diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml
index 21cb3ad..a33f2a7 100644
--- a/.github/workflows/powershell.yml
+++ b/.github/workflows/powershell.yml
@@ -42,6 +42,11 @@ jobs:
           includeRule: '"PSAvoidGlobalAliases", "PSAvoidUsingConvertToSecureStringWithPlainText"'
           output: results.sarif
 
+      - name: Run Pester tests
+        shell: pwsh
+        run: |
+          Invoke-Pester -Path ./tests
+
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
         uses: github/codeql-action/upload-sarif@v3
diff --git a/tests/api-auth-script.Tests.ps1 b/tests/api-auth-script.Tests.ps1
new file mode 100644
index 0000000..de756a4
--- /dev/null
+++ b/tests/api-auth-script.Tests.ps1
@@ -0,0 +1,9 @@
+Describe "api-auth-script" {
+    It "creates the expected Authorization header" {
+        Mock Invoke-RestMethod {}
+        . "$PSScriptRoot/../API/api-auth-script.ps1"
+        $expected = 'Basic MTIzIDk3IDEwMCAxMDkgMTA1IDExMCAxMjUgNTggMTIzIDExMiA5NyAxMTUgMTE1IDExOSAxMTEgMTE0IDEwMCAxMjU='
+        $basicAuthHeader | Should -Be $expected
+    }
+}
+