diff --git a/app/Http/Controllers/Base/APIController.php b/app/Http/Controllers/Base/APIController.php
index 72a4e7b60..21a77cf9d 100644
--- a/app/Http/Controllers/Base/APIController.php
+++ b/app/Http/Controllers/Base/APIController.php
@@ -93,7 +93,7 @@ class APIController extends Controller
         return view('base.api.new', [
             'permissions' => [
                 'user' => collect(APIPermission::CONST_PERMISSIONS)->pull('_user'),
-                'admin' => ! $request->user()->root_admin ?: collect(APIPermission::CONST_PERMISSIONS)->except('_user')->toArray(),
+                'admin' => ! $request->user()->root_admin ? null : collect(APIPermission::CONST_PERMISSIONS)->except('_user')->toArray(),
             ],
         ]);
     }
@@ -103,6 +103,7 @@ class APIController extends Controller
      *
      * @param \Pterodactyl\Http\Requests\Base\ApiKeyFormRequest $request
      * @return \Illuminate\Http\RedirectResponse
+     *
      * @throws \Exception
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      */
@@ -110,7 +111,7 @@ class APIController extends Controller
     {
         $adminPermissions = [];
         if ($request->user()->root_admin) {
-            $adminPermissions = $request->input('admin_permissions') ?? [];
+            $adminPermissions = $request->input('admin_permissions', []);
         }
 
         $secret = $this->keyService->handle([
diff --git a/tests/Assertions/ControllerAssertionsTrait.php b/tests/Assertions/ControllerAssertionsTrait.php
index 1ed835c89..de3076cc0 100644
--- a/tests/Assertions/ControllerAssertionsTrait.php
+++ b/tests/Assertions/ControllerAssertionsTrait.php
@@ -24,7 +24,9 @@
 
 namespace Tests\Assertions;
 
+use Illuminate\View\View;
 use PHPUnit_Framework_Assert;
+use Illuminate\Http\RedirectResponse;
 
 trait ControllerAssertionsTrait
 {
@@ -36,6 +38,7 @@ trait ControllerAssertionsTrait
      */
     public function assertViewNameEquals($name, $view)
     {
+        PHPUnit_Framework_Assert::assertInstanceOf(View::class, $view);
         PHPUnit_Framework_Assert::assertEquals($name, $view->getName());
     }
 
@@ -47,6 +50,7 @@ trait ControllerAssertionsTrait
      */
     public function assertViewNameNotEquals($name, $view)
     {
+        PHPUnit_Framework_Assert::assertInstanceOf(View::class, $view);
         PHPUnit_Framework_Assert::assertNotEquals($name, $view->getName());
     }
 
@@ -58,7 +62,16 @@ trait ControllerAssertionsTrait
      */
     public function assertViewHasKey($attribute, $view)
     {
-        PHPUnit_Framework_Assert::assertArrayHasKey($attribute, $view->getData());
+        PHPUnit_Framework_Assert::assertInstanceOf(View::class, $view);
+
+        if (str_contains($attribute, '.')) {
+            PHPUnit_Framework_Assert::assertNotEquals(
+                '__TEST__FAIL',
+                array_get($view->getData(), $attribute, '__TEST__FAIL')
+            );
+        } else {
+            PHPUnit_Framework_Assert::assertArrayHasKey($attribute, $view->getData());
+        }
     }
 
     /**
@@ -69,7 +82,16 @@ trait ControllerAssertionsTrait
      */
     public function assertViewNotHasKey($attribute, $view)
     {
-        PHPUnit_Framework_Assert::assertArrayNotHasKey($attribute, $view->getData());
+        PHPUnit_Framework_Assert::assertInstanceOf(View::class, $view);
+
+        if (str_contains($attribute, '.')) {
+            PHPUnit_Framework_Assert::assertEquals(
+                '__TEST__PASS',
+                array_get($view->getData(), $attribute, '__TEST__PASS')
+            );
+        } else {
+            PHPUnit_Framework_Assert::assertArrayNotHasKey($attribute, $view->getData());
+        }
     }
 
     /**
@@ -81,15 +103,30 @@ trait ControllerAssertionsTrait
      */
     public function assertViewKeyEquals($attribute, $value, $view)
     {
-        PHPUnit_Framework_Assert::assertEquals($value, array_get($view->getData(), $attribute));
+        PHPUnit_Framework_Assert::assertInstanceOf(View::class, $view);
+        PHPUnit_Framework_Assert::assertEquals($value, array_get($view->getData(), $attribute, '__TEST__FAIL'));
     }
 
