diff --git a/CHANGELOG.md b/CHANGELOG.md
index 64f03b72389..b2088c4f3eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -148,6 +148,7 @@ the `Data` key instead of `$InstrumentName` (PR #7857)
 - Add psr/log to composer (PR #8109)
 - Fixed broken DB calls in `assign_missing_instruments` and `instruments` (PR #8162)
 - Add support for PHP 8.1 (PR #7989)
+- Fix Project tab of Configuration module to give correct errors, and prevent saving without Alias (PR #8349)
 ### Modules
 #### API
 - Ability to use PSCID instead of the CandID in the candidates API (PR #8138)
diff --git a/Makefile b/Makefile
index acae120b91c..d7f7b8ff2f2 100755
--- a/Makefile
+++ b/Makefile
@@ -64,3 +64,5 @@ login:
 mri_violations:
 	target=mri_violations npm run compile
 
+dashboard:
+	target=dashboard npm run compile
diff --git a/htdocs/survey.php b/htdocs/survey.php
index eea41d879b8..0ec1823062e 100644
--- a/htdocs/survey.php
+++ b/htdocs/survey.php
@@ -86,7 +86,10 @@ function initialize()
         $this->loris     = new \LORIS\LorisInstance(
             $DB,
             $config,
-            []
+            [
+                __DIR__ . "/../project/modules",
+                __DIR__ . "/../modules/",
+            ]
         );
         $this->TestName  = $DB->pselectOne(
             "SELECT Test_name FROM participant_accounts
diff --git a/jsx/Form.js b/jsx/Form.js
index f90e2b386b9..d32b558c768 100644
--- a/jsx/Form.js
+++ b/jsx/Form.js
@@ -1568,25 +1568,6 @@ class DateElement extends Component {
     if (this.props.maxYear === '' || this.props.maxYear === null) {
       maxYear = '9999';
     }
-    let monthInputs = $('input[type=month][name=' + this.props.name+']');
-    monthInputs.datepicker({
-      dateFormat: 'yy-mm',
-      changeMonth: true,
-      changeYear: true,
-      yearRange: minYear + ':' + maxYear,
-      constrainInput: true,
-      onChangeMonthYear: (y, m, d) => {
-        // Update date in the input field
-        $(this).datepicker('setDate', new Date(y, m - 1, d.selectedDay));
-      },
-      onSelect: (dateText, picker) => {
-        this.props.onUserInput(this.props.name, dateText);
-      },
-    });
-    monthInputs.attr('placeholder', 'yyyy-mm');
-    monthInputs.on('keydown paste', (e) => {
-      e.preventDefault();
-    });
   }
 
   // //////// START OF COPN OVERRIDE //////////
@@ -1738,8 +1719,8 @@ DateElement.propTypes = {
   label: PropTypes.string,
   value: PropTypes.string,
   id: PropTypes.string,
-  maxYear: PropTypes.string,
-  minYear: PropTypes.string,
+  maxYear: PropTypes.oneOfType([PropTypes.string, PropTypes.number]),
+  minYear: PropTypes.oneOfType([PropTypes.string, PropTypes.number]),
   dateFormat: PropTypes.string,
   disabled: PropTypes.bool,
   required: PropTypes.bool,
diff --git a/modules/acknowledgements/test/TestPlan.md b/modules/acknowledgements/test/TestPlan.md
index 2642c2feb99..e59486f6679 100644
--- a/modules/acknowledgements/test/TestPlan.md
+++ b/modules/acknowledgements/test/TestPlan.md
@@ -5,10 +5,11 @@
 2. Access the acknowledgements module page, ensure that it renders.[Automation Testing]
 3. Verify that a new record can not be added Without acknowledgements_edit permission [Manual Testing]
 4. Check that each dropdown has the correct options.[Manual Testing]
-5. Click "Clear Form" and ensure filters are reset to same state.[Automation Testing]
+5. Click "Clear Filter" and ensure filters are reset the default state.[Automation Testing]
 6. Verify that the "Save" button on the modal window form inserts a new record in the 
    data table and that the data table is refreshed automatically.[Automation Testing]
 7. Start entering information in the modal window form and close the modal window 
    without saving. A message asking 'Are You Sure?' should appear to confirm that the
    form should indeed be closed without saving the information previously entered [Manual Testing]
-
+8. Modify the "citation_policy" setting in the LORIS configuration module and ensure that the citation policy
+   at the top of the page is modified.
diff --git a/modules/api/php/endpoint.class.inc b/modules/api/php/endpoint.class.inc
index 68aca5b707a..b7f6055f4ba 100644
--- a/modules/api/php/endpoint.class.inc
+++ b/modules/api/php/endpoint.class.inc
@@ -59,7 +59,9 @@ abstract class Endpoint extends LORISEndpoint implements RequestHandlerInterface
         $versions = $this->supportedVersions() ?? [];
         $version  = $request->getAttribute("LORIS-API-Version") ?? "unknown";
         if (!in_array($version, $versions)) {
-            return new \LORIS\Http\Response\JSON\BadRequest('Unsupported version');
+            // If it's not supported by a version of the API, that means the
+            // endpoint for that version should be not found
+            return new \LORIS\Http\Response\JSON\NotFound('Unsupported version');
         }
 
         return parent::process($request, $handler);
diff --git a/modules/battery_manager/jsx/batteryManagerForm.js b/modules/battery_manager/jsx/batteryManagerForm.js
index d0777635c62..133a9c4308b 100644
--- a/modules/battery_manager/jsx/batteryManagerForm.js
+++ b/modules/battery_manager/jsx/batteryManagerForm.js
@@ -67,8 +67,8 @@ class BatteryManagerForm extends Component {
           name="ageMinDays"
           label="Minimum age (days)"
           onUserInput={setTest}
-          min="0"
-          max="99999"
+          min={0}
+          max={99999}
           required={true}
           value={test.ageMinDays}
           errorMessage={errors.ageMinDays}
@@ -78,8 +78,8 @@ class BatteryManagerForm extends Component {
           name="ageMaxDays"
           label="Maximum age (days)"
           onUserInput={setTest}
-          min="0"
-          max="99999"
+          min={0}
+          max={99999}
           required={true}
           value={test.ageMaxDays}
           errorMessage={errors.ageMaxDays}
@@ -134,8 +134,8 @@ class BatteryManagerForm extends Component {
           label="Instrument Order"
           onUserInput={setTest}
           required={false}
-          min="0"
-          max="127" // max value allowed by default column type of instr_order
+          min={0}
+          max={127} // max value allowed by default column type of instr_order
           value={test.instrumentOrder}
         />
          <ButtonElement
diff --git a/modules/candidate_profile/test/TestPlan.md b/modules/candidate_profile/test/TestPlan.md
index 664ad07c5c6..53bda8a7767 100644
--- a/modules/candidate_profile/test/TestPlan.md
+++ b/modules/candidate_profile/test/TestPlan.md
@@ -50,6 +50,7 @@ that widget (ie. the media module for CandID 587630 (DCC090) or CandID 300001 (M
 4. Ensure that, when the module which added the extra `CandidateInfo` terms
    is disabled, the terms from that module no longer show up in the
    `Candidate Info` card.
+5. Ensure that you can always only see visits from projects that you are affiliated with.
 
 All other widgets are part of other modules, and should be tested as
 part of that module's testing.
diff --git a/modules/configuration/ajax/process.php b/modules/configuration/ajax/process.php
index f41705a39d5..5499b47983e 100644
--- a/modules/configuration/ajax/process.php
+++ b/modules/configuration/ajax/process.php
@@ -60,7 +60,7 @@
                 }
             }
             // Update the config setting to the new value.
-            $DB->update(
+            $DB->unsafeUpdate(
                 'Config',
                 ['Value' => $value],
                 ['ID' => $key]
@@ -108,7 +108,7 @@
                 }
             }
             // Add the new setting
-            $DB->insert(
+            $DB->unsafeInsert(
                 'Config',
                 [
                     'ConfigID' => $ConfigSettingsID, // FK to ConfigSettings.
diff --git a/modules/configuration/ajax/updateProject.php b/modules/configuration/ajax/updateProject.php
index 33424bf4653..795be816f38 100644
--- a/modules/configuration/ajax/updateProject.php
+++ b/modules/configuration/ajax/updateProject.php
@@ -44,18 +44,35 @@
         exit;
     }
 
+    if (empty($_POST['Name'])
+        || empty($_POST['Alias'])
+        || strlen($_POST['Alias']) > 4
+    ) {
+        http_response_code(400);
+        echo json_encode(['error' => 'Bad Request']);
+        exit;
+    }
+
     $project = \Project::createNew($projectName, $projectAlias, $recTarget);
     $db->insert(
         'user_project_rel',
         ["UserID"=>$user->getId(),"ProjectID"=>$project->getId()]
     );
 } else {
+    if (empty($_POST['Name'])
+        || empty($_POST['Alias'])
+        || strlen($_POST['Alias']) > 4
+    ) {
+        http_response_code(400);
+        echo json_encode(['error' => 'Bad Request']);
+        exit;
+    }
+
     // Update Project fields
     $project = \Project::getProjectFromID(new \ProjectID($projectID));
     $project->updateName($projectName);
     $project->updateAlias($projectAlias);
     $project->updateRecruitmentTarget($recTarget);
-
 }
 
 // Cohort information isn't mandatory. If the array is empty, give an
diff --git a/modules/configuration/js/project.js b/modules/configuration/js/project.js
index 5ce45652a3b..e0d690aa61f 100644
--- a/modules/configuration/js/project.js
+++ b/modules/configuration/js/project.js
@@ -31,7 +31,15 @@ $(document).ready(function() {
         }
 
         var errorClosure = function(i, form) {
-          if (isNaN(recruitmentTarget)) {
+          if (!Name) {
+            return function () {
+              $(form.find(".saveStatus")).text("Failed to save, must enter a Project Name!").css({'color': 'red'}).fadeIn(500).delay(1000).fadeOut(500);
+            }
+          } else if (!Alias) {
+            return function () {
+              $(form.find(".saveStatus")).text("Failed to save, must enter an Alias!").css({'color': 'red'}).fadeIn(500).delay(1000).fadeOut(500);
+            }
+          } else if (isNaN(recruitmentTarget)) {
             return function () {
               $(form.find(".saveStatus")).text("Failed to save, recruitment target must be an integer!").css({'color': 'red'}).fadeIn(500).delay(1000).fadeOut(500);
             }
@@ -39,7 +47,7 @@ $(document).ready(function() {
             return function () {
               $(form.find(".saveStatus")).text("Failed to save, Alias should be at most 4 characters long!").css({'color': 'red'}).fadeIn(500).delay(1000).fadeOut(500);
             }
-          }else {
+          } else {
             return function () {
               $(form.find(".saveStatus")).text("Failed to save, same name already exist!").css({'color': 'red'}).fadeIn(500).delay(1000).fadeOut(500);
             }
diff --git a/modules/dashboard/.gitignore b/modules/dashboard/.gitignore
new file mode 100644
index 00000000000..408f23218b0
--- /dev/null
+++ b/modules/dashboard/.gitignore
@@ -0,0 +1 @@
+js/welcome.js
diff --git a/modules/dashboard/jsx/welcome.js b/modules/dashboard/jsx/welcome.js
new file mode 100644
index 00000000000..13ea9300c53
--- /dev/null
+++ b/modules/dashboard/jsx/welcome.js
@@ -0,0 +1,13 @@
+import DOMPurify from 'dompurify';
+
+window.addEventListener('load', () => {
+    fetch(loris.BaseURL + '/dashboard/projectdescription').then( (resp) => {
+        if (!resp.ok) {
+            throw new Error('Could not get project description');
+        }
+        return resp.json();
+    }).then( (json) => {
+      const el = document.getElementById('project-description');
+      el.innerHTML = DOMPurify.sanitize(json.Description);
+    }).catch( (e) => console.error(e));
+});
diff --git a/modules/dashboard/php/projectdescription.class.inc b/modules/dashboard/php/projectdescription.class.inc
new file mode 100644
index 00000000000..9af197c8545
--- /dev/null
+++ b/modules/dashboard/php/projectdescription.class.inc
@@ -0,0 +1,38 @@
+<?php
+namespace LORIS\dashboard;
+use \Psr\Http\Message\ServerRequestInterface;
+use \Psr\Http\Message\ResponseInterface;
+
+/**
+ * Get the project description to display in the welcome widget.
+ *
+ * @license http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ */
+
+class ProjectDescription extends \LORIS\Http\Endpoint
+{
+    /**
+     * {@inheritDoc}
+     *
+     * @param ServerRequestInterface $request The incoming request
+     *
+     * @return ResponseInterface
+     */
+    public function handle(ServerRequestInterface $request) : ResponseInterface
+    {
+        $desc = $this->loris->getConfiguration()->getSetting('projectDescription');
+        return new \LORIS\Http\Response\JSON\OK(['Description' => $desc]);
+    }
+
+    /**
+     * The hasAccess call called by the Module class before loading the page.
+     *
+     * @param \User $user The user accessing the page
+     *
+     * @return bool
+     */
+    function _hasAccess(\User $user)
+    {
+        return true;
+    }
+}
diff --git a/modules/dashboard/templates/welcomebody.tpl b/modules/dashboard/templates/welcomebody.tpl
index 9eeda274f67..6b35be902b7 100644
--- a/modules/dashboard/templates/welcomebody.tpl
+++ b/modules/dashboard/templates/welcomebody.tpl
@@ -1,5 +1,4 @@
 <h3 class="welcome">Welcome, {$username}.</h3>
 <p class="pull-right small login-time">Last login: {$last_login}</p>
-{if !is_null($project_description)}
-<p class="project-description">{$project_description}</p>
-{/if}
+<p id="project-description" class="project-description"></p>
+<script src="/dashboard/js/welcome.js"></script>
diff --git a/modules/document_repository/help/document_repository.md b/modules/document_repository/help/document_repository.md
index 3f11d97c8ec..1f442e4d54f 100644
--- a/modules/document_repository/help/document_repository.md
+++ b/modules/document_repository/help/document_repository.md
@@ -5,6 +5,6 @@ This module provides studies with a centralized location for important documents
 In the **Browse** tab, you can search for specific files using the **Selection Filter** section. Click on any file name in the data table to download. Click on any of the folders to reveal subfolders and files organized within. You can click on **Edit** or **Delete** in any cell, in those respective columns, to modify a file. Click on certain column headers to sort the list of documents.
 The **Filter globally** only works in the current directory (root folder only contains directories).
 The **Filter globally** will filter the file across the directories.
-Navigate to the **Upload** tab to upload a file. Populate the fields and upload your file. Your newly uploaded file should now appear in the list within the Browse tab.
+Navigate to the **Upload** tab to upload one or more files. Populate the fields and upload your files. Your newly uploaded files should now appear in the list within the Browse tab.
 
 If you need to add a new category or subcategory, you can do so in the **Category** tab. Populate the fields and click **Add Category**.
diff --git a/modules/document_repository/test/TestPlan.md b/modules/document_repository/test/TestPlan.md
index d1e569b07d9..bc1f69f29ef 100644
--- a/modules/document_repository/test/TestPlan.md
+++ b/modules/document_repository/test/TestPlan.md
@@ -6,7 +6,7 @@
    [Manual Testing]
 3. Check that the comments for a category are displayed properly as a tooltip.
    [Manual Testing]
-4. Upload a file.
+4. Upload one file. Upload multiple files at once.
    [Manual Testing]
 5. User is able to delete a file if they have the "Delete files in Document Repository" permission or is the super user.
    [Manual Testing]
@@ -29,13 +29,13 @@
    [Manual Testing]
 14. Edit a file in the repository: check that “Date Uploaded” date is updated.
     [Manual Testing]
-15. Visit the My Preferences module and enable notifications for the document_repository.
+15. Visit the "My Preferences" module and enable notifications for the document_repository.
     Make sure that you are notified for the follow changes:
        - Addition, deletion or modification of a file (by a user other than yourself)
        - Addition of a category (by a user other than yourself)
     [Manual Testing]
 16. Try uploading a file that exceeds the max upload limit. Ensure that an error message occurs
-    when the server has detected that the file is too large.
+    when the server has detected that the file is too large. Do this again, with multiple files at once, to ensure proper individual error reporting for all files.
     [Manual Testing]
 
 ### Widget registration on the dashboard page
diff --git a/modules/electrophysiology_uploader/help/electrophysiology_uploader.md b/modules/electrophysiology_uploader/help/electrophysiology_uploader.md
new file mode 100644
index 00000000000..fcba1cc81f9
--- /dev/null
+++ b/modules/electrophysiology_uploader/help/electrophysiology_uploader.md
@@ -0,0 +1,13 @@
+# Electrophysiology Uploader
+
+This module allows you to upload EEG recordings and browse past uploads.
+
+In the **Browse** tab, you can use the *Selection Filter* section to search for existing uploads.
+
+In the data table, you can click any link in the *Upload Location* column to download the uploaded files.
+
+To upload recordings, click on the **Upload** tab. Select your file for upload and enter the required information about the recording.
+
+Note: The candidate must already be registered in LORIS and the visit label must be known for the study.
+
+Pay attention to the *Notes* for upload rules. Your dataset should be [BIDS-compliant](https://bids-specification.readthedocs.io).
diff --git a/modules/electrophysiology_uploader/php/upload.class.inc b/modules/electrophysiology_uploader/php/upload.class.inc
index 7d55372ae76..373564681da 100644
--- a/modules/electrophysiology_uploader/php/upload.class.inc
+++ b/modules/electrophysiology_uploader/php/upload.class.inc
@@ -46,7 +46,7 @@ class Upload extends \NDB_Page
         // Ensure GET or POST request.
         switch ($request->getMethod()) {
         case 'GET':
-            return $this->_handleGet($request);
+            return $this->_handleGET($request);
         case 'POST':
             return $this->_handlePOST($request);
         default:
@@ -63,7 +63,7 @@ class Upload extends \NDB_Page
      *
      * @return ResponseInterface
      */
-    private function _handleGet(ServerRequestInterface $request) : ResponseInterface
+    private function _handleGET(ServerRequestInterface $request) : ResponseInterface
     {
         $qParams = $request->getQueryParams();
         if (!isset($qParams['upload_id'])) {
@@ -244,6 +244,7 @@ class Upload extends \NDB_Page
             'UploadDate'     => date('Y-m-d H:i:s'),
             'UploadLocation' => "$filename",
             'SessionID'      => $session['ID'],
+            'Checksum'       => $values['checksum'] ?? null,
         ];
 
