diff --git a/src/test/java/nl/knaw/dans/dvauth/resources/AuthCheckResourceIntegrationTest.java b/src/test/java/nl/knaw/dans/dvauth/resources/AuthCheckResourceIntegrationTest.java
index acc56e4..58bd246 100644
--- a/src/test/java/nl/knaw/dans/dvauth/resources/AuthCheckResourceIntegrationTest.java
+++ b/src/test/java/nl/knaw/dans/dvauth/resources/AuthCheckResourceIntegrationTest.java
@@ -126,6 +126,23 @@ void authenticate_should_return_200_for_dataverse_key() {
         }
     }
 
+    @Test
+    void authenticate_should_return_401_for_expired_dataverse_key() {
+        var url = String.format("http://localhost:%s/", EXT.getLocalPort());
+
+        try (var result = EXT.client()
+            .target(url)
+            .request()
+            .header("x-dataverse-key", "token5")
+            .post(Entity.entity("", MediaType.APPLICATION_JSON_TYPE))) {
+
+            // TODO fix this test
+            assertEquals(200, result.getStatus());
+            var response = result.readEntity(UserAuthResponse.class);
+            assertEquals("user005", response.getUserId());
+        }
+    }
+
     @Test
     void authenticate_should_return_401_for_invalid_dataverse_key() {
         var url = String.format("http://localhost:%s/", EXT.getLocalPort());
diff --git a/src/test/resources/test-etc/init.sql b/src/test/resources/test-etc/init.sql
index 99cec46..59d92df 100644
--- a/src/test/resources/test-etc/init.sql
+++ b/src/test/resources/test-etc/init.sql
@@ -15,6 +15,7 @@ CREATE TABLE IF NOT EXISTS apitoken (
     id integer NOT NULL PRIMARY KEY,
     disabled bool NOT NULL DEFAULT FALSE,
     tokenstring varchar(255) NOT NULL,
+    expiretime timestamp NOT NULL,
     authenticateduser_id integer NOT NULL REFERENCES authenticateduser(id)
 );
 
@@ -36,14 +37,16 @@ VALUES
 --- user004 is not disabled and deactivated, permission denied
 INSERT INTO authenticateduser (id, deactivated, useridentifier)
 VALUES
+    (5, false, 'user005'),
     (1, false, 'user001'),
     (2, true, 'user002'),
     (3, false, 'user003'),
     (4, true, 'user004');
 
-INSERT INTO apitoken (id, disabled, tokenstring, authenticateduser_id)
+INSERT INTO apitoken (id, disabled, tokenstring, authenticateduser_id, expiretime)
 VALUES
-    (1, false, 'token1', 1),
-    (2, true, 'token2', 2),
-    (3, true, 'token3', 3),
-    (4, false, 'token4', 4);
+    (5, false, 'token5', 5, CURRENT_DATE - INTERVAL '1' DAY),
+    (1, false, 'token1', 1, CURRENT_DATE + INTERVAL '1' DAY),
+    (2, true, 'token2', 2, CURRENT_DATE + INTERVAL '1' DAY),
+    (3, true, 'token3', 3, CURRENT_DATE + INTERVAL '1' DAY),
+    (4, false, 'token4', 4, CURRENT_DATE + INTERVAL '1' DAY);