diff --git a/README.md b/README.md
index ff1c22c..40457dd 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # golang API Skeleton
 
-[![Build Status](https://drone.devices.local/api/badges/mawas/golang-api-skeleton/status.svg)](https://drone.devices.local/mawas/golang-api-skeleton)<a href='https://github.com/jpoles1/gopherbadger' target='_blank'>![gopherbadger-tag-do-not-edit](https://img.shields.io/badge/Go%20Coverage-73%25-brightgreen.svg?longCache=true&style=flat)</a>
+[![Build Status](https://drone.devices.local/api/badges/mawas/golang-api-skeleton/status.svg)](https://drone.devices.local/mawas/golang-api-skeleton)<a href='https://github.com/jpoles1/gopherbadger' target='_blank'>![gopherbadger-tag-do-not-edit](https://img.shields.io/badge/Go%20Coverage-79%25-brightgreen.svg?longCache=true&style=flat)</a>
 
 refined skeleton future apis should be based on
 
diff --git a/repositories/token_test.go b/repositories/token_test.go
new file mode 100644
index 0000000..a6b2da9
--- /dev/null
+++ b/repositories/token_test.go
@@ -0,0 +1,142 @@
+package repositories
+
+import (
+	"encoding/json"
+	"testing"
+	"time"
+
+	"git.devices.local/mawas/golang-api-skeleton/lib/cache"
+	"git.devices.local/mawas/golang-api-skeleton/lib/common"
+	"git.devices.local/mawas/golang-api-skeleton/models"
+	"github.com/oklog/ulid"
+	"gorm.io/driver/sqlite"
+	"gorm.io/gorm"
+)
+
+func tokenmock(t *testing.T) (*gorm.DB, cache.Cache, models.Token) {
+	db, err := gorm.Open(
+		sqlite.Open(":memory:"),
+		&gorm.Config{DisableForeignKeyConstraintWhenMigrating: true},
+	)
+	if err != nil {
+		t.Error(err)
+	}
+	if err := db.AutoMigrate(&models.User{}); err != nil {
+		t.Error(err)
+	}
+	if err := db.AutoMigrate(&models.Token{}); err != nil {
+		t.Error(err)
+	}
+	appCache, err := cache.Bootstrap()
+	if err != nil {
+		t.Error(err)
+	}
+	userID, err := common.NewGUID()
+	if err != nil {
+		t.Error(err)
+	}
+	if err := appCache.Set("user:"+userID.String(), username); err != nil {
+		t.Error(err)
+	}
+	if err := appCache.Set("user:"+username, userID.String()); err != nil {
+		t.Error(err)
+	}
+	userDAO := NewUserRepository(db, userID.String(), username, appCache)
+	_, err = userDAO.Create(&models.User{
+		ModelHiddenGUIDPK: common.ModelHiddenGUIDPK{ID: userID},
+		Username:          username,
+		Firstname:         "Unit",
+		Lastname:          "Test",
+		Email:             "unittest@unittest.test",
+		Active:            true,
+	})
+	if err != nil {
+		t.Error(err)
+	}
+	token := models.Token{
+		Username: username,
+		Active:   true,
+	}
+	token.UserID = userID
+	return db, appCache, token
+}
+
+func validateResponse(t *testing.T, response *models.Token, token models.Token) {
+	if response.Username != token.Username {
+		t.Errorf("Token Username must be \"%s\" but is \"%s\"\n", token.Username, response.Username)
+	}
+	if !response.Active {
+		t.Error("Token Active must be true")
+	}
+	if _, err := ulid.Parse(response.Token.String()); err != nil {
+		t.Errorf("Token Token must be a valid ULID, %v\n", err)
+	}
+	jsonString, err := json.Marshal(response)
+	if err != nil {
+		t.Error(err)
+	}
+	var j map[string]interface{}
+	if err := json.Unmarshal([]byte(jsonString), &j); err != nil {
+		t.Error(err)
+	}
+	if _, exists := j["user_id"]; exists {
+		t.Error("Token user_id must be hidden in json")
+	}
+	if u, exists := j["created_by"]; !exists {
+		t.Error("User created_by not in json")
+	} else if u != username {
+		t.Errorf("User created_by must be \"%s\" but is \"%s\"\n", username, u)
+	}
+	if u, exists := j["updated_by"]; !exists {
+		t.Error("User updated_by not in json")
+	} else if u != username {
+		t.Errorf("User updated_by must be \"%s\" but is \"%s\"\n", username, u)
+	}
+	if datetime, exists := j["created_at"]; !exists {
+		t.Error("User created_at not in json")
+	} else if _, err := time.Parse(time.RFC3339, datetime.(string)); err != nil {
+		t.Errorf("User created_at must be a valid rfc 3339 date time in json, but is \"%s\"", datetime)
+	}
+	if datetime, exists := j["updated_at"]; !exists {
+		t.Error("User updated_at not in json")
+	} else if _, err := time.Parse(time.RFC3339, datetime.(string)); err != nil {
+		t.Errorf("User updated_at must be a valid rfc 3339 date time in json, but is \"%s\"", datetime)
+	}
+	if datetime, exists := j["expires_at"]; !exists {
+		t.Error("User expires_at not in json")
+	} else if _, err := time.Parse(time.RFC3339, datetime.(string)); err != nil {
+		t.Errorf("User expires_at must be a valid rfc 3339 date time in json, but is \"%s\"", datetime)
+	}
+	if _, exists := j["deleted_by"]; exists {
+		t.Error("User deleted_by mustn't be set in json")
+	}
+	if _, exists := j["deleted_at"]; exists {
+		t.Error("User deleted_by mustn't be set in json")
+	}
+	if _, exists := j["last_used"]; exists {
+		t.Error("User deleted_by mustn't be set in json")
+	}
+}
+
+func TestTokenRepository(t *testing.T) {
+	db, appCache, token := tokenmock(t)
+	tokenDAO := NewTokenRepository(db, token.UserID.String(), username, appCache)
+	response, err := tokenDAO.Create(&token)
+	if err != nil {
+		t.Errorf("tokenDAO Create failed with error: %v\n", err)
+	}
+	validateResponse(t, response, token)
+	response, err = tokenDAO.ReadByKey(token.Token.String())
+	if err != nil {
+		t.Errorf("tokenDAO ReadByKey failed with error: %v\n", err)
+	}
+	validateResponse(t, response, token)
+	responses, err := tokenDAO.ReadAll()
+	if err != nil {
+		t.Errorf("tokenDAO ReadAll failed with error: %v\n", err)
+	}
+	if len(responses) != 1 {
+		t.Error("tokenDAO ReadAll failed with worng numer of responses")
+	}
+	validateResponse(t, responses[0], token)
+}
diff --git a/repositories/user_test.go b/repositories/user_test.go
index 13702d2..a148c3d 100644
--- a/repositories/user_test.go
+++ b/repositories/user_test.go
@@ -53,7 +53,7 @@ func usermock(t *testing.T) (*gorm.DB, cache.Cache, models.User) {
 	return db, appCache, user
 }
 