         $db->insert('electrophysiology_uploader', $saveValues);
diff --git a/modules/examiner/templates/form_editExaminer.tpl b/modules/examiner/templates/form_editExaminer.tpl
index 6b07bb6462d..2f637e4b10f 100644
--- a/modules/examiner/templates/form_editExaminer.tpl
+++ b/modules/examiner/templates/form_editExaminer.tpl
@@ -12,7 +12,7 @@
                     </div>
                     {/foreach}
                     <div class="row hidden-xs hidden-sm">
-                        <div class="col-md-1">
+                        <div class="col-md-3">
                             <label>Instrument</label>
                         </div>
                         <div class="col-md-2">
@@ -21,19 +21,20 @@
                         <div class="col-md-2 col-md-offset-1">
                             <label>Certification Date</label>
                         </div>
-                        <div class="col-md-4 col-md-offset-1">
+                        <div class="col-md-2 col-md-offset-1">
                             <label>Comments</label>
                         </div>
                     </div>
                     <hr class="row hidden-xs hidden-sm">
                     {foreach from=$instruments key=ID item=name}
                     <div class="row">
-                        <div class="col-md-1">
+                        <div class="col-md-3">
                             <label>{$form.$name.label}</label>
                         </div>
                         {$form.$name.html}
                     </div>
                     {/foreach}
+                    <hr class="row hidden-xs hidden-sm">
                     <div class="row">
                         {if not $success|default}
                         <div class="col-xs-12">
diff --git a/modules/instrument_manager/test/TestPlan.md b/modules/instrument_manager/test/TestPlan.md
index e173c973af3..91d7a0599ca 100644
--- a/modules/instrument_manager/test/TestPlan.md
+++ b/modules/instrument_manager/test/TestPlan.md
@@ -21,4 +21,5 @@ Check that function CheckTable performs the appropriate checks (catches these di
 eg "Table Valid" column is valid when instrument fields match up and "Pages Valid" is valid when subpages are valid.
    [Manual Testing]
 9. With a user who has the `instrument_manager_write` permission, click the button in the `Permission Required` column. A modal should popup where you can edit the permissions.
-Check that modifying the permissions saves the new permissions.
+   - Check that modifying the permissions saves the new permissions.
+   - Check that a user can access that instruments if and only if they has that permission.
diff --git a/modules/instruments/test/TestPlan.md b/modules/instruments/test/TestPlan.md
index c47bb9ad096..f5a33173192 100644
--- a/modules/instruments/test/TestPlan.md
+++ b/modules/instruments/test/TestPlan.md
@@ -19,20 +19,14 @@ is correct.
 5. If the instrument has multiple pages (on the left pane), move from page to page and check that the
 saved data stays the same. The data that wasn't saved should be lost.
 6. Make sure that the 'Delete instrument data' button on the left pane is only visible when the user
-has the `Send to DCC` (_"Send to DCC"_) permission.
+has the 'Send to DCC' (_"Send to DCC"_) permission, and the configuration `InstrumentResetting` (_"Instrument Resetting"_) is set to
+'Yes' in the Configuration module.
 7. Click on the 'Delete instrument data' button and check if the instrument's data is cleared.
 8. Check that an instrument with the `postMortem` variable set to true displays the label
 'Candidate Age at Death (Months)' instead of 'Candidate Age (Months)'. To set the `postMortem` variable
 for PHP instruments, assign the variable within the instrument's PHP class; for LINST instruments,
 include `postmortem{@}true` in the instrument's meta file.
-9. Check that access restriction in `config.xml` works.
- - In the `<instrumentPermissions>` section of `config.xml`
- - set the `<useInstrumentPermissions>` to `true`
- - add the name of an instrument in the `<Test_name>` tag of the `<instrument>`
- - add the name of a permission in the `<permission>` tag of the same `<instrument>`
-   - create a new permission if needed (`permissions` table)
- - check that the user can access that instruments if and only if they has that permission
-10. Test both LINST & PHP instruments found in the `project/instruments` directory.
+9.  Test both LINST & PHP instruments found in the `project/instruments` directory.
     - Refer to the following guides for help.
         1. The [Instrument Insertion](https://github.com/aces/Loris/wiki/Instrument-Insertion) for PHP instruments.
         2. The [Creating and installing clinical instruments](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet#links) for LINST instruments.
@@ -41,7 +35,7 @@ include `postmortem{@}true` in the instrument's meta file.
         2. Create a timepoint
         3. Start its visit stage
         4. Enter sample data, testing each field's type and logic constraints
-11. Verify Validity flags are functioning for instruments.
+10.  Verify Validity flags are functioning for instruments.
     - **Validity:** can be marked as “Valid”, “Questionable”, or “Invalid”. Whether or not this flag is shown for an instrument is by the boolean $ValidityEnabled. Whether the field is required before flagging an instrument as complete is determined by $ValidityRequired.
     - You can test the forgoing flags by switching the corresponding boolean of the test instruments to either `true` or `false`.
 
diff --git a/modules/issue_tracker/jsx/IssueForm.js b/modules/issue_tracker/jsx/IssueForm.js
index e54d467d9ab..a4b2e53eb42 100644
--- a/modules/issue_tracker/jsx/IssueForm.js
+++ b/modules/issue_tracker/jsx/IssueForm.js
@@ -153,6 +153,7 @@ class IssueForm extends Component {
                        baseURL={this.props.baseURL}
                        attachments={this.state.issueData['attachments']}
                        userHasPermission={this.props.userHasPermission}
+                       whoami={this.state.issueData.whoami}
       />
     );
 
diff --git a/modules/issue_tracker/jsx/attachments/attachmentsList.js b/modules/issue_tracker/jsx/attachments/attachmentsList.js
index d4fec562f29..aa951b6ea09 100644
--- a/modules/issue_tracker/jsx/attachments/attachmentsList.js
+++ b/modules/issue_tracker/jsx/attachments/attachmentsList.js
@@ -102,7 +102,7 @@ class AttachmentsList extends Component {
    */
   displayAttachmentOptions(deleteData, item) {
     if (this.props.userHasPermission
-      || this.state.attachments.whoami === item.user) {
+      || this.props.whoami === item.user) {
       return (
         <div className='row'>
           <div className='col-md-12'>
@@ -276,6 +276,7 @@ AttachmentsList.propTypes = {
   baseURL: PropTypes.string.isRequired,
   attachments: PropTypes.array,
   userHasPermission: PropTypes.bool,
+  whoami: PropTypes.string.isRequired,
 };
 AttachmentsList.defaultProps = {
   attachments: [],
diff --git a/modules/issue_tracker/php/edit.class.inc b/modules/issue_tracker/php/edit.class.inc
index 6d595612537..f8898ebb815 100644
--- a/modules/issue_tracker/php/edit.class.inc
+++ b/modules/issue_tracker/php/edit.class.inc
@@ -906,7 +906,8 @@ class Edit extends \NDB_Page implements ETagCalculator
      */
     function _hasAccess(\User $user) : bool
     {
-        return $user->hasPermission('data_entry');
+        return $user->hasPermission('issue_tracker_reporter')
+            || $user->hasPermission('issue_tracker_developer');
     }
 
     /**
diff --git a/modules/issue_tracker/php/issue_tracker.class.inc b/modules/issue_tracker/php/issue_tracker.class.inc
index b52d669b7d4..5c7464da47a 100644
--- a/modules/issue_tracker/php/issue_tracker.class.inc
+++ b/modules/issue_tracker/php/issue_tracker.class.inc
@@ -119,7 +119,7 @@ class Issue_Tracker extends \NDB_Menu_Filter_Form
                     u.Real_name
              FROM issues i
              INNER JOIN users u
-               ON(i.assignee=u.UserID)",
+               ON(i.reporter=u.UserID)",
             []
         );
         foreach ($reporter_expanded as $r_row) {
diff --git a/modules/media/jsx/editForm.js b/modules/media/jsx/editForm.js
index 575a542765f..579bc9d15db 100644
--- a/modules/media/jsx/editForm.js
+++ b/modules/media/jsx/editForm.js
@@ -183,7 +183,10 @@ class MediaEditForm extends Component {
             ref='hideFile'
             value={this.state.formData.hideFile}
           />
-          <ButtonElement label='Update File'/>
+          <ButtonElement
+            label='Update File'
+            onUserInput = {() => {}}
+          />
         </FormElement>
       </div>
     );
diff --git a/modules/media/jsx/mediaIndex.js b/modules/media/jsx/mediaIndex.js
index 7e8149701ea..01071fc76eb 100644
--- a/modules/media/jsx/mediaIndex.js
+++ b/modules/media/jsx/mediaIndex.js
@@ -103,7 +103,7 @@ class MediaIndex extends Component {
   formatColumn(column, cell, row) {
     cell = this.mapColumn(column, cell);
     // Set class to 'bg-danger' if file is hidden.
-    const style = (row['File Visibility'] === '1') ? 'bg-danger' : '';
+    const style = (row['File Visibility'] === 'hidden') ? 'bg-danger' : '';
     let result = <td className={style}>{cell}</td>;
     switch (column) {
     case 'File Name':
diff --git a/modules/media/php/media.class.inc b/modules/media/php/media.class.inc
index a9928be4b02..51475a1f427 100644
--- a/modules/media/php/media.class.inc
+++ b/modules/media/php/media.class.inc
@@ -118,8 +118,8 @@ class Media extends \DataFrameworkMenu
         $hiddenOptions = [];
         if (\User::singleton()->hasPermission('superuser')) {
             $hiddenOptions = [
-                0 => 'Visible only',
-                1 => 'Hidden only',
+                'visible' => 'Visible only',
+                'hidden'  => 'Hidden only',
             ];
         }
 
diff --git a/modules/media/php/mediafileprovisioner.class.inc b/modules/media/php/mediafileprovisioner.class.inc
index 08b64725edc..6ae392c9330 100644
--- a/modules/media/php/mediafileprovisioner.class.inc
+++ b/modules/media/php/mediafileprovisioner.class.inc
@@ -62,7 +62,10 @@ class MediaFileProvisioner extends \LORIS\Data\Provisioners\DBRowProvisioner
                		m.file_type as fileType,
                		s.CandID as candidateId,
                		s.ID as sessionId,
-               		m.hide_file as hideFile,
+                    CASE
+                        WHEN m.hide_file = 0 THEN 'visible'
+                        WHEN m.hide_file = 1 THEN 'hidden'
+                    END AS hideFile,
                		m.id
              FROM media m
              INNER JOIN session s ON m.session_id = s.ID
diff --git a/modules/mri_violations/php/provisioner.class.inc b/modules/mri_violations/php/provisioner.class.inc
index f3150bd856f..55cf696f3f6 100644
--- a/modules/mri_violations/php/provisioner.class.inc
+++ b/modules/mri_violations/php/provisioner.class.inc
@@ -114,7 +114,7 @@ class Provisioner extends \LORIS\Data\Provisioners\DBRowProvisioner
                 LEFT JOIN psc p ON (p.CenterID = s.CenterID)
                 GROUP BY PatientName, TimeRun, Project, Cohort, MincFile,
                   Scan_type, SeriesUID, Site, hash, Resolved, TarchiveID,
-                  CandID, PSCID
+                  CandID, PSCID, PhaseEncodingDirection, EchoTime, EchoNumber
               UNION
                   SELECT PatientName,
                          TimeRun,
diff --git a/modules/new_profile/jsx/NewProfileIndex.js b/modules/new_profile/jsx/NewProfileIndex.js
index 36731b1b207..789270161f0 100644
--- a/modules/new_profile/jsx/NewProfileIndex.js
+++ b/modules/new_profile/jsx/NewProfileIndex.js
@@ -101,7 +101,7 @@ class NewProfileIndex extends React.Component {
     };
 
     if (this.state.configData['edc'] === 'true') {
-      candidateObject.Candidate.EDC = formData.edc;
+      candidateObject.Candidate.EDC = formData.edcDate;
     }
     if (this.state.configData['pscidSet'] === 'true') {
       candidateObject.Candidate.PSCID = formData.pscid;
diff --git a/modules/new_profile/php/new_profile.class.inc b/modules/new_profile/php/new_profile.class.inc
index 3a614cd0fa8..71b7775d1e1 100644
--- a/modules/new_profile/php/new_profile.class.inc
+++ b/modules/new_profile/php/new_profile.class.inc
@@ -47,9 +47,9 @@ class New_Profile extends \NDB_Form
         $dobFormat = $config->getSetting('dobFormat');
         $edc       = $config->getSetting('useEDC');
         $sex       = [
-            'male'   => 'Male',
-            'female' => 'Female',
-            'other'  => 'Other',
+            'Male'   => 'Male',
+            'Female' => 'Female',
+            'Other'  => 'Other',
         ];
         $pscidSet  = "false";
         $minYear   = (isset($startYear, $ageMax)) ? $startYear - $ageMax : null;
diff --git a/modules/new_profile/test/new_profileTest.php b/modules/new_profile/test/new_profileTest.php
index a8f991af108..55b377cc952 100644
--- a/modules/new_profile/test/new_profileTest.php
+++ b/modules/new_profile/test/new_profileTest.php
@@ -85,7 +85,7 @@ function testNewProfileCreateCandidate(): void
         // send a key to sex
         $sexElement = $this->safeFindElement(WebDriverBy::Name('sex'));
         $sexOption  = new WebDriverSelect($sexElement);
-        $sexOption->selectByValue("male");
+        $sexOption->selectByValue("Male");
         $sexElement = $this->safeFindElement(WebDriverBy::Name('site'));
         $sexOption  = new WebDriverSelect($sexElement);
         $sexOption->selectByValue("1");
diff --git a/modules/survey_accounts/help/survey_accounts.md b/modules/survey_accounts/help/survey_accounts.md
index aeb6747a99c..59d86c380be 100644
--- a/modules/survey_accounts/help/survey_accounts.md
+++ b/modules/survey_accounts/help/survey_accounts.md
@@ -12,11 +12,11 @@ The resulting table will display your results, which includes a unique URL for e
 
 The *Status* column tells you whether the survey has been accessed. This column will display one of the following options:
 
-**Created**: Survey was created. This is the default status once a survey is created using the "Add Survey" page.<br>
-**Sent**: Survey was created, and an email with the unique survey URL was sent to the survey respondent. This is the default status once a survey is created and sent by email within LORIS.<br>
-**In Progress**: Survey was opened and accessed by anyone with the link, including study personnel (not just the intended respondent).<br>
+**Created**: Survey was created. This is the default status once a survey is created using the "Add Survey" page.  
+**Sent**: Survey was created, and an email with the unique survey URL was sent to the survey respondent. This is the default status once a survey is created and sent by email within LORIS.  
+**In Progress**: Survey was opened and accessed by anyone with the link, including study personnel (not just the intended respondent).  
 **Complete**: Survey was completed and submitted. After this stage, the respondent will not be able to go back and change any entries. No data will be visible via the URL once a survey is completed: clicking on the URL will display a page with the message *"Data has already been submitted"*
 
 ## Create Surveys
 
-You can create a new survey manually with data that hasn’t yet been entered into LORIS. Click **Add Survey**, which takes you to a new page. Populate the fields and click **Create Survey** to generate a URL, which you can send to the candidate, or **Email Survey** to send the URL to the candidate. If you choose Email Survey, you’ll be able to customize the content of the email in a pop-up window (which will contain an editable generic message).
\ No newline at end of file
+You can create a new survey manually with data that hasn’t yet been entered into LORIS. Click **Add Survey**, which takes you to a new page. Populate the fields and click **Create Survey** to generate a URL, which you can send to the candidate, or **Email Survey** to send the URL to the candidate. If you choose Email Survey, you’ll be able to customize the content of the email in a pop-up window (which will contain an editable generic message).
diff --git a/modules/timepoint_list/php/timepoint_list.class.inc b/modules/timepoint_list/php/timepoint_list.class.inc
index 9ec68246c77..107ffcf5806 100644
--- a/modules/timepoint_list/php/timepoint_list.class.inc
+++ b/modules/timepoint_list/php/timepoint_list.class.inc
@@ -99,15 +99,12 @@ class Timepoint_List extends \NDB_Menu
             },
             $listOfSessionIDs,
         );
-
-        if ($user->hasPermission('access_all_profiles') === false) {
-            $listOfTimePoints = array_filter(
-                $listOfTimePoints,
-                function ($timePoint) use ($user) {
-                    return $timePoint->isAccessibleBy($user);
-                }
-            );
-        }
+        $listOfTimePoints = array_filter(
+            $listOfTimePoints,
+            function ($timePoint) use ($user) {
+                return $timePoint->isAccessibleBy($user);
+            }
+        );
 
         /*
          * List of visits
diff --git a/modules/timepoint_list/test/TestPlan.md b/modules/timepoint_list/test/TestPlan.md
index 7e9a020ce34..f9e7990b69c 100644
--- a/modules/timepoint_list/test/TestPlan.md
+++ b/modules/timepoint_list/test/TestPlan.md
@@ -5,6 +5,7 @@
     - For a candidate of a different site than your user, ensure that either 
         - `access_all_profiles` permission is required 
         - or that the candidate's registration site is the same as the user's site
+    - Ensure that you can always only see visits from projects that you are affiliated with.
 2. **Action buttons** 
     - For a candidate of a different site than your user, attempt to access the timepoint list via the url. The page should load with a message of 'Permission Denied'.
     - For a candidate of the same site as your user, there should be up to 3 additional buttons:
diff --git a/modules/user_accounts/test/TestPlan.md b/modules/user_accounts/test/TestPlan.md
index dfe40506b0b..8083e718e51 100644
--- a/modules/user_accounts/test/TestPlan.md
+++ b/modules/user_accounts/test/TestPlan.md
@@ -33,7 +33,7 @@ When creating or editing a user: (subtest: edit_user)
 11. For an existing active user, edit the user's account and click 'Generate new password' and check 'Send email'.
     Save. Check that an email is sent to the user with the new password. 
     Check that after logging in, the user is immediately asked to update his/her password.
-12. Check that if creating a new user an email is sent to him/her (requires email server). Also check that when a new
+12. Check that if creating a new user and selecting "Send email to user" an email is sent to him/her (requires email server). Also check that when a new
     user is logging in for the first time he/she is asked to change his/her password.
     1. Check that when creating a new user, leading and trailing spaces in the username are stripped.
     2. Check that you can create a new user with name 00 (double zero).
@@ -61,7 +61,7 @@ When creating or editing a user: (subtest: edit_user)
     without saving any changes to the user profile.
 28. Check that if config setting 'Enable "Pwned Password" check' is set to 'Yes', then validation to make sure that the password
     entered (both for add user and edit user pages) has not been pwned is done. Also check that disabling this setting disables the 
-    validation. Example of a pwned password: AKAX89Wn
+    validation. Example of a pwned password: ji32k7au4a83
 29. Check that a 'Reject user' button will be available on the edit user page if the editee is a user whose account is awaiting approval and the editee
     has not yet logged in.
 30. Edit a user that fits the conditions listed above and reject it. Make sure that the user has been removed from the database and does not show up in
diff --git a/php/libraries/Candidate.class.inc b/php/libraries/Candidate.class.inc
index 4e4eff48f71..f82a309ef5c 100644
--- a/php/libraries/Candidate.class.inc
+++ b/php/libraries/Candidate.class.inc
@@ -19,6 +19,7 @@ define('PSCID_INVALID_STRUCTURE', 4);
 define('EDC_NOT_SPECIFIED', 5);
 define('DOB_NOT_SPECIFIED', 6);
 define('DOB_INVALID', 7);
+define('EDC_INVALID', 8);
 
