diff --git a/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt b/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt
new file mode 100644
index 00000000..0a888cb9
--- /dev/null
+++ b/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt
@@ -0,0 +1,104 @@
+package mastodon.timelines
+
+import dev.usbharu.hideout.SpringApplication
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.security.core.authority.SimpleGrantedAuthority
+import org.springframework.security.test.context.support.WithAnonymousUser
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
+import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers
+import org.springframework.test.context.jdbc.Sql
+import org.springframework.test.web.servlet.MockMvc
+import org.springframework.test.web.servlet.get
+import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder
+import org.springframework.test.web.servlet.setup.MockMvcBuilders
+import org.springframework.transaction.annotation.Transactional
+import org.springframework.web.context.WebApplicationContext
+
+@SpringBootTest(classes = [SpringApplication::class])
+@Transactional
+@Sql("/sql/test-user.sql")
+class TimelineApiTest {
+    @Autowired
+    private lateinit var context: WebApplicationContext
+
+    private lateinit var mockMvc: MockMvc
+
+    @BeforeEach
+    fun beforeEach() {
+        mockMvc = MockMvcBuilders.webAppContextSetup(context)
+            .apply<DefaultMockMvcBuilder>(SecurityMockMvcConfigurers.springSecurity())
+            .build()
+    }
+
+    @Test
+    fun `apiV1TimelinesHomeGetにreadでアクセスできる`() {
+        mockMvc
+            .get("/api/v1/timelines/home") {
+                with(
+                    SecurityMockMvcRequestPostProcessors.jwt()
+                        .jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read"))
+                )
+            }
+            .asyncDispatch()
+            .andExpect { status { isOk() } }
+    }
+
+    @Test
+    fun `apiV1TimelinesHomeGetにread statusesでアクセスできる`() {
+        mockMvc
+            .get("/api/v1/timelines/home") {
+                with(
+                    SecurityMockMvcRequestPostProcessors.jwt()
+                        .jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read:statuses"))
+                )
+            }
+            .asyncDispatch()
+            .andExpect { status { isOk() } }
+    }
+
+    @Test
+    @WithAnonymousUser
+    fun apiV1TimelineHomeGetに匿名でアクセスすると401() {
+        mockMvc
+            .get("/api/v1/timelines/home")
+            .andExpect { status { isUnauthorized() } }
+    }
+
+    @Test
+    fun apiV1TimelinesPublicGetにreadでアクセスできる() {
+        mockMvc
+            .get("/api/v1/timelines/public") {
+                with(
+                    SecurityMockMvcRequestPostProcessors.jwt()
+                        .jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read"))
+                )
+            }
+            .asyncDispatch()
+            .andExpect { status { isOk() } }
+    }
+
+    @Test
+    fun `apiV1TimelinesPublicGetにread statusesでアクセスできる`() {
+        mockMvc
+            .get("/api/v1/timelines/public") {
+                with(
+                    SecurityMockMvcRequestPostProcessors.jwt()
+                        .jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read:statuses"))
+                )
+            }
+            .asyncDispatch()
+            .andExpect { status { isOk() } }
+    }
+
+    @Test
+    @WithAnonymousUser
+    fun apiV1TimeinesPublicGetに匿名でアクセスできる() {
+        mockMvc
+            .get("/api/v1/timelines/public")
+            .asyncDispatch()
+            .andExpect { status { isOk() } }
+    }
+}