diff --git a/apps/emqx/src/emqx_authentication.erl b/apps/emqx/src/emqx_authentication.erl
index c96db115f..5ee8b2815 100644
--- a/apps/emqx/src/emqx_authentication.erl
+++ b/apps/emqx/src/emqx_authentication.erl
@@ -251,7 +251,7 @@ authenticator_id(Config) ->
     emqx_authentication_config:authenticator_id(Config).
 
 %% @doc Call this API to initialize authenticators implemented in another APP.
--spec initialize_authentication(chain_name(), config()) -> ok.
+-spec initialize_authentication(chain_name(), [config()]) -> ok.
 initialize_authentication(_, []) -> ok;
 initialize_authentication(ChainName, AuthenticatorsConfig) ->
     _ = create_chain(ChainName),
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index f9b429e16..245d7d5fc 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -1042,7 +1042,7 @@ In case PSK cipher suites are intended, make sure to configured
     , {"ciphers", ciphers_schema(D("ciphers"))}
     , {user_lookup_fun,
        sc(typerefl:alias("string", any()),
-          #{ default => "emqx_tls_psk:lookup"
+          #{ default => <<"emqx_tls_psk:lookup">>
            , converter => fun ?MODULE:parse_user_lookup_fun/1
            })
       }
@@ -1191,17 +1191,21 @@ RSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"</code><br>
            _ -> ""
        end}).
 
-default_ciphers(undefined) ->
-    default_ciphers(tls_all_available);
-default_ciphers(quic) -> [
+default_ciphers(Which) ->
+    lists:map(fun erlang:iolist_to_binary/1,
+              do_default_ciphers(Which)).
+
+do_default_ciphers(undefined) ->
+    do_default_ciphers(tls_all_available);
+do_default_ciphers(quic) -> [
     "TLS_AES_256_GCM_SHA384",
     "TLS_AES_128_GCM_SHA256",
     "TLS_CHACHA20_POLY1305_SHA256"
     ];
-default_ciphers(dtls_all_available) ->
+do_default_ciphers(dtls_all_available) ->
     %% as of now, dtls does not support tlsv1.3 ciphers
     emqx_tls_lib:selected_ciphers(['dtlsv1.2', 'dtlsv1']);
-default_ciphers(tls_all_available) ->
+do_default_ciphers(tls_all_available) ->
     emqx_tls_lib:default_ciphers().
 
 %% @private return a list of keys in a parent field
diff --git a/apps/emqx_authn/src/emqx_authn_app.erl b/apps/emqx_authn/src/emqx_authn_app.erl
index 393f381bc..f6e02a665 100644
--- a/apps/emqx_authn/src/emqx_authn_app.erl
+++ b/apps/emqx_authn/src/emqx_authn_app.erl
@@ -25,6 +25,8 @@
         , stop/1
         ]).
 
+-dialyzer({nowarn_function, [start/2]}).
+
 %%------------------------------------------------------------------------------
 %% APIs
 %%------------------------------------------------------------------------------
diff --git a/apps/emqx_authn/src/emqx_authn_schema.erl b/apps/emqx_authn/src/emqx_authn_schema.erl
index ca5fe3cc7..c0f16b3f3 100644
--- a/apps/emqx_authn/src/emqx_authn_schema.erl
+++ b/apps/emqx_authn/src/emqx_authn_schema.erl
@@ -19,8 +19,15 @@
 -include_lib("typerefl/include/types.hrl").
 
 -export([ common_fields/0
+        , roots/0
+        , fields/1
         ]).
 
+%% just a stub, never used at root level
+roots() -> [].
+
+fields(_) -> [].
+
 common_fields() ->
     [ {enable, fun enable/1}
     ].
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_http.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
index 5ee7a8db8..bbfdaf319 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
@@ -102,7 +102,7 @@ body(validator) -> [fun check_body/1];
 body(_) -> undefined.
 
 request_timeout(type) -> emqx_schema:duration_ms();
-request_timeout(default) -> "5s";
+request_timeout(default) -> <<"5s">>;
 request_timeout(_) -> undefined.
 
