diff --git a/framework/core/tests/integration/api/Controller/CreateTokenControllerTest.php b/framework/core/tests/integration/api/Controller/CreateTokenControllerTest.php
deleted file mode 100644
index 0d86d63c1..000000000
--- a/framework/core/tests/integration/api/Controller/CreateTokenControllerTest.php
+++ /dev/null
@@ -1,50 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Tests\integration\api\Controller;
-
-use Flarum\Api\Controller\CreateTokenController;
-use Flarum\Http\AccessToken;
-
-class CreateTokenControllerTest extends ApiControllerTestCase
-{
-    protected $controller = CreateTokenController::class;
-
-    public function setUp()
-    {
-        parent::setUp();
-
-        $this->prepareDatabase([
-            'users' => [
-                $this->normalUser(),
-            ],
-        ]);
-    }
-
-    /**
-     * @test
-     */
-    public function user_generates_token()
-    {
-        $response = $this->call($this->controller, null, [], [
-            'identification' => 'normal',
-            'password' => 'too-obscure'
-        ]);
-
-        $data = json_decode($response->getBody()->getContents(), true);
-
-        $this->assertEquals(2, $data['userId']);
-
-        $token = $data['token'];
-
-        $this->assertEquals(2, AccessToken::findOrFail($token)->user_id);
-    }
-}
diff --git a/framework/core/tests/integration/api/authentication/WithTokenTest.php b/framework/core/tests/integration/api/authentication/WithTokenTest.php
new file mode 100644
index 000000000..fe24584bf
--- /dev/null
+++ b/framework/core/tests/integration/api/authentication/WithTokenTest.php
@@ -0,0 +1,63 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Tests\integration\api\authentication;
+
+use Flarum\Http\AccessToken;
+use Flarum\Tests\integration\RetrievesAuthorizedUsers;
+use Flarum\Tests\integration\TestCase;
+
+class WithTokenTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->prepareDatabase([
+            'users' => [
+                $this->normalUser(),
+            ],
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function user_generates_token()
+    {
+        $response = $this->send(
+            $this->request(
+                'POST', '/api/token',
+                [
+                    'json' => [
+                        'identification' => 'normal',
+                        'password' => 'too-obscure'
+                    ],
+                ]
+            )->withAttribute('bypassCsrfToken', true)
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+
+        // The response body should contain the user ID...
+        $body = (string) $response->getBody();
+        $this->assertJson($body);
+
+        $data = json_decode($body, true);
+        $this->assertEquals(2, $data['userId']);
+
+        // ...and an access token belonging to this user.
+        $token = $data['token'];
+        $this->assertEquals(2, AccessToken::findOrFail($token)->user_id);
+    }
+}