diff --git a/appstore.js b/appstore.js
index b9b9c61..8850738 100644
--- a/appstore.js
+++ b/appstore.js
@@ -16,6 +16,11 @@ function AppStore(origin) {
         password: null,
         accessToken: null
     };
+
+    this._adminCredentials = {
+        password: null,
+        accessToken: null
+    };
 }
 
 AppStore.prototype.getAccessToken = function (user) {
@@ -33,6 +38,10 @@ AppStore.prototype.setCredentials = function (password, accessToken) {
     this._credentials = { password: password, accessToken: accessToken };
 };
 
+AppStore.prototype.setAdminCredentials = function (password, accessToken) {
+    this._adminCredentials = { password: password, accessToken: accessToken };
+};
+
 AppStore.prototype.getCloudrons = function () {
     var res = request.get(this._origin + '/api/v1/cloudrons').query({ accessToken: this._credentials.accessToken, page: 1, per_page: 50 }).end();
     return res.body.boxes;
@@ -87,11 +96,12 @@ AppStore.prototype.createCloudron = function (box) {
     return res.body.box;
 };
 
+// Only allowed by admins
 AppStore.prototype.deleteCloudron = function (box) {
     var res = request.post(this._origin + '/api/v1/cloudrons/' + box.id)
-        .query({ accessToken: this._credentials.accessToken })
+        .query({ accessToken: this._adminCredentials.accessToken })
         .set('X-HTTP-Method-Override', 'DELETE')
-        .send({ password: this._credentials.password })
+        .send({ password: this._adminCredentials.password })
         .end();
    common. verifyResponse(res, 'Could not delete cloudron');
 
diff --git a/common.js b/common.js
index d22afde..401137f 100644
--- a/common.js
+++ b/common.js
@@ -15,6 +15,7 @@ exports = module.exports = {
     verifyResponse: verifyResponse,
     verifyResponse2: verifyResponse2,
     getOwner: getOwner,
+    getAdmin: getAdmin,
     stripeSecret: stripeSecret,
     stripUnreachable: stripUnreachable
 };
@@ -65,6 +66,14 @@ function getOwner() {
     };
 }
 
+function getAdmin() {
+    return {
+        username: process.env.APPSTORE_ADMIN_USERNAME || gEcosystem.env.APPSTORE_ADMIN_USERNAME,
+        password: process.env.APPSTORE_ADMIN_PASSWORD || gEcosystem.env.APPSTORE_ADMIN_PASSWORD,
+        email: process.env.APPSTORE_ADMIN_EMAIL || gEcosystem.env.APPSTORE_ADMIN_EMAIL
+    };
+}
+
 function stripeSecret() {
     return process.env.STRIPE_SECRET || gEcosystem.env.STRIPE_SECRET;
 }
diff --git a/test/000-cleanup.js b/test/000-cleanup.js
index 920dbe2..776e4b5 100644
--- a/test/000-cleanup.js
+++ b/test/000-cleanup.js
@@ -19,18 +19,22 @@ describe('Cleanup old cloudrons', function () {
     var appStore = new AppStore('https://api.staging.cloudron.io');
 
     var owner = common.getOwner();
+    var admin = common.getAdmin();
     var cloudrons;
 
     it('can login to the store', function () {
         var accessToken = appStore.getAccessToken(owner);
         appStore.setCredentials(owner.password, accessToken);
+
+        var adminAccessToken = appStore.getAccessToken(admin);
+        appStore.setCredentials(admin.password, adminAccessToken);
     });
 
     it('can list cloudrons', function () {
         cloudrons = appStore.getCloudrons();
     });
 
-    it('can delete the cloudrons', function () {
+    it('admin can delete the cloudrons', function () {
         for (var i = 0; i < cloudrons.length; i++) {
             appStore.deleteCloudron(cloudrons[i]);
         }
diff --git a/test/app-flow-test.js b/test/app-flow-test.js
index 35f5be2..fc03de8 100644
--- a/test/app-flow-test.js
+++ b/test/app-flow-test.js
@@ -24,11 +24,15 @@ describe('Application flow test', function () {
     var appStore = new AppStore('https://api.staging.cloudron.io');
 
     var owner = common.getOwner();
+    var admin = common.getAdmin();
     var cloudron, appId, box;
 
     it('can login to the store', function () {
         var accessToken = appStore.getAccessToken(owner);
         appStore.setCredentials(owner.password, accessToken);
+
+        var adminAccessToken = appStore.getAccessToken(admin);
+        appStore.setCredentials(admin.password, adminAccessToken);
     });
 
     it('can create a cloudron', function () {
diff --git a/test/cloudron-backup-test.js b/test/cloudron-backup-test.js
index 3d1547e..14efc16 100644
--- a/test/cloudron-backup-test.js
+++ b/test/cloudron-backup-test.js
@@ -26,11 +26,15 @@ describe('Cloudron backup testing', function () {
     var appStore = new AppStore('https://api.staging.cloudron.io');
 
     var owner = common.getOwner();
+    var admin = common.getAdmin();
     var cloudron, appId, box, backupInfo;
 
     it('can login to the store', function () {
         var accessToken = appStore.getAccessToken(owner);
         appStore.setCredentials(owner.password, accessToken);
+
+        var adminAccessToken = appStore.getAccessToken(admin);
+        appStore.setCredentials(admin.password, adminAccessToken);
     });
 
     it('can create a cloudron', function () {
diff --git a/test/cloudron-update-test.js b/test/cloudron-update-test.js
index d7597c0..50aa2ef 100644
--- a/test/cloudron-update-test.js
+++ b/test/cloudron-update-test.js
@@ -28,6 +28,7 @@ describe('Cloudron update testing', function () {
     var appStore = new AppStore('https://api.staging.cloudron.io');
 
     var owner = common.getOwner();
+    var admin = common.getAdmin();
     var res, fromVersion, toVersion, cloudron, appId, box, nextVersion;
 
     before('can release a fake version to staging', function () {
@@ -52,6 +53,9 @@ describe('Cloudron update testing', function () {
     it('can login to the store', function () {
         var accessToken = appStore.getAccessToken(owner);
         appStore.setCredentials(owner.password, accessToken);
+
+        var adminAccessToken = appStore.getAccessToken(admin);
+        appStore.setCredentials(admin.password, adminAccessToken);
     });
 
     it('can create a cloudron', function () {
diff --git a/test/cloudron-user-test.js b/test/cloudron-user-test.js
index 03a36ad..8cdb5ad 100644
--- a/test/cloudron-user-test.js
+++ b/test/cloudron-user-test.js
@@ -23,11 +23,15 @@ describe('Cloudron user creation testing', function () {
     var appStore = new AppStore('https://api.staging.cloudron.io');
 
     var owner = common.getOwner();
+    var admin = common.getAdmin();
     var cloudron, box, newUser;
 
     it('can login to the store', function () {
         var accessToken = appStore.getAccessToken(owner);
         appStore.setCredentials(owner.password, accessToken);
+
+        var adminAccessToken = appStore.getAccessToken(admin);
+        appStore.setCredentials(admin.password, adminAccessToken);
     });
 
     it('can create a cloudron', function () {
diff --git a/test/new-user-test.js b/test/new-user-test.js
index a0b5d3c..3174eba 100644
--- a/test/new-user-test.js
+++ b/test/new-user-test.js
@@ -25,11 +25,15 @@ describe('Appstore new user flow', function () {
     var appStore = new AppStore('https://api.staging.cloudron.io');
 
     var owner = common.getOwner();
+    var admin = common.getAdmin();
     var cloudron, appId, box;
 
     it('can login to the store', function () {
         var accessToken = appStore.getAccessToken(owner);
         appStore.setCredentials(owner.password, accessToken);
+
+        var adminAccessToken = appStore.getAccessToken(admin);
+        appStore.setCredentials(admin.password, adminAccessToken);
     });
 
     it('can get profile', function () {