Update OpenAPI docs for GitHub pages

[WIFI-11729] Fix: gh-pages file
Signed-off-by: Dmitry Dunaev <dmitry@opsfleet.com>
2025-10-29 18:02:29 +00:00 · 2022-11-29 11:37:02 +00:00 · 2022-11-29 14:35:38 +03:00 · 2022-11-29 14:32:18 +03:00 · 2022-11-29 14:28:32 +03:00 · 2022-11-27 21:31:44 -08:00
216 changed files with 41823 additions and 8020 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -27,7 +27,7 @@ jobs:
      DOCKER_REGISTRY_USERNAME: ucentral
    steps:
    - name: Checkout actions repo
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
      with:
        repository: Telecominfraproject/.github
        path: github
@@ -58,11 +58,11 @@ jobs:
    - name: Get base branch name and set as output
      id: get_base_branch
      run: |
-        echo ::set-output name=branch::$(echo ${GITHUB_BASE_REF##*/})
-        echo ::set-output name=owgw_branch::$(echo ${GITHUB_BASE_REF##*/} | sed 's/main/master/g')
+        echo "branch=$(echo ${GITHUB_BASE_REF##*/})" >> $GITHUB_OUTPUT
+        echo "owgw_branch=$(echo ${GITHUB_BASE_REF##*/} | sed 's/main/master/g')" >> $GITHUB_OUTPUT

    - name: Checkout actions repo
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
      with:
        repository: Telecominfraproject/.github
        path: github
@@ -87,7 +87,7 @@ jobs:
      - docker
    steps:
    - name: Checkout actions repo
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
      with:
        repository: Telecominfraproject/.github
        path: github
--- a/.github/workflows/cleanup.yml
+++ b/.github/workflows/cleanup.yml
@@ -17,4 +17,10 @@ jobs:
    steps:
      - run: |
          export PR_BRANCH_TAG=$(echo ${GITHUB_HEAD_REF#refs/heads/} | tr '/' '-')
-          curl -uucentral:${{ secrets.DOCKER_REGISTRY_PASSWORD }} -X DELETE "https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral/owsec/$PR_BRANCH_TAG"
+
+          if [[ ! $PR_BRANCH_TAG =~ (main|master|release-*) ]]; then
+            echo "PR branch is $PR_BRANCH_TAG, deleting Docker image"
+            curl -s -uucentral:${{ secrets.DOCKER_REGISTRY_PASSWORD }} -X DELETE "https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral/owsec/$PR_BRANCH_TAG"
+          else
+            echo "PR branch is $PR_BRANCH_TAG, not deleting Docker image"
+          fi
--- a/.github/workflows/enforce-jira-issue-key.yml
+++ b/.github/workflows/enforce-jira-issue-key.yml
@@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout actions repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          repository: Telecominfraproject/.github
          path: github
--- a/.github/workflows/openapi-pages.yml
+++ b/.github/workflows/openapi-pages.yml
@@ -0,0 +1,38 @@
+name: Update OpenAPI docs on GitHub Pages
+
+on:
+  push:
+    paths:
+      - 'openapi/**'
+    branches:
+      - main
+  workflow_dispatch:
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  docsgen:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Generate static HTML page with docs from OpenAPI definition
+        run: |
+          docker run --rm -v "${PWD}:/local" openapitools/openapi-generator-cli:v6.2.1 generate -i https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentralsec/main/openpapi/owsec.yaml -g html2 --skip-validate-spec -o /local/
+
+      - name: Update OpenAPI docs
+        run: |
+          mkdir -p ~/.ssh
+          ssh-keyscan -H github.com >> ~/.ssh/known_hosts
+          echo https://tip-automation:${{ secrets.GIT_PUSH_PAT }}@github.com > ~/.git-credentials
+          git config --global credential.helper store
+          git config --global user.email "tip-automation@telecominfraproject.com"
+          git config --global user.name "TIP Automation User"
+          git pull
+          git checkout gh-pages || git checkout -b gh-pages
+          mv index.html docs/index.html
+          git add docs
+          git commit -m'Update OpenAPI docs for GitHub pages'
+          git push --set-upstream origin gh-pages
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,7 +17,7 @@ jobs:
      HELM_REPO_USERNAME: ucentral
    steps:
      - name: Checkout uCentral assembly chart repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          path: wlan-cloud-ucentralsec

--- a/.idea/.gitignore
+++ b/.idea/.gitignore
@@ -1,21 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml
-# Editor-based HTTP Client requests
-/httpRequests/
-/certs/
-/logs/
-*.csr
-*.db
-/docker-compose/certs/
-/docker-compose/*-data/data/
-/docker-compose/*-data/uploads/
-/docker-compose/.env
-/docker-compose/.env_*
-/cmake-build/
-*.pem
-result.json
-token.json
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.13)
-project(owsec VERSION 2.6.0)
+project(owsec VERSION 2.8.0)

 set(CMAKE_CXX_STANDARD 17)

