diff --git a/.docker/app/Dockerfile b/.docker/app/Dockerfile
index 6e7967866..f0fe25e14 100644
--- a/.docker/app/Dockerfile
+++ b/.docker/app/Dockerfile
@@ -67,6 +67,7 @@ ENV ADMIN_USER_ACCESS_LEVEL=""
 ENV AUTO_CREATE_USER=""
 ENV AUTO_CREATE_USER_PASS=""
 ENV AUTO_CREATE_USER_ACCESS_LEVEL="0"
+ENV AUTO_CREATE_USER_ENABLE_API=""
 
 # TODO: remove prefix from container variables not used by tt-rss itself:
 #
diff --git a/.docker/app/startup.sh b/.docker/app/startup.sh
index e1a17648b..3af95349e 100644
--- a/.docker/app/startup.sh
+++ b/.docker/app/startup.sh
@@ -143,6 +143,12 @@ fi
 if [ ! -z "$AUTO_CREATE_USER" ]; then
 	sudo -Eu app /bin/sh -c "php82 $DST_DIR/update.php --user-exists $AUTO_CREATE_USER ||
 		php82 $DST_DIR/update.php --force-yes --user-add \"$AUTO_CREATE_USER:$AUTO_CREATE_USER_PASS:$AUTO_CREATE_USER_ACCESS_LEVEL\""
+
+	if [ ! -z "$AUTO_CREATE_USER_ENABLE_API" ]; then
+		# TODO: remove || true later
+		sudo -Eu app /bin/sh -c "php82 $DST_DIR/update.php --user-enable-api \"$AUTO_CREATE_USER:$AUTO_CREATE_USER_ENABLE_API\"" || true
+	fi
+
 fi
 
 rm -f /tmp/error.log && mkfifo /tmp/error.log && chown app:app /tmp/error.log
diff --git a/classes/Handler.php b/classes/Handler.php
index 5b54570d8..2676632bb 100644
--- a/classes/Handler.php
+++ b/classes/Handler.php
@@ -28,7 +28,7 @@ class Handler implements IHandler {
 	/**
 	 * @param mixed $p
 	 */
-	protected static function _param_to_bool($p): bool {
+	public static function _param_to_bool($p): bool {
 		$p = clean($p);
 		return $p && ($p !== "f" && $p !== "false");
 	}
diff --git a/classes/Prefs.php b/classes/Prefs.php
index 9d68a14b7..6dc8a1342 100644
--- a/classes/Prefs.php
+++ b/classes/Prefs.php
@@ -343,7 +343,7 @@ class Prefs {
 			$value = Config::cast_to($value, $type_hint);
 
 			if ($value == $this->_get($pref_name, $owner_uid, $profile_id))
-				return false;
+				return true; // no need to actually set this to the same value, let's just say we did
 
 			$this->_set_cache($pref_name, $value, $owner_uid, $profile_id);
 
diff --git a/tests/ApiTest.php b/tests/ApiTest.php
deleted file mode 100644
index cee4f8313..000000000
--- a/tests/ApiTest.php
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php
-use PHPUnit\Framework\TestCase;
-
-/** @group integration */
-final class ApiTest extends TestCase {
-
-	function test_login() {
-
-
-
-	}
-
-}
diff --git a/tests/integration/ApiTest.php b/tests/integration/ApiTest.php
new file mode 100644
index 000000000..cd7a8d67a
--- /dev/null
+++ b/tests/integration/ApiTest.php
@@ -0,0 +1,60 @@
+<?php
+use PHPUnit\Framework\TestCase;
+
+/** @group integration */
+final class ApiTest extends TestCase {
+
+	/** @var string */
+	private $api_url;
+
+	/** @var string */
+	private $sid;
+
+	function __construct() {
+
+		$this->api_url = $_ENV['API_URL'];
+
+		print_r($this->api_url);
+
+		parent::__construct();
+	}
+
+	function api(array $payload) : ?array {
+		$ch = curl_init($this->api_url);
+
+		curl_setopt($ch, CURLOPT_HEADER, false);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-type: application/json"]);
+		curl_setopt($ch, CURLOPT_POST, true);
+		curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
+
+		$response = curl_exec($ch);
+
+		$status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+
+		curl_close($ch);
+
+		return json_decode($response, true);
+	}
+
+	public function common_assertions(array $response) {
+		$this->assertArrayHasKey("content", $response);
+		$this->assertArrayNotHasKey("error", $response['content'], $response['content']['error']);
+	}
+
+	public function test_login() {
+		$response = $this->api(["op" => "login", "user" => "test", "password" => "test"]);
+
+		$this->common_assertions($response);
+	}
+
+	public function test_getVersion() {
+
+		$response = $this->api(["op" => "getVersion"]);
+
+		$this->common_assertions($response);
+
+
+	}
+
+}
diff --git a/update.php b/update.php
index 4fd517701..4c10e3072 100755
--- a/update.php
+++ b/update.php
@@ -104,6 +104,7 @@
 		"user-check-password:" => ["USER:PASSWORD", "returns 0 if user has specified PASSWORD"],
 		"user-set-password:" => ["USER:PASSWORD", "sets PASSWORD of specified USER"],
 		"user-set-access-level:" => ["USER:LEVEL", "sets access LEVEL of specified USER"],
+		"user-enable-api:" => ["USER:BOOL", "enables or disables API access of specified USER"],
 		"user-exists:" => ["USER", "returns 0 if specified USER exists in the database"],
 		"force-yes" => "assume 'yes' to all queries",
 		"help" => "",
@@ -500,6 +501,35 @@
 		}
 	}
 
+	if (isset($options["user-enable-api"])) {
+		list ($login, $enable) = explode(":", $options["user-enable-api"], 2);
+
+		$uid = UserHelper::find_user_by_login($login);
+		$enable = Handler::_param_to_bool($enable);
+
+		if (!$uid) {
+			Debug::log("Error: User not found: $login");
+			exit(1);
+		}
+
+		$rc = -1;
+
+		if ($enable) {
+			Debug::log("Enabling API access for user $login...");
+			$rc = Prefs::set(Prefs::ENABLE_API_ACCESS, true, $uid, null);
+		} else {
+			Debug::log("Disabling API access for user $login...");
+			$rc = Prefs::set(Prefs::ENABLE_API_ACCESS, false, $uid, null);
+		}
+
+		if ($rc) {
+			Debug::log("Success.");
+		} else {
+			Debug::log("Operation failed, check the logs for more information.");
+			exit(1);
+		}
+	}
+
 	if (isset($options["user-remove"])) {
 		$login = $options["user-remove"];
 
diff --git a/utils/phpunit-integration.sh b/utils/phpunit-integration.sh
new file mode 100755
index 000000000..1b5288c1b
--- /dev/null
+++ b/utils/phpunit-integration.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+docker run --rm -v $(pwd):/app \
+	--workdir /app registry.fakecake.org/ci/php8.2-alpine:3.18 php82 -d memory_limit=-1 ./vendor/bin/phpunit --group integration
+
+