diff --git a/tests/unit/get.test.js b/tests/unit/get.test.js
index 477645b..74f6802 100644
--- a/tests/unit/get.test.js
+++ b/tests/unit/get.test.js
@@ -6,7 +6,7 @@ const app = require('../../src/app');
 
 describe('GET /v1/fragments', () => {
   // If the request is missing the Authorization header, it should be forbidden
-  test('unauthenticated requests are denied', () => request(app).get('/v1/fragments').expect(500));
+  test('unauthenticated requests are denied', () => request(app).get('/v1/fragments').expect(401));
 
   // If the wrong username/password pair are used (no such user), it should be forbidden
   test('incorrect credentials are denied', () =>