 /**
  * Wrapper around a candidate in Loris. Mostly, it gets information
@@ -268,35 +269,58 @@ class Candidate implements \LORIS\StudyEntities\AccessibleResource,
         $PSCIDSettings = $config->getSetting('PSCID');
         $useEDC        = $config->getSetting('useEDC');
 
-        if (($useEDC === '1' || $useEDC === 'true') && empty($edc)) {
-            throw new \LorisException(
-                "EDC must be specified",
-                EDC_NOT_SPECIFIED
-            );
-        }
-        if (empty($dateOfBirth)) {
-            throw new InvalidArgumentException(
-                "Date of Birth must be specified",
-                DOB_NOT_SPECIFIED
-            );
-        }
-
         // Get expected format from config
         $dobFormat = $config->getSetting('dobFormat');
         $dobFormat = '!' . implode("-", str_split($dobFormat, 1));
-        $dob       = DateTime::createFromFormat($dobFormat, $dateOfBirth);
 
-        if ($dob === false) {
-            throw new InvalidArgumentException(
-                "Date of Birth is invalid (expected format: YYYY-MM-DD)",
-                DOB_INVALID
-            );
+        if (($useEDC === '1' || $useEDC === 'true')) {
+            if (empty($edc)) {
+                throw new \LorisException(
+                    "EDC must be specified",
+                    EDC_NOT_SPECIFIED
+                );
+            } else {
+                // Check valid format
+                $edcDate = DateTime::createFromFormat($dobFormat, $edc);
+                if ($edcDate === false) {
+                    throw new InvalidArgumentException(
+                        "EDC is invalid (expected format: YYYY-MM-DD)",
+                        EDC_INVALID
+                    );
+                }
+
+                // Add day as mid of the month if Y-m dob format
+                // This allows insert into sql candidate table
+                if ($dobFormat === '!Y-m') {
+                    $edc .= '-15';
+                }
+            }
         }
 
-        // Add day as first of the month if Y-m dob format
-        // This allows insert into sql candidate table
-        if ($dobFormat === '!Y-m') {
-            $dateOfBirth .= '-15';
+        if (empty($dateOfBirth)) {
+            // DoB not required if useEDC is on
+            if (!($useEDC === '1' || $useEDC === 'true')) {
+                throw new InvalidArgumentException(
+                    "Date of Birth must be specified",
+                    DOB_NOT_SPECIFIED
+                );
+            } else {
+                $dateOfBirth = null;
+            }
+        } else {
+            $dob = DateTime::createFromFormat($dobFormat, $dateOfBirth);
+            if ($dob === false) {
+                throw new InvalidArgumentException(
+                    "Date of Birth is invalid (expected format: YYYY-MM-DD)",
+                    DOB_INVALID
+                );
+            }
+
+            // Add day as mid of the month if Y-m dob format
+            // This allows insert into sql candidate table
+            if ($dobFormat === '!Y-m') {
+                $dateOfBirth .= '-15';
+            }
         }
 
         if ($PSCIDSettings['generation'] == 'user') {
diff --git a/php/libraries/NDB_BVL_Feedback.class.inc b/php/libraries/NDB_BVL_Feedback.class.inc
index 580ef3ac1cc..86f217f891c 100644
--- a/php/libraries/NDB_BVL_Feedback.class.inc
+++ b/php/libraries/NDB_BVL_Feedback.class.inc
@@ -475,25 +475,38 @@ class NDB_BVL_Feedback
             $query .= " LEFT JOIN flag as f ON (ft.CommentID = f.CommentID)";
         }
         $query .= " WHERE ft.Active ='Y'";
-        if (!$hasReadPermission===true) {
-            $query            .= " AND FIND_IN_SET(s.CenterID, :CentID)";
-            $qparams['CentID'] = implode(',', $user->getCenterIDs());
-        }
 
         $query .= " AND Public = 'Y' AND Status <> 'closed'";
         if (!empty($this->_feedbackObjectInfo['CandID'])) {
-            $query          .= " AND ft.CandID = :CaID";
-            $qparams['CaID'] = $this->_feedbackObjectInfo['CandID'];
+            $query            .= " AND ft.CandID = :CaID";
+            $qparams['CaID']   = $this->_feedbackObjectInfo['CandID'];
+            $candidate         = Candidate::singleton(new CandID($qparams['CaID']));
+            $hasReadPermission = (
+                $hasReadPermission ||
+                $candidate->isAccessibleBy($user)
+            );
         }
-
         if (!empty($this->_feedbackObjectInfo['SessionID'])) {
-            $query         .= " AND ft.SessionID = :SID";
-            $qparams['SID'] = $this->_feedbackObjectInfo['SessionID'];
+            $query            .= " AND ft.SessionID = :SID";
+            $qparams['SID']    = $this->_feedbackObjectInfo['SessionID'];
+            $timepoint         = TimePoint::singleton(
+                new SessionID($qparams['SID'])
+            );
+            $hasReadPermission = (
+                $hasReadPermission ||
+                $timepoint->isAccessibleBy($user)
+            );
         }
         if (!empty($this->_feedbackObjectInfo['CommentID'])) {
-            $query          .= " AND ft.SessionID = :CSID";
-            $qparams['CSID'] = $this->_feedbackCandidateProfileInfo['SessionID'];
+            $query           .= " AND ft.CommentID = :ComID";
+            $qparams['ComID'] = $this->_feedbackCandidateProfileInfo['CommentID'];
         }
+
+        if (!$hasReadPermission) {
+            $query            .= " AND FIND_IN_SET(s.CenterID, :CentID)";
+            $qparams['CentID'] = implode(',', $user->getCenterIDs());
+        }
+
         $query .= " GROUP BY ft.CandID, ft.Feedback_level, ft.SessionID";
         if (empty($this->_feedbackObjectInfo['CandID'])) {
             $query .= ", ft.CommentID";
@@ -565,13 +578,25 @@ class NDB_BVL_Feedback
             $qparams['SID']   = $this->_feedbackCandidateProfileInfo['SessionID'];
             $qparams['ComID'] = $this->_feedbackObjectInfo['CommentID'];
         } elseif (!empty($this->_feedbackObjectInfo['SessionID'])) {
-            $query         .= " AND ft.SessionID = :SID AND ft.CommentID is null";
-            $qparams['SID'] = $this->_feedbackObjectInfo['SessionID'];
+            $query            .= " AND ft.SessionID = :SID AND ft.CommentID is null";
+            $qparams['SID']    = $this->_feedbackObjectInfo['SessionID'];
+            $timepoint         = TimePoint::singleton(
+                new SessionID($qparams['SID'])
+            );
+            $hasReadPermission = (
+                $hasReadPermission ||
+                $timepoint->isAccessibleBy($user)
+            );
         } elseif (!empty($this->_feedbackObjectInfo['CandID'])) {
-            $query          .= " AND ft.CandID = :CaID
+            $query            .= " AND ft.CandID = :CaID
                                  AND ft.SessionID IS NULL
                                  AND ft.CommentID IS NULL";
-            $qparams['CaID'] = $this->_feedbackObjectInfo['CandID'];
+            $qparams['CaID']   = $this->_feedbackObjectInfo['CandID'];
+            $candidate         = Candidate::singleton(new CandID($qparams['CaID']));
+            $hasReadPermission = (
+                $hasReadPermission ||
+                $candidate->isAccessibleBy($user)
+            );
         } else {
             throw new Exception(
                 "You need to pass at least one of the following to retrieve the"
@@ -581,7 +606,7 @@ class NDB_BVL_Feedback
 
         // DCC users should be able to see THEIR OWN inactive threads,
         // other users should see only active threads
-        if ($hasReadPermission===true) {
+        if ($hasReadPermission) {
             $query .= " AND (ft.Active='Y' OR
                 (ft.Active='N' AND ft.UserID=:Username)
             )";
diff --git a/php/libraries/NDB_BVL_InstrumentStatus_ControlPanel.class.inc b/php/libraries/NDB_BVL_InstrumentStatus_ControlPanel.class.inc
index 1faf62b796d..19780a6b133 100644
--- a/php/libraries/NDB_BVL_InstrumentStatus_ControlPanel.class.inc
+++ b/php/libraries/NDB_BVL_InstrumentStatus_ControlPanel.class.inc
@@ -143,7 +143,7 @@ class NDB_BVL_InstrumentStatus_ControlPanel extends NDB_BVL_InstrumentStatus
                 $this->tpl_data['access']['validity'] = $this->_displayValidity();
             }
 
-            if ($config->getSetting('InstrumentResetting')
+            if ($config->settingEnabled('InstrumentResetting')
                 && $this->getDataEntryStatus() != 'Complete'
             ) {
                 $user = User::singleton();
diff --git a/php/libraries/NDB_Page.class.inc b/php/libraries/NDB_Page.class.inc
index 42079502def..3575f58206d 100644
--- a/php/libraries/NDB_Page.class.inc
+++ b/php/libraries/NDB_Page.class.inc
@@ -743,20 +743,6 @@ class NDB_Page extends \LORIS\Http\Endpoint implements RequestHandlerInterface
             ->withBody(new \LORIS\Http\StringStream($this->display() ?? ""));
     }
 