-func validateResponse(t *testing.T, response *models.User, user models.User) {
+func validateUserResponse(t *testing.T, response *models.User, user models.User) {
 	if response.Username != user.Username {
 		t.Errorf("User Username must be \"%s\" but is \"%s\"\n", user.Username, response.Username)
 	}
@@ -67,7 +67,7 @@ func validateResponse(t *testing.T, response *models.User, user models.User) {
 		t.Errorf("User Email must be \"%s\" but is \"%s\"\n", user.Email, response.Email)
 	}
 	if !response.Active {
-		t.Error("User active must be true")
+		t.Error("User Active must be true")
 	}
 	if len(response.TokensRef) > 0 {
 		t.Error("User TokensRef must be empty")
@@ -121,12 +121,12 @@ func TestUserRepository(t *testing.T) {
 	if err != nil {
 		t.Errorf("userDAO Create failed with error: %v\n", err)
 	}
-	validateResponse(t, response, user)
+	validateUserResponse(t, response, user)
 	response, err = userDAO.ReadByUsername(username)
 	if err != nil {
 		t.Errorf("userDAO ReadByUsername failed with error: %v\n", err)
 	}
-	validateResponse(t, response, user)
+	validateUserResponse(t, response, user)
 	responses, err := userDAO.ReadAll()
 	if err != nil {
 		t.Errorf("userDAO ReadAll failed with error: %v\n", err)
@@ -134,5 +134,5 @@ func TestUserRepository(t *testing.T) {
 	if len(responses) != 1 {
 		t.Error("userDAO ReadAll failed with worng numer of responses")
 	}
-	validateResponse(t, responses[0], user)
+	validateUserResponse(t, responses[0], user)
 }