diff --git a/spec/controllers/api/accounts_controller_spec.rb b/spec/controllers/api/accounts_controller_spec.rb
new file mode 100644
index 0000000..6b52c88
--- /dev/null
+++ b/spec/controllers/api/accounts_controller_spec.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::AccountsController, type: :controller do
+  let(:current_user) { create(:user, first_name: 'Current') }
+  let(:new_acc) { create(:account, name: 'New Acc') }
+  let(:different_user) { create(:user, first_name: 'Different') }
+  let(:new_auth) { create(:account_auth, account: new_acc, user: different_user)}
+
+  describe '#show' do
+    it 'responds with accounts info for the current user' do
+      sign_in_to_api(current_user)
+
+      get :show
+
+      expect(response).to be_successful
+
+      current_user.accounts.each do |acc|
+        expect(response.body).to have_content acc.name
+
+        acc.users.each do |user|
+          expect(response.body).to have_content user.full_name
+          expect(response.body).to have_content user.email
+        end
+      end
+    end
+
+    it 'does not include other users accounts' do
+      different_user.update(account_auths: [new_auth])
+
+      sign_in_to_api(current_user)
+
+      get :show
+
+      expect(response).to be_successful
+
+      different_user.accounts.each do |acc|
+        expect(response.body).not_to have_content acc.name
+
+        acc.users.each do |user|
+          expect(response.body).not_to have_content user.full_name
+          expect(response.body).not_to have_content user.email
+        end
+      end
+    end
+  end
+end