeAll(async () => {
+        config.General.noAuthentication = false;
+        const buildApp = (await (import("../../src/app.js"))).default;
+        app = await buildApp();
+        token = await login(app);
+    });
+
+    it("auth token works", async () => {
+        const response = await supertest(app)
+            .get(URL)
+            .auth(USER, token, { "type": "basic"})
+            .expect(200);
+    });
+
+    it("rejects wrong password", async () => {
+        const response = await supertest(app)
+            .get(URL)
+            .auth(USER, "wrong", { "type": "basic"})
+            .expect(401);
+    });
+
+    it("rejects wrong user", async () => {
+        const response = await supertest(app)
+            .get(URL)
+            .auth("wrong", token, { "type": "basic"})
+            .expect(401);
+    });
+});
diff --git a/apps/server/spec/etapi/utils.ts b/apps/server/spec/etapi/utils.ts
index 40895648f..f9657eeab 100644
--- a/apps/server/spec/etapi/utils.ts
+++ b/apps/server/spec/etapi/utils.ts
@@ -12,4 +12,5 @@ export async function login(app: Application) {
         .expect(201);
     const token = response.body.authToken;
     expect(token).toBeTruthy();
+    return token;
 }