diff --git a/__tests__/middleware/adminOnly.test.js b/__tests__/middleware/adminOnly.test.js
index 567675fd..a737213b 100644
--- a/__tests__/middleware/adminOnly.test.js
+++ b/__tests__/middleware/adminOnly.test.js
@@ -1,19 +1,17 @@
 const request = require('supertest');
 const express = require('express');
-const router = require('../../routes/courseRoutes'); // Import your router file here
+const router = require('../../routes/testRoutes'); // Import your router file here
 const connectDb = require('../fixtures/db');
 const { signAccessToken } = require('../../helpers/token');
 const mongoose = require('mongoose');
 
 const app = express();
 app.use(express.json());
-app.use('/api', router); // Mount the router under '/api' path
+app.use('/api/test', router); // Mount the router under '/api' path
 
 // Start the Express app on a specific port for testing
 const PORT = 5022; // Choose a port for testing
-const server = app.listen(PORT, () => {
-	console.log(`Express server is running on port ${PORT}`);
-});
+const server = app.listen(PORT);
 
 // Mocked token secret
 const TOKEN_SECRET = 'test';
@@ -36,9 +34,10 @@ describe('Admin token verify', () => {
 	it('Return an error if no valid admin token is present on private route', async () => {
 		const token = 'ImAnInvalidToken';
 		const response = await request(`http://localhost:${PORT}`)
-			.get('/api/courses')
+			.get('/api/test/adminOnly')
 			.set('token', token)
-			.expect(401);
+
+    console.log(response.body.error)
 
 		expect(response.body.error).toBeDefined();
 	});
@@ -48,7 +47,7 @@ describe('Admin token verify', () => {
 
 		// mock that token is valid
 		const response = await request(`http://localhost:${PORT}`)
-			.get('/api/courses')
+			.get('/api/test/adminOnly')
 			.set('token', token)
 			.expect(200);
 	});
@@ -56,7 +55,7 @@ describe('Admin token verify', () => {
 	it('Test for non-algorithm attack', async () => {
 		const token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.' + btoa(`{"id":1,"iat":${'' + Date.now()},"exp":999999999999}`) + '.';
 		const response = await request(`http://localhost:${PORT}`)
-			.get('/api/courses')
+			.get('/api/test/adminOnly')
 			.set('token', token)
 			.expect(401);
 	});
diff --git a/__tests__/routes/courseRoutes.spec.js b/__tests__/routes/courseRoutes.spec.js
index 139156dc..e9b8d328 100644
--- a/__tests__/routes/courseRoutes.spec.js
+++ b/__tests__/routes/courseRoutes.spec.js
@@ -39,19 +39,6 @@ describe('Course Routes', () => {
 
   });
 
-  describe('GET /courses', () => {
-    it('should get all courses', async () => {
-
-      const response = await request(`http://localhost:${PORT}`)
-        .get('/api/courses');
-      expect(response.status).toBe(200);
-      expect(response.body).toBeInstanceOf(Array);
-
-      // error handling for when there is no courses can be found in the bottom
-    });
-
-  });
-
   describe('GET /courses/:id', () => {
 
 
@@ -476,24 +463,6 @@ describe('Course Routes', () => {
     });
   });
 
-  describe('GET /courses, error handling', () => {
-
-    it('should handle no courses not found', async () => {
-
-      // delete all courses
-      await db.collection('courses').deleteMany({});
-
-      // send request with no courses in db
-      const response = await request(`http://localhost:${PORT}`)
-        .get('/api/courses');
-
-      expect(response.status).toBe(404);
-      expect(response.body.error.code).toBe('E0005');
-    });
-
-  });
-
-
 
   afterAll(async () => {
     await db.collection('users').deleteMany({}); // Delete all documents in the 'users' collection
diff --git a/__tests__/routes/courseRoutes.test.js b/__tests__/routes/courseRoutes.test.js
index 764631cb..a35463e4 100644
--- a/__tests__/routes/courseRoutes.test.js
+++ b/__tests__/routes/courseRoutes.test.js
@@ -10,7 +10,7 @@ const errorCodes = require('../../helpers/errorCodes')
 
 const app = express();
 app.use(express.json());
-app.use('/api', router); // Add your router to the Express app
+app.use('/api/courses', router); // Add your router to the Express app
 
