diff --git a/go.mod b/go.mod
index e04e23d..a5a588f 100644
--- a/go.mod
+++ b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/bytedance/sonic/loader v0.2.1 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/gin-gonic/gin v1.10.0 // indirect
@@ -29,6 +30,8 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	golang.org/x/arch v0.12.0 // indirect
diff --git a/go.sum b/go.sum
index efbc2ff..fc58e68 100644
--- a/go.sum
+++ b/go.sum
@@ -8,6 +8,7 @@ github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJ
 github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA=
 github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU=
@@ -55,6 +56,7 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
 github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -65,6 +67,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
diff --git a/server/account.go b/server/account.go
index 73c472c..4785606 100644
--- a/server/account.go
+++ b/server/account.go
@@ -12,6 +12,13 @@ import (
 func getAccount(c *gin.Context) {
 	id := c.Param("AccountID")
 
+	if id == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"message": "invalid id; must be an integer",
+		})
+		return
+	}
+
 	idInt, err := strconv.Atoi(id)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{
@@ -65,6 +72,13 @@ func newAccount(c *gin.Context) {
 		return
 	}
 
+	if acc.ID < 1 {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"message": "invalid id; must be greater than 0",
+		})
+		return
+	}
+
 	err = database.NewAccount(Database, acc)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{
diff --git a/server/account_test.go b/server/account_test.go
new file mode 100644
index 0000000..0693ec7
--- /dev/null
+++ b/server/account_test.go
@@ -0,0 +1,163 @@
+package server
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetAccountStringAsAccountID(t *testing.T) {
+	r := gin.Default()
+	r.GET("/Account/:AccountID", getAccount)
+
+	req, _ := http.NewRequest("GET", "/Account/a", nil)
+	resp := httptest.NewRecorder()
+	r.ServeHTTP(resp, req)
+
+	fmt.Println(resp.Body.String())
+
+	assert.Equal(t, http.StatusBadRequest, resp.Code)
+}
+
+func TestGetAccountInvalidID(t *testing.T) {
+	r := gin.Default()
+	r.GET("/Account/:AccountID", getAccount)
+
+	req, _ := http.NewRequest("GET", "/Account/0", nil)
+	resp := httptest.NewRecorder()
+	r.ServeHTTP(resp, req)
+
+	fmt.Println(resp.Body.String())
+
+	assert.Equal(t, http.StatusBadRequest, resp.Code)
+}
+
+func TestGetAccountNegativID(t *testing.T) {
+	r := gin.Default()
+	r.GET("/Account/:AccountID", getAccount)
+
+	req, _ := http.NewRequest("GET", "/Account/-1", nil)
+	resp := httptest.NewRecorder()
+	r.ServeHTTP(resp, req)
+
+	fmt.Println(resp.Body.String())
+
+	assert.Equal(t, http.StatusBadRequest, resp.Code)
+}
+
+// TODO: TestGetAccountValidID
+// TODO: TestGetAccountInternalError
+
+func TestNewAccountNegativeID(t *testing.T) {
+	r := gin.Default()
+	r.POST("/NewAccount", newAccount)
+
+	accountJson := `{
+		"ID": -1,
+		"Name": "Test Account",
+		"Kind": "1000.00"
+	}`
+
+	req, _ := http.NewRequest("POST", "/NewAccount", strings.NewReader(accountJson))
+	resp := httptest.NewRecorder()
+	r.ServeHTTP(resp, req)
+
+	fmt.Println(resp.Body.String())
+
+	assert.Equal(t, http.StatusBadRequest, resp.Code)
+}
+
+func TestNewAccountWrongFormat(t *testing.T) {
+	r := gin.Default()
+	r.POST("/NewAccount", newAccount)
+
+	accountJson := `{
+		"ID": 1,
+		"Stuff": "Test Account",
+	}`
+
+	req, _ := http.NewRequest("POST", "/NewAccount", strings.NewReader(accountJson))
+	resp := httptest.NewRecorder()
+	r.ServeHTTP(resp, req)
+
+	fmt.Println(resp.Body.String())
+
+	assert.Equal(t, http.StatusBadRequest, resp.Code)
+}
+
+// TODO: TestNewAccountInternalError
+// TODO: TestNewAccountValid
+
+func TestUpdateAccountNegativeID(t *testing.T) {
+	r := gin.Default()
+	r.PUT("/UpdateAccount", updateAccount)
+
+	accountJson := `{
+		"ID": -1,
+		"Name": "Test Account",
+		"Kind": "1000.00"
+	}`
+
+	req, _ := http.NewRequest("PUT", "/UpdateAccount", strings.NewReader(accountJson))
+	resp := httptest.NewRecorder()
+	r.ServeHTTP(resp, req)
+
+	fmt.Println(resp.Body.String())
+
+	assert.Equal(t, http.StatusBadRequest, resp.Code)
+}
+
+func TestUpdateAccountWrongFormat(t *testing.T) {
+	r := gin.Default()
+	r.PUT("/UpdateAccount", updateAccount)
+
+	accountJson := `{
+		"ID": 1,
+		"Stuff": "Test Account",
+	}`
+
+	req, _ := http.NewRequest("PUT", "/UpdateAccount", strings.NewReader(accountJson))
+	resp := httptest.NewRecorder()
+	r.ServeHTTP(resp, req)
+
+	fmt.Println(resp.Body.String())
+
+	assert.Equal(t, http.StatusBadRequest, resp.Code)
+}
+
+// TODO: TestUpdateAccountInternalError
+// TODO: TestUpdateAccountValid
+
+func TestDeleteAccountNegativeID(t *testing.T) {
+	r := gin.Default()
+	r.DELETE("/DeleteAccount/:AccountID", deleteAccount)
+
+	req, _ := http.NewRequest("DELETE", "/DeleteAccount/-1", nil)
+	resp := httptest.NewRecorder()
+	r.ServeHTTP(resp, req)
+
+	fmt.Println(resp.Body.String())
+
+	assert.Equal(t, http.StatusBadRequest, resp.Code)
+}
+
+func TestDeleteAccountString(t *testing.T) {
+	r := gin.Default()
+	r.DELETE("/DeleteAccount/:AccountID", deleteAccount)
+
+	req, _ := http.NewRequest("DELETE", "/DeleteAccount/a", nil)
+	resp := httptest.NewRecorder()
+	r.ServeHTTP(resp, req)
+
+	fmt.Println(resp.Body.String())
+
+	assert.Equal(t, http.StatusBadRequest, resp.Code)
+}
+
+// TODO: TestDeleteAccountInternalError
+// TODO: TestDeleteAccountValid