     /**
-     * @param string $route
+     * Assert that a view attribute does not equal a given parameter.
+     *
+     * @param string                $attribute
+     * @param mixed                 $value
+     * @param \Illuminate\View\View $view
+     */
+    public function assertViewKeyNotEquals($attribute, $value, $view)
+    {
+        PHPUnit_Framework_Assert::assertInstanceOf(View::class, $view);
+        PHPUnit_Framework_Assert::assertNotEquals($value, array_get($view->getData(), $attribute, '__TEST__FAIL'));
+    }
+
+    /**
+     * @param string                            $route
      * @param \Illuminate\Http\RedirectResponse $response
      */
     public function assertRouteRedirectEquals($route, $response)
     {
+        PHPUnit_Framework_Assert::assertInstanceOf(RedirectResponse::class, $response);
         PHPUnit_Framework_Assert::assertEquals(route($route), $response->getTargetUrl());
     }
 }
diff --git a/tests/Unit/Http/Controllers/Base/APIControllerTest.php b/tests/Unit/Http/Controllers/Base/APIControllerTest.php
new file mode 100644
index 000000000..55a991c8a
--- /dev/null
+++ b/tests/Unit/Http/Controllers/Base/APIControllerTest.php
@@ -0,0 +1,181 @@
+<?php
+/**
+ * Pterodactyl - Panel
+ * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+namespace Tests\Unit\Http\Controllers\Base;
+
+use Mockery as m;
+use Tests\TestCase;
+use Illuminate\Http\Request;
+use Pterodactyl\Models\User;
+use Illuminate\Http\Response;
+use Prologue\Alerts\AlertsMessageBag;
+use Tests\Assertions\ControllerAssertionsTrait;
+use Pterodactyl\Services\Api\KeyCreationService;
+use Pterodactyl\Http\Controllers\Base\APIController;
+use Pterodactyl\Http\Requests\Base\ApiKeyFormRequest;
+use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
+
+class APIControllerTest extends TestCase
+{
+    use ControllerAssertionsTrait;
+
+    /**
+     * @var \Prologue\Alerts\AlertsMessageBag
+     */
+    protected $alert;
+
+    /**
+     * @var \Pterodactyl\Http\Controllers\Base\APIController
+     */
+    protected $controller;
+
+    /**
+     * @var \Pterodactyl\Services\Api\KeyCreationService
+     */
+    protected $keyService;
+
+    /**
+     * @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface
+     */
+    protected $repository;
+
+    /**
+     * @var \Illuminate\Http\Request
+     */
+    protected $request;
+
+    /**
+     * Setup tests.
+     */
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->alert = m::mock(AlertsMessageBag::class);
+        $this->keyService = m::mock(KeyCreationService::class);
+        $this->repository = m::mock(ApiKeyRepositoryInterface::class);
+        $this->request = m::mock(Request::class);
+
+        $this->controller = new APIController($this->alert, $this->repository, $this->keyService);
+    }
+
+    /**
+     * Test the index controller.
+     */
+    public function testIndexController()
+    {
+        $model = factory(User::class)->make();
+
+        $this->request->shouldReceive('user')->withNoArgs()->once()->andReturn($model);
+        $this->repository->shouldReceive('findWhere')->with([['user_id', '=', $model->id]])->once()->andReturn(['testkeys']);
+
+        $response = $this->controller->index($this->request);
+        $this->assertViewNameEquals('base.api.index', $response);
+        $this->assertViewHasKey('keys', $response);
+        $this->assertViewKeyEquals('keys', ['testkeys'], $response);
+    }
+
+    /**
+     * Test the create API view controller.
+     *
+     * @dataProvider rootAdminDataProvider
+     */
+    public function testCreateController($admin)
+    {
+        $model = factory(User::class)->make(['root_admin' => $admin]);
+        $this->request->shouldReceive('user')->withNoArgs()->once()->andReturn($model);
+
+        $response = $this->controller->create($this->request);
+        $this->assertViewNameEquals('base.api.new', $response);
+        $this->assertViewHasKey('permissions.user', $response);
+        $this->assertViewHasKey('permissions.admin', $response);
+
+        if ($admin) {
+            $this->assertViewKeyNotEquals('permissions.admin', null, $response);
+        } else {
+            $this->assertViewKeyEquals('permissions.admin', null, $response);
+        }
+    }
+
+    /**
+     * Test the store functionality for a non-admin user.
+     *
+     * @dataProvider rootAdminDataProvider
+     */
+    public function testStoreController($admin)
+    {
+        $this->request = m::mock(ApiKeyFormRequest::class);
+        $model = factory(User::class)->make(['root_admin' => $admin]);
+
+        if ($admin) {
+            $this->request->shouldReceive('input')->with('admin_permissions', [])->once()->andReturn(['admin.permission']);
+        }
+
+        $this->request->shouldReceive('user')->withNoArgs()->andReturn($model);
+        $this->request->shouldReceive('input')->with('allowed_ips')->once()->andReturnNull();
+        $this->request->shouldReceive('input')->with('memo')->once()->andReturnNull();
+        $this->request->shouldReceive('input')->with('permissions', [])->once()->andReturn(['test.permission']);
+
+        $this->keyService->shouldReceive('handle')->with([
+            'user_id' => $model->id,
+            'allowed_ips' => null,
+            'memo' => null,
+        ], ['test.permission'], ($admin) ? ['admin.permission'] : [])->once()->andReturn('testToken');
+
+        $this->alert->shouldReceive('success')->with(trans('base.api.index.keypair_created', ['token' => 'testToken']))->once()->andReturnSelf()
+            ->shouldReceive('flash')->withNoArgs()->once()->andReturnNull();
+
+        $response = $this->controller->store($this->request);
+        $this->assertRouteRedirectEquals('account.api', $response);
+    }
+
+    /**
+     * Test the API key revocation controller.
+     */
+    public function testRevokeController()
+    {
+        $model = factory(User::class)->make();
+        $this->request->shouldReceive('user')->withNoArgs()->once()->andReturn($model);
+
+        $this->repository->shouldReceive('deleteWhere')->with([
+            ['user_id', '=', $model->id],
+            ['public', '=', 'testKey123'],
+        ])->once()->andReturnNull();
+
+        $response = $this->controller->revoke($this->request, 'testKey123');
+        $this->assertInstanceOf(Response::class, $response);
+        $this->assertEmpty($response->getContent());
+        $this->assertEquals(204, $response->getStatusCode());
+    }
+
+    /**
+     * Data provider to determine if a user is a root admin.
+     *
+     * @return array
+     */
+    public function rootAdminDataProvider()
+    {
+        return [[0], [1]];
+    }
+}