diff --git a/tests/fuzz/tokeninfo-no-access-token.yml b/tests/fuzz/tokeninfo-no-access-token.yml
new file mode 100644
index 00000000..15fbc8fa
--- /dev/null
+++ b/tests/fuzz/tokeninfo-no-access-token.yml
@@ -0,0 +1,14 @@
+url: 'http://localhost:8000/api.php/tokeninfo'
+request:
+    method: GET
+response:
+    statusCode: 400
+    headers:
+        Content-type: application/json
+    body:
+        -
+            key: error
+            value: "invalid_request"
+        -
+            key: message
+            value: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"access token\" parameter."
\ No newline at end of file
diff --git a/tests/fuzz/tokeninfo-no-invalid-token-query-string.yml b/tests/fuzz/tokeninfo-no-invalid-token-query-string.yml
new file mode 100644
index 00000000..4d60340b
--- /dev/null
+++ b/tests/fuzz/tokeninfo-no-invalid-token-query-string.yml
@@ -0,0 +1,14 @@
+url: 'http://localhost:8000/api.php/tokeninfo?access_token=foobar'
+request:
+    method: GET
+response:
+    statusCode: 400
+    headers:
+        Content-type: application/json
+    body:
+        -
+            key: error
+            value: "invalid_request"
+        -
+            key: message
+            value: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"access token\" parameter."
\ No newline at end of file
diff --git a/tests/fuzz/tokeninfo-no-invalid-token.yml b/tests/fuzz/tokeninfo-no-invalid-token.yml
new file mode 100644
index 00000000..30ee8887
--- /dev/null
+++ b/tests/fuzz/tokeninfo-no-invalid-token.yml
@@ -0,0 +1,18 @@
+url: 'http://localhost:8000/api.php/tokeninfo'
+request:
+    method: GET
+    headers:
+        -
+            key: Authorization
+            value: Bearer foobar
+response:
+    statusCode: 401
+    headers:
+        Content-type: application/json
+    body:
+        -
+            key: error
+            value: "access_denied"
+        -
+            key: message
+            value: "The resource owner or authorization server denied the request."
\ No newline at end of file
diff --git a/tests/fuzz/tokeninfo-valid-token.yml b/tests/fuzz/tokeninfo-valid-token.yml
new file mode 100644
index 00000000..d7ec6b3a
--- /dev/null
+++ b/tests/fuzz/tokeninfo-valid-token.yml
@@ -0,0 +1,24 @@
+url: 'http://localhost:8000/api.php/tokeninfo'
+request:
+    method: GET
+    headers:
+        -
+            key: Authorization
+            value: "Bearer iamgod"
+response:
+    statusCode: 200
+    headers:
+        Content-type: application/json
+    body:
+        -
+            key: owner_id
+            value: testclient
+        -
+            key: owner_type
+            value: client
+        -
+            key: access_token
+            value: iamgod
+        -
+            key: client_id
+            value: testclient
\ No newline at end of file