diff --git a/mayan/apps/folders/api_views.py b/mayan/apps/folders/api_views.py
index f7a2e4026d..1f1b4f6a83 100644
--- a/mayan/apps/folders/api_views.py
+++ b/mayan/apps/folders/api_views.py
@@ -23,13 +23,12 @@ from .serializers import FolderSerializer
 
 
 class APIFolderListView(generics.ListCreateAPIView):
-    serializer_class = FolderSerializer
-    queryset = Folder.objects.all()
-
-    permission_classes = (MayanPermission,)
     filter_backends = (MayanObjectPermissionsFilter,)
-    mayan_object_permissions = {'GET': [permission_folder_view]}
-    mayan_view_permissions = {'POST': [permission_folder_create]}
+    mayan_object_permissions = {'GET': (permission_folder_view,)}
+    mayan_view_permissions = {'POST': (permission_folder_create,)}
+    permission_classes = (MayanPermission,)
+    queryset = Folder.objects.all()
+    serializer_class = FolderSerializer
 
     def get(self, *args, **kwargs):
         """
@@ -43,6 +42,7 @@ class APIFolderListView(generics.ListCreateAPIView):
         """
         return super(APIFolderListView, self).post(*args, **kwargs)
 
+    '''
     def create(self, request, *args, **kwargs):
         serializer = self.get_serializer(
             data=request.DATA, files=request.FILES
@@ -60,6 +60,7 @@ class APIFolderListView(generics.ListCreateAPIView):
             )
 
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+    '''
 
 
 class APIFolderView(generics.RetrieveUpdateDestroyAPIView):
@@ -68,10 +69,10 @@ class APIFolderView(generics.RetrieveUpdateDestroyAPIView):
 
     permission_classes = (MayanPermission,)
     mayan_object_permissions = {
-        'GET': [permission_folder_view],
-        'PUT': [permission_folder_edit],
-        'PATCH': [permission_folder_edit],
-        'DELETE': [permission_folder_delete]
+        'GET': (permission_folder_view,),
+        'PUT': (permission_folder_edit,),
+        'PATCH': (permission_folder_edit,),
+        'DELETE': (permission_folder_delete,)
     }
 
     def delete(self, *args, **kwargs):
@@ -105,7 +106,7 @@ class APIFolderDocumentListView(generics.ListAPIView):
     """
 
     filter_backends = (MayanObjectPermissionsFilter,)
-    mayan_object_permissions = {'GET': [permission_document_view]}
+    mayan_object_permissions = {'GET': (permission_document_view,)}
 
     def get_serializer_class(self):
         from documents.serializers import DocumentSerializer
@@ -124,6 +125,26 @@ class APIFolderDocumentListView(generics.ListAPIView):
 
         return folder.documents.all()
 
+    # TODO: move this method as post of APIFolderDocumentListView
+    def post(self, request, *args, **kwargs):
+        """
+        Add a document to the selected folder.
+        """
+
+        folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
+        try:
+            Permission.check_permissions(
+                request.user, (permission_folder_add_document,)
+            )
+        except PermissionDenied:
+            AccessControlList.objects.check_access(
+                permission_folder_add_document, request.user, folder
+            )
+
+        document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
+        folder.documents.add(document)
+        return Response(status=status.HTTP_201_CREATED)
+
 
 class APIDocumentFolderListView(generics.ListAPIView):
     """
@@ -133,7 +154,7 @@ class APIDocumentFolderListView(generics.ListAPIView):
     serializer_class = FolderSerializer
 
     filter_backends = (MayanObjectPermissionsFilter,)
-    mayan_object_permissions = {'GET': [permission_folder_view]}
+    mayan_object_permissions = {'GET': (permission_folder_view,)}
 
     def get_queryset(self):
         document = get_object_or_404(Document, pk=self.kwargs['pk'])
@@ -160,7 +181,7 @@ class APIFolderDocumentView(views.APIView):
         folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
         try:
             Permission.check_permissions(
-                request.user, [permission_folder_remove_document]
+                request.user, (permission_folder_remove_document,)
             )
         except PermissionDenied:
             AccessControlList.objects.check_access(
@@ -170,23 +191,3 @@ class APIFolderDocumentView(views.APIView):
         document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
         folder.documents.remove(document)
         return Response(status=status.HTTP_204_NO_CONTENT)
-
-    # TODO: move this method as post of APIFolderDocumentListView
-    def post(self, request, *args, **kwargs):
-        """
-        Add a document to the selected folder.
-        """
-
-        folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
-        try:
-            Permission.check_permissions(
-                request.user, [permission_folder_add_document]
-            )
-        except PermissionDenied:
-            AccessControlList.objects.check_access(
-                permission_folder_add_document, request.user, folder
-            )
-
-        document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
-        folder.documents.add(document)
-        return Response(status=status.HTTP_201_CREATED)
diff --git a/mayan/apps/folders/serializers.py b/mayan/apps/folders/serializers.py
index 545228a3a2..616b21731a 100644
--- a/mayan/apps/folders/serializers.py
+++ b/mayan/apps/folders/serializers.py
@@ -2,16 +2,18 @@ from __future__ import unicode_literals
 
 from rest_framework import serializers
 
+from user_management.serializers import UserSerializer
+
 from .models import Folder
 
 
 class FolderSerializer(serializers.ModelSerializer):
     documents = serializers.SerializerMethodField('get_documents_count')
+    user = UserSerializer(read_only=True)
 
     class Meta:
-        fields = ('id', 'label', 'user', 'datetime_created', 'documents')
+        fields = ('datetime_created', 'documents', 'id', 'label', 'user')
         model = Folder
-        read_only_fields = ('user',)
 
     def get_documents_count(self, obj):
         return obj.documents.count()
diff --git a/mayan/apps/folders/test_api.py b/mayan/apps/folders/test_api.py
new file mode 100644
index 0000000000..34ac165774
--- /dev/null
+++ b/mayan/apps/folders/test_api.py
@@ -0,0 +1,47 @@
+from __future__ import unicode_literals
+
+from json import loads
+
+from django.contrib.auth.models import User
+from django.core.files import File
+from django.core.urlresolvers import reverse
+
+from rest_framework import status
+from rest_framework.test import APITestCase
+
+from documents.test_models import (
+    TEST_ADMIN_EMAIL, TEST_ADMIN_PASSWORD, TEST_ADMIN_USERNAME,
+    TEST_DOCUMENT_FILENAME, TEST_DOCUMENT_PATH, TEST_DOCUMENT_TYPE,
+    TEST_SMALL_DOCUMENT_FILENAME, TEST_SMALL_DOCUMENT_PATH,
+)
+
+from .models import Folder
+
+
+TEST_FOLDER_LABEL = 'test folder'
+
+
+class FolderAPITestCase(APITestCase):
+    """
+    Test the folder API endpoints
+    """
+
+    def setUp(self):
+        self.admin_user = User.objects.create_superuser(
+            username=TEST_ADMIN_USERNAME, email=TEST_ADMIN_EMAIL,
+            password=TEST_ADMIN_PASSWORD
+        )
+
+        self.client.force_authenticate(user=self.admin_user)
+
+    def testDown(self):
+        self.admin_user.delete()
+
+    def test_folder_create(self):
+        self.client.post(reverse('rest_api:folder-list'), {'label': TEST_FOLDER_LABEL})
+
+        folder = Folder.objects.first()
+
+        self.assertEqual(Folder.objects.count(), 1)
+        self.assertEqual(folder.label, TEST_FOLDER_LABEL)
+        self.assertEqual(folder.user, self.admin_user)