@@ -32,12 +32,12 @@ endif()

 find_package(Git QUIET)
 if(GIT_FOUND AND EXISTS "${PROJECT_SOURCE_DIR}/.git")
-    execute_process(COMMAND ${GIT_EXECUTABLE} describe --always --tags
+    execute_process(COMMAND ${GIT_EXECUTABLE} rev-parse --short HEAD
            WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
            RESULT_VARIABLE GIT_RESULT
            OUTPUT_VARIABLE GIT_HASH)
    if(NOT GIT_RESULT EQUAL "0")
-        message(FATAL_ERROR "git describe --always --tags failed with ${GIT_RESULT}")
+        message(FATAL_ERROR "git rev-parse --short HEAD failed with ${GIT_RESULT}")
    endif()
    string(REGEX REPLACE "\n$" "" GIT_HASH "${GIT_HASH}")
 endif()
@@ -47,6 +47,7 @@ add_definitions(-DAWS_CUSTOM_MEMORY_MANAGEMENT)
 set(BUILD_SHARED_LIBS 1)

 add_definitions(-DTIP_SECURITY_SERVICE="1")
+add_definitions(-DPOCO_LOG_DEBUG="1")

 add_compile_options(-Wall -Wextra)
 if(ASAN)
@@ -74,18 +75,63 @@ add_executable( owsec
        src/framework/CountryCodes.h
        src/framework/KafkaTopics.h
        src/framework/MicroService.h
+        src/framework/OpenWifiTypes.h
        src/framework/orm.h
        src/framework/StorageClass.h
-        src/framework/ow_constants.h
-        src/framework/WebSocketClientNotifications.h
+        src/framework/MicroServiceErrorHandler.h
+        src/framework/UI_WebSocketClientServer.cpp
+        src/framework/UI_WebSocketClientServer.h
+        src/framework/UI_WebSocketClientNotifications.cpp
+        src/framework/UI_WebSocketClientNotifications.h
+        src/framework/utils.h
+        src/framework/utils.cpp
+        src/framework/AppServiceRegistry.h
+        src/framework/SubSystemServer.cpp
+        src/framework/SubSystemServer.h
+        src/framework/RESTAPI_utils.h
+        src/framework/AuthClient.cpp
+        src/framework/AuthClient.h
+        src/framework/MicroServiceNames.h
+        src/framework/MicroServiceFuncs.h
+        src/framework/OpenAPIRequests.cpp
+        src/framework/OpenAPIRequests.h
+        src/framework/MicroServiceFuncs.cpp
+        src/framework/ALBserver.cpp
+        src/framework/ALBserver.h
+        src/framework/KafkaManager.cpp
+        src/framework/KafkaManager.h
+        src/framework/RESTAPI_RateLimiter.h
+        src/framework/WebSocketLogger.h
+        src/framework/RESTAPI_GenericServerAccounting.h
+        src/framework/RESTAPI_SystemConfiguration.h
+        src/framework/CIDR.h
+        src/framework/RESTAPI_Handler.cpp
+        src/framework/RESTAPI_Handler.h
+        src/framework/RESTAPI_ExtServer.h
+        src/framework/RESTAPI_ExtServer.cpp
+        src/framework/RESTAPI_IntServer.cpp
+        src/framework/RESTAPI_IntServer.h
+        src/framework/RESTAPI_SystemCommand.h
+        src/framework/RESTAPI_WebSocketServer.h
+        src/framework/EventBusManager.cpp
+        src/framework/EventBusManager.h
+        src/framework/RESTAPI_PartHandler.h
+        src/framework/MicroService.cpp
+        src/framework/MicroServiceExtra.h
+
+        src/RESTObjects/RESTAPI_SecurityObjects.h src/RESTObjects/RESTAPI_SecurityObjects.cpp