-    /**
-     * This function can be overridden in a module's page to load the necessary
-     * resources to check the permissions of a user.
-     *
-     * @param User                   $user    The user to load the resources for
-     * @param ServerRequestInterface $request The PSR15 Request being handled
-     *
-     * @return void
-     */
-    public function loadResources(
-        \User $user, ServerRequestInterface $request
-    ) : void {
-    }
-
     /**
      * Displays the form
      *
diff --git a/php/libraries/SinglePointLogin.class.inc b/php/libraries/SinglePointLogin.class.inc
index 0b86424a0e3..c30665fff2f 100644
--- a/php/libraries/SinglePointLogin.class.inc
+++ b/php/libraries/SinglePointLogin.class.inc
@@ -178,8 +178,9 @@ class SinglePointLogin
         // First try JWT authentication, which is cheaper and
         // doesn't involve database calls
         $headers    = getallheaders();
-        $authHeader = isset($headers['Authorization'])
-                         ? $headers['Authorization']
+        $headers    = array_change_key_case($headers, CASE_LOWER);
+        $authHeader = isset($headers['authorization'])
+                         ? $headers['authorization']
                          : '';
         if (!empty($authHeader)) {
             $token = explode(" ", $authHeader);
diff --git a/raisinbread/test/api/LorisApiAuthenticated_v0_0_3_Test.php b/raisinbread/test/api/LorisApiAuthenticated_v0_0_3_Test.php
new file mode 100644
index 00000000000..8191de5a314
--- /dev/null
+++ b/raisinbread/test/api/LorisApiAuthenticated_v0_0_3_Test.php
@@ -0,0 +1,267 @@
+<?php
+
+require_once __DIR__ .
+    "/../../../test/integrationtests/LorisIntegrationTest.class.inc";
+use GuzzleHttp\Client;
+
+/**
+ * PHPUnit class for API test suite. This script sends HTTP requests to every
+ * endpoints of the api module and look at the response content, status code and
+ * headers where it applies. All endpoints are accessible at <host>/api/<version>/
+ * (e.g. the endpoint of the version 0.0.3 of the API "/projects" URI for the host
+ * "example.loris.ca" would be https://example.loris.ca/api/v0.0.3/projects)
+ *
+ * @category   API
+ * @package    Tests
+ * @subpackage Integration
+ * @author     Simon Pelletier <simon.pelletier@mcin.ca>
+ * @license    http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link       https://www.github.com/aces/Loris/
+ */
+class LorisApiAuthenticated_v0_0_3_Test extends LorisIntegrationTest
+{
+
+    protected $client;
+    protected $version;
+    protected $headers;
+    protected $base_uri;
+    protected $originalJwtKey;
+    protected $configIdJwt;
+ 
+    /**
+     * Overrides LorisIntegrationTest::setUp() to store the current JWT key
+     * and replaces it for an acceptable one.
+     *
+     * @return void
+     */
+    public function setUp(): void
+    {
+        parent::setUp();
+
+        $this->_version = 'v0.0.3';
+
+        // store the original JWT key for restoring it later
+        $jwtConfig = $this->DB->pselect(
+            '
+            SELECT
+              Value, ConfigID
+            FROM
+              Config
+            WHERE
+              ConfigID=
+            (SELECT ID FROM ConfigSettings WHERE Name="JWTKey")
+            ',
+            []
+        )[0] ?? null;
+
+        if ($jwtConfig === null) {
+            throw new \LorisException('There is no Config for "JWTKey"');
+        }
+
+        $this->originalJwtKey = $jwtConfig['Value'];
+        $this->configIdJwt    = $jwtConfig['ConfigID'];
+
+        // generating a random JWTkey
+        $new_id = bin2hex(random_bytes(30)) . 'A1!';
+
+        $set = [
+            'Value' => $new_id
+        ];
+
+        $where = [
+            'ConfigID' => $this->configIdJwt
+        ];
+
+        $this->DB->update('Config', $set, $where);
+
+        $this->apiLogin('UnitTester', $this->validPassword);
+
+        $this->DB->insert(
+            "candidate",
+            [
+                'CandID'                => '900000',
+                'PSCID'                 => 'TST0001',
+                'RegistrationCenterID'  => 1,
+                'RegistrationProjectID' => 1,
+                'Active'                => 'Y',
+                'UserID'                => 1,
+                'Entity_type'           => 'Human',
+                'Sex'                   => 'Female'
+            ]
+        );
+        $this->DB->insert(
+            'session',
+            [
+                'ID'            => '999999',
+                'CandID'        => '900000',
+                'Visit_label'   => 'V1',
+                'CenterID'      => 1,
+                'ProjectID'     => 1,
+                'Current_stage' => 'Not Started',
+            ]
+        );
+        $this->DB->insert(
+            'test_names',
+            [
+                'ID'        => '999999',
+                'Test_name' => 'testtest',
+                'Full_name' => 'Test Test',
+                'Sub_group' => 1,
+            ]
+        );
+        $this->DB->insert(
+            'flag',
+            [
+                'ID'        => '999999',
+                'SessionID' => '999999',
+                'Test_name' => 'testtest',
+                'CommentID' => '11111111111111111',
+            ]
+        );
+        $this->DB->insert(
+            'flag',
+            [
+                'ID'        => '999999',
+                'SessionID' => '999999',
+                'Test_name' => 'testtest',
+                'CommentID' => 'DDE_11111111111111111',
+            ]
+        );
+
+        // 1 is inserted by LorisIntegrationTest
+        $this->DB->insert(
+            'user_project_rel',
+            [
+                'ProjectID' => '2',
+                'UserID' => '999990',
+            ],
+        );
+
+        // 1 is inserted by LorisIntegrationTest
+        $this->DB->insert(
+            'user_psc_rel',
+            [
+                'CenterID' => '2',
+                'UserID' => '999990',
+            ],
+        );
+        $this->DB->insert(
+            'user_psc_rel',
+            [
+                'CenterID' => '3',
+                'UserID' => '999990',
+            ],
+        );
+        $this->DB->insert(
+            'user_psc_rel',
+            [
+                'CenterID' => 4,
+                'UserID' => 999990,
+            ],
+        );
+
+    }
+
+    /**
+     * Used to log in with GuzzleHttp\Client
+     *
+     * @param string $username The username to log in as
+     * @param string $password The (plain text) password to login as.
+     *
+     * @return void
+     */
+    public function apiLogin($username, $password)
+    {
+        $this->base_uri = "$this->url/api/$this->_version/";
+        $this->client   = new Client(['base_uri' => $this->base_uri]);
+        $response       = $this->client->request(
+            'POST',
+            "login",
+            [
+                'json' => ['username' => $username,
+                    'password' => $password
+                ]
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        $token = json_decode(
+            $response->getBody()->getContents()
+        )->token ?? null;
+
+        if ($token === null) {
+            throw new \LorisException("Login failed");
+        }
+        $headers       = [
+            'Authorization' => "Bearer $token",
+            'Accept'        => 'application/json'
+        ];
+        $this->headers = $headers;
+    }
+
+    /**
+     * Used to test login
+     *
+     * @return void
+     */
+    function testLoginSuccess()
+    {
+        $this->assertArrayHasKey('Authorization', $this->headers);
+        $this->assertArrayHasKey('Accept', $this->headers);
+    }
+
+    /**
+     * Overrides LorisIntegrationTest::tearDown() to set the original key back.
+     *
+     * @return void
+     */
+    public function tearDown(): void
+    {
+        // Only delete the ones we setup in setUp.
+        $this->DB->delete(
+            "user_project_rel",
+            [
+                "UserID" => '999990',
+                "ProjectID" => '2',
+            ],
+        );
+        $this->DB->delete(
+            "user_psc_rel",
+            [
+                "UserID" => '999990',
+                "CenterID" => '2',
+            ],
+        );
+        $this->DB->delete(
+            "user_psc_rel",
+            [
+                "UserID" => '999990',
+                "CenterID" => '3',
+            ],
+        );
+        $this->DB->delete(
+            "user_psc_rel",
+            [
+                "UserID" => '999990',
+                "CenterID" => '4',
+            ],
+        );
+
+        $this->DB->delete("session", ['CandID' => '900000']);
+        $this->DB->delete("candidate", ['CandID' => '900000']);
+        $this->DB->delete("flag", ['ID' => '999999']);
+        $this->DB->delete("test_names", ['ID' => '999999']);
+
+        $set = [
+            'Value' => $this->originalJwtKey
+        ];
+
+        $where = [
+            'ConfigID' => $this->configIdJwt
+        ];
+
+        $this->DB->update('Config', $set, $where);
+        parent::tearDown();
+    }
+
+}
+
diff --git a/raisinbread/test/api/LorisApiCandidates_v0_0_3_Test.php b/raisinbread/test/api/LorisApiCandidates_v0_0_3_Test.php
new file mode 100644
index 00000000000..6f071c4147b
--- /dev/null
+++ b/raisinbread/test/api/LorisApiCandidates_v0_0_3_Test.php
@@ -0,0 +1,321 @@
+<?php
+
+require_once __DIR__ . "/LorisApiAuthenticated_v0_0_3_Test.php";
+
+/**
+ * PHPUnit class for API test suite. This script sends HTTP requests to every
+ * endpoints of the api module and look at the response content, status code and
+ * headers where it applies. All endpoints are accessible at <host>/api/<version>/
+ * (e.g. the endpoint of the version 0.0.3 of the API "/projects" URI for the host
+ * "example.loris.ca" would be https://example.loris.ca/api/v0.0.3/projects)
+ *
+ * @category   API
+ * @package    Tests
+ * @subpackage Integration
+ * @author     Simon Pelletier <simon.pelletier@mcin.ca>
+ * @license    http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link       https://www.github.com/aces/Loris/
+ */
+class LorisApiCandidates_v0_0_3_Test extends LorisApiAuthenticated_v0_0_3_Test
+{
+    protected $candidTest = '300001';
+
+    /**
+     * Tests the HTTP GET request for the endpoint /candidates
+     *
+     * @return void
+     */
+    public function testGetCandidates(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates",
+            [
+                'headers' => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $candidatesArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($candidatesArray),
+            'array'
+        );
+        $this->assertSame(
+            gettype($candidatesArray['Candidates']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($candidatesArray['Candidates']['0']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($candidatesArray['Candidates']['0']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesArray['Candidates']['0']['Project']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesArray['Candidates']['0']['PSCID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesArray['Candidates']['0']['Site']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesArray['Candidates']['0']['EDC']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesArray['Candidates']['0']['DoB']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesArray['Candidates']['0']['Sex']),
+            'string'
+        );
+
+        $this->assertArrayHasKey('Candidates', $candidatesArray);
+        $this->assertArrayHasKey('0', $candidatesArray['Candidates']);
+        $this->assertArrayHasKey(
+            'CandID',
+            $candidatesArray['Candidates']['0']
+        );
+        $this->assertArrayHasKey(
+            'Project',
+            $candidatesArray['Candidates']['0']
+        );
+        $this->assertArrayHasKey(
+            'Site',
+            $candidatesArray['Candidates']['0']
+        );
+        $this->assertArrayHasKey(
+            'EDC',
+            $candidatesArray['Candidates']['0']
+        );
+        $this->assertArrayHasKey(
+            'DoB',
+            $candidatesArray['Candidates']['0']
+        );
+        $this->assertArrayHasKey(
+            'Sex',
+            $candidatesArray['Candidates']['0']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the endpoint /candidates/{candid}
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandid(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest",
+            [
+                'headers' => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $candidatesCandidArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($candidatesCandidArray),
+            'array'
+        );
+        $this->assertSame(
+            gettype($candidatesCandidArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($candidatesCandidArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesCandidArray['Meta']['Project']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesCandidArray['Meta']['PSCID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesCandidArray['Meta']['Site']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesCandidArray['Meta']['EDC']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesCandidArray['Meta']['DoB']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesCandidArray['Meta']['Sex']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesCandidArray['Visits']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($candidatesCandidArray['Visits']['0']),
+            'string'
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $candidatesCandidArray
+        );
+        $this->assertArrayHasKey(
+            'Visits',
+            $candidatesCandidArray
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $candidatesCandidArray['Visits']
+        );
+
+    }
+
+    /**
+     * Tests the HTTP POST request for the endpoint /candidates/{candid}
+     *
+     * @return void
+     */
+    public function testPostCandidatesCandid(): void
+    {
+        // First, create a valid new candidate
+        $json_new     = [
+            'Candidate' =>
+                [
+                    'Project' => "Rye",
+                    'Site'    => "Data Coordinating Center",
+                    'EDC'     => "2020-01-03",
+                    'DoB'     => "2020-01-03",
+                    'Sex'     => "Male"
+                ]
+        ];
+        $response_new = $this->client->request(
+            'POST',
+            "candidates",
+            [
+                'headers' => $this->headers,
+                'json'    => $json_new
+            ]
+        );
+        // Verify the status code
+        $this->assertEquals(201, $response_new->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response_new->getBody();
+        $this->assertNotEmpty($body);
+
+        // Erase sites that were setup in LorisApiAuthenticatedTest
+        // setup for data access in other tests.
+        $this->DB->run(
+            'DELETE FROM user_psc_rel WHERE UserID=999990 AND CenterID <> 1'
+        );
+
+        // Second, try to create a valid new candidate in a site that the
+        // user is not affiliated with. The test user is only afficilated to
+        // Data Coordinating Center
+        $json_new     = [
+            'Candidate' =>
+                [
+                    'Project' => "Rye",
+                    'Site'    => "Montreal",
+                    'EDC'     => "2020-01-03",
+                    'DoB'     => "2020-01-03",
+                    'Sex'     => "Male"
+                ]
+        ];
+        $response_new = $this->client->request(
+            'POST',
+            "candidates",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+                'json'        => $json_new
+            ]
+        );
+        // Verify the status code
+        $this->assertEquals(403, $response_new->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response_new->getBody();
+        $this->assertNotEmpty($body);
+
+        $json_new     = [
+            'Candidate' =>
+                [
+                    'Project' => "",
+                    'Site'    => "Data Coordinating Center",
+                    'EDC'     => "2020-01-03",
+                    'DoB'     => "2020-01-03",
+                    'Sex'     => "Male"
+                ]
+        ];
+        $response_new = $this->client->request(
+            'POST',
+            "candidates",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+                'json'        => $json_new
+            ]
+        );
+        // Verify the status code
+        $this->assertEquals(400, $response_new->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response_new->getBody();
+        $this->assertNotEmpty($body);
+
+        // Finally, try to create a new candidate with an invalid input
+        $json_invalid = [
+            'Candidate' =>
+                [
+                    'Site' => "Data Coordinating Center",
+                    'EDC'  => "2020-01-03",
+                    'DoB'  => "2020-01-03",
+                    'Sex'  => "Male"
+                ]
+        ];
+
+        $response_invalid = $this->client->request(
+            'POST',
+            "candidates",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+                'json'        => $json_invalid
+            ],
+        );
+        // Verify the status code
+        $this->assertEquals(400, $response_invalid->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response_invalid->getBody();
+        $this->assertNotEmpty($body);
+    }
+}
diff --git a/raisinbread/test/api/LorisApiDicoms_v0_0_3_Test.php b/raisinbread/test/api/LorisApiDicoms_v0_0_3_Test.php
new file mode 100644
index 00000000000..58b4b81f4b6
--- /dev/null
+++ b/raisinbread/test/api/LorisApiDicoms_v0_0_3_Test.php
@@ -0,0 +1,247 @@
+<?php
+
+require_once __DIR__ . "/LorisApiAuthenticated_v0_0_3_Test.php";
+
+/**
+ * PHPUnit class for API test suite. This script sends HTTP requests to every
+ * endpoints of the api module and look at the response content, status code and
+ * headers where it applies. All endpoints are accessible at <host>/api/<version>/
+ * (e.g. the endpoint of the version 0.0.3 of the API "/projects" URI for the host
+ * "example.loris.ca" would be https://example.loris.ca/api/v0.0.3/projects)
+ *
+ * @category   API
+ * @package    Tests
+ * @subpackage Integration
+ * @author     Simon Pelletier <simon.pelletier@mcin.ca>
+ * @license    http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link       https://www.github.com/aces/Loris/
+ */
+class LorisApiDicoms_v0_0_3_Test extends LorisApiAuthenticated_v0_0_3_Test
+{
+    protected $candidTest    = "400162";
+    protected $visitTest     = "V6";
+    protected $tarfileTest   = "DCM_2016-08-15_ImagingUpload-18-25-i9GRv3.tar";
+    protected $processidTest = "";
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/dicoms
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitDicoms(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/dicoms",
+            [
+                'headers' => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+        $dicomArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(gettype($dicomArray), 'array');
+        $this->assertSame(gettype($dicomArray['Meta']), 'array');
+        $this->assertSame(
+            gettype($dicomArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($dicomArray['Meta']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($dicomArray['DicomTars']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($dicomArray['DicomTars']['0']),
+            'array'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']
+            ),
+            'array'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['Tarname']
+            ),
+            'string'
+        );
+        // Was added in v0.0.4
+        $this->assertFalse(isset($dicomArray['DicomTars']['0']['Patientname']));
+
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']['0']
+            ),
+            'array'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']['0']['SeriesDescription']
+            ),
+            'string'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']['0']['SeriesNumber']
+            ),
+            'integer'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']['0']['EchoTime']
+            ),
+            'string'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']['0']['RepetitionTime']
+            ),
+            'string'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']['0']['InversionTime']
+            ),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']['1']['InversionTime']
+            ),
+            'string'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']['0']['SliceThickness']
+            ),
+            'string'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']['0']['Modality']
+            ),
+            'string'
+        );
+        $this->assertSame(
+            gettype(
+                $dicomArray['DicomTars']['0']['SeriesInfo']['0']['SeriesUID']
+            ),
+            'string'
+        );
+
+        $this->assertArrayHasKey('Meta', $dicomArray);
+        $this->assertArrayHasKey('CandID', $dicomArray['Meta']);
+        $this->assertArrayHasKey('Visit', $dicomArray['Meta']);
+
+        $this->assertArrayHasKey(
+            'DicomTars',
+            $dicomArray
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $dicomArray['DicomTars']
+        );
+        $this->assertArrayHasKey(
+            'Tarname',
+            $dicomArray['DicomTars']['0']
+        );
+
+        // was added in v0.0.4
+        $this->assertFalse(isset($dicomArray['DicomTars']['0']['Patientname']));
+
+        $this->assertArrayHasKey(
+            'SeriesInfo',
+            $dicomArray['DicomTars']['0']
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $dicomArray['DicomTars']['0']['SeriesInfo']
+        );
+        $this->assertArrayHasKey(
+            'SeriesDescription',
+            $dicomArray['DicomTars']['0']['SeriesInfo']['0']
+        );
+        $this->assertArrayHasKey(
+            'SeriesDescription',
+            $dicomArray['DicomTars']['0']['SeriesInfo']['0']
+        );
+        $this->assertArrayHasKey(
+            'SeriesNumber',
+            $dicomArray['DicomTars']['0']['SeriesInfo']['0']
+        );
+        $this->assertArrayHasKey(
+            'EchoTime',
+            $dicomArray['DicomTars']['0']['SeriesInfo']['0']
+        );
+        $this->assertArrayHasKey(
+            'RepetitionTime',
+            $dicomArray['DicomTars']['0']['SeriesInfo']['0']
+        );
+        $this->assertArrayHasKey(
+            'InversionTime',
+            $dicomArray['DicomTars']['0']['SeriesInfo']['0']
+        );
+        $this->assertArrayHasKey(
+            'SliceThickness',
+            $dicomArray['DicomTars']['0']['SeriesInfo']['0']
+        );
+        $this->assertArrayHasKey(
+            'Modality',
+            $dicomArray['DicomTars']['0']['SeriesInfo']['0']
+        );
+        $this->assertArrayHasKey(
+            'SeriesUID',
+            $dicomArray['DicomTars']['0']['SeriesInfo']['0']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/dicoms/tarname
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitDicomsTarname(): void
+    {
+        $resource        = fopen($this->tarfileTest, 'w');
+        $stream          = GuzzleHttp\Psr7\stream_for($resource);
+        try {
+            $response_stream = $this->client->request(
+                'GET',
+                "candidates/$this->candidTest/$this->visitTest/dicoms/" .
+                "$this->tarfileTest",
+                [
+                'headers' => $this->headers,
+                'save_to' => $stream
+                ]
+            );
+        } catch (Exception $e) {
+            $this->markTestIncomplete(
+                "Endpoint not found: " .
+                "candidates/$this->candidTest/$this->visitTest/dicoms/" .
+                "$this->tarfileTest"
+            );
+        }
+ 
+        $this->assertEquals(200, $response_stream->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response_stream->getBody();
+        $this->assertNotEmpty($body);
+
+        $this->assertFileIsReadable($this->tarfileTest);
+    }
+}
diff --git a/raisinbread/test/api/LorisApiImages_v0_0_3_Test.php b/raisinbread/test/api/LorisApiImages_v0_0_3_Test.php
new file mode 100644
index 00000000000..a71f12b541c
--- /dev/null
+++ b/raisinbread/test/api/LorisApiImages_v0_0_3_Test.php
@@ -0,0 +1,853 @@
+<?php
+
+require_once __DIR__ . "/LorisApiAuthenticated_v0_0_3_Test.php";
+
+/**
+ * PHPUnit class for API test suite. This script sends HTTP requests to every
+ * endpoints of the api module and look at the response content, status code and
+ * headers where it applies. All endpoints are accessible at <host>/api/<version>/
+ * (e.g. the endpoint of the version 0.0.3 of the API "/projects" URI for the host
+ * "example.loris.ca" would be https://example.loris.ca/api/v0.0.3/projects)
+ *
+ * @category   API
+ * @package    Tests
+ * @subpackage Integration
+ * @author     Simon Pelletier <simon.pelletier@mcin.ca>
+ * @license    http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link       https://www.github.com/aces/Loris/
+ */
+class LorisApiImages_v0_0_3_Test extends LorisApiAuthenticated_v0_0_3_Test
+{
+    protected $candidTest    = "676061";
+    protected $visitTest     = "V4";
+    protected $imagefileTest = "demo_676061_V4_t1_001.mnc";
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/images
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitImages(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/images/",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $imagesArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(gettype($imagesArray), 'array');
+        $this->assertSame(gettype($imagesArray['Meta']), 'array');
+        $this->assertSame(gettype($imagesArray['Meta']['CandID']), 'string');
+        $this->assertSame(gettype($imagesArray['Meta']['Visit']), 'string');
+        $this->assertSame(gettype($imagesArray['Files']), 'array');
+        $this->assertSame(
+            gettype($imagesArray['Files']['0']['OutputType']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Files']['0']['Filename']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Files']['0']['AcquisitionType']),
+            'string'
+        );
+
+        // was added in v0.0.4, shouldn't be in v0.0.3
+        $this->assertFalse(isset($imagesArray['Files']['0']['IsPhantom']));
+
+        $this->assertArrayHasKey('Meta', $imagesArray);
+        $this->assertArrayHasKey('CandID', $imagesArray['Meta']);
+        $this->assertArrayHasKey('Visit', $imagesArray['Meta']);
+        $this->assertArrayHasKey('Files', $imagesArray);
+        $this->assertArrayHasKey('OutputType', $imagesArray['Files']['0']);
+        $this->assertArrayHasKey('Filename', $imagesArray['Files']['0']);
+        $this->assertArrayHasKey('AcquisitionType', $imagesArray['Files']['0']);
+
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/images/filename
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitImagesFilename(): void
+    {
+        $resource = fopen($this->imagefileTest, 'w');
+        $stream   = GuzzleHttp\Psr7\stream_for($resource);
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/images/" .
+            "$this->imagefileTest",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+                'save_to'     => $stream
+            ]
+        );
+        if ($response->getStatusCode() === 404) {
+            $this->markTestIncomplete(
+                "Endpoint not found: " .
+                "candidates/$this->candidTest/$this->visitTest/images/" .
+                "$this->imagefileTest"
+            );
+        }
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $this->assertFileIsReadable($this->imagefileTest);
+
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/images/" .
+            "$this->imagefileTest",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $imagesArray = json_decode(
+            (string)utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+        $this->assertEquals(null, $imagesArray);    
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/images/qc
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitImagesFilenameQc(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/images/" .
+            "$this->imagefileTest/qc",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+        $imagesArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($imagesArray),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Meta']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['QC']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Selected']),
+            'boolean'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Caveats'][0]),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Caveats']['0']['Severity']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Caveats']['0']['Header']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Caveats']['0']['Value']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Caveats']['0']['ValidRange']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($imagesArray['Caveats']['0']['ValidRegex']),
+            'NULL'
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $imagesArray
+        );
+        $this->assertArrayHasKey(
+            'CandID',
+            $imagesArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Visit',
+            $imagesArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'QC',
+            $imagesArray
+        );
+        $this->assertArrayHasKey(
+            'Selected',
+            $imagesArray
+        );
+        $this->assertArrayHasKey(
+            'Caveats',
+            $imagesArray
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $imagesArray['Caveats']
+        );
+        $this->assertArrayHasKey(
+            'Severity',
+            $imagesArray['Caveats']['0']
+        );
+        $this->assertArrayHasKey(
+            'Header',
+            $imagesArray['Caveats']['0']
+        );
+        $this->assertArrayHasKey(
+            'Value',
+            $imagesArray['Caveats']['0']
+        );
+        $this->assertArrayHasKey(
+            'ValidRange',
+            $imagesArray['Caveats']['0']
+        );
+        $this->assertArrayHasKey(
+            'ValidRegex',
+            $imagesArray['Caveats']['0']
+        );
+    }
+
+    /**
+     * Tests the HTTP PUT request for the
+     * endpoint /candidates/{candid}/{visit}/imaging/qc
+     * TODO: NOT WORKING: the request puts QC to null, but was 'Pass' should become
+     * 'pass'. Selected remains true, should be changed to false
+     *
+     * @return void
+     */
+    public function testPutCandidatesCandidVisitImagesFilenameQc(): void
+    {
+        $candid   = '587630';
+        $visit    = 'V1';
+        $filename = 'demo_587630_V1_t1_001.mnc';
+        $json     = [
+            'Meta'     => [
+                'CandID' => $candid,
+                'Visit'  => $visit,
+                'File'   => $filename
+            ],
+            "QC"       => 'pass',
+            "Selected" => false,
+            'Caveats'  => [
+                '0' => [
+                    'Severity'   => '',
+                    'Header'     => '',
+                    'Value'      => '',
+                    'ValidRange' => '',
+                    'ValidRegex' => ''
+                ]
+            ]
+        ];
+
+        $response = $this->client->request(
+            'PUT',
+            "candidates/$candid/$visit/images/$filename/qc",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+                'json'        => $json
+            ]
+        );
+        // Verify the status code
+        $this->assertEquals(204, $response->getStatusCode());
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/images/filename/format/brainbrowser
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitImagesFilenameFormatBbrowser(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/images/" .
+            "$this->imagefileTest/format/brainbrowser",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+            ]
+        );
+        if ($response->getStatusCode() === 404) {
+            $this->markTestIncomplete(
+                "Endpoint not found: " .
+                "candidates/$this->candidTest/$this->visitTest/images/" .
+                "$this->imagefileTest/format/brainbrowser"
+            );
+        } 
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $imagesArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(gettype($imagesArray), 'array');
+        $this->assertSame(gettype($imagesArray['xspace']), 'array');
+        $this->assertSame(
+            gettype($imagesArray['xspace']['space_length']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['xspace']['start']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['xspace']['step']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['yspace']['space_length']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['yspace']['start']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['yspace']['step']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['zspace']['space_length']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['zspace']['start']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesArray['zspace']['step']),
+            'string'
+        );
+
+        $this->assertArrayHasKey('order', $imagesArray);
+        $this->assertArrayHasKey('xspace', $imagesArray);
+        $this->assertArrayHasKey('space_length', $imagesArray['xspace']);
+        $this->assertArrayHasKey('start', $imagesArray['xspace']);
+        $this->assertArrayHasKey('step', $imagesArray['xspace']);
+
+        $this->assertArrayHasKey('yspace', $imagesArray);
+        $this->assertArrayHasKey('space_length', $imagesArray['yspace']);
+        $this->assertArrayHasKey('start', $imagesArray['yspace']);
+        $this->assertArrayHasKey('step', $imagesArray['yspace']);
+
+        $this->assertArrayHasKey('zspace', $imagesArray);
+        $this->assertArrayHasKey('space_length', $imagesArray['zspace']);
+        $this->assertArrayHasKey('start', $imagesArray['zspace']);
+        $this->assertArrayHasKey('step', $imagesArray['zspace']);    
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/images/filename/format/raw
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitImagesFilenameFormatRaw(): void
+    {
+        $this->markTestSkipped('minctoraw not installed');
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/images/filename/format/thumbnail
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitImagesFilenameFormatThumbnail():
+    void
+    {
+        $resource        = fopen($this->imagefileTest, 'w');
+        $stream          = GuzzleHttp\Psr7\stream_for($resource);
+        $response_stream = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/images/" .
+            "$this->imagefileTest/format/thumbnail",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+                'save_to'     => $stream
+            ]
+        );
+        if ($response_stream->getStatusCode() === 404) {
+            $this->markTestIncomplete(
+                "Endpoint not found: " .
+                "candidates/$this->candidTest/$this->visitTest/images/" .
+                "$this->imagefileTest/format/thumbnail"
+            );
+        }
+        $this->assertEquals(200, $response_stream->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response_stream->getBody();
+        $this->assertNotEmpty($body);
+
+        $this->assertFileIsReadable($this->imagefileTest);
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/images/filename/headers
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitImagesFilenameHeaders(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/images/" .
+            "$this->imagefileTest/headers",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $imagesHeadersArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($imagesHeadersArray),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Meta']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Meta']['File']),
+            'string'
+        );
+
+        $this->assertSame(
+            gettype($imagesHeadersArray['Physical']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Physical']['TE']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Physical']['TR']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Physical']['TI']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Physical']['SliceThickness']),
+            'string'
+        );
+
+        $this->assertSame(
+            gettype($imagesHeadersArray['Description']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Description']['SeriesName']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Description']['SeriesDescription']),
+            'string'
+        );
+
+        $this->assertSame(
+            gettype($imagesHeadersArray['Dimensions']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Dimensions']['XSpace']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Dimensions']['XSpace']['Length']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Dimensions']['XSpace']['StepSize']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Dimensions']['YSpace']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Dimensions']['YSpace']['Length']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Dimensions']['YSpace']['StepSize']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Dimensions']['ZSpace']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Dimensions']['ZSpace']['Length']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['Dimensions']['ZSpace']['StepSize']),
+            'string'
+        );
+
+        $this->assertSame(
+            gettype($imagesHeadersArray['ScannerInfo']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['ScannerInfo']['Manufacturer']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['ScannerInfo']['Model']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['ScannerInfo']['SoftwareVersion']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['ScannerInfo']['SerialNumber']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersArray['ScannerInfo']['FieldStrength']),
+            'string'
+        );
+
+        $this->assertArrayHasKey('Meta', $imagesHeadersArray);
+        $this->assertArrayHasKey('Physical', $imagesHeadersArray);
+        $this->assertArrayHasKey('Description', $imagesHeadersArray);
+        $this->assertArrayHasKey('Dimensions', $imagesHeadersArray);
+        $this->assertArrayHasKey('ScannerInfo', $imagesHeadersArray);
+
+        $this->assertArrayHasKey('Meta', $imagesHeadersArray);
+        $this->assertArrayHasKey('CandID', $imagesHeadersArray['Meta']);
+        $this->assertArrayHasKey('Visit', $imagesHeadersArray['Meta']);
+        $this->assertArrayHasKey('File', $imagesHeadersArray['Meta']);
+        $this->assertArrayHasKey('TE', $imagesHeadersArray['Physical']);
+        $this->assertArrayHasKey('TR', $imagesHeadersArray['Physical']);
+        $this->assertArrayHasKey('TI', $imagesHeadersArray['Physical']);
+        $this->assertArrayHasKey(
+            'SliceThickness',
+            $imagesHeadersArray['Physical']
+        );
+        $this->assertArrayHasKey(
+            'SeriesName',
+            $imagesHeadersArray['Description']
+        );
+        $this->assertArrayHasKey(
+            'SeriesDescription',
+            $imagesHeadersArray['Description']
+        );
+        $this->assertArrayHasKey(
+            'XSpace',
+            $imagesHeadersArray['Dimensions']
+        );
+        $this->assertArrayHasKey(
+            'Length',
+            $imagesHeadersArray['Dimensions']['XSpace']
+        );
+        $this->assertArrayHasKey(
+            'StepSize',
+            $imagesHeadersArray['Dimensions']['XSpace']
+        );
+        $this->assertArrayHasKey(
+            'YSpace',
+            $imagesHeadersArray['Dimensions']
+        );
+        $this->assertArrayHasKey(
+            'Length',
+            $imagesHeadersArray['Dimensions']['YSpace']
+        );
+        $this->assertArrayHasKey(
+            'StepSize',
+            $imagesHeadersArray['Dimensions']['YSpace']
+        );
+        $this->assertArrayHasKey(
+            'YSpace',
+            $imagesHeadersArray['Dimensions']
+        );
+        $this->assertArrayHasKey(
+            'Length',
+            $imagesHeadersArray['Dimensions']['YSpace']
+        );
+        $this->assertArrayHasKey(
+            'StepSize',
+            $imagesHeadersArray['Dimensions']['YSpace']
+        );
+        $this->assertArrayHasKey(
+            'ScannerInfo',
+            $imagesHeadersArray
+        );
+        $this->assertArrayHasKey(
+            'Manufacturer',
+            $imagesHeadersArray['ScannerInfo']
+        );
+        $this->assertArrayHasKey(
+            'Model',
+            $imagesHeadersArray['ScannerInfo']
+        );
+        $this->assertArrayHasKey(
+            'SoftwareVersion',
+            $imagesHeadersArray['ScannerInfo']
+        );
+        $this->assertArrayHasKey(
+            'SerialNumber',
+            $imagesHeadersArray['ScannerInfo']
+        );
+        $this->assertArrayHasKey(
+            'FieldStrength',
+            $imagesHeadersArray['ScannerInfo']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/images/filename/header/full
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitImagesFilenameHeadersFull(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/images/" .
+            "$this->imagefileTest/headers/full",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $imagesHeadersFullArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $imagesHeadersFullArray
+        );
+        $this->assertArrayHasKey(
+            'CandID',
+            $imagesHeadersFullArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Visit',
+            $imagesHeadersFullArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'File',
+            $imagesHeadersFullArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Headers',
+            $imagesHeadersFullArray
+        );
+        $this->assertArrayHasKey(
+            'slice_thickness',
+            $imagesHeadersFullArray['Headers']
+        );
+        $this->assertArrayHasKey(
+            'acquisition:slice_order',
+            $imagesHeadersFullArray['Headers']
+        );
+        $this->assertArrayHasKey(
+            'dicom_0x0051:el_0x1011',
+            $imagesHeadersFullArray['Headers']
+        );
+        $this->assertArrayHasKey(
+            'image:vartype',
+            $imagesHeadersFullArray['Headers']
+        );
+        $this->assertArrayHasKey(
+            'acquisition:percent_sampling',
+            $imagesHeadersFullArray['Headers']
+        );
+        $this->assertArrayHasKey(
+            'dicom_0x0051:el_0x1012',
+            $imagesHeadersFullArray['Headers']
+        );
+        $this->assertArrayHasKey(
+            'dicom_0x0028:vartype',
+            $imagesHeadersFullArray['Headers']
+        );
+
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/images/filename/header/headername
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitImagesFilenameHeadersHeadername():
+    void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/images/" .
+            "$this->imagefileTest/headers/headername",
+            [
+                'headers'     => $this->headers,
+                'http_errors' => false,
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $imagesHeadersHeadernameArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $imagesHeadersHeadernameArray
+        );
+        $this->assertArrayHasKey(
+            'Value',
+            $imagesHeadersHeadernameArray
+        );
+        $this->assertArrayHasKey(
+            'CandID',
+            $imagesHeadersHeadernameArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Visit',
+            $imagesHeadersHeadernameArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'File',
+            $imagesHeadersHeadernameArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Header',
+            $imagesHeadersHeadernameArray['Meta']
+        );
+
+        $this->assertSame(
+            gettype($imagesHeadersHeadernameArray),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersHeadernameArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersHeadernameArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersHeadernameArray['Meta']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersHeadernameArray['Meta']['File']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersHeadernameArray['Meta']['Header']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($imagesHeadersHeadernameArray['Value']),
+            'string'
+        );
+    }
+}
diff --git a/raisinbread/test/api/LorisApiInstrumentsTest.php b/raisinbread/test/api/LorisApiInstrumentsTest.php
index 84b8a35da7b..2a7a1fbf372 100644
--- a/raisinbread/test/api/LorisApiInstrumentsTest.php
+++ b/raisinbread/test/api/LorisApiInstrumentsTest.php
@@ -87,13 +87,14 @@ public function testGetCandidatesCandidVisitInstrumentsInstrument(): void
         $body = $response->getBody();
         $this->assertNotEmpty($body);
 
