diff --git a/backend/main.py b/backend/main.py
index 55458a0..af3cd9f 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -1,11 +1,11 @@
 # app/main.py
-
+import sys
+import os
+import json
+from pathlib import Path
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 from app import ssl_heidi
-from pathlib import Path
-import os
-import json
 
 
 from app.routers import address, contact, proposal, dewar, shipment, puck, spreadsheet, logistics, auth, sample
@@ -68,28 +68,38 @@ app.include_router(sample.router, prefix="/samples", tags=["samples"])
 
 if __name__ == "__main__":
     import uvicorn
-    import os
 
-    # Get environment from an environment variable
-    environment = os.getenv('ENVIRONMENT', 'dev')
-
-    # Paths for SSL certificates
-    cert_path = "ssl/cert.pem"
-    key_path = "ssl/key.pem"
-
-    if environment == 'test':
-        cert_path = "ssl/mx-aare-test.psi.ch.pem"
-        key_path = "ssl/mx-aare-test.psi.ch.key"
-        host = "0.0.0.0"  # Bind to all interfaces
+    # Check if the user has passed "generate-openapi" as the first CLI argument
+    if len(sys.argv) > 1 and sys.argv[1] == "generate-openapi":
+        # Generate and save the OpenAPI schema
+        openapi_schema = app.openapi()
+        with open("openapi.json", "w") as openapi_file:
+            json.dump(openapi_schema, openapi_file, indent=2)
+        print("OpenAPI schema has been generated and saved to 'openapi.json'.")
     else:
-        host = "127.0.0.1"  # Default for other environments
+        # Default behavior: Run the FastAPI server
+        import os
 
-    # Run the application with appropriate SSL setup
-    uvicorn.run(
-        app,
-        host=host,
-        port=8000,
-        log_level="debug",
-        ssl_keyfile=key_path,
-        ssl_certfile=cert_path,
-    )
\ No newline at end of file
+        # Get environment from an environment variable
+        environment = os.getenv('ENVIRONMENT', 'dev')
+
+        # Paths for SSL certificates
+        cert_path = "ssl/cert.pem"
+        key_path = "ssl/key.pem"
+
+        if environment == 'test':
+            cert_path = "ssl/mx-aare-test.psi.ch.pem"
+            key_path = "ssl/mx-aare-test.psi.ch.key"
+            host = "0.0.0.0"  # Bind to all interfaces
+        else:
+            host = "127.0.0.1"  # Default for other environments
+
+        # Run the application with appropriate SSL setup
+        uvicorn.run(
+            app,
+            host=host,
+            port=8000,
+            log_level="debug",
+            ssl_keyfile=key_path,
+            ssl_certfile=cert_path,
+        )
\ No newline at end of file
diff --git a/backend/tests/test_auth.py b/backend/tests/test_auth.py
new file mode 100644
index 0000000..1746dcc
--- /dev/null
+++ b/backend/tests/test_auth.py
@@ -0,0 +1,30 @@
+# tests/test_auth.py
+
+from fastapi.testclient import TestClient
+from app.main import app
+
+client = TestClient(app)
+
+
+def test_login_success():
+    response = client.post("/auth/token/login", data={"username": "testuser", "password": "testpass"})
+    assert response.status_code == 200
+    assert "access_token" in response.json()
+
+
+def test_login_failure():
+    response = client.post("/auth/token/login", data={"username": "wrong", "password": "wrongpass"})
+    assert response.status_code == 401
+    assert response.json() == {"detail": "Incorrect username or password"}
+
+
+def test_protected_route():
+    # Step 1: Login
+    response = client.post("/auth/token/login", data={"username": "testuser", "password": "testpass"})
+    token = response.json()["access_token"]
+
+    # Step 2: Access protected route
+    headers = {"Authorization": f"Bearer {token}"}
+    response = client.get("/auth/protected-route", headers=headers)
+    assert response.status_code == 200
+    assert response.json() == {"username": "testuser", "pgroups": [20000, 20001, 20003]}
diff --git a/make_openapi_client.sh b/make_openapi_client.sh
new file mode 100755
index 0000000..124c233
--- /dev/null
+++ b/make_openapi_client.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+VERSION={0.1.0}
+
+# Run whataver you need to generate FastAPI .json file
+pushd backend
+python -m main generate-openapi
+popd
+
+# Download OpenAPI generator
+OPENAPI_VERSION=7.8.0
+wget https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/${OPENAPI_VERSION}/openapi-generator-cli-${OPENAPI_VERSION}.jar -O openapi-generator-cli.jar
+
+# Run OpenAPI generator (requires java to be installed - this is already configured on mx-aare-test)
+java -jar openapi-generator-cli.jar generate -i /backend/openapi.json -o python-client/ -g python --additional-properties=packageName=aare-test,packageVersion=${VERSION}
+# build python package
+cd python-client
+python3.11 -m venv .venv
+source .venv/bin/activate
+pip install twine build
+python -m build
+
+# upload the package into the package repository - this uses variables from CI pipeline, so it won't work offline
+twine upload --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/*
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 2247494..9263c93 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7,4 +7,7 @@ jwt~=1.3.1
 qrcode~=8.0
 pillow~=11.0.0
 reportlab~=4.2.5
-cryptography~=44.0.0
\ No newline at end of file
+cryptography~=44.0.0
+pytest~=7.4.1
+pytest-cov~=4.1.0
+httpx~=0.24.1
\ No newline at end of file