+        src/RESTObjects/RESTAPI_GWobjects.h src/RESTObjects/RESTAPI_GWobjects.cpp
+        src/RESTObjects/RESTAPI_FMSObjects.h src/RESTObjects/RESTAPI_FMSObjects.cpp
+        src/RESTObjects/RESTAPI_CertObjects.cpp src/RESTObjects/RESTAPI_CertObjects.h
+        src/RESTObjects/RESTAPI_OWLSobjects.cpp src/RESTObjects/RESTAPI_OWLSobjects.h
+        src/RESTObjects/RESTAPI_ProvObjects.cpp src/RESTObjects/RESTAPI_ProvObjects.h
+        src/RESTObjects/RESTAPI_AnalyticsObjects.cpp src/RESTObjects/RESTAPI_AnalyticsObjects.h
+        src/RESTObjects/RESTAPI_SubObjects.cpp src/RESTObjects/RESTAPI_SubObjects.h
+
        src/seclibs/qrcode/qrcodegen.hpp src/seclibs/qrcode/qrcodegen.cpp
        src/seclibs/cpptotp/bytes.cpp src/seclibs/cpptotp/bytes.h
        src/seclibs/cpptotp/otp.cpp src/seclibs/cpptotp/otp.h
        src/seclibs/cpptotp/sha1.cpp src/seclibs/cpptotp/sha1.h
-        src/RESTObjects/RESTAPI_SecurityObjects.h src/RESTObjects/RESTAPI_SecurityObjects.cpp
-        src/RESTObjects/RESTAPI_ProvObjects.cpp src/RESTObjects/RESTAPI_ProvObjects.h
-        src/RESTObjects/RESTAPI_GWobjects.h src/RESTObjects/RESTAPI_GWobjects.cpp
-        src/RESTObjects/RESTAPI_FMSObjects.h src/RESTObjects/RESTAPI_FMSObjects.cpp
        src/RESTAPI/RESTAPI_oauth2_handler.h src/RESTAPI/RESTAPI_oauth2_handler.cpp
        src/RESTAPI/RESTAPI_users_handler.cpp src/RESTAPI/RESTAPI_users_handler.h
        src/RESTAPI/RESTAPI_user_handler.cpp src/RESTAPI/RESTAPI_user_handler.h
@@ -117,14 +163,19 @@ add_executable( owsec
        src/SMS_provider_twilio.cpp src/SMS_provider_twilio.h
        src/ActionLinkManager.cpp src/ActionLinkManager.h
        src/ACLProcessor.h
-        src/framework/OpenWifiTypes.h
        src/storage/orm_users.cpp src/storage/orm_users.h
        src/storage/orm_tokens.cpp src/storage/orm_tokens.h
        src/storage/orm_preferences.cpp src/storage/orm_preferences.h
        src/storage/orm_actionLinks.cpp src/storage/orm_actionLinks.h
        src/storage/orm_avatar.cpp src/storage/orm_avatar.h
        src/SpecialUserHelpers.h
-        src/RESTAPI/RESTAPI_db_helpers.h src/storage/orm_logins.cpp src/storage/orm_logins.h src/RESTAPI/RESTAPI_totp_handler.cpp src/RESTAPI/RESTAPI_totp_handler.h src/TotpCache.h src/RESTAPI/RESTAPI_subtotp_handler.cpp src/RESTAPI/RESTAPI_subtotp_handler.h src/RESTAPI/RESTAPI_signup_handler.cpp src/RESTAPI/RESTAPI_signup_handler.h)
+        src/RESTAPI/RESTAPI_db_helpers.h src/storage/orm_logins.cpp src/storage/orm_logins.h
+        src/RESTAPI/RESTAPI_totp_handler.cpp
+        src/RESTAPI/RESTAPI_totp_handler.h
+        src/TotpCache.h
+        src/RESTAPI/RESTAPI_subtotp_handler.cpp src/RESTAPI/RESTAPI_subtotp_handler.h
+        src/RESTAPI/RESTAPI_signup_handler.cpp src/RESTAPI/RESTAPI_signup_handler.h
+        src/MessagingTemplates.cpp src/MessagingTemplates.h src/RESTAPI/RESTAPI_apiKey_handler.cpp src/RESTAPI/RESTAPI_apiKey_handler.h src/storage/orm_apikeys.cpp src/storage/orm_apikeys.h src/RESTAPI/RESTAPI_validate_apikey.cpp src/RESTAPI/RESTAPI_validate_apikey.h)