+        $bodystr = $response->getBody()->getContents();
+        print "body: $bodystr";
         $InstrumentsArray = json_decode(
-            (string) utf8_encode(
-                $response->getBody()->getContents()
-            ),
+            (string) utf8_encode($bodystr),
             true
         );
-
+        $this->markTestIncomplete("Test body not validated");
+        // $this->assertNotEmpty($InstrumentsArray['Data']);
     }
 
     /**
@@ -119,8 +120,9 @@ public function testPatchCandidatesCandidVisitInstrumentsInstrument(): void
         );
         $this->assertEquals(204, $response->getStatusCode());
         // Verify the endpoint has a body
-        $body = $response->getBody();
-        $this->assertNotEmpty($body);
+        $body = $response->getBody()->getContents();
+        //print "body: $body";
+        $this->assertEmpty($body);
     }
 
     /**
diff --git a/raisinbread/test/api/LorisApiInstruments_v0_0_3_Test.php b/raisinbread/test/api/LorisApiInstruments_v0_0_3_Test.php
new file mode 100644
index 00000000000..2abc383e56e
--- /dev/null
+++ b/raisinbread/test/api/LorisApiInstruments_v0_0_3_Test.php
@@ -0,0 +1,553 @@
+<?php
+
+require_once __DIR__ . "/LorisApiAuthenticated_v0_0_3_Test.php";
+
+/**
+ * PHPUnit class for API test suite. This script sends HTTP requests to every
+ * endpoints of the api module and look at the response content, status code and
+ * headers where it applies. All endpoints are accessible at <host>/api/<version>/
+ * (e.g. the endpoint of the version 0.0.3 of the API "/projects" URI for the host
+ * "example.loris.ca" would be https://example.loris.ca/api/v0.0.3/projects)
+ *
+ * @category   API
+ * @package    Tests
+ * @subpackage Integration
+ * @author     Simon Pelletier <simon.pelletier@mcin.ca>
+ * @license    http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link       https://www.github.com/aces/Loris/
+ */
+class LorisApiInstruments_v0_0_3_Test extends LorisApiAuthenticated_v0_0_3_Test
+{
+    protected $instrumentTest = "testtest";
+    protected $candidTest     = "900000";
+    protected $visitTest      = "V1";
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/instruments
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitInstruments(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/instruments",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $instrArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(gettype($instrArray), 'array');
+
+        $this->assertArrayHasKey(
+            'CandID',
+            $instrArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Visit',
+            $instrArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $instrArray['Instruments']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/instruments{instruments}
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitInstrumentsInstrument(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/instruments/" .
+            "$this->instrumentTest",
+            [
+                'headers' => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $InstrumentsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+        $this->markTestIncomplete('Instrument body not validated');
+        // $this->assertNotEmpty($InstrumentsArray[$this->instrumentTest]);
+    }
+
+    /**
+     * Tests the HTTP PATCH request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instrument}
+     *
+     * @return void
+     */
+    public function testPatchCandidatesCandidVisitInstrumentsInstrument(): void
+    {
+        $json = [
+            $this->instrumentTest => [
+                'UserID' => "2"
+            ]
+        ];
+        $response = $this->client->request(
+            'PATCH',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest",
+            [
+                'headers' => $this->headers,
+                'json'    => $json
+            ]
+        );
+        $this->assertEquals(204, $response->getStatusCode());
+        // Verify the 204 endpoint has no body
+        $body = $response->getBody()->getContents();
+        $this->assertEmpty($body);
+    }
+
+    /**
+     * Tests the HTTP PUT request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instrument}
+     *
+     * @return void
+     */
+    public function testPutCandidatesCandidVisitInstrumentsInstrument(): void
+    {
+        $json = [
+            $this->instrumentTest => [
+                'UserID' => "2"
+            ]
+        ];
+        $response   = $this->client->request(
+            'PUT',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest",
+            [
+                'headers' => $this->headers,
+                'json'    => $json
+            ]
+        );
+        $this->assertEquals(204, $response->getStatusCode());
+        // Verify the 204 endpoint has no body
+        $body = $response->getBody()->getContents();
+        $this->assertEmpty($body);
+
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instruments}/flags
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitInstrumentsInstrumentFlags(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/instruments/" .
+            "$this->instrumentTest/flags",
+            [
+                'headers' => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $InstrumentsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+    }
+
+    /**
+     * Tests the HTTP PATCH request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instrument}/flag
+     *
+     * @return void
+     */
+    public function testPatchCandidatesCandidVisitInstrumentsInstrumentFlags(): void
+    {
+        $json       = [
+            'Meta'  => [
+                'Candidate'  => $this->candidTest,
+                'Visit'      => $this->visitTest,
+                'DDE'        => false,
+                'Instrument' => $this->instrumentTest
+            ],
+            'Flags' => [
+                'Data_entry'     => 'Complete',
+                'Administration' => 'All',
+                'Validity'       => 'Invalid' 
+            ]
+        ];
+        $response   = $this->client->request(
+            'PATCH',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest/flags",
+            [
+                'headers' => $this->headers,
+                'json'    => $json
+            ]
+        );
+        $this->assertEquals(204, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        // Test that it should be forbidden to modify an instrument that is flagged as Complete
+        $json = [
+            $this->instrumentTest => [
+                'UserID' => "2"
+            ]
+        ];
+        $response   = $this->client->request(
+            'PATCH',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest",
+            [
+                'headers' => $this->headers,
+                'json'    => $json,
+                'http_errors' => false
+            ]
+        );
+        $this->assertEquals(403, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        // This will test that it should be forbidden to modify an instrument that is flagged as Complete
+        $json = [
+            $this->instrumentTest => [
+                'UserID' => "2"
+            ]
+        ];
+        $response   = $this->client->request(
+            'PATCH',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest",
+            [
+                'headers' => $this->headers,
+                'json'    => $json,
+                'http_errors' => false
+            ]
+        );
+        $this->assertEquals(403, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+    }
+
+    /**
+     * Tests the HTTP PUT request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instrument}
+     *
+     * @return void
+     */
+    public function testPutCandidatesCandidVisitInstrumentsInstrumentFlags(): void
+    {
+        $json       = [
+            'Meta'  => [
+                'Candidate'  => $this->candidTest,
+                'Visit'      => $this->visitTest,
+                'DDE'        => false,
+                'Instrument' => $this->instrumentTest
+            ],
+            'Flags' => [
+                'Data_entry'     => 'Complete',
+                'Administration' => 'Partial',
+                'Validity'       => 'Questionable' 
+            ]
+        ];
+        $response   = $this->client->request(
+            'PUT',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest/flags",
+            [
+                'headers' => $this->headers,
+                'json'    => $json
+            ]
+        );
+        $this->assertEquals(204, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        // This will test that it should be forbidden to modify an instrument that is flagged as Complete
+        $json = [
+            $this->instrumentTest => [
+                'UserID' => "2"
+            ]
+        ];
+        $response   = $this->client->request(
+            'PUT',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest",
+            [
+                'headers' => $this->headers,
+                'json'    => $json,
+                'http_errors' => false
+            ]
+        );
+        $this->assertEquals(403, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instruments}/dde
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitInstrumentsInstrumentDde(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/instruments/" .
+                 "$this->instrumentTest/dde",
+            [
+                'headers' => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $InstrumentsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+    }
+
+    /**
+     * Tests the HTTP PATCH request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instrument}/flag
+     *
+     * @return void
+     */
+    public function testPatchCandidatesCandidVisitInstrumentsInstrumentDde(): void
+    {
+        $json       = [
+            'Meta'      => [
+                'CandID'     => $this->candidTest,
+                'Visit'      => $this->visitTest,
+                'DDE'        => true,
+                'Instrument' => $this->instrumentTest
+            ],
+            $this->instrumentTest => [
+                'UserID' => "2"
+            ]
+        ];
+        $response   = $this->client->request(
+            'PATCH',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest/dde",
+            [
+                'headers' => $this->headers,
+                'json'    => $json
+            ]
+        );
+        $this->assertEquals(204, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+    }
+
+    /**
+     * Tests the HTTP PUT request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instrument}
+     *
+     * @return void
+     */
+    public function testPutCandidatesCandidVisitInstrumentsInstrumentDde(): void
+    {
+        $json       = [
+            'Meta'      => [
+                'CandID'     => $this->candidTest,
+                'Visit'      => $this->visitTest,
+                'DDE'        => true,
+                'Instrument' => $this->instrumentTest
+            ],
+            $this->instrumentTest => [
+                'UserID' => "2"
+            ]
+        ];
+        $response   = $this->client->request(
+            'PUT',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest/dde",
+            [
+                'headers' => $this->headers,
+                'json'    => $json
+            ]
+        );
+        $this->assertEquals(204, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+    }
+
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instruments}/dde/flags
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitInstrumentsInstrumentDdeFlags():
+    void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/instruments/" .
+            "$this->instrumentTest/dde/flags",
+            [
+                'headers' => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $InstrumentsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+    }
+
+    /**
+     * Tests the HTTP PATCH request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instrument}/flag
+     *
+     * @return void
+     */
+    public function testPatchCandidVisitInstrumentsInstrumentDdeFlags(): void
+    {
+        $json       = [
+            'Meta'  => [
+                'Candidate'  => $this->candidTest,
+                'Visit'      => $this->visitTest,
+                'DDE'        => false,
+                'Instrument' => $this->instrumentTest
+            ],
+            'Flags' => [
+                'Data_entry'     => 'Complete',
+                'Administration' => 'All',
+                'Validity'       => 'Valid' 
+            ]
+        ];
+        $response   = $this->client->request(
+            'PATCH',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest/dde/flags",
+            [
+                'headers' => $this->headers,
+                'json'    => $json
+            ]
+        );
+        $this->assertEquals(204, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        // This will test that it should be forbidden to modify an instrument that is flagged as Complete
+        $json = [
+            $this->instrumentTest => [
+                'UserID' => "2"
+            ]
+        ];
+        $response   = $this->client->request(
+            'PATCH',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest/dde",
+            [
+                'headers' => $this->headers,
+                'json'    => $json,
+                'http_errors' => false
+            ]
+        );
+        $this->assertEquals(403, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+    }
+
+    /**
+     * Tests the HTTP PUT request for the
+     * endpoint /candidates/{candid}/{visit}/instruments/{instrument}
+     *
+     * @return void
+     */
+    public function testPutCandidVisitInstrumentsInstrumentDdeFlags(): void
+    {
+        $json       = [
+            'Meta'  => [
+                'Candidate'  => $this->candidTest,
+                'Visit'      => $this->visitTest,
+                'DDE'        => false,
+                'Instrument' => $this->instrumentTest
+            ],
+            'Flags' => [
+                'Data_entry'     => 'Complete',
+                'Administration' => 'All',
+                'Validity'       => 'Valid' 
+            ]
+        ];
+        $response   = $this->client->request(
+            'PUT',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest/dde/flags",
+            [
+                'headers' => $this->headers,
+                'json'    => $json
+            ]
+        );
+        $this->assertEquals(204, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        // This will test that it should be forbidden to modify an instrument that is flagged as Complete
+        $json = [
+            $this->instrumentTest => [
+                'UserID' => "2"
+            ]
+        ];
+        $response   = $this->client->request(
+            'PUT',
+            "candidates/$this->candidTest/$this->visitTest/instruments/$this->instrumentTest/dde",
+            [
+                'headers' => $this->headers,
+                'json'    => $json,
+                'http_errors' => false
+            ]
+        );
+        $this->assertEquals(403, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+
+    }
+
+}
diff --git a/raisinbread/test/api/LorisApiProjectsTest.php b/raisinbread/test/api/LorisApiProjectsTest.php
index b933130065f..b77ac069753 100644
--- a/raisinbread/test/api/LorisApiProjectsTest.php
+++ b/raisinbread/test/api/LorisApiProjectsTest.php
@@ -37,11 +37,7 @@ public function testGetProjects(): void
                 'headers'     => $this->headers
             ]
         );
-        if ($response->getStatusCode() === 404) {
-            $this->markTestSkipped(
-                "Endpoint not found: GET projects"
-            );
-        }
+
         $this->assertEquals(200, $response->getStatusCode());
         // Verify the endpoint has a body
         $body = $response->getBody();
@@ -852,4 +848,4 @@ public function testGetProjectsRecordings(): void
             'string'
         );
     }
-}
\ No newline at end of file
+}
diff --git a/raisinbread/test/api/LorisApiProjects_v0_0_3_Test.php b/raisinbread/test/api/LorisApiProjects_v0_0_3_Test.php
new file mode 100644
index 00000000000..ca4b080349b
--- /dev/null
+++ b/raisinbread/test/api/LorisApiProjects_v0_0_3_Test.php
@@ -0,0 +1,850 @@
+<?php
+
+require_once __DIR__ . "/LorisApiAuthenticated_v0_0_3_Test.php";
+
+/**
+ * PHPUnit class for API test suite. This script sends HTTP requests to every
+ * endpoints of the api module and look at the response content, status code and
+ * headers where it applies. All endpoints are accessible at <host>/api/<version>/
+ * (e.g. the endpoint of the version 0.0.3 of the API "/projects" URI for the host
+ * "example.loris.ca" would be https://example.loris.ca/api/v0.0.3/projects)
+ *
+ * @category   API
+ * @package    Tests
+ * @subpackage Integration
+ * @author     Simon Pelletier <simon.pelletier@mcin.ca>
+ * @license    http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link       https://www.github.com/aces/Loris/
+ */
+class LorisApiProjects_v0_0_3_Test extends LorisApiAuthenticated_v0_0_3_Test
+{
+    protected $projectName = "Pumpernickel";
+
+    protected $instrumentName = "bmi";
+
+    /**
+     * Tests the HTTP GET request for the endpoint /projects
+     *
+     * @return void
+     */
+    public function testGetProjects(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "projects",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $projectsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype(
+                $projectsArray['Projects']
+            ),
+            'array'
+        );
+        $this->assertSame(
+            gettype(
+                $projectsArray['Projects']['Pumpernickel']
+            ),
+            'array'
+        );
+        $this->assertSame(
+            gettype(
+                $projectsArray['Projects']['Pumpernickel']['useEDC']
+            ),
+            'string'
+        );
+        $this->assertSame(
+            gettype(
+                $projectsArray['Projects']['Pumpernickel']['PSCID']
+            ),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsArray['Projects']['Pumpernickel']['PSCID']['Type']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsArray['Projects']['Pumpernickel']['PSCID']['Regex']),
+            'string'
+        );
+
+        $this->assertArrayHasKey(
+            'Projects',
+            $projectsArray
+        );
+        $this->assertArrayHasKey(
+            'Pumpernickel',
+            $projectsArray['Projects']
+        );
+        $this->assertArrayHasKey(
+            'useEDC',
+            $projectsArray['Projects']['Pumpernickel']
+        );
+        $this->assertArrayHasKey(
+            'PSCID',
+            $projectsArray['Projects']['Pumpernickel']
+        );
+        $this->assertArrayHasKey(
+            'Type',
+            $projectsArray['Projects']['Pumpernickel']['PSCID']
+        );
+        $this->assertArrayHasKey(
+            'Regex',
+            $projectsArray['Projects']['Pumpernickel']['PSCID']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the endpoint /projects/{project}
+     *
+     * @return void
+     */
+    public function testGetProjectsProject(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "projects/$this->projectName",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $projectsProjectArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($projectsProjectArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsProjectArray['Meta']['Project']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsProjectArray['Candidates']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsProjectArray['Candidates']['0']),
+            'string'
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $projectsProjectArray
+        );
+        $this->assertArrayHasKey(
+            'Project',
+            $projectsProjectArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Candidates',
+            $projectsProjectArray
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $projectsProjectArray['Candidates']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the endpoint /projects/{project}/candidates
+     *
+     * @return void
+     */
+    public function testGetProjectsProjectCandidates(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "projects/$this->projectName/candidates",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $projectsProjectArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($projectsProjectArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsProjectArray['Meta']['Project']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsProjectArray['Candidates']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsProjectArray['Candidates']['0']),
+            'string'
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $projectsProjectArray
+        );
+        $this->assertArrayHasKey(
+            'Project',
+            $projectsProjectArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Candidates',
+            $projectsProjectArray
+        );
+
+    }
+
+    /**
+     * Tests the HTTP GET request for the endpoint /projects/{project}/images
+     *
+     * @return void
+     */
+    public function testGetProjectsProjectImages(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "projects/$this->projectName/images",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+        $projectsImagesArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']['0']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']['0']['Candidate']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']['0']['PSCID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']['0']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']['0']['Visit_date']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']['0']['Site']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']['0']['InsertTime']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']['0']['ScanType']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']['0']['Selected']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsImagesArray['Images']['0']['Link']),
+            'string'
+        );
+
+        $this->assertArrayHasKey(
+            'Images',
+            $projectsImagesArray
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $projectsImagesArray['Images']
+        );
+        $this->assertArrayHasKey(
+            'Candidate',
+            $projectsImagesArray['Images']['0']
+        );
+        $this->assertArrayHasKey(
+            'PSCID',
+            $projectsImagesArray['Images']['0']
+        );
+        $this->assertArrayHasKey(
+            'Visit',
+            $projectsImagesArray['Images']['0']
+        );
+        $this->assertArrayHasKey(
+            'Visit_date',
+            $projectsImagesArray['Images']['0']
+        );
+        $this->assertArrayHasKey(
+            'Site',
+            $projectsImagesArray['Images']['0']
+        );
+        $this->assertArrayHasKey(
+            'InsertTime',
+            $projectsImagesArray['Images']['0']
+        );
+        $this->assertArrayHasKey(
+            'ScanType',
+            $projectsImagesArray['Images']['0']
+        );
+        $this->assertArrayHasKey(
+            'QC_status',
+            $projectsImagesArray['Images']['0']
+        );
+        $this->assertArrayHasKey(
+            'Selected',
+            $projectsImagesArray['Images']['0']
+        );
+        $this->assertArrayHasKey(
+            'Link',
+            $projectsImagesArray['Images']['0']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the endpoint /projects/{project}/visits
+     *
+     * @return void
+     */
+    public function testGetProjectsProjectVisits(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "projects/$this->projectName/visits",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $projectsVisitsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($projectsVisitsArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsVisitsArray['Meta']['Project']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsVisitsArray['Visits']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsVisitsArray['Visits']['0']),
+            'string'
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $projectsVisitsArray
+        );
+        $this->assertArrayHasKey(
+            'Project',
+            $projectsVisitsArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Visits',
+            $projectsVisitsArray
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $projectsVisitsArray['Visits']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the endpoint /projects/{project}/instruments
+     *
+     * @return void
+     */
+    public function testGetProjectsProjectInstruments(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "projects/$this->projectName/instruments",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $projectsInstrArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($projectsInstrArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsInstrArray['Meta']['Project']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($projectsInstrArray['Instruments']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($projectsInstrArray['Instruments']['aosi']),
+            'array'
+        );
+        $this->assertSame(
+            gettype(
+                $projectsInstrArray['Instruments']['aosi']['Fullname']
+            ),
+            'string'
+        );
+        $this->assertSame(
+            gettype(
+                $projectsInstrArray['Instruments']['aosi']['Subgroup']
+            ),
+            'string'
+        );
+        $this->assertSame(
+            gettype(
+                $projectsInstrArray['Instruments']['aosi']['DoubleDataEntryEnabled']
+            ),
+            'boolean'
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $projectsInstrArray
+        );
+        $this->assertArrayHasKey(
+            'Project',
+            $projectsInstrArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Instruments',
+            $projectsInstrArray
+        );
+        $this->assertArrayHasKey(
+            'radiology_review',
+            $projectsInstrArray['Instruments']
+        );
+        $this->assertArrayHasKey(
+            'bmi',
+            $projectsInstrArray['Instruments']
+        );
+        $this->assertArrayHasKey(
+            'medical_history',
+            $projectsInstrArray['Instruments']
+        );
+        $this->assertArrayHasKey(
+            'aosi',
+            $projectsInstrArray['Instruments']
+        );
+        $this->assertArrayHasKey(
+            'mri_parameter_form',
+            $projectsInstrArray['Instruments']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /projects/{project}/instruments/{instrument}
+     *
+     * @return void
+     */
+    public function testGetProjectsProjectInstrumentsInstrument(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "projects/$this->projectName/instruments/$this->instrumentName",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $instrumentProjectArray = json_decode(
+            (string) utf8_encode(
