diff --git a/backend/tests/test_contact.py b/backend/tests/test_contact.py
index 6f0d511..b8df0a7 100644
--- a/backend/tests/test_contact.py
+++ b/backend/tests/test_contact.py
@@ -4,9 +4,21 @@ from backend.main import app
 client = TestClient(app)
 
 
-def test_create_contact_success():
+def authenticate(client):
     response = client.post(
-        "/contact",
+        "/auth/login", json={"username": "testuser", "password": "testpassword"}
+    )
+    assert response.status_code == 200
+    return response.json()["access_token"]
+
+
+def test_create_contact_success():
+    token = authenticate(client)
+    headers = {"Authorization": f"Bearer {token}"}
+
+    response = client.post(
+        "/protected/contacts",
+        headers=headers,
         json={
             "pgroups": "p20001",
             "firstname": "John",
@@ -15,7 +27,6 @@ def test_create_contact_success():
             "phone_number": "+000000000",
         },
     )
-    # Assert success and verify response structure
     assert response.status_code == 201
     json_response = response.json()
     assert json_response["firstname"] == "John"
@@ -23,6 +34,22 @@ def test_create_contact_success():
     assert json_response["email"] == "john.rambo@example.com"
 
 
+def test_create_contact_unauthorized():
+    # Omit Authorization header to simulate unauthorized access
+    response = client.post(
+        "/protected/contacts",
+        json={
+            "pgroups": "p20001",
+            "firstname": "John",
+            "lastname": "Rambo",
+            "email": "john.rambo@example.com",
+            "phone_number": "+000000000",
+        },
+    )
+    assert response.status_code == 401
+    assert response.json()["detail"] == "Not authenticated"
+
+
 def test_create_contact_already_exists():
     # Ensure that the route fails gracefully if contact exists
     client.post(