 if(NOT SMALL_BUILD)
    target_link_libraries(owsec PUBLIC
@@ -138,4 +189,4 @@ if(NOT SMALL_BUILD)
    if(UNIX AND NOT APPLE)
        target_link_libraries(owsec PUBLIC PocoJSON)
    endif()
-endif()
+endif()
--- a/109
+++ b/109
@@ -1,16 +1,21 @@
-FROM alpine:3.15 AS build-base
+ARG DEBIAN_VERSION=11.5-slim
+ARG POCO_VERSION=poco-tip-v2
+ARG CPPKAFKA_VERSION=tip-v1

-RUN apk add --update --no-cache \
-    make cmake g++ git \
-    unixodbc-dev postgresql-dev mariadb-dev \
-    librdkafka-dev boost-dev openssl-dev \
-    zlib-dev nlohmann-json \
-    curl-dev
+FROM debian:$DEBIAN_VERSION AS build-base
+
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    make cmake g++ git curl zip unzip pkg-config \
+    libpq-dev libmariadb-dev libmariadbclient-dev-compat \
+    librdkafka-dev libboost-all-dev libssl-dev \
+    zlib1g-dev ca-certificates libcurl4-openssl-dev libfmt-dev

 FROM build-base AS poco-build

-ADD https://api.github.com/repos/stephb9959/poco/git/refs/heads/master version.json
-RUN git clone https://github.com/stephb9959/poco /poco
+ARG POCO_VERSION
+
+ADD https://api.github.com/repos/AriliaWireless/poco/git/refs/tags/${POCO_VERSION} version.json
+RUN git clone https://github.com/AriliaWireless/poco --branch ${POCO_VERSION} /poco

 WORKDIR /poco
 RUN mkdir cmake-build
@@ -19,22 +24,12 @@ RUN cmake ..
 RUN cmake --build . --config Release -j8
 RUN cmake --build . --target install

-FROM build-base AS fmtlib-build
-
-ADD https://api.github.com/repos/fmtlib/fmt/git/refs/heads/master version.json
-RUN git clone https://github.com/fmtlib/fmt /fmtlib
-
-WORKDIR /fmtlib
-RUN mkdir cmake-build
-WORKDIR cmake-build
-RUN cmake ..
-RUN make
-RUN make install
-
 FROM build-base AS cppkafka-build

-ADD https://api.github.com/repos/stephb9959/cppkafka/git/refs/heads/master version.json
-RUN git clone https://github.com/stephb9959/cppkafka /cppkafka
+ARG CPPKAFKA_VERSION
+
+ADD https://api.github.com/repos/AriliaWireless/cppkafka/git/refs/tags/${CPPKAFKA_VERSION} version.json
+RUN git clone https://github.com/AriliaWireless/cppkafka --branch ${CPPKAFKA_VERSION} /cppkafka

 WORKDIR /cppkafka
 RUN mkdir cmake-build
@@ -43,75 +38,47 @@ RUN cmake ..
 RUN cmake --build . --config Release -j8
 RUN cmake --build . --target install

-FROM build-base AS json-schema-validator-build
-
-ADD https://api.github.com/repos/pboettch/json-schema-validator/git/refs/heads/master version.json
-RUN git clone https://github.com/pboettch/json-schema-validator /json-schema-validator
-
-WORKDIR /json-schema-validator
-RUN mkdir cmake-build
-WORKDIR cmake-build
-RUN cmake ..
-RUN make
-RUN make install
-
-FROM build-base AS aws-sdk-cpp-build
-
-ADD https://api.github.com/repos/aws/aws-sdk-cpp/git/refs/heads/main version.json
-RUN git clone --recurse-submodules https://github.com/aws/aws-sdk-cpp /aws-sdk-cpp
-
-WORKDIR /aws-sdk-cpp
-RUN mkdir cmake-build
-WORKDIR cmake-build
-RUN cmake .. -DBUILD_ONLY="sns;s3" \
-             -DCMAKE_BUILD_TYPE=Release \
-             -DCMAKE_CXX_FLAGS="-Wno-error=stringop-overflow -Wno-error=uninitialized" \
-             -DAUTORUN_UNIT_TESTS=OFF
-RUN cmake --build . --config Release -j8
-RUN cmake --build . --target install
-
 FROM build-base AS owsec-build

 ADD CMakeLists.txt build /owsec/
+ADD overlays /owsec/overlays
 ADD cmake /owsec/cmake
 ADD src /owsec/src
 ADD .git /owsec/.git
+ARG VCPKG_VERSION=2022.11.14
+RUN git clone --depth 1 --branch ${VCPKG_VERSION} https://github.com/microsoft/vcpkg && \
+    ./vcpkg/bootstrap-vcpkg.sh && \
+    mkdir /vcpkg/custom-triplets && \
+    cp /vcpkg/triplets/x64-linux.cmake /vcpkg/custom-triplets/x64-linux.cmake && \
+    sed -i 's/set(VCPKG_LIBRARY.*/set(VCPKG_LIBRARY_LINKAGE dynamic)/g' /vcpkg/custom-triplets/x64-linux.cmake && \
+    ./vcpkg/vcpkg install aws-sdk-cpp[sns]:x64-linux json-schema-validator:x64-linux --overlay-triplets=/vcpkg/custom-triplets --overlay-ports=/owsec/overlays

 COPY --from=poco-build /usr/local/include /usr/local/include
 COPY --from=poco-build /usr/local/lib /usr/local/lib
 COPY --from=cppkafka-build /usr/local/include /usr/local/include
 COPY --from=cppkafka-build /usr/local/lib /usr/local/lib
-COPY --from=json-schema-validator-build /usr/local/include /usr/local/include
-COPY --from=json-schema-validator-build /usr/local/lib /usr/local/lib
-COPY --from=aws-sdk-cpp-build /usr/local/include /usr/local/include
-COPY --from=aws-sdk-cpp-build /usr/local/lib /usr/local/lib
-
-COPY --from=fmtlib-build /usr/local/include /usr/local/include
-COPY --from=fmtlib-build /usr/local/lib /usr/local/lib