+                strstr($response->getBody()->getContents(),"{")
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($instrumentProjectArray),
+            'array'
+        );
+
+        // == Meta tag
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $instrumentProjectArray
+        );
+
+        $instrumentMeta = $instrumentProjectArray['Meta'];
+
+        $this->assertSame(
+            gettype($instrumentMeta),
+            'array'
+        );
+
+        $this->assertArrayHasKey(
+            'InstrumentVersion',
+            $instrumentMeta
+        );
+        $this->assertSame(
+            gettype($instrumentMeta['InstrumentVersion']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'InstrumentFormatVersion',
+            $instrumentMeta
+        );
+        $this->assertSame(
+            gettype($instrumentMeta['InstrumentFormatVersion']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'ShortName',
+            $instrumentMeta
+        );
+        $this->assertSame(
+            gettype($instrumentMeta['ShortName']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'LongName',
+            $instrumentMeta
+        );
+        $this->assertSame(
+            gettype($instrumentMeta['LongName']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'IncludeMetaDataFields',
+            $instrumentMeta
+        );
+        $this->assertSame(
+            gettype($instrumentMeta['IncludeMetaDataFields']),
+            'string'
+        );
+
+        // == Elements tag
+
+        $this->assertArrayHasKey(
+            'Elements',
+            $instrumentProjectArray
+        );
+        $this->assertSame(
+            gettype($instrumentProjectArray['Elements']),
+            'array'
+        );
+
+        $this->assertArrayHasKey(
+            '0',
+            $instrumentProjectArray['Elements']
+        );
+
+        $elementGroup = $instrumentProjectArray['Elements']['0'];
+
+        $this->assertSame(
+            gettype($elementGroup),
+            'array'
+        );
+
+        $this->assertArrayHasKey(
+            'Type',
+            $elementGroup
+        );
+        $this->assertSame(
+            gettype($elementGroup['Type']),
+            'string'
+        );
+
+        $elementType = [
+            // a group of elements...
+            'ElementGroup',
+            // ... or one element type
+            'advcheckbox',
+            'date',
+            'file',
+            'group',
+            'header',
+            'hidden',
+            'link',
+            'page',
+            'password',
+            'radio',
+            'select',
+            'static',
+            'submit',
+            'text',
+            'textarea',
+            'time',
+        ];
+        $this->assertContains(
+            $elementGroup['Type'],
+            $elementType
+        );
+
+        $this->assertArrayHasKey(
+            'GroupType',
+            $elementGroup
+        );
+        $this->assertSame(
+            gettype($elementGroup['GroupType']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'Description',
+            $elementGroup
+        );
+        $this->assertSame(
+            gettype($elementGroup['Description']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'Elements',
+            $elementGroup
+        );
+        $this->assertSame(
+            gettype($elementGroup['Elements']),
+            'array'
+        );
+
+        $this->assertArrayHasKey(
+            '0',
+            $elementGroup['Elements']
+        );
+
+        // == sub elements
+
+        $groupSubElements = $elementGroup['Elements']['0'];
+
+        $this->assertArrayHasKey(
+            'Type',
+            $groupSubElements
+        );
+        $this->assertSame(
+            gettype($groupSubElements['Type']),
+            'string'
+        );
+        $this->assertContains(
+            $groupSubElements['Type'],
+            $elementType
+        );
+        $this->assertArrayHasKey(
+            'Name',
+            $groupSubElements
+        );
+        $this->assertSame(
+            gettype($groupSubElements['Name']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'Description',
+            $groupSubElements
+        );
+        $this->assertSame(
+            gettype($groupSubElements['Description']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'Options',
+            $groupSubElements
+        );
+        $this->assertSame(
+            gettype($groupSubElements['Options']),
+            'array'
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the endpoint /projects/{project}/recordings
+     *
+     * @return void
+     */
+    public function testGetProjectsRecordings(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "projects/$this->projectName/recordings",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $projectsRecordingsArray = json_decode(
+            (string) utf8_encode(
+                strstr($response->getBody()->getContents(),"{")
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($projectsRecordingsArray),
+            'array'
+        );
+
+        $this->assertArrayHasKey(
+            'Recordings',
+            $projectsRecordingsArray
+        );
+        $this->assertSame(
+            gettype($projectsRecordingsArray['Recordings']),
+            'array'
+        );
+
+        $this->assertArrayHasKey(
+            '0',
+            $projectsRecordingsArray['Recordings']
+        );
+
+        $recordings = $projectsRecordingsArray['Recordings']['0'];
+
+        $this->assertArrayHasKey(
+            'Candidate',
+            $recordings
+        );
+        $this->assertSame(
+            gettype($recordings['Candidate']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'PSCID',
+            $recordings
+        );
+        $this->assertSame(
+            gettype($recordings['PSCID']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'Visit',
+            $recordings
+        );
+        $this->assertSame(
+            gettype($recordings['Visit']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'Visit_date',
+            $recordings
+        );
+        $this->assertSame(
+            gettype($recordings['Visit_date']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'Site',
+            $recordings
+        );
+        $this->assertSame(
+            gettype($recordings['Site']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'File',
+            $recordings
+        );
+        $this->assertSame(
+            gettype($recordings['File']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'Modality',
+            $recordings
+        );
+        $this->assertSame(
+            gettype($recordings['Modality']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'InsertTime',
+            $recordings
+        );
+        $this->assertSame(
+            gettype($recordings['InsertTime']),
+            'string'
+        );
+        $this->assertArrayHasKey(
+            'Link',
+            $recordings
+        );
+        $this->assertSame(
+            gettype($recordings['Link']),
+            'string'
+        );
+    }
+}
diff --git a/raisinbread/test/api/LorisApiRecordings_v0_0_3_Test.php b/raisinbread/test/api/LorisApiRecordings_v0_0_3_Test.php
new file mode 100644
index 00000000000..893029eda55
--- /dev/null
+++ b/raisinbread/test/api/LorisApiRecordings_v0_0_3_Test.php
@@ -0,0 +1,836 @@
+<?php
+
+require_once __DIR__ . "/LorisApiAuthenticated_v0_0_3_Test.php";
+
+/**
+ * PHPUnit class for API test suite. This script sends HTTP requests to every
+ * endpoints of the api module and look at the response content, status code and
+ * headers where it applies. All endpoints are accessible at <host>/api/<version>/
+ * (e.g. the endpoint of the version 0.0.3 of the API "/projects" URI for the host
+ * "example.loris.ca" would be https://example.loris.ca/api/v0.0.3/projects)
+ *
+ * @category   API
+ * @package    Tests
+ * @subpackage Integration
+ * @author     Simon Pelletier <simon.pelletier@mcin.ca>
+ * @license    http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link       https://www.github.com/aces/Loris/
+ */
+class LorisApiRecordings_v0_0_3_Test extends LorisApiAuthenticated_v0_0_3_Test
+{
+    protected $frecordTest         = "sub-OTT174_ses-V1_task-faceO_eeg.edf";
+    protected $candidTest          = "300174";
+    protected $visitTest           = "V1";
+    protected $headernameTest      = "json_file";
+    protected $fBIDSArchiveTest    = "archive_bids.tsv";
+    protected $fBIDSChannelsTest   = "channels_bids.tsv";
+    protected $fBIDSElectrodesTest = "electrodes_bids.tsv";
+    protected $fBIDSEventsTest     = "events_bids.tsv";
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordings(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/recordings",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+        $recordingsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(gettype($recordingsArray), 'array');
+        $this->assertSame(gettype($recordingsArray['Meta']), 'array');
+        $this->assertSame(
+            gettype($recordingsArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recordingsArray['Meta']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recordingsArray['Files']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recordingsArray['Files']['0']),
+            'array'
+        );
+
+        $this->assertArrayHasKey('Meta', $recordingsArray);
+        $this->assertArrayHasKey('CandID', $recordingsArray['Meta']);
+        $this->assertArrayHasKey('Visit', $recordingsArray['Meta']);
+        $this->assertArrayHasKey('Files', $recordingsArray);
+        $this->assertArrayHasKey('0', $recordingsArray['Files']);
+        $this->assertArrayHasKey('OutputType', $recordingsArray['Files']['0']);
+        $this->assertArrayHasKey('Filename', $recordingsArray['Files']['0']);
+        $this->assertArrayHasKey(
+            'AcquisitionModality',
+            $recordingsArray['Files']['0']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings/{edffile}
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordingsEdffile(): void
+    {
+        $resource = fopen($this->frecordTest, 'w');
+        $stream   = GuzzleHttp\Psr7\stream_for($resource);
+        try {
+            $response = $this->client->request(
+                'GET',
+                "candidates/$this->candidTest/$this->visitTest/recordings/" .
+                "$this->frecordTest",
+                [
+                'headers' => $this->headers,
+                'save_to' => $stream
+                ]
+            );
+        } catch (Exception $e) {
+            $this->markTestIncomplete(
+                "Endpoint not found: " .
+                "candidates/$this->candidTest/$this->visitTest/recordings/" .
+                "$this->frecordTest"
+            );
+        }
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $this->assertFileIsReadable($this->frecordTest);
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings/{edffile}/metadata
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordingsEdfFileMetadata(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/metadata",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+        $recordingsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(gettype($recordingsArray), 'array');
+
+        $this->assertArrayHasKey('Meta', $recordingsArray);
+        $meta = $recordingsArray['Meta'];
+        $this->assertSame(gettype($meta), 'array');
+
+        $this->assertArrayHasKey('CandID', $meta);
+        $this->assertSame(gettype($meta['CandID']), 'string');
+        $this->assertArrayHasKey('Visit', $meta);
+        $this->assertSame(gettype($meta['Visit']), 'string');
+        $this->assertArrayHasKey('File', $meta);
+        $this->assertSame(gettype($meta['File']), 'string');
+
+        $this->assertArrayHasKey('Data', $recordingsArray);
+        $data = $recordingsArray['Data'];
+        $this->assertSame(gettype($data), 'array');
+
+        foreach ($data as $value) {
+            $this->assertSame(gettype($value), 'string');
+        }
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings/{edffile}/metadata/{headername}
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordingsEdfFileMetadataHeadername(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/metadata/$this->headernameTest",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+        $recordingsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(gettype($recordingsArray), 'array');
+
+        $this->assertArrayHasKey('Meta', $recordingsArray);
+        $meta = $recordingsArray['Meta'];
+        $this->assertSame(gettype($meta), 'array');
+
+        $this->assertArrayHasKey('CandID', $meta);
+        $this->assertSame(gettype($meta['CandID']), 'string');
+        $this->assertArrayHasKey('Visit', $meta);
+        $this->assertSame(gettype($meta['Visit']), 'string');
+        $this->assertArrayHasKey('File', $meta);
+        $this->assertSame(gettype($meta['File']), 'string');
+        $this->assertArrayHasKey('Header', $meta);
+        $this->assertSame(gettype($meta['Header']), 'string');
+
+        $this->assertArrayHasKey('Value', $recordingsArray);
+        $this->assertSame(gettype($recordingsArray['Value']), 'string');
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings/{edffile}/channels
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordingsEdffileChannels(): void
+    {
+            // $this->markTestIncomplete(
+            //   "rewrite"
+            // );
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/channels",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $recChannelsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($recChannelsArray),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Meta']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['ChannelName']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['ChannelDescription']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype(
+                $recChannelsArray['Channels']['0']['ChannelTypeDescription']
+            ),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['ChannelStatus']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['StatusDescription']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['SamplingFrequency']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['LowCutoff']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['HighCutoff']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['ManualFlag']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['Notch']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['Reference']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['Unit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Channels']['0']['ChannelFilePath']),
+            'string'
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $recChannelsArray
+        );
+        $this->assertArrayHasKey(
+            'CandID',
+            $recChannelsArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Visit',
+            $recChannelsArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Channels',
+            $recChannelsArray
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $recChannelsArray['Channels']
+        );
+        $this->assertArrayHasKey(
+            'ChannelName',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'ChannelDescription',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'ChannelTypeDescription',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'ChannelStatus',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'StatusDescription',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'SamplingFrequency',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'LowCutoff',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'HighCutoff',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'ManualFlag',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'Notch',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'Reference',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'Unit',
+            $recChannelsArray['Channels']['0']
+        );
+        $this->assertArrayHasKey(
+            'ChannelFilePath',
+            $recChannelsArray['Channels']['0']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings/{edffile}/electrodes
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordingsEdfFileElectrodes(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/electrodes",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $recChannelsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($recChannelsArray),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Meta']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Electrodes']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Electrodes']['0']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Electrodes']['0']['ElectrodeName']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Electrodes']['0']['ElectrodeType']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Electrodes']['0']['ElectrodeMaterial']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Electrodes']['0']['X']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Electrodes']['0']['Y']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Electrodes']['0']['Z']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Electrodes']['0']['Impedance']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recChannelsArray['Electrodes']['0']['ElectrodeFilePath']),
+            'string'
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $recChannelsArray
+        );
+        $this->assertArrayHasKey(
+            'CandID',
+            $recChannelsArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Visit',
+            $recChannelsArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Electrodes',
+            $recChannelsArray
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $recChannelsArray['Electrodes']
+        );
+        $this->assertArrayHasKey(
+            'ElectrodeName',
+            $recChannelsArray['Electrodes']['0']
+        );
+        $this->assertArrayHasKey(
+            'ElectrodeType',
+            $recChannelsArray['Electrodes']['0']
+        );
+        $this->assertArrayHasKey(
+            'ElectrodeMaterial',
+            $recChannelsArray['Electrodes']['0']
+        );
+        $this->assertArrayHasKey(
+            'X',
+            $recChannelsArray['Electrodes']['0']
+        );
+        $this->assertArrayHasKey(
+            'Y',
+            $recChannelsArray['Electrodes']['0']
+        );
+        $this->assertArrayHasKey(
+            'Z',
+            $recChannelsArray['Electrodes']['0']
+        );
+        $this->assertArrayHasKey(
+            'Impedance',
+            $recChannelsArray['Electrodes']['0']
+        );
+        $this->assertArrayHasKey(
+            'ElectrodeFilePath',
+            $recChannelsArray['Electrodes']['0']
+        );
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings/{edffile}/events
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordingsEdfFileEvents(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/events",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $recordingsEventsArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(
+            gettype($recordingsEventsArray),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['Meta']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['TaskEvents']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['TaskEvents']['0']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['TaskEvents']['0']['Onset']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['TaskEvents']['0']['Duration']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['TaskEvents']['0']['EventCode']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['TaskEvents']['0']['EventSample']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['TaskEvents']['0']['EventType']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['TaskEvents']['0']['TrialType']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['TaskEvents']['0']['ResponseTime']),
+            'NULL'
+        );
+        $this->assertSame(
+            gettype($recordingsEventsArray['TaskEvents']['0']['EventFilePath']),
+            'string'
+        );
+
+        $this->assertArrayHasKey(
+            'Meta',
+            $recordingsEventsArray
+        );
+        $this->assertArrayHasKey(
+            'CandID',
+            $recordingsEventsArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'Visit',
+            $recordingsEventsArray['Meta']
+        );
+        $this->assertArrayHasKey(
+            'TaskEvents',
+            $recordingsEventsArray
+        );
+        $this->assertArrayHasKey(
+            '0',
+            $recordingsEventsArray['TaskEvents']
+        );
+        $this->assertArrayHasKey(
+            'Onset',
+            $recordingsEventsArray['TaskEvents']['0']
+        );
+        $this->assertArrayHasKey(
+            'Duration',
+            $recordingsEventsArray['TaskEvents']['0']
+        );
+        $this->assertArrayHasKey(
+            'EventCode',
+            $recordingsEventsArray['TaskEvents']['0']
+        );
+        $this->assertArrayHasKey(
+            'EventSample',
+            $recordingsEventsArray['TaskEvents']['0']
+        );
+        $this->assertArrayHasKey(
+            'EventType',
+            $recordingsEventsArray['TaskEvents']['0']
+        );
+        $this->assertArrayHasKey(
+            'TrialType',
+            $recordingsEventsArray['TaskEvents']['0']
+        );
+        $this->assertArrayHasKey(
+            'ResponseTime',
+            $recordingsEventsArray['TaskEvents']['0']
+        );
+        $this->assertArrayHasKey(
+            'EventFilePath',
+            $recordingsEventsArray['TaskEvents']['0']
+        );
+    }
+    
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings/{edffile}/bidsfiles/archive
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordingsEdfFileBidsfilesArchive(): void
+    {
+        try {
+            $resource = \GuzzleHttp\Psr7\Utils::tryFopen($this->fBIDSArchiveTest, 'w');
+        } catch (Exception $e) {
+            $this->markTestIncomplete(
+                "File cannot be opened: " . $this->fBIDSArchiveTest
+            );
+        }
+        $stream   = \GuzzleHttp\Psr7\Utils::streamFor($resource);
+        try {
+            $response = $this->client->request(
+                'GET',
+                "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/bidsfiles/archive",
+                [
+                    'headers' => $this->headers,
+                    'save_to' => $stream
+                ]
+            );
+        } catch (Exception $e) {
+            $this->markTestIncomplete(
+                "Endpoint not found: " .
+                "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/bidsfiles/archive",
+            );
+        }
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $this->assertFileIsReadable($this->fBIDSArchiveTest);
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings/{edffile}/bidsfiles/channels
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordingsEdfFileBidsfilesChannels(): void
+    {
+        try {
+            $resource = \GuzzleHttp\Psr7\Utils::tryFopen($this->fBIDSChannelsTest, 'w');
+        } catch (Exception $e) {
+            $this->markTestIncomplete(
+                "File cannot be opened: " . $this->fBIDSChannelsTest
+            );
+        }
+        $stream   = \GuzzleHttp\Psr7\Utils::streamFor($resource);
+        try {
+            $response = $this->client->request(
+                'GET',
+                "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/bidsfiles/archive",
+                [
+                    'headers' => $this->headers,
+                    'save_to' => $stream
+                ]
+            );
+        } catch (Exception $e) {
+            $this->markTestIncomplete(
+                "Endpoint not found: " .
+                "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/bidsfiles/archive",
+            );
+        }
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $this->assertFileIsReadable($this->fBIDSChannelsTest);
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings/{edffile}/bidsfiles/electrodes
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordingsEdfFileBidsfilesElectrodes(): void
+    {
+        try {
+            $resource = \GuzzleHttp\Psr7\Utils::tryFopen($this->fBIDSElectrodesTest, 'w');
+        } catch (Exception $e) {
+            $this->markTestIncomplete(
+                "File cannot be opened: " . $this->fBIDSElectrodesTest
+            );
+        }
+        $stream   = \GuzzleHttp\Psr7\Utils::streamFor($resource);
+        try {
+            $response = $this->client->request(
+                'GET',
+                "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/bidsfiles/archive",
+                [
+                    'headers' => $this->headers,
+                    'save_to' => $stream
+                ]
+            );
+        } catch (Exception $e) {
+            $this->markTestIncomplete(
+                "Endpoint not found: " .
+                "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/bidsfiles/archive",
+            );
+        }
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $this->assertFileIsReadable($this->fBIDSElectrodesTest);
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/recordings/{edffile}/bidsfiles/events
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitRecordingsEdfFileBidsfilesEvents(): void
+    {
+        try {
+            $resource = \GuzzleHttp\Psr7\Utils::tryFopen($this->fBIDSEventsTest, 'w');
+        } catch (Exception $e) {
+            $this->markTestIncomplete(
+                "File cannot be opened: " . $this->fBIDSEventsTest
+            );
+        }
+        $stream   = \GuzzleHttp\Psr7\Utils::streamFor($resource);
+        try {
+            $response = $this->client->request(
+                'GET',
+                "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/bidsfiles/archive",
+                [
+                    'headers' => $this->headers,
+                    'save_to' => $stream
+                ]
+            );
+        } catch (Exception $e) {
+            $this->markTestIncomplete(
+                "Endpoint not found: " .
+                "candidates/$this->candidTest/$this->visitTest/recordings/$this->frecordTest/bidsfiles/archive",
+            );
+        }
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        $this->assertFileIsReadable($this->fBIDSEventsTest);
+    }
+}
diff --git a/raisinbread/test/api/LorisApiSitesTest.php b/raisinbread/test/api/LorisApiSitesTest.php
index b6cde7c2a14..e08033c54a8 100644
--- a/raisinbread/test/api/LorisApiSitesTest.php
+++ b/raisinbread/test/api/LorisApiSitesTest.php
@@ -32,11 +32,7 @@ public function testGetSites(): void
                 'headers'     => $this->headers
             ]
         );
-        if ($response->getStatusCode() === 404) {
-            $this->markTestSkipped(
-                "Endpoint not found: GET sites"
-            );
-        }
+
         $this->assertEquals(200, $response->getStatusCode());
 