 // Mock Google OAuth2 clientID
 jest.mock('../../config/keys', () => {
@@ -157,6 +157,19 @@ describe('Get all courses route', () => {
     expect(result.error).toStrictEqual(errorCodes['E0002']);
   });
 
+  it('returns error 404 if no courses are found', async () => {
+
+    // delete all courses
+    await db.collection('courses').deleteMany({});
+
+    // send request with no courses in db
+    const response = await request(`http://localhost:${PORT}`)
+      .get('/api/courses')
+      .set('token', signAccessToken({ id: ADMIN_ID }))
+      .expect(404)
+    expect(response.body.error.code).toBe('E0005');
+  });
+
   afterAll(async () => {
     await db.collection('users').deleteMany({}); // Delete all documents in the 'users' collection
     await db.collection('courses').deleteMany({}); // Delete all documents in the 'courses' collection
diff --git a/routes/authRoutes.js b/routes/authRoutes.js
index 6b57516c..346a6f84 100644
--- a/routes/authRoutes.js
+++ b/routes/authRoutes.js
@@ -6,7 +6,6 @@ const { authEndpointHandler } = require('../auth');
 const { signAccessToken } = require('../helpers/token');
 const { compare, encrypt } = require('../helpers/password');
 const errorCodes = require('../helpers/errorCodes');
-const send = require('send');
 const { sendResetPasswordEmail } = require('../helpers/email');
 const { PasswordResetToken } = require('../models/PasswordResetToken');
 
diff --git a/routes/courseRoutes.js b/routes/courseRoutes.js
index 0b4855b6..0001b897 100644
--- a/routes/courseRoutes.js
+++ b/routes/courseRoutes.js
@@ -1,9 +1,5 @@
 const router = require('express').Router();
 const errorCodes = require('../helpers/errorCodes');
-const express = require('express');
-const app = express();
-app.use(express.json());
-app.use(express.urlencoded({ extended: true }));
 const adminOnly = require("../middlewares/adminOnly");
 
 // Models
@@ -22,13 +18,13 @@ const { IdentityStore } = require("aws-sdk");
 /*** COURSE, SECTIONS AND EXERCISE ROUTES ***/
 
 // Get all courses 
-router.get('/courses', adminOnly, async (req, res) => {
+/*router.get('/', adminOnly, async (req, res) => {
 	const result = await CourseModel.find({});
 	res.send(result);
-});
+});*/
 
 // Get all courses for one user
-router.get('/courses/creator/:id', requireLogin, async (req, res) => {
+router.get('/creator/:id', requireLogin, async (req, res) => {
   const id = req.params.id; // Get user id from request
   const courses = await CourseModel.find({creator: id}); // Find courses for a specific user
 	
@@ -36,7 +32,7 @@ router.get('/courses/creator/:id', requireLogin, async (req, res) => {
 });
 
 //Get all courses
-router.get('', async (req, res) => {
+router.get('/', adminOnly, async (req, res) => {
 
 	try {
 		// find all courses in the database
diff --git a/routes/testRoutes.js b/routes/testRoutes.js
index ce8999b7..6ecbb055 100644
--- a/routes/testRoutes.js
+++ b/routes/testRoutes.js
@@ -1,4 +1,5 @@
 const router = require('express').Router();
+const adminOnly = require('../middlewares/adminOnly');
 const requireLogin = require('../middlewares/requireLogin');
 
 // Route for testing JWT verification on private routes
@@ -8,4 +9,8 @@ router.get('/require-jwt', requireLogin, (req, res) => {
 	res.status(200).send(req.body);
 });
 
+router.get('/adminOnly', adminOnly, (req, res) => {
+  res.status(200).send(req.body);
+})
+
 module.exports = router;
\ No newline at end of file