 WORKDIR /owsec
 RUN mkdir cmake-build
 WORKDIR /owsec/cmake-build
-RUN cmake .. \
-          -Dcrypto_LIBRARY=/usr/lib/libcrypto.so \
-          -DBUILD_SHARED_LIBS=ON
+RUN cmake -DCMAKE_TOOLCHAIN_FILE=/vcpkg/scripts/buildsystems/vcpkg.cmake ..
 RUN cmake --build . --config Release -j8

-FROM alpine:3.15
+FROM debian:$DEBIAN_VERSION

 ENV OWSEC_USER=owsec \
    OWSEC_ROOT=/owsec-data \
    OWSEC_CONFIG=/owsec-data

-RUN addgroup -S "$OWSEC_USER" && \
-    adduser -S -G "$OWSEC_USER" "$OWSEC_USER"
+RUN useradd "$OWSEC_USER"

 RUN mkdir /openwifi
 RUN mkdir -p "$OWSEC_ROOT" "$OWSEC_CONFIG" && \
    chown "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG"

-RUN apk add --update --no-cache librdkafka su-exec gettext ca-certificates bash jq curl \
-    mariadb-connector-c libpq unixodbc postgresql-client
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    librdkafka++1 gosu gettext ca-certificates bash jq curl wget \
+    libmariadb-dev-compat libpq5 postgresql-client libfmt7

 COPY readiness_check /readiness_check
 COPY test_scripts/curl/cli /cli
@@ -122,14 +89,14 @@ COPY templates /dist/templates
 COPY docker-entrypoint.sh /
 COPY wait-for-postgres.sh /
 RUN wget https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentral-deploy/main/docker-compose/certs/restapi-ca.pem \
-    -O /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+    -O /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt

 COPY --from=owsec-build /owsec/cmake-build/owsec /openwifi/owsec
-COPY --from=cppkafka-build /cppkafka/cmake-build/src/lib/* /usr/local/lib
-COPY --from=poco-build /poco/cmake-build/lib/* /usr/local/lib
-COPY --from=aws-sdk-cpp-build /aws-sdk-cpp/cmake-build/aws-cpp-sdk-core/libaws-cpp-sdk-core.so /usr/local/lib
-COPY --from=aws-sdk-cpp-build /aws-sdk-cpp/cmake-build/aws-cpp-sdk-s3/libaws-cpp-sdk-s3.so /usr/local/lib
-COPY --from=aws-sdk-cpp-build /aws-sdk-cpp/cmake-build/aws-cpp-sdk-sns/libaws-cpp-sdk-sns.so /usr/local/lib
+COPY --from=owsec-build /vcpkg/installed/x64-linux/lib/ /usr/local/lib/
+COPY --from=cppkafka-build /cppkafka/cmake-build/src/lib/ /usr/local/lib/
+COPY --from=poco-build /poco/cmake-build/lib/ /usr/local/lib/
+
+RUN ldconfig

 EXPOSE 16001 17001 16101

--- a/OPERATOR.md
+++ b/OPERATOR.md
@@ -0,0 +1,37 @@
+# Operator Support
+In order to support multiple tenants and operators, you must prepare the security service to serve
+customized e-mails and messages.
+
+## Structure for `templates`
+Any file in the root of the directory will be used as defaults. The following files must be present:
+- email_invitation.html/txt : This email message will be sent to a newly added user. 
+- email_verification.html/txt : This email is sent when an email verification is required.
+- password_reset.html/txt : This is sent when a pasword reset is requested.
+- verification_code.html/txt : This is used during MFA when email based.
+- signup_verification.html/txt : This email is send to a new subscriber who signed up for service.
+- sub_email_verification.html/txt : This is sent to a subscriber requiring an email verification.
+- sub_verification_code.html/txt : This is used during MFA when email based for a subscriber.
+- logo.jpg : The default logo to use in any of these emails.
+
+## Structure for `wwwassets`
+Any file in the root of the directory will be used as defaults. The following files must be present:
+- email_verification_error.html : Used when email verification has failed.
+- email_verification_success.html : Used when emil verification has succeeded.
+- invitation_error.html :
+- invitation_success.html :
+- password_policy.html :
+- password_reset.html :
+- password_reset_success.html :
+- password_reset_error.html :
+- signup_verification.html :
+- signup_verification_error.html :
+- signup_verification_success.html :
+- favicon.ico : icon for the application
+- 404_error.html : your customized 404 page
+- the_logo : the logo to use.
+
+## For tenants
+When creating a tenant/operator, you must create a subdirectory inside each `wwwassets` and `templates` and replicate 
+all the files that appear at the root level. You need to use the short Operator name (also known as RegistrantId in the API). This means 
+no spaces, all lowercase characters and numbers. No special characters: 0-9 and a-z. 
+
--- a/2
+++ b/2
@@ -1 +1 @@
-57
+33
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -1,11 +1,11 @@
-#!/bin/sh
+#!/bin/bash
 set -e

 if [ "$SELFSIGNED_CERTS" = 'true' ]; then
    update-ca-certificates
 fi

-if [[ "$TEMPLATE_CONFIG" = 'true' && ! -f "$OWSEC_CONFIG"/owsec.properties ]]; then
+if [[ "$TEMPLATE_CONFIG" = 'true' ]]; then
  RESTAPI_HOST_ROOTCA=${RESTAPI_HOST_ROOTCA:-"\$OWSEC_ROOT/certs/restapi-ca.pem"} \
  RESTAPI_HOST_PORT=${RESTAPI_HOST_PORT:-"16001"} \
  RESTAPI_HOST_CERT=${RESTAPI_HOST_CERT:-"\$OWSEC_ROOT/certs/restapi-cert.pem"} \
@@ -23,6 +23,7 @@ if [[ "$TEMPLATE_CONFIG" = 'true' && ! -f "$OWSEC_CONFIG"/owsec.properties ]]; t
  SYSTEM_URI_PRIVATE=${SYSTEM_URI_PRIVATE:-"https://localhost:17001"} \
  SYSTEM_URI_PUBLIC=${SYSTEM_URI_PUBLIC:-"https://localhost:16001"} \
  SYSTEM_URI_UI=${SYSTEM_URI_UI:-"http://localhost"} \
+  SECURITY_RESTAPI_DISABLE=${SECURITY_RESTAPI_DISABLE:-"false"} \
  SERVICE_KEY=${SERVICE_KEY:-"\$OWSEC_ROOT/certs/restapi-key.pem"} \
  SERVICE_KEY_PASSWORD=${SERVICE_KEY_PASSWORD:-"mypassword"} \
  SMSSENDER_ENABLED=${SMSSENDER_ENABLED:-"false"} \
@@ -84,7 +85,7 @@ if [ "$1" = '/openwifi/owsec' -a "$(id -u)" = '0' ]; then
    if [ "$RUN_CHOWN" = 'true' ]; then
      chown -R "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG"
    fi
-    exec su-exec "$OWSEC_USER" "$@"
+    exec gosu "$OWSEC_USER" "$@"
 fi

 exec "$@"
--- a/docs/index.html
+++ b/docs/index.html
--- a/helm/.gitignore
+++ b/helm/.gitignore
@@ -1 +1,3 @@
 *.swp
+Chart.lock
+charts/
--- a/helm/README.md
+++ b/helm/README.md
@@ -70,8 +70,8 @@ The following table lists the configurable parameters of the chart and their def
 | persistence.size | string | Defines PV size | `'10Gi'` |
 | public_env_variables | hash | Defines list of environment variables to be passed to the Security | |
 | configProperties | hash | Configuration properties that should be passed to the application in `owsec.properties`. May be passed by key in set (i.e. `configProperties."rtty\.token"`) | |
-| certs | hash | Defines files (keys and certificates) that should be passed to the Security (PEM format is adviced to be used) (see `volumes.owsec` on where it is mounted) |  |
-
+| existingCertsSecret | string | Existing Kubernetes secret containing all required certificates and private keys for microservice operation. If set, certificates from `certs` key are ignored | `""` |
+| certs | hash | Defines files (keys and certificates) that should be passed to the Gateway (PEM format is adviced to be used) (see `volumes.owsec` on where it is mounted). If `existingCertsSecret` is set, certificates passed this way will not be used. |  |

 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

--- a/helm/templates/deployment.yaml
+++ b/helm/templates/deployment.yaml
@@ -1,4 +1,5 @@
 {{- $root := . -}}
+{{- $storageType := index .Values.configProperties "storage.type" -}}
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -46,6 +47,39 @@ spec:
            - -timeout
            - 600s

+{{- if eq $storageType "postgresql" }}
+        - name: wait-postgres
+          image: "{{ .Values.images.owsec.repository }}:{{ .Values.images.owsec.tag }}"
+          imagePullPolicy: {{ .Values.images.owsec.pullPolicy }}
+          command:
+            - /wait-for-postgres.sh
+            - {{ index .Values.configProperties "storage.type.postgresql.host" }}
+            - echo
+            - "PostgreSQL is ready"
+          env:
+            - name: KUBERNETES_DEPLOYED
+              value: "{{ now }}"
+          {{- range $key, $value := .Values.public_env_variables }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+          {{- end }}
+          {{- range $key, $value := .Values.secret_env_variables }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "owsec.fullname" $root }}-env
+                  key: {{ $key }}
+          {{- end }}
+          volumeMounts:
+          {{- range .Values.volumes.owsec }}
+          - name: {{ .name }}
+            mountPath: {{ .mountPath }}
+            {{- if .subPath }}
+            subPath: {{ .subPath }}
+            {{- end }}
+          {{- end }}
+{{- end }}
+
      containers:

        - name: owsec
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -71,7 +71,7 @@ volumes:
      mountPath: /owsec-data/certs
      volumeDefinition: |
        secret:
-          secretName: {{ include "owsec.fullname" . }}-certs
+          secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsec.fullname" . }}-certs{{ end }}
    # Change this if you want to use another volume type
    - name: persist
      mountPath: /owsec-data/persist
@@ -92,7 +92,7 @@ resources: {}
  #  memory: 128Mi

 securityContext:
-  fsGroup: 101
+  fsGroup: 1000

 nodeSelector: {}

@@ -228,6 +228,9 @@ configProperties:
  storage.type.mysql.username: stephb
  storage.type.mysql.password: snoopy99

+# NOTE: List of required certificates may be found in "certs" key. Alternative way to pass required certificates is to create external secret with all required certificates and set secret name in "existingCertsSecret" key. Details may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart#tldr
+existingCertsSecret: ""
+
 certs:
  # restapi-ca.pem: ""
  # restapi-cert.pem: ""
--- a/openpapi/owsec.yaml
+++ b/openpapi/owsec.yaml
@@ -17,6 +17,7 @@ servers:
 security:
  - bearerAuth: []
  - ApiKeyAuth: []
+  - ApiToken: []

 components:
  securitySchemes:
@@ -28,6 +29,10 @@ components:
      type: http
      scheme: bearer
      bearerFormat: JWT
+    ApiToken:
+      type: apiKey
+      in: header
+      name: X-API-TOKEN

  responses:
    NotFound:
@@ -164,18 +169,61 @@ components:
        aclTemplate:
          $ref: '#/components/schemas/AclTemplate'

-    ApiKeyCreationRequest:
+    ApiKeyAccessRight:
      type: object
      properties:
+        service:
+          type: string
+        access:
+          type: string
+          enum:
+            - read
+            - modify
+            - create
+            - delete
+            - noaccess
+
+    ApiKeyAccessRightList:
+      type: object
+      properties:
+        acls:
+          type: array
+          items:
+            $ref: '#/components/schemas/ApiKeyAccessRight'
+
+    ApiKeyEntry:
+      type: object
+      properties:
+        id:
+          type: string
+          format: uuid
+        userUuid:
+          type: string
+          format: uuid
        name:
          type: string
        description:
          type: string
+        apiKey:
+          type: string
+        salt:
+          type: string
        expiresOn:
          type: integer
          format: int64
+        lastUse:
+          type: integer
+          format: int64
        rights:
-          $ref: '#/components/schemas/AclTemplate'
+          $ref: '#/components/schemas/ApiKeyAccessRightList'
+
+    ApiKeyEntryList:
+      type: object
+      properties:
+        apiKeys:
+          type: array
+          items:
+            $ref: '#/components/schemas/ApiKeyEntry'

    ApiKeyCreationAnswer:
      type: object
@@ -194,7 +242,7 @@ components:
        apiKey:
          type: string
        rights:
-          $ref: '#/components/schemas/AclTemplate'
+          $ref: '#/components/schemas/ApiKeyAccessRights'

    AclTemplate:
      type: object
@@ -894,7 +942,7 @@ paths:
  /systemEndpoints:
    get:
      tags:
-        - Authentication
+        - System Commands
      summary: Retrieve the system layout.
      operationId: getSystemInfo
      responses:
@@ -1348,7 +1396,7 @@ paths:
  /email:
    post:
      tags:
-        - Email
+        - Messaging
      summary: Send test email with the system.
      operationId: Send a test email
      requestBody:
@@ -1379,7 +1427,7 @@ paths:
  /sms:
    post:
      tags:
-        - Email
+        - Messaging
      summary: Send test email with the system.
      operationId: Send a test SMS
      parameters:
@@ -1634,7 +1682,103 @@ paths:
        404:
          $ref: '#/components/responses/NotFound'

-
+  /apiKey/{uuid}:
+    get:
+      tags:
+        - API Tokens
+      summary: Retrieve all the APIKeys for a given user UUID
+      operationId: getApiKeyList
+      parameters:
+        - in: path
+          name: uuid
+          schema:
+            type: string
+            format: uuid
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/ApiKeyEntryList'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+    delete:
+      tags:
+        - API Tokens
+      summary: Retrieve all the APIKeys for a given user UUID
+      operationId: deleteApiKey
+      parameters:
+        - in: path
+          name: uuid
+          schema:
+            type: string
+            format: uuid
+          required: true
+        - in: query
+          name: keyUuid
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+    post:
+      tags:
+        - API Tokens
+      summary: Retrieve all the APIKeys for a given user UUID
+      operationId: createApiKey
+      parameters:
+        - in: path
+          name: uuid
+          schema:
+            type: string
+            format: uuid
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ApiKeyEntry'
+      responses:
+        200:
+          $ref: '#/components/schemas/ApiKeyEntry'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+    put:
+      tags:
+        - API Tokens
+      summary: Retrieve all the APIKeys for a given user UUID
+      operationId: modifyApiKey
+      parameters:
+        - in: path
+          name: uuid
+          schema:
+            type: string
+            format: uuid
+          required: true
+        - in: query
+          name: name
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ApiKeyEntry'
+      responses:
+        200:
+          $ref: '#/components/schemas/ApiKeyEntry'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'

  #########################################################################################
  ##
@@ -1732,6 +1876,26 @@ paths:
        404:
          $ref: '#/components/responses/NotFound'

+  /validateApiKey:
+    get:
+      tags:
+        - Security
+      summary: Allows an application to validate an API Key.
+      operationId: validateApiKey
+      parameters:
+        - in: query
+          name: token
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/TokenValidationResult'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
  /system:
    post:
      tags:
--- a/overlays/curl/portfile.cmake
+++ b/overlays/curl/portfile.cmake
@@ -0,0 +1 @@
+set(VCPKG_POLICY_EMPTY_PACKAGE enabled)
--- a/overlays/curl/vcpkg.json
+++ b/overlays/curl/vcpkg.json
@@ -0,0 +1,4 @@
+{
+    "name": "curl",
+    "version-string": "7.74.0-1.3+deb11u3"
+}
--- a/overlays/openssl/portfile.cmake
+++ b/overlays/openssl/portfile.cmake
@@ -0,0 +1 @@
+set(VCPKG_POLICY_EMPTY_PACKAGE enabled)
--- a/overlays/openssl/vcpkg.json
+++ b/overlays/openssl/vcpkg.json
@@ -0,0 +1,4 @@
+{
+    "name": "openssl",
+    "version-string": "1.1.1n-0+deb11u3"
+}
--- a/overlays/zlib/portfile.cmake
+++ b/overlays/zlib/portfile.cmake
@@ -0,0 +1 @@
+set(VCPKG_POLICY_EMPTY_PACKAGE enabled)
--- a/overlays/zlib/vcpkg.json
+++ b/overlays/zlib/vcpkg.json
@@ -0,0 +1,4 @@
+{
+    "name": "zlib",
+    "version-string": "1:1.2.11.dfsg-2+deb11u2"
+}
--- a/owsec.properties
+++ b/owsec.properties
@@ -36,6 +36,7 @@ openwifi.system.data = $OWSEC_ROOT/data
 openwifi.system.uri.private = https://localhost:17001
 openwifi.system.uri.public = https://local.dpaas.arilia.com:16001
 openwifi.system.uri.ui = https://ucentral-ui.arilia.com
+openwifi.security.restapi.disable = false
 openwifi.system.commandchannel = /tmp/app.ucentralsec
 openwifi.service.key = $OWSEC_ROOT/certs/restapi-key.pem
 openwifi.service.key.password = mypassword
@@ -132,4 +133,4 @@ storage.type.mysql.connectiontimeout = 60
 ########################################################################
 logging.type = file
 logging.path = $OWSEC_ROOT/logs
-logging.level = debug
+logging.level = debug
--- a/owsec.properties.tmpl
+++ b/owsec.properties.tmpl
@@ -36,6 +36,7 @@ openwifi.system.data = ${SYSTEM_DATA}
 openwifi.system.uri.private = ${SYSTEM_URI_PRIVATE}
 openwifi.system.uri.public = ${SYSTEM_URI_PUBLIC}
 openwifi.system.uri.ui = ${SYSTEM_URI_UI}
+openwifi.security.restapi.disable = ${SECURITY_RESTAPI_DISABLE}
 openwifi.system.commandchannel = /tmp/app.ucentralsec
 openwifi.service.key = ${SERVICE_KEY}
 openwifi.service.key.password = ${SERVICE_KEY_PASSWORD}
--- a/src/ActionLinkManager.cpp
+++ b/src/ActionLinkManager.cpp
@@ -5,25 +5,32 @@
 #include "ActionLinkManager.h"
 #include "StorageService.h"
 #include "RESTObjects/RESTAPI_SecurityObjects.h"
+#include "MessagingTemplates.h"
+#include "framework/utils.h"
+#include "fmt/format.h"

 namespace OpenWifi {

    int ActionLinkManager::Start() {
+        poco_information(Logger(),"Starting...");
        if(!Running_)
            Thr_.start(*this);
        return 0;
    }

    void ActionLinkManager::Stop() {
+        poco_information(Logger(),"Stopping...");
        if(Running_) {
            Running_ = false;
            Thr_.wakeUp();
            Thr_.join();
        }
+        poco_information(Logger(),"Stopped...");
    }

    void ActionLinkManager::run() {
        Running_ = true ;
+        Utils::SetThreadName("action-mgr");

        while(Running_) {
            Poco::Thread::trySleep(2000);
@@ -52,44 +59,59 @@ namespace OpenWifi {
                            i.action==OpenWifi::SecurityObjects::LinkActions::SUB_SIGNUP ) && !StorageService()->SubDB().GetUserById(i.userId,