diff --git a/app/tests/test_order.py b/app/tests/test_order.py
new file mode 100644
index 0000000000000000000000000000000000000000..6707e87f2165b44e5396f857651b2dc33e910ec1
--- /dev/null
+++ b/app/tests/test_order.py
@@ -0,0 +1,329 @@
+import pytest
+from fastapi import HTTPException
+from datetime import datetime
+from app.backend.models.models import User, Shop, Product, Order, OrderItem, Payment
+from app.backend.schemas.order import OrderCreate, OrderItemCreate
+from app.backend.utils.hashing import hash_password
+
+
+@pytest.fixture
+def test_user(db_session):
+    user = User(
+        username="testuser",
+        email="test@example.com",
+        password=hash_password("password123"),
+        phone_number="1234567890",
+        role="shop_owner",
+    )
+    db_session.add(user)
+    db_session.commit()
+    return user
+
+
+@pytest.fixture
+def test_shop(db_session, test_user):
+    shop = Shop(
+        owner_id=test_user.id,
+        name="Test Shop",
+        description="Test Shop Description",
+        address="Hanoi, Vietnam",
+        latitude=51.0,
+        longitude=-2.0,
+    )
+    db_session.add(shop)
+    db_session.commit()
+    return shop
+
+
+@pytest.fixture
+def test_product(db_session, test_shop):
+    product = Product(
+        shop_id=test_shop.id,
+        name="Test Product",
+        description="Test Description",
+        price=10.0,
+        stock=100,
+    )
+    db_session.add(product)
+    db_session.commit()
+    return product
+
+
+@pytest.fixture
+def test_payment(db_session, test_user):
+    payment = Payment(
+        user_id=test_user.id,
+        payment_method="Credit Card",
+        card_number="4111111111111111",
+        cvv="123",
+        expiry_date="12/25",
+    )
+    db_session.add(payment)
+    db_session.commit()
+    return payment
+
+
+def test_create_order(client, test_user, test_shop, test_product, test_payment):
+    # Login user
+    login_response = client.post(
+        "/auth/login", json={"email": "test@example.com", "password": "password123"}
+    )
+    token = login_response.json()["access_token"]
+
+    order_data = {
+        "shop_id": test_shop.id,
+        "payment_id": test_payment.id,
+        "items": [{"product_id": test_product.id, "quantity": 2}],
+        "delivery_address": "1 Westminster Bridge Rd, London SE1 7PB, UK",  # More specific address
+    }
+
+    response = client.post(
+        "/order/", json=order_data, headers={"Authorization": f"Bearer {token}"}
+    )
+
+    assert response.status_code == 200
+    data = response.json()
+    assert data["shop_id"] == test_shop.id
+    assert len(data["order_items"]) == 1
+
+
+def test_get_user_orders(client, test_user, test_shop, test_product, test_payment):
+    # Login user
+    login_response = client.post(
+        "/auth/login", json={"email": "test@example.com", "password": "password123"}
+    )
+    token = login_response.json()["access_token"]
+
+    # Create an order first
+    order_data = {
+        "shop_id": test_shop.id,
+        "payment_id": test_payment.id,
+        "items": [{"product_id": test_product.id, "quantity": 2}],
+        "delivery_address": "1 Westminster Bridge Rd, London SE1 7PB, UK",  # More specific address
+    }
+
+    client.post(
+        "/order/", json=order_data, headers={"Authorization": f"Bearer {token}"}
+    )
+
+    # Get user orders
+    response = client.get("/order/list", headers={"Authorization": f"Bearer {token}"})
+
+    assert response.status_code == 200
+    data = response.json()
+    assert len(data) >= 1
+    assert data[0]["shop_id"] == test_shop.id
+
+
+def test_get_shop_orders(client, test_user, test_shop, test_product, test_payment):
+    # Login user
+    login_response = client.post(
+        "/auth/login", json={"email": "test@example.com", "password": "password123"}
+    )
+    token = login_response.json()["access_token"]
+
+    # Create an order
+    order_data = {
+        "shop_id": test_shop.id,
+        "payment_id": test_payment.id,
+        "items": [{"product_id": test_product.id, "quantity": 2}],
+        "delivery_address": "1 Westminster Bridge Rd, London SE1 7PB, UK",  # More specific address
+    }
+
+    client.post(
+        "/order/", json=order_data, headers={"Authorization": f"Bearer {token}"}
+    )
+
+    # Get shop orders
+    response = client.get(
+        f"/order/shop/{test_shop.id}", headers={"Authorization": f"Bearer {token}"}
+    )
+
+    assert response.status_code == 200
+    data = response.json()
+    assert len(data) >= 1
+    assert data[0]["shop_id"] == test_shop.id
+
+
+def test_add_to_cart(client, test_user, test_shop, test_product):
+    # Login user
+    login_response = client.post(
+        "/auth/login", json={"email": "test@example.com", "password": "password123"}
+    )
+    token = login_response.json()["access_token"]
+
+    cart_data = {"shop_id": test_shop.id, "product_id": test_product.id, "quantity": 2}
+
+    response = client.post(
+        "/order/cart/add", json=cart_data, headers={"Authorization": f"Bearer {token}"}
+    )
+
+    assert response.status_code == 200
+    assert "message" in response.json()
+
+
+def test_view_cart(client, test_user, test_shop, test_product):
+    # Login and add item to cart first
+    login_response = client.post(
+        "/auth/login", json={"email": "test@example.com", "password": "password123"}
+    )
+    token = login_response.json()["access_token"]
+
+    # Add item to cart
+    cart_data = {"shop_id": test_shop.id, "product_id": test_product.id, "quantity": 2}
+    client.post(
+        "/order/cart/add", json=cart_data, headers={"Authorization": f"Bearer {token}"}
+    )
+
+    # View cart
+    response = client.get(
+        "/order/cart/view-items", headers={"Authorization": f"Bearer {token}"}
+    )
+
+    assert response.status_code == 200
+    data = response.json()
+    assert "items" in data
+    assert len(data["items"]) >= 1
+
+
+def test_remove_from_cart(client, test_user, test_shop, test_product):
+    # Login and add item to cart first
+    login_response = client.post(
+        "/auth/login", json={"email": "test@example.com", "password": "password123"}
+    )
+    token = login_response.json()["access_token"]
+
+    # Add item to cart
+    cart_data = {"shop_id": test_shop.id, "product_id": test_product.id, "quantity": 2}
+    client.post(
+        "/order/cart/add", json=cart_data, headers={"Authorization": f"Bearer {token}"}
+    )
+
+    # Remove item from cart
+    response = client.delete(
+        f"/order/cart/remove/{test_product.id}",
+        headers={"Authorization": f"Bearer {token}"},
+    )
+
+    assert response.status_code == 200
+    assert "message" in response.json()
+
+
+def test_cart_checkout(client, test_user, test_shop, test_product, test_payment):
+    # Login and add item to cart first
+    login_response = client.post(
+        "/auth/login", json={"email": "test@example.com", "password": "password123"}
+    )
+    token = login_response.json()["access_token"]
+
+    # Add item to cart
+    cart_data = {"shop_id": test_shop.id, "product_id": test_product.id, "quantity": 2}
+    client.post(
+        "/order/cart/add", json=cart_data, headers={"Authorization": f"Bearer {token}"}
+    )
+
+    # Checkout cart
+    checkout_data = {
+        "delivery_address": "1 Westminster Bridge Rd, London SE1 7PB, UK",
+        "payment_id": test_payment.id,
+    }
+
+    response = client.post(
+        "/order/cart/checkout",
+        json=checkout_data,
+        headers={"Authorization": f"Bearer {token}"},
+    )
+
+    assert response.status_code == 200
+    assert "order_ids" in response.json()
+
+
+def test_update_order_status(client, test_user, test_shop, test_product, test_payment):
+    # Login and create order first
+    login_response = client.post(
+        "/auth/login", json={"email": "test@example.com", "password": "password123"}
+    )
+    token = login_response.json()["access_token"]
+
+    # Create an order
+    order_data = {
+        "shop_id": test_shop.id,
+        "payment_id": test_payment.id,
+        "items": [{"product_id": test_product.id, "quantity": 2}],
+        "delivery_address": "1 Westminster Bridge Rd, London SE1 7PB, UK",
+    }
+
+    order_response = client.post(
+        "/order/", json=order_data, headers={"Authorization": f"Bearer {token}"}
+    )
+    order_id = order_response.json()["id"]
+
+    # Update order status
+    status_data = {"status": "processing"}
+
+    response = client.put(
+        f"/order/update_status/{order_id}",
+        json=status_data,
+        headers={"Authorization": f"Bearer {token}"},
+    )
+
+    assert response.status_code == 200
+    assert response.json()["status"] == "processing"
+
+
+def test_get_specific_order(client, test_user, test_shop, test_product, test_payment):
+    # Login and create order first
+    login_response = client.post(
+        "/auth/login", json={"email": "test@example.com", "password": "password123"}
+    )
+    token = login_response.json()["access_token"]
+
+    # Create an order
+    order_data = {
+        "shop_id": test_shop.id,
+        "payment_id": test_payment.id,
+        "items": [{"product_id": test_product.id, "quantity": 2}],
+        "delivery_address": "1 Westminster Bridge Rd, London SE1 7PB, UK",
+    }
+
+    order_response = client.post(
+        "/order/", json=order_data, headers={"Authorization": f"Bearer {token}"}
+    )
+    order_id = order_response.json()["id"]
+
+    # Get specific order
+    response = client.get(
+        f"/order/{order_id}", headers={"Authorization": f"Bearer {token}"}
+    )
+
+    assert response.status_code == 200
+    assert response.json()["id"] == order_id
+
+
+def test_delete_order(client, test_user, test_shop, test_product, test_payment):
+    # Login and create order first
+    login_response = client.post(
+        "/auth/login", json={"email": "test@example.com", "password": "password123"}
+    )
+    token = login_response.json()["access_token"]
+
+    # Create an order
+    order_data = {
+        "shop_id": test_shop.id,
+        "payment_id": test_payment.id,
+        "items": [{"product_id": test_product.id, "quantity": 2}],
+        "delivery_address": "1 Westminster Bridge Rd, London SE1 7PB, UK",
+    }
+
+    order_response = client.post(
+        "/order/", json=order_data, headers={"Authorization": f"Bearer {token}"}
+    )
+    order_id = order_response.json()["id"]
+
+    # Delete order
+    response = client.delete(
+        f"/order/{order_id}", headers={"Authorization": f"Bearer {token}"}
+    )
+
+    assert response.status_code == 200
+    assert "message" in response.json()