diff --git a/extensions/approval/extend.php b/extensions/approval/extend.php
index 85801046c..3323d1e12 100644
--- a/extensions/approval/extend.php
+++ b/extensions/approval/extend.php
@@ -7,9 +7,10 @@
  * LICENSE file that was distributed with this source code.
  */
 
-use Flarum\Api\Serializer\BasicDiscussionSerializer;
-use Flarum\Api\Serializer\PostSerializer;
+use Flarum\Api\Resource;
 use Flarum\Approval\Access;
+use Flarum\Approval\Api\DiscussionResourceFields;
+use Flarum\Approval\Api\PostResourceFields;
 use Flarum\Approval\Event\PostWasApproved;
 use Flarum\Approval\Listener;
 use Flarum\Discussion\Discussion;
@@ -36,17 +37,11 @@ return [
         ->default('is_approved', true)
         ->cast('is_approved', 'bool'),
 
-    (new Extend\ApiSerializer(BasicDiscussionSerializer::class))
-        ->attribute('isApproved', function (BasicDiscussionSerializer $serializer, Discussion $discussion): bool {
-            return $discussion->is_approved;
-        }),
+    (new Extend\ApiResource(Resource\DiscussionResource::class))
+        ->fields(DiscussionResourceFields::class),
 
-    (new Extend\ApiSerializer(PostSerializer::class))
-        ->attribute('isApproved', function ($serializer, Post $post) {
-            return (bool) $post->is_approved;
-        })->attribute('canApprove', function (PostSerializer $serializer, Post $post) {
-            return (bool) $serializer->getActor()->can('approvePosts', $post->discussion);
-        }),
+    (new Extend\ApiResource(Resource\PostResource::class))
+        ->fields(PostResourceFields::class),
 
     new Extend\Locales(__DIR__.'/locale'),
 
diff --git a/extensions/approval/src/Api/DiscussionResourceFields.php b/extensions/approval/src/Api/DiscussionResourceFields.php
new file mode 100644
index 000000000..d41e8dcf2
--- /dev/null
+++ b/extensions/approval/src/Api/DiscussionResourceFields.php
@@ -0,0 +1,15 @@
+<?php
+
+namespace Flarum\Approval\Api;
+
+use Flarum\Api\Schema;
+
+class DiscussionResourceFields
+{
+    public function __invoke(): array
+    {
+        return [
+            Schema\Boolean::make('isApproved'),
+        ];
+    }
+}
diff --git a/extensions/approval/src/Api/PostResourceFields.php b/extensions/approval/src/Api/PostResourceFields.php
new file mode 100644
index 000000000..1c7f1524b
--- /dev/null
+++ b/extensions/approval/src/Api/PostResourceFields.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace Flarum\Approval\Api;
+
+use Flarum\Api\Context;
+use Flarum\Api\Schema;
+use Flarum\Post\Post;
+
+class PostResourceFields
+{
+    public function __invoke(): array
+    {
+        return [
+            Schema\Boolean::make('isApproved')
+                ->writable(fn (Post $post, Context $context) => $context->getActor()->can('approve', $post)),
+            Schema\Boolean::make('canApprove')
+                ->get(fn (Post $post, Context $context) => $context->getActor()->can('approvePosts', $post->discussion)),
+        ];
+    }
+}
diff --git a/extensions/approval/tests/integration/api/ApprovePostsTest.php b/extensions/approval/tests/integration/api/ApprovePostsTest.php
new file mode 100644
index 000000000..420f9c244
--- /dev/null
+++ b/extensions/approval/tests/integration/api/ApprovePostsTest.php
@@ -0,0 +1,125 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Approval\Tests\integration\api;
+
+use Carbon\Carbon;
+use Flarum\Approval\Tests\integration\InteractsWithUnapprovedContent;
+use Flarum\Group\Group;
+use Flarum\Testing\integration\RetrievesAuthorizedUsers;
+use Flarum\Testing\integration\TestCase;
+use Illuminate\Support\Arr;
+
+class ApprovePostsTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+    use InteractsWithUnapprovedContent;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->extension('flarum-approval');
+
+        $this->prepareDatabase([
+            'users' => [
+                ['id' => 1, 'username' => 'Muralf', 'email' => 'muralf@machine.local', 'is_email_confirmed' => 1],
+                $this->normalUser(),
+                ['id' => 3, 'username' => 'acme', 'email' => 'acme@machine.local', 'is_email_confirmed' => 1],
+                ['id' => 4, 'username' => 'luceos', 'email' => 'luceos@machine.local', 'is_email_confirmed' => 1],
+            ],
+            'discussions' => [
+                ['id' => 1, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 1, 'comment_count' => 1, 'is_approved' => 1],
+            ],
+            'posts' => [
+                ['id' => 1, 'discussion_id' => 1, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'hidden_at' => 0, 'is_approved' => 1, 'number' => 1],
+                ['id' => 2, 'discussion_id' => 1, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'hidden_at' => 0, 'is_approved' => 1, 'number' => 2],
+                ['id' => 3, 'discussion_id' => 1, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'hidden_at' => 0, 'is_approved' => 0, 'number' => 3],
+                ['id' => 4, 'discussion_id' => 1, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'hidden_at' => Carbon::now(), 'is_approved' => 1, 'number' => 4],
+                ['id' => 5, 'discussion_id' => 1, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'hidden_at' => 0, 'is_approved' => 0, 'number' => 5],
+            ],
+            'groups' => [
+                ['id' => 4, 'name_singular' => 'Acme', 'name_plural' => 'Acme', 'is_hidden' => 0],
+                ['id' => 5, 'name_singular' => 'Acme', 'name_plural' => 'Acme', 'is_hidden' => 0],
+            ],
+            'group_user' => [
+                ['user_id' => 3, 'group_id' => 4],
+            ],
+            'group_permission' => [
+                ['group_id' => 4, 'permission' => 'discussion.approvePosts'],
+            ]
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function can_approve_unapproved_post()
+    {
+        $response = $this->send(
+            $this->request('PATCH', '/api/posts/3', [
+                'authenticatedAs' => 3,
+                'json' => [
+                    'data' => [
+                        'attributes' => [
+                            'isApproved' => true
+                        ]
+                    ]
+                ]
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode(), $response->getBody()->getContents());
+        $this->assertEquals(1, $this->database()->table('posts')->where('id', 3)->where('is_approved', 1)->count());
+    }
+
+    /**
+     * @test
+     */
+    public function cannot_approve_post_without_permission()
+    {
+        $response = $this->send(
+            $this->request('PATCH', '/api/posts/3', [
+                'authenticatedAs' => 4,
+                'json' => [
+                    'data' => [
+                        'attributes' => [
+                            'isApproved' => true
+                        ]
+                    ]
+                ]
+            ])
+        );
+
+        $this->assertEquals(403, $response->getStatusCode(), $response->getBody()->getContents());
+        $this->assertEquals(0, $this->database()->table('posts')->where('id', 3)->where('is_approved', 1)->count());
+    }
+
+    /**
+     * @test
+     */
+    public function hiding_post_silently_approves_it()
+    {
+        $response = $this->send(
+            $this->request('PATCH', '/api/posts/5', [
+                'authenticatedAs' => 3,
+                'json' => [
+                    'data' => [
+                        'attributes' => [
+                            'isHidden' => true
+                        ]
+                    ]
+                ]
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode(), $response->getBody()->getContents());
+        $this->assertEquals(1, $this->database()->table('posts')->where('id', 5)->where('is_approved', 1)->count());
+    }
+}
diff --git a/extensions/approval/tests/integration/api/CreatePostsTest.php b/extensions/approval/tests/integration/api/CreatePostsTest.php
new file mode 100644
index 000000000..9a005dd2c
--- /dev/null
+++ b/extensions/approval/tests/integration/api/CreatePostsTest.php
@@ -0,0 +1,154 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Approval\Tests\integration\api;
+
+use Carbon\Carbon;
+use Flarum\Approval\Tests\integration\InteractsWithUnapprovedContent;
+use Flarum\Group\Group;
+use Flarum\Testing\integration\RetrievesAuthorizedUsers;
+use Flarum\Testing\integration\TestCase;
+use Illuminate\Support\Arr;
+
+class CreatePostsTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+    use InteractsWithUnapprovedContent;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->extension('flarum-approval');
+
+        $this->prepareDatabase([
+            'users' => [
+                ['id' => 1, 'username' => 'Muralf', 'email' => 'muralf@machine.local', 'is_email_confirmed' => 1],
+                $this->normalUser(),
+                ['id' => 3, 'username' => 'acme', 'email' => 'acme@machine.local', 'is_email_confirmed' => 1],
+                ['id' => 4, 'username' => 'luceos', 'email' => 'luceos@machine.local', 'is_email_confirmed' => 1],
+            ],
+            'discussions' => [
+                ['id' => 1, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 1, 'comment_count' => 1, 'is_approved' => 1],
+                ['id' => 2, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 2, 'comment_count' => 1, 'is_approved' => 0],
+                ['id' => 3, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 3, 'comment_count' => 1, 'is_approved' => 0],
+            ],
+            'posts' => [
+                ['id' => 1, 'discussion_id' => 1, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 1],
+                ['id' => 2, 'discussion_id' => 1, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 2],
+                ['id' => 3, 'discussion_id' => 1, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 3],
+                ['id' => 4, 'discussion_id' => 2, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 1],
+                ['id' => 5, 'discussion_id' => 2, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 2],
+                ['id' => 6, 'discussion_id' => 2, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 3],
+                ['id' => 7, 'discussion_id' => 3, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 1],
+                ['id' => 8, 'discussion_id' => 3, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 2],
+                ['id' => 9, 'discussion_id' => 3, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 0, 'number' => 3],
+            ],
+            'groups' => [
+                ['id' => 4, 'name_singular' => 'Acme', 'name_plural' => 'Acme', 'is_hidden' => 0],
+                ['id' => 5, 'name_singular' => 'Acme', 'name_plural' => 'Acme', 'is_hidden' => 0],
+            ],
+            'group_user' => [
+                ['user_id' => 3, 'group_id' => 4],
+                ['user_id' => 2, 'group_id' => 5],
+            ],
+            'group_permission' => [
+                ['group_id' => 4, 'permission' => 'discussion.startWithoutApproval'],
+                ['group_id' => 5, 'permission' => 'discussion.replyWithoutApproval'],
+            ]
+        ]);
+    }
+
+    /**
+     * @dataProvider startDiscussionDataProvider
+     * @test
+     */
+    public function can_start_discussion_without_approval_when_allowed(int $authenticatedAs, bool $allowed)
+    {
+        $this->database()->table('group_permission')->where('group_id', Group::MEMBER_ID)->where('permission', 'discussion.startWithoutApproval')->delete();
+
+        $response = $this->send(
+            $this->request('POST', '/api/discussions', [
+                'authenticatedAs' => $authenticatedAs,
+                'json' => [
+                    'data' => [
+                        'type' => 'discussions',
+                        'attributes' => [
+                            'title' => 'This is a new discussion',
+                            'content' => 'This is a new discussion',
+                        ]
+                    ]
+                ]
+            ])
+        );
+
+        $body = $response->getBody()->getContents();
+        $json = json_decode($body, true);
+
+        $this->assertEquals(201, $response->getStatusCode(), $body);
+        $this->assertEquals($allowed ? 1 : 0, $this->database()->table('discussions')->where('id', $json['data']['id'])->value('is_approved'));
+    }
+
+    /**
+     * @dataProvider replyToDiscussionDataProvider
+     * @test
+     */
+    public function can_reply_without_approval_when_allowed(?int $authenticatedAs, bool $allowed)
+    {
+        $this->database()->table('group_permission')->where('group_id', Group::MEMBER_ID)->where('permission', 'discussion.replyWithoutApproval')->delete();
+
+        $response = $this->send(
+            $this->request('POST', '/api/posts', [
+                'authenticatedAs' => $authenticatedAs,
+                'json' => [
+                    'data' => [
+                        'type' => 'posts',
+                        'attributes' => [
+                            'content' => 'This is a new reply',
+                        ],
+                        'relationships' => [
+                            'discussion' => [
+                                'data' => [
+                                    'type' => 'discussions',
+                                    'id' => 1
+                                ]
+                            ]
+                        ]
+                    ]
+                ]
+            ])
+        );
+
+        $body = $response->getBody()->getContents();
+        $json = json_decode($body, true);
+
+        $this->assertEquals(201, $response->getStatusCode(), $body);
+        $this->assertEquals($allowed ? 1 : 0, $this->database()->table('posts')->where('id', $json['data']['id'])->value('is_approved'));
+    }
+
+    public static function startDiscussionDataProvider(): array
+    {
+        return [
+            'Admin' => [1, true],
+            'User without permission' => [2, false],
+            'Permission Given' => [3, true],
+            'Another user without permission' => [4, false],
+        ];
+    }
+
+    public static function replyToDiscussionDataProvider(): array
+    {
+        return [
+            'Admin' => [1, true],
+            'User without permission' => [3, false],
+            'Permission Given' => [2, true],
+            'Another user without permission' => [4, false],
+        ];
+    }
+}