         $data = json_decode(
diff --git a/raisinbread/test/api/LorisApiSites_v0_0_3_Test.php b/raisinbread/test/api/LorisApiSites_v0_0_3_Test.php
new file mode 100644
index 00000000000..35806382965
--- /dev/null
+++ b/raisinbread/test/api/LorisApiSites_v0_0_3_Test.php
@@ -0,0 +1,39 @@
+<?php
+require_once __DIR__ . "/LorisApiAuthenticated_v0_0_3_Test.php";
+
+/**
+ * PHPUnit class for API test suite. This script sends HTTP requests to every
+ * endpoints of the api module and look at the response content, status code and
+ * headers where it applies. All endpoints are accessible at <host>/api/<version>/
+ * (e.g. the endpoint of the version 0.0.4-dev of the API "/projects" URI for the host
+ * "example.loris.ca" would be https://example.loris.ca/api/v0.0.4-dev/projects)
+ *
+ * @category   API
+ * @package    Tests
+ * @subpackage Integration
+ * @author     Xavier Lecours <xavier.lecours@mcin.ca>
+ * @license    http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link       https://www.github.com/aces/Loris/
+ */
+class LorisApiSites_v0_0_3_Test extends LorisApiAuthenticated_v0_0_3_Test
+{
+    /**
+     * Tests the HTTP GET request for the endpoint /sites
+     *
+     * @return void
+     */
+    public function testGetSites(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "sites",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+
+        // endpoint was added in v0.0.4
+        $this->assertEquals(404, $response->getStatusCode());
+    }
+}
diff --git a/raisinbread/test/api/LorisApiVisits_v0_0_3_Test.php b/raisinbread/test/api/LorisApiVisits_v0_0_3_Test.php
new file mode 100644
index 00000000000..042e905cb50
--- /dev/null
+++ b/raisinbread/test/api/LorisApiVisits_v0_0_3_Test.php
@@ -0,0 +1,359 @@
+<?php
+
+require_once __DIR__ . "/LorisApiAuthenticated_v0_0_3_Test.php";
+
+/**
+ * PHPUnit class for API test suite. This script sends HTTP requests to every
+ * endpoints of the api module and look at the response content, status code and
+ * headers where it applies. All endpoints are accessible at <host>/api/<version>/
+ * (e.g. the endpoint of the version 0.0.3 of the API "/projects" URI for the host
+ * "example.loris.ca" would be https://example.loris.ca/api/v0.0.3/projects)
+ *
+ * @category   API
+ * @package    Tests
+ * @subpackage Integration
+ * @author     Simon Pelletier <simon.pelletier@mcin.ca>
+ * @license    http://www.gnu.org/licenses/gpl-3.0.txt GPLv3
+ * @link       https://www.github.com/aces/Loris/
+ */
+class LorisApiVisits_v0_0_3_Test extends LorisApiAuthenticated_v0_0_3_Test
+{
+    protected $candidTest = "300008";
+    protected $visitTest  = "V1";
+
+    /**
+     * Tests the HTTP GET request for the endpoint /candidates/{candid}/{visit}
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisit(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+        $candidatesVisitArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(gettype($candidatesVisitArray), 'array');
+        $this->assertSame(
+            gettype($candidatesVisitArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Meta']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Meta']['Site']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Meta']['Battery']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Stages']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Stages']['Visit']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Stages']['Visit']['Date']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Stages']['Visit']['Status']),
+            'string'
+        );
+
+        $this->assertArrayHasKey('Meta', $candidatesVisitArray);
+        $this->assertArrayHasKey('CandID', $candidatesVisitArray['Meta']);
+        $this->assertArrayHasKey('Project', $candidatesVisitArray['Meta']);
+        $this->assertArrayHasKey('Site', $candidatesVisitArray['Meta']);
+        $this->assertArrayHasKey('Battery', $candidatesVisitArray['Meta']);
+        $this->assertArrayHasKey('Project', $candidatesVisitArray['Meta']);
+        $this->assertArrayHasKey('Stages', $candidatesVisitArray);
+        $this->assertArrayHasKey(
+            'Visit',
+            $candidatesVisitArray['Stages']
+        );
+        $this->assertArrayHasKey(
+            'Date',
+            $candidatesVisitArray['Stages']['Visit']
+        );
+        $this->assertArrayHasKey(
+            'Status',
+            $candidatesVisitArray['Stages']['Visit']
+        );
+
+    }
+
+    /**
+     * Tests the HTTP PUT request for the endpoint /candidates/{candid}/{visit}
+     *
+     * @return void
+     */
+    public function testPutCandidatesCandidVisit(): void
+    {
+        // Test changing the Project & Battery
+        $json     = ['CandID'  => '900000',
+            'Visit'   => "V1",
+            'Site'    => "Data Coordinating Center",
+            'Battery' => "High Yeast",
+            'Project' => "Rye",
+        ];
+        $response = $this->client->request(
+            'PUT',
+            "candidates/900000/V1",
+            [
+                'headers' => $this->headers,
+                'json'    => $json
+            ]
+        );
+        // Verify the status code
+        $this->assertEquals(204, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        // Erase sites that were setup in LorisApiAuthenticatedTest
+        // setup for data access in other tests.
+        $this->DB->run(
+            'DELETE FROM user_psc_rel WHERE UserID=999990 AND CenterID <> 1'
+        );
+        /**
+        * Test changing from a site with no affiliation to a site with affiliation
+        * Candidate 400266 is from site Rome. The test user only has access to
+        * Data Coordinating Center. He should not be able to modify a visit 
+        * for a candidate from a site he has no access to.
+        */
+        $json     = ['CandID'  => '400266',
+            'Visit'   => "V3",
+            'Site'    => "Data Coordinating Center",
+            'Battery' => "Stale",
+            'Project' => "Pumpernickel",
+        ];
+        $response = $this->client->request(
+            'PUT',
+            "candidates/400266/V3",
+            [
+                'headers' => $this->headers,
+                'json'    => $json,
+                'http_errors' => false
+            ]
+        );
+        // Verify the status code
+        $this->assertEquals(403, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        // Test changing the Battery from a visit that is already initiated.
+        $json     = ['CandID'  => "115788",
+            'Visit'   => "V3",
+            'Site'    => "Data Coordinating Center",
+            'Battery' => "Stale",
+            'Project' => "Pumpernickel",
+        ];
+        $response = $this->client->request(
+            'PUT',
+            "candidates/115788/V3",
+            [
+                'headers'     => $this->headers,
+                'json'        => $json,
+                'http_errors' => false
+            ]
+        );
+        // verify the status code
+        $this->assertequals(409, $response->getstatuscode());
+        // verify the endpoint has a body
+        $body = $response->getbody();
+        $this->assertnotempty($body);
+
+        // Test assigning site with no affiliation. It changes the site from
+        // Data Coordinating Center, which the test user has its only affiliation,
+        // to Montreal, where he has no affiliation.
+        $json     = ['CandID'  => '900000',
+            'Visit'   => "V1",
+            'Site'    => "Montreal",
+            'Battery' => "Stale",
+            'Project' => "Pumpernickel",
+        ];
+        $response = $this->client->request(
+            'PUT',
+            "candidates/900000/V1",
+            [
+                'headers'     => $this->headers,
+                'json'        => $json,
+                'http_errors' => false
+            ]
+        );
+        // Verify the status code
+        $this->assertEquals(403, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+
+        // The visit has CenterID 2, we need to ensure that
+        // the user has access to visitTest (which we deleted
+        // above to test the permission denied.) or this
+        // test will return a 403 instead of a 400.
+        $this->DB->insert("user_psc_rel",
+            [
+                'UserID' => '999990',
+                'CenterID' => '2'
+            ]
+        );
+        // Test what happen when a field is missing (here, Battery)
+        $json     = ['CandID'  => $this->candidTest,
+            'Visit'   => $this->visitTest,
+            'Site'    => "Data Coordinating Center",
+            'Project' => "Pumpernickel",
+        ];
+        $response = $this->client->request(
+            'PUT',
+            "candidates/$this->candidTest/$this->visitTest",
+            [
+                'headers'     => $this->headers,
+                'json'        => $json,
+                'http_errors' => false
+            ]
+        );
+        // verify the status code
+        $this->assertequals(400, $response->getstatuscode());
+        // verify the endpoint has a body
+        $body = $response->getbody();
+        $this->assertnotempty($body);
+
+        // Test CandID in URL should match CandID in the request fields
+        $json     = ['CandID'  => $this->candidTest,
+            'Visit'   => $this->visitTest,
+            'Site'    => "Montreal",
+            'Battery' => "Low Yeast",
+            'Project' => "Pumpernickel",
+        ];
+        $response = $this->client->request(
+            'PUT',
+            "candidates/300001/$this->visitTest",
+            [
+                'headers'     => $this->headers,
+                'json'        => $json,
+                'http_errors' => false
+            ]
+        );
+        // verify the status code
+        $this->assertequals(400, $response->getstatuscode());
+        // verify the endpoint has a body
+        $body = $response->getbody();
+        $this->assertnotempty($body);
+    }
+
+    /**
+     * Tests the HTTP GET request for the
+     * endpoint /candidates/{candid}/{visit}/imaging/qc
+     *
+     * @return void
+     */
+    public function testGetCandidatesCandidVisitQcImaging(): void
+    {
+        $response = $this->client->request(
+            'GET',
+            "candidates/$this->candidTest/$this->visitTest/qc/imaging",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers
+            ]
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+        $candidatesVisitArray = json_decode(
+            (string) utf8_encode(
+                $response->getBody()->getContents()
+            ),
+            true
+        );
+
+        $this->assertSame(gettype($candidatesVisitArray), 'array');
+        $this->assertSame(
+            gettype($candidatesVisitArray['Meta']),
+            'array'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Meta']['CandID']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Meta']['Visit']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['SessionQC']),
+            'string'
+        );
+        $this->assertSame(
+            gettype($candidatesVisitArray['Pending']),
+            'boolean'
+        );
+
+        $this->assertArrayHasKey('Meta', $candidatesVisitArray);
+        $this->assertArrayHasKey('CandID', $candidatesVisitArray['Meta']);
+        $this->assertArrayHasKey('Visit', $candidatesVisitArray['Meta']);
+        $this->assertArrayHasKey('SessionQC', $candidatesVisitArray);
+        $this->assertArrayHasKey('Pending', $candidatesVisitArray);
+    }
+
+    /**
+     * Tests the HTTP PUT request for the
+     * endpoint /candidates/{candid}/{visit}/imaging/qc
+     *
+     * @return void
+     */
+    public function testPutCandidatesCandidVisitQcImaging(): void
+    {
+        $candid   = '400162';
+        $visit    = 'V6';
+        $json     = [
+            "Meta"      => [
+                'CandID' => $candid,
+                'Visit'  => $visit
+            ],
+            'SessionQC' => "",
+            'Pending'   => true
+        ];
+        $response = $this->client->request(
+            'PUT',
+            "candidates/$candid/$visit/qc/imaging",
+            [
+                'http_errors' => false,
+                'headers'     => $this->headers,
+                'json'        => $json
+            ]
+        );
+        // Verify the status code
+        $this->assertEquals(204, $response->getStatusCode());
+        // Verify the endpoint has a body
+        $body = $response->getBody();
+        $this->assertNotEmpty($body);
+    }
+}
diff --git a/smarty/templates/main.tpl b/smarty/templates/main.tpl
index 2de87a0af93..7ad1025227b 100644
--- a/smarty/templates/main.tpl
+++ b/smarty/templates/main.tpl
@@ -155,11 +155,13 @@
                                     {$user.Real_name|escape} <b class="caret"></b>
                                 </a>
                                 <ul class="dropdown-menu">
+                                    {if $my_preferences|default}
                                     <li>
                                         <a href="{$baseurl}/my_preferences/">
                                             My Preferences
                                         </a>
                                     </li>
+                                    {/if}
                                     <li>
                                         <a href="{$baseurl}/?logout=true">
                                             Log Out
diff --git a/src/Http/Endpoint.php b/src/Http/Endpoint.php
index c9bbd4b2a4b..9c33b180eaf 100644
--- a/src/Http/Endpoint.php
+++ b/src/Http/Endpoint.php
@@ -65,4 +65,19 @@ public function hasAccess(\User $user): bool
     {
         return !($user instanceof \LORIS\AnonymousUser);
     }
+
+    /**
+     * This function can be overridden in a module's page to load the necessary
+     * resources to check the permissions of a user.
+     *
+     * @param \User                   $user    The user to load the resources for
+     * @param ServerRequestInterface $request The PSR15 Request being handled
+     *
+     * @return void
+     */
+    public function loadResources(
+        \User $user,
+        ServerRequestInterface $request
+    ) : void {
+    }
 }
diff --git a/src/Middleware/UserPageDecorationMiddleware.php b/src/Middleware/UserPageDecorationMiddleware.php
index 0768d8894b7..09fc7a1cf43 100644
--- a/src/Middleware/UserPageDecorationMiddleware.php
+++ b/src/Middleware/UserPageDecorationMiddleware.php
@@ -219,7 +219,10 @@ function ($a, $b) {
         }
         $tpl_data['userPerms'] = $realPerms;
 