 %%------------------------------------------------------------------------------
diff --git a/apps/emqx_authn/test/emqx_authn_api_SUITE.erl b/apps/emqx_authn/test/emqx_authn_api_SUITE.erl
new file mode 100644
index 000000000..54c689747
--- /dev/null
+++ b/apps/emqx_authn/test/emqx_authn_api_SUITE.erl
@@ -0,0 +1,100 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_api_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-include("emqx_authz.hrl").
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+
+
+-define(HOST, "http://127.0.0.1:18083/").
+-define(API_VERSION, "v5").
+-define(BASE_PATH, "api").
+
+all() ->
+    emqx_common_test_helpers:all(?MODULE).
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    ok = emqx_common_test_helpers:start_apps([emqx_authn, emqx_dashboard], fun set_special_configs/1),
+    Config.
+
+end_per_suite(_Config) ->
+    emqx_common_test_helpers:stop_apps([emqx_authn, emqx_dashboard]),
+    ok.
+
+set_special_configs(emqx_dashboard) ->
+    Config = #{
+        default_username => <<"admin">>,
+        default_password => <<"public">>,
+        listeners => [#{
+            protocol => http,
+            port => 18083
+        }]
+    },
+    emqx_config:put([emqx_dashboard], Config),
+    emqx_config:put([node, data_dir], "data"),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
+t_create_http_authn(_) ->
+    {ok, 200, _} = request(post, uri(["authentication"]),
+                           emqx_authn_test_lib:http_example()),
+    {ok, 200, _} = request(get, uri(["authentication"])).
+
+request(Method, Url) ->
+    request(Method, Url, []).
+
+request(Method, Url, Body) ->
+    Request =
+        case Body of
+            [] ->
+                {Url, [auth_header()]};
+            _ ->
+                {Url, [auth_header()], "application/json", to_json(Body)}
+    end,
+    ct:pal("Method: ~p, Request: ~p", [Method, Request]),
+    case httpc:request(Method, Request, [], [{body_format, binary}]) of
+        {error, socket_closed_remotely} ->
+            {error, socket_closed_remotely};
+        {ok, {{"HTTP/1.1", Code, _}, _Headers, Return} } ->
+            {ok, Code, Return};
+        {ok, {Reason, _, _}} ->
+            {error, Reason}
+    end.
+
+uri() -> uri([]).
+uri(Parts) when is_list(Parts) ->
+    NParts = [E || E <- Parts],
+    ?HOST ++ filename:join([?BASE_PATH, ?API_VERSION | NParts]).
+
+get_sources(Result) -> jsx:decode(Result).
+
+auth_header() ->
+    Username = <<"admin">>,
+    Password = <<"public">>,
+    {ok, Token} = emqx_dashboard_admin:sign_token(Username, Password),
+    {"Authorization", "Bearer " ++ binary_to_list(Token)}.
+
+to_json(Hocon) ->
+    {ok, Map} =hocon:binary(Hocon),
+    jiffy:encode(Map).
diff --git a/apps/emqx_authn/test/emqx_authn_test_lib.erl b/apps/emqx_authn/test/emqx_authn_test_lib.erl
new file mode 100644
index 000000000..e30854318
--- /dev/null
+++ b/apps/emqx_authn/test/emqx_authn_test_lib.erl
@@ -0,0 +1,38 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_test_lib).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+http_example() ->
+"""
+{
+  mechanism = \"password-based\"
+  backend = http
+  method = post
+  url = \"http://127.0.0.2:8080\"
+  headers = {\"content-type\" = \"application/json\"}
+  body = {username = \"${username}\",
+          password = \"${password}\"}
+  pool_size = 8
+  connect_timeout = 5000
+  request_timeout = 5000
+  enable_pipelining = true
+  ssl = {enable = false}
+}
+""".
diff --git a/apps/emqx_connector/src/emqx_connector_http.erl b/apps/emqx_connector/src/emqx_connector_http.erl
index 7c71e09b3..c724ddb7a 100644
--- a/apps/emqx_connector/src/emqx_connector_http.erl
+++ b/apps/emqx_connector/src/emqx_connector_http.erl
@@ -93,7 +93,7 @@ base_url(validator) -> fun(#{query := _Query}) ->
 base_url(_) -> undefined.
 
 connect_timeout(type) -> emqx_schema:duration_ms();
-connect_timeout(default) -> "5s";
+connect_timeout(default) -> <<"5s">>;
 connect_timeout(_) -> undefined.
 
 max_retries(type) -> non_neg_integer();
@@ -101,7 +101,7 @@ max_retries(default) -> 5;
 max_retries(_) -> undefined.
 
 retry_interval(type) -> emqx_schema:duration();
-retry_interval(default) -> "1s";
+retry_interval(default) -> <<"1s">>;
 retry_interval(_) -> undefined.
 
 pool_type(type) -> pool_type();