diff --git a/spec/controllers/api/v1/statuses/pins_controller_spec.rb b/spec/controllers/api/v1/statuses/pins_controller_spec.rb
deleted file mode 100644
index 8bdaf8b54..000000000
--- a/spec/controllers/api/v1/statuses/pins_controller_spec.rb
+++ /dev/null
@@ -1,57 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Api::V1::Statuses::PinsController do
-  render_views
-
-  let(:user)  { Fabricate(:user) }
-  let(:app)   { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
-  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'write:accounts', application: app) }
-
-  context 'with an oauth token' do
-    before do
-      allow(controller).to receive(:doorkeeper_token) { token }
-    end
-
-    describe 'POST #create' do
-      let(:status) { Fabricate(:status, account: user.account) }
-
-      before do
-        post :create, params: { status_id: status.id }
-      end
-
-      it 'returns http success' do
-        expect(response).to have_http_status(200)
-      end
-
-      it 'updates the pinned attribute' do
-        expect(user.account.pinned?(status)).to be true
-      end
-
-      it 'return json with updated attributes' do
-        hash_body = body_as_json
-
-        expect(hash_body[:id]).to eq status.id.to_s
-        expect(hash_body[:pinned]).to be true
-      end
-    end
-
-    describe 'POST #destroy' do
-      let(:status) { Fabricate(:status, account: user.account) }
-
-      before do
-        Fabricate(:status_pin, status: status, account: user.account)
-        post :destroy, params: { status_id: status.id }
-      end
-
-      it 'returns http success' do
-        expect(response).to have_http_status(200)
-      end
-
-      it 'updates the pinned attribute' do
-        expect(user.account.pinned?(status)).to be false
-      end
-    end
-  end
-end
diff --git a/spec/requests/api/v1/statuses/pins_spec.rb b/spec/requests/api/v1/statuses/pins_spec.rb
new file mode 100644
index 000000000..db07fa424
--- /dev/null
+++ b/spec/requests/api/v1/statuses/pins_spec.rb
@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'Pins' do
+  let(:user)    { Fabricate(:user) }
+  let(:scopes)  { 'write:accounts' }
+  let(:token)   { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
+  let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
+
+  describe 'POST /api/v1/statuses/:status_id/pin' do
+    subject do
+      post "/api/v1/statuses/#{status.id}/pin", headers: headers
+    end
+
+    let(:status) { Fabricate(:status, account: user.account) }
+
+    it_behaves_like 'forbidden for wrong scope', 'read read:accounts'
+
+    context 'when the status is public' do
+      it 'pins the status successfully', :aggregate_failures do
+        subject
+
+        expect(response).to have_http_status(200)
+        expect(user.account.pinned?(status)).to be true
+      end
+
+      it 'return json with updated attributes' do
+        subject
+
+        expect(body_as_json).to match(
+          a_hash_including(id: status.id.to_s, pinned: true)
+        )
+      end
+    end
+
+    context 'when the status is private' do
+      let(:status) { Fabricate(:status, account: user.account, visibility: :private) }
+
+      it 'pins the status successfully', :aggregate_failures do
+        subject
+
+        expect(response).to have_http_status(200)
+        expect(user.account.pinned?(status)).to be true
+      end
+    end
+
+    context 'when the status belongs to somebody else' do
+      let(:status) { Fabricate(:status) }
+
+      it 'returns http unprocessable entity' do
+        subject
+
+        expect(response).to have_http_status(422)
+      end
+    end
+
+    context 'when the status does not exist' do
+      it 'returns http not found' do
+        post '/api/v1/statuses/-1/pin', headers: headers
+
+        expect(response).to have_http_status(404)
+      end
+    end
+
+    context 'without an authorization header' do
+      let(:headers) { {} }
+
+      it 'returns http unauthorized' do
+        subject
+
+        expect(response).to have_http_status(401)
+      end
+    end
+  end
+
+  describe 'POST /api/v1/statuses/:status_id/unpin' do
+    subject do
+      post "/api/v1/statuses/#{status.id}/unpin", headers: headers
+    end
+
+    let(:status) { Fabricate(:status, account: user.account) }
+
+    context 'when the status is pinned' do
+      before do
+        Fabricate(:status_pin, status: status, account: user.account)
+      end
+
+      it 'unpins the status successfully', :aggregate_failures do
+        subject
+
+        expect(response).to have_http_status(200)
+        expect(user.account.pinned?(status)).to be false
+      end
+
+      it 'return json with updated attributes' do
+        subject
+
+        expect(body_as_json).to match(
+          a_hash_including(id: status.id.to_s, pinned: false)
+        )
+      end
+    end
+
+    context 'when the status is not pinned' do
+      it 'returns http success' do
+        subject
+
+        expect(response).to have_http_status(200)
+      end
+    end
+
+    context 'when the status does not exist' do
+      it 'returns http not found' do
+        post '/api/v1/statuses/-1/unpin', headers: headers
+
+        expect(response).to have_http_status(404)
+      end
+    end
+
+    context 'without an authorization header' do
+      let(:headers) { {} }
+
+      it 'returns http unauthorized' do
+        subject
+
+        expect(response).to have_http_status(401)
+      end
+    end
+  end
+end