-        //Display the footer links, as specified in the config file
+        // Do not show menu item if module not active
+        $tpl_data['my_preferences'] = $loris->hasModule('my_preferences');
+
+        // Display the footer links, as specified in the config file
         $links = $this->Config->getExternalLinks('FooterLink');
 
         $tpl_data['links'] = array();
diff --git a/src/StudyEntities/Candidate/Sex.php b/src/StudyEntities/Candidate/Sex.php
index 65f31422780..f7f3481af2d 100644
--- a/src/StudyEntities/Candidate/Sex.php
+++ b/src/StudyEntities/Candidate/Sex.php
@@ -29,9 +29,9 @@ class Sex implements \JsonSerializable
     public $value;
 
     private const VALID_VALUES = array(
-                                  'male',
-                                  'female',
-                                  'other',
+                                  'Male',
+                                  'Female',
+                                  'Other',
                                  );
 
     /**
@@ -61,7 +61,7 @@ public function __construct(string $value)
      */
     public static function validate(string $value): bool
     {
-        return in_array(strtolower($value), self::VALID_VALUES, true);
+        return in_array($value, self::VALID_VALUES, true);
     }
 
     /**
diff --git a/test/phpunit.xml b/test/phpunit.xml
index 3a15673ba20..5ec1adabced 100644
--- a/test/phpunit.xml
+++ b/test/phpunit.xml
@@ -2,6 +2,7 @@
 <phpunit
         bootstrap="bootstrap.php"
         verbose="true"
+        testdox="true"
         colors="true">
     <testsuites>
         <testsuite name='LorisUnitTests'>
@@ -30,7 +31,7 @@
             <directory>../modules/dicom_archive/test/</directory>
             <directory>../modules/document_repository/test/</directory>
             <directory>../modules/examiner/test/</directory>
-	    <directory>../modules/electrophysiology_browser/test/</directory>
+            <directory>../modules/electrophysiology_browser/test/</directory>
             <directory>../modules/electrophysiology_uploader/test/</directory>	    
             <directory>../modules/genomic_browser/test/</directory>
             <directory>../modules/help_editor/test/</directory>
diff --git a/tools/data_integrity/fix_candidate_age.php b/tools/data_integrity/fix_candidate_age.php
index fa1d4874caa..ab80693a233 100644
--- a/tools/data_integrity/fix_candidate_age.php
+++ b/tools/data_integrity/fix_candidate_age.php
@@ -6,7 +6,7 @@
  * the NDB_BVL_Instrument::_saveValues() function to safely make changes to ages.
  *
  * Usage
- *  - php fix_candidate_age.php;
+ *  - php fix_candidate_age.php check;
  *  - php fix_candidate_age.php confirm;
  *
  * PHP Version 7
@@ -35,9 +35,9 @@
     $confirm = true;
 }
 
-$incorrectAges  = [];
-$nullAges       = [];
-$verifiedTables = [];
+$incorrectAges       = [];
+$nullAges            = [];
+$verifiedInstruments = [];
 
 foreach ($instruments as $testName=>$instrument) {
 
@@ -45,66 +45,59 @@
     //Check what database table is associated with this instrument
     echo "Instrument: $testName ($fullName)\n";
 
-    $table = $instrument->table;
-
-    if (in_array($table, $verifiedTables, true)) {
-        echo "\tTable $table has already been verified. skipping.\n";
+    if (in_array($testName, $verifiedInstruments, true)) {
+        echo "\tInstrument $testName has already been verified. skipping.\n";
         continue;
     } else {
         //Add table name to repertoire to make sure it is not checked again
         //in case 2+ instruments use the same table
-        $verifiedTables[] = $table;
+        $verifiedInstruments[] = $testName;
     }
 
-    if (!$DB->tableExists($table)) {
-        echo "\tTable $table for instrument $testName does not exist in the ".
-            "Database\n";
-        continue;
-    } else if (strpos('_proband', $testName) !== false) {
+    if (strpos('_proband', $testName) !== false) {
         echo "\t$testName is a Proband instrument and should be handled ".
             "separately.\n";
         continue;
     }
 
+    $form = array_keys($instrument->form->form);
     // Skip if Date taken does not exist
-    if (!$DB->columnExists($table, 'Date_taken')) {
+    if (!in_array('Date_taken', $form)) {
         echo "\t"
         . "$testName does not use a `Date_taken` field and should be ".
             "handled separately."
         . "\n";
         continue;
     }
-    // Skip if Date taken does not exist
-    if (!$DB->columnExists($table, 'Candidate_Age')) {
+    // Skip if Candidate Age does not exist
+    if (!in_array('Candidate_Age', $form)) {
         echo "\t"
         . "$testName does not use a `Candidate_Age` field "
         . "and should be handled separately.\n";
         continue;
     }
 
-    //Get instrument SQL table
-    $DBInstTable = $DB->pselect(
-        "SELECT i.CommentID, Date_taken, Candidate_Age
-         FROM $table i
-            LEFT JOIN flag f ON (i.commentID=f.CommentID)
-            LEFT JOIN session s ON (f.SessionID=s.ID)
-            LEFT JOIN candidate c ON (s.CandID=c.CandID)
-         WHERE c.Active='Y' AND s.Active='Y'",
+    //Get CommentID list
+    $CommentIDs = $DB->pselectCol(
+        "SELECT f.CommentID FROM flag f
+            JOIN session s ON s.ID=f.SessionID
+            JOIN candidate c ON c.CandID=s.CandID
+        WHERE c.Active='Y' AND s.Active='Y'",
         []
     );
 
-    foreach ($DBInstTable as $k => $row) {
+    foreach ($CommentIDs as $commentID) {
         // Get Instrument Instance with commentID
         try {
             $instrument = NDB_BVL_Instrument::factory(
                 $lorisInstance,
                 $testName,
-                $row['CommentID'],
+                $commentID,
                 '',
                 false
             );
         } catch (Exception $e) {
-            echo "\t$testName instrument row with CommentID: ".$row['CommentID'].
+            echo "\t$testName instrument row with CommentID: ".$commentID.
                 " was ignored for one of the following reasons:\n".
                 "  - The candidate is inactive.\n".
                 "  - The session is inactive.\n\n";
@@ -114,21 +107,21 @@
         if (!$instrument) {
             // instrument does not exist
             echo "\t"
-            . "$testName for CommentID:$row[CommentID] could not be instantiated."
+            . "$testName for CommentID:$commentID could not be instantiated."
             . "\n";
             continue;
         }
 
-        $dateTaken = $row['Date_taken'];
-        $commentID = $row['CommentID'];
+        $data      = $instrument->getInstanceData();
+        $dateTaken = $data['Date_taken'] ?? null;
 
         // Flag for problem with date
         $trouble =false;
-        if (!empty($row['Date_taken'])) {
+        if (!empty($dateTaken)) {
             // Check if age is null OR if wrong age
-            if (empty($row['Candidate_Age'])) {
+            if (empty($data['Candidate_Age'])) {
                 // Null age
-                $nullAges[$testName][$commentID] = $row['CommentID'];
+                $nullAges[$testName][$commentID] = $commentID;
                 $trouble =true;
             } else {
                 // get Age from instrument class
@@ -137,10 +130,9 @@
                     $calculatedAge
                 );
                 //Compare age to value saved in the instrument table
-                $DBAge = $instrument->getFieldValue('Candidate_Age');
+                $DBAge = $data['Candidate_Age'];
 
                 if ($calculatedAgeMonths != $DBAge) {
-                    //$incorrectAges[] = $row;
                     $incorrectAges[$testName][$commentID] = [
                         'cal' => $calculatedAgeMonths,
                         'db'  => $DBAge,
diff --git a/tools/single_use/instrument_double_escape_report.php b/tools/single_use/instrument_double_escape_report.php
index 4dbe91f6cbf..a6e8a36b581 100644
--- a/tools/single_use/instrument_double_escape_report.php
+++ b/tools/single_use/instrument_double_escape_report.php
@@ -123,7 +123,7 @@
     foreach ($instrumentData as $cid => $instrumentCandData) {
         foreach ($instrumentCandData as $field => $value) {
             // regex detecting any escaped character in the database
-            if (!empty($value) && preg_match('/&(amp;)+(gt;|lt;|quot;|amp;)/', $value)) {
+            if (!empty($value) && is_string($value) && preg_match('/&(amp;)+(gt;|lt;|quot;|amp;)/', $value)) {
                 $escapedEntries[$tableName][$cid][$field] = $value;
                 $escapedFields[$tableName][] = $field;
                 $errorsDetected = true;
diff --git a/webpack.config.js b/webpack.config.js
index 97468f50659..7389527aaa0 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -25,7 +25,6 @@ const optimization = {
 
 const resolve = {
   alias: {
-    util: path.resolve(__dirname, './htdocs/js/util'),
     jsx: path.resolve(__dirname, './jsx'),
     jslib: path.resolve(__dirname, './jslib'),
     Breadcrumbs: path.resolve(__dirname, './jsx/Breadcrumbs'),
@@ -323,6 +322,7 @@ const lorisModules = {
   statistics: ['WidgetIndex'],
   instruments: ['CandidateInstrumentList', 'ControlpanelDeleteInstrumentData'],
   api_docs: ['swagger-ui_custom'],
+  dashboard: ['welcome'],
 };
 for (const [key] of Object.entries(lorisModules)) {
   const target = process.env.target;