diff --git a/src/Module/Api/Twitter/Lists/Statuses.php b/src/Module/Api/Twitter/Lists/Statuses.php
index d647e4a27..9763e4575 100644
--- a/src/Module/Api/Twitter/Lists/Statuses.php
+++ b/src/Module/Api/Twitter/Lists/Statuses.php
@@ -40,23 +40,23 @@ class Statuses extends BaseApi
 		BaseApi::checkAllowedScope(BaseApi::SCOPE_READ);
 		$uid = BaseApi::getCurrentUserID();
 
-		if (empty($_REQUEST['list_id'])) {
+		if (empty($request['list_id'])) {
 			throw new BadRequestException('list_id not specified');
 		}
 
 		// params
-		$count           = $_REQUEST['count']    ?? 20;
-		$page            = $_REQUEST['page']     ?? 1;
-		$since_id        = $_REQUEST['since_id'] ?? 0;
-		$max_id          = $_REQUEST['max_id']   ?? 0;
-		$exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0);
-		$conversation_id = $_REQUEST['conversation_id'] ?? 0;
+		$count           = $request['count']    ?? 20;
+		$page            = $request['page']     ?? 1;
+		$since_id        = $request['since_id'] ?? 0;
+		$max_id          = $request['max_id']   ?? 0;
+		$exclude_replies = (!empty($request['exclude_replies']) ? 1 : 0);
+		$conversation_id = $request['conversation_id'] ?? 0;
 
 		$start = max(0, ($page - 1) * $count);
 
-		$groups    = DBA::selectToArray('group_member', ['contact-id'], ['gid' => 1]);
+		$groups    = DBA::selectToArray('group_member', ['contact-id'], ['gid' => $request['list_id']]);
 		$gids      = array_column($groups, 'contact-id');
-		$condition = ['uid' => $uid, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], 'group-id' => $gids];
+		$condition = ['uid' => $uid, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], 'contact-id' => $gids];
 		$condition = DBA::mergeConditions($condition, ["`id` > ?", $since_id]);
 
 		if ($max_id > 0) {
@@ -75,7 +75,7 @@ class Statuses extends BaseApi
 		$params   = ['order' => ['id' => true], 'limit' => [$start, $count]];
 		$statuses = Post::selectForUser($uid, [], $condition, $params);
 
-		$include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true');
+		$include_entities = strtolower(($request['include_entities'] ?? 'false') == 'true');
 
 		$items = [];
 		while ($status = DBA::fetch($statuses)) {
diff --git a/tests/datasets/api.fixture.php b/tests/datasets/api.fixture.php
index 014692ccd..e85313ca6 100644
--- a/tests/datasets/api.fixture.php
+++ b/tests/datasets/api.fixture.php
@@ -827,6 +827,13 @@ return [
 			'name'    => 'Private list',
 		],
 	],
+	'group_member' => [
+		[
+			'id' => 1,
+			'gid' => 1,
+			'contact-id' => 42,
+		],
+	],
 	'search' => [
 		[
 			'id'   => 1,
diff --git a/tests/src/Module/Api/Twitter/Lists/StatusesTest.php b/tests/src/Module/Api/Twitter/Lists/StatusesTest.php
index 8dcb9d331..5d989b71e 100644
--- a/tests/src/Module/Api/Twitter/Lists/StatusesTest.php
+++ b/tests/src/Module/Api/Twitter/Lists/StatusesTest.php
@@ -2,6 +2,10 @@
 
 namespace Friendica\Test\src\Module\Api\Twitter\Lists;
 
+use Friendica\App\Router;
+use Friendica\DI;
+use Friendica\Module\Api\Twitter\Lists\Statuses;
+use Friendica\Network\HTTPException\BadRequestException;
 use Friendica\Test\src\Module\Api\ApiTest;
 
 class StatusesTest extends ApiTest
@@ -13,37 +17,41 @@ class StatusesTest extends ApiTest
 	 */
 	public function testApiListsStatuses()
 	{
-		// $this->expectException(\Friendica\Network\HTTPException\BadRequestException::class);
-		// api_lists_statuses('json');
+		$this->expectException(BadRequestException::class);
+
+		$lists = new Statuses(DI::app(), DI::l10n(), DI::baseUrl(), DI::args(), DI::logger(), DI::profiler(), DI::apiResponse(), ['REQUEST_METHOD' => Router::GET]);
+		$lists->run();
 	}
 
 	/**
 	 * Test the api_lists_statuses() function with a list ID.
-	 * @doesNotPerformAssertions
 	 */
 	public function testApiListsStatusesWithListId()
 	{
-		/*
-		$_REQUEST['list_id'] = 1;
-		$_REQUEST['page']    = -1;
-		$_REQUEST['max_id']  = 10;
-		$result              = api_lists_statuses('json');
-		foreach ($result['status'] as $status) {
-			self::assertStatus($status);
+		$lists    = new Statuses(DI::app(), DI::l10n(), DI::baseUrl(), DI::args(), DI::logger(), DI::profiler(), DI::apiResponse(), ['REQUEST_METHOD' => Router::GET]);
+		$response = $lists->run(['list_id' => 1, 'page' => -1, 'max_id' => 10]);
+
+		$body = (string)$response->getBody();
+
+		self::assertJson($body);
+
+		$json = json_decode($body);
+
+		foreach ($json as $status) {
+			self::assertIsString($status->text);
+			self::assertIsInt($status->id);
 		}
-		*/
 	}
 
 	/**
 	 * Test the api_lists_statuses() function with a list ID and a RSS result.
-	 *
-	 * @return void
 	 */
 	public function testApiListsStatusesWithListIdAndRss()
 	{
-		// $_REQUEST['list_id'] = 1;
-		// $result              = api_lists_statuses('rss');
-		// self::assertXml($result, 'statuses');
+		$lists    = new Statuses(DI::app(), DI::l10n(), DI::baseUrl(), DI::args(), DI::logger(), DI::profiler(), DI::apiResponse(), ['REQUEST_METHOD' => Router::GET], ['extension' => 'rss']);
+		$response = $lists->run(['list_id' => 1]);
+
+		self::assertXml((string)$response->getBody());
 	}
 
 	/**
@@ -53,6 +61,8 @@ class StatusesTest extends ApiTest
 	 */
 	public function testApiListsStatusesWithUnallowedUser()
 	{
+		self::markTestIncomplete('Needs BasicAuth as dynamic method for overriding first');
+
 		// $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class);
 		// BasicAuth::setCurrentUserID();
 		// api_lists_statuses('json');