diff --git a/src/applinks.js b/src/applinks.js
index 9b307e594..f7a5eb3d8 100644
--- a/src/applinks.js
+++ b/src/applinks.js
@@ -59,7 +59,7 @@ async function amendIconAndLabel(applink) {
     if (applink.favicon && applink.label) return;
 
     const [error, response] = await safe(superagent.get(applink.upstreamUri));
-    if (error || !response.text) throw new BoxError(BoxError.BAD_FIELD, 'cannot fetch applink icon');
+    if (error || !response.text) throw new BoxError(BoxError.BAD_FIELD, 'cannot fetch upstream uri for favicon and label');
 
     const dom = new jsdom.JSDOM(response.text);
     if (!applink.icon) {
@@ -92,6 +92,11 @@ async function add(applink) {
 
     debug(`add: ${applink.upstreamUri}`, applink);
 
+    if (applink.icon) {
+        if (!validator.isBase64(applink.icon)) throw new BoxError(BoxError.BAD_FIELD, 'icon is not base64');
+        applink.icon = Buffer.from(applink.icon, 'base64');
+    }
+
     await amendIconAndLabel(applink);
 
     const data = {
diff --git a/src/test/applinks-test.js b/src/test/applinks-test.js
index eae0d7a81..89863d880 100644
--- a/src/test/applinks-test.js
+++ b/src/test/applinks-test.js
@@ -30,11 +30,11 @@ describe('Applinks', function () {
     };
 
     it('can add applink', async function () {
-        APPLINK_0.id = await applinks.add(APPLINK_0);
+        APPLINK_0.id = await applinks.add(JSON.parse(JSON.stringify(APPLINK_0)));
     });
 
     it('can add second applink with attributes', async function () {
-        APPLINK_1.id = await applinks.add(APPLINK_1);
+        APPLINK_1.id = await applinks.add(JSON.parse(JSON.stringify(APPLINK_1)));
     });
 
     it('can list all without accessRestriction', async function () {
@@ -48,7 +48,7 @@ describe('Applinks', function () {
         expect(result[1].label).to.eql(APPLINK_1.label);
         expect(result[1].accessRestriction).to.eql(APPLINK_1.accessRestriction);
         expect(result[1].tags).to.eql(APPLINK_1.tags);
-        expect(result[1].icon.toString()).to.eql(APPLINK_1.icon);
+        expect(result[1].icon.toString('base64')).to.eql(APPLINK_1.icon);
     });
 
     it('cannot get applink with wrong id', async function () {
@@ -70,11 +70,23 @@ describe('Applinks', function () {
         expect(result.label).to.eql(APPLINK_1.label);
         expect(result.accessRestriction).to.eql(APPLINK_1.accessRestriction);
         expect(result.tags).to.eql(APPLINK_1.tags);
-        expect(result.icon.toString()).to.eql(APPLINK_1.icon);
+        expect(result.icon.toString('base64')).to.eql(APPLINK_1.icon);
     });
 
     it('can update applink', async function () {
-        // TODO
+        APPLINK_0.upstreamUri = 'https://duckduckgo.com';
+        APPLINK_0.icon = APPLINK_1.icon;
+
+        await applinks.update(APPLINK_0.id, JSON.parse(JSON.stringify(APPLINK_0)));
+
+        const result = await applinks.get(APPLINK_0.id);
+        expect(result.upstreamUri).to.equal('https://duckduckgo.com');
+        expect(result.icon.toString('base64')).to.eql(APPLINK_1.icon);
+    });
+
+    it('can get applink icon', async function () {
+        const result = await applinks.getIcon(APPLINK_0.id);
+        expect(result.toString('base64')).to.eql(APPLINK_1.icon);
     });
 
     it('cannot remove applink with wrong id', async function () {