diff --git a/packages/backend-core/src/users.ts b/packages/backend-core/src/users.ts
index 4c1c9ad464..5100066ff9 100644
--- a/packages/backend-core/src/users.ts
+++ b/packages/backend-core/src/users.ts
@@ -15,13 +15,16 @@ type GetOpts = { cleanup?: boolean }
 function cleanupUsers(users: User | User[]) {
   if (Array.isArray(users)) {
     return users.map(user => {
-      delete user.password
-      return user
+      if (user) {
+        delete user.password
+        return user
+      }
     })
-  } else {
+  } else if (users) {
     delete users.password
     return users
   }
+  return users
 }
 
 export const bulkGetGlobalUsersById = async (
diff --git a/packages/backend-core/tests/utilities/mocks/licenses.ts b/packages/backend-core/tests/utilities/mocks/licenses.ts
index e374612f5f..210c03b900 100644
--- a/packages/backend-core/tests/utilities/mocks/licenses.ts
+++ b/packages/backend-core/tests/utilities/mocks/licenses.ts
@@ -78,6 +78,10 @@ export const useEnvironmentVariables = () => {
   return useFeature(Feature.ENVIRONMENT_VARIABLES)
 }
 
+export const useAuditLogs = () => {
+  return useFeature(Feature.AUDIT_LOGS)
+}
+
 // QUOTAS
 
 export const setAutomationLogsQuota = (value: number) => {
diff --git a/packages/worker/src/api/routes/global/tests/auditLogs.spec.ts b/packages/worker/src/api/routes/global/tests/auditLogs.spec.ts
index 5e7ed31263..536c510129 100644
--- a/packages/worker/src/api/routes/global/tests/auditLogs.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/auditLogs.spec.ts
@@ -1,5 +1,109 @@
-import { mocks } from "@budibase/backend-core/tests"
+import { mocks, structures } from "@budibase/backend-core/tests"
+import { context, events } from "@budibase/backend-core"
+import { Event, IdentityType } from "@budibase/types"
+import { TestConfiguration } from "../../../../tests"
 
-mocks.licenses.useEnvironmentVariables()
+mocks.licenses.useAuditLogs()
 
-describe("/api/global/auditlogs", () => {})
+const BASE_IDENTITY = {
+  account: undefined,
+  type: IdentityType.USER,
+}
+const USER_AUDIT_LOG_COUNT = 3
+const APP_ID = "app_1"
+
+describe("/api/global/auditlogs", () => {
+  const config = new TestConfiguration()
+
+  beforeAll(async () => {
+    await config.beforeAll()
+  })
+
+  afterAll(async () => {
+    await config.afterAll()
+  })
+
+  it("should be able to fire some events (create audit logs)", async () => {
+    await context.doInTenant(config.tenantId, async () => {
+      const userId = config.user!._id!
+      const identity = {
+        ...BASE_IDENTITY,
+        _id: userId,
+        tenantId: config.tenantId,
+      }
+      await context.doInIdentityContext(identity, async () => {
+        for (let i = 0; i < USER_AUDIT_LOG_COUNT; i++) {
+          await events.user.created(structures.users.user())
+        }
+        await context.doInAppContext(APP_ID, async () => {
+          await events.app.created(structures.apps.app(APP_ID))
+        })
+        // fetch the user created events
+        const response = await config.api.auditLogs.search({
+          events: [Event.USER_CREATED],
+        })
+        expect(response.data).toBeDefined()
+        // there will be an initial event which comes from the default user creation
+        expect(response.data.length).toBe(USER_AUDIT_LOG_COUNT + 1)
+      })
+    })
+  })
+
+  it("should be able to search by event", async () => {
+    const response = await config.api.auditLogs.search({
+      events: [Event.USER_CREATED],
+    })
+    expect(response.data.length).toBeGreaterThan(0)
+    for (let log of response.data) {
+      expect(log.event).toBe(Event.USER_CREATED)
+    }
+  })
+
+  it("should be able to search by time range (frozen)", async () => {
+    // this is frozen, only need to add 1 and minus 1
+    const now = new Date()
+    const start = new Date()
+    start.setSeconds(now.getSeconds() - 1)
+    const end = new Date()
+    end.setSeconds(now.getSeconds() + 1)
+    const response = await config.api.auditLogs.search({
+      startDate: start.toISOString(),
+      endDate: end.toISOString(),
+    })
+    expect(response.data.length).toBeGreaterThan(0)
+    for (let log of response.data) {
+      expect(log.timestamp).toBe(now.toISOString())
+    }
+  })
+
+  it("should be able to search by user ID", async () => {
+    const userId = config.user!._id!
+    const response = await config.api.auditLogs.search({
+      userIds: [userId],
+    })
+    expect(response.data.length).toBeGreaterThan(0)
+    for (let log of response.data) {
+      expect(log.user._id).toBe(userId)
+    }
+  })
+
+  it("should be able to search by app ID", async () => {
+    const response = await config.api.auditLogs.search({
+      appIds: [APP_ID],
+    })
+    expect(response.data.length).toBeGreaterThan(0)
+    for (let log of response.data) {
+      expect(log.app?._id).toBe(APP_ID)
+    }
+  })
+
+  it("should be able to search by full string", async () => {
+    const response = await config.api.auditLogs.search({
+      fullSearch: "User",
+    })
+    expect(response.data.length).toBeGreaterThan(0)
+    for (let log of response.data) {
+      expect(log.name.includes("User")).toBe(true)
+    }
+  })
+})
diff --git a/packages/worker/src/tests/api/auditLogs.ts b/packages/worker/src/tests/api/auditLogs.ts
new file mode 100644
index 0000000000..d7bc4d99fb
--- /dev/null
+++ b/packages/worker/src/tests/api/auditLogs.ts
@@ -0,0 +1,26 @@
+import { AuditLogSearchParams, SearchAuditLogsResponse } from "@budibase/types"
+import TestConfiguration from "../TestConfiguration"
+import { TestAPI } from "./base"
+
+export class AuditLogAPI extends TestAPI {
+  constructor(config: TestConfiguration) {
+    super(config)
+  }
+
+  search = async (search: AuditLogSearchParams) => {
+    const res = await this.request
+      .post("/api/global/auditlogs/search")
+      .send(search)
+      .set(this.config.defaultHeaders())
+      .expect("Content-Type", /json/)
+      .expect(200)
+    return res.body as SearchAuditLogsResponse
+  }
+
+  download = (search: AuditLogSearchParams) => {
+    const query = encodeURIComponent(JSON.stringify(search))
+    return this.request
+      .get(`/api/global/auditlogs/download?query=${query}`)
+      .set(this.config.defaultHeaders())
+  }
+}
diff --git a/packages/worker/src/tests/api/index.ts b/packages/worker/src/tests/api/index.ts
index 0bd0308e2f..166996e792 100644
--- a/packages/worker/src/tests/api/index.ts
+++ b/packages/worker/src/tests/api/index.ts
@@ -14,6 +14,7 @@ import { GroupsAPI } from "./groups"
 import { RolesAPI } from "./roles"
 import { TemplatesAPI } from "./templates"
 import { LicenseAPI } from "./license"
+import { AuditLogAPI } from "./auditLogs"
 export default class API {
   accounts: AccountAPI
   auth: AuthAPI
@@ -30,6 +31,7 @@ export default class API {
   roles: RolesAPI
   templates: TemplatesAPI
   license: LicenseAPI
+  auditLogs: AuditLogAPI
 
   constructor(config: TestConfiguration) {
     this.accounts = new AccountAPI(config)
@@ -47,5 +49,6 @@ export default class API {
     this.roles = new RolesAPI(config)
     this.templates = new TemplatesAPI(config)
     this.license = new LicenseAPI(config)
+    this.auditLogs = new AuditLogAPI(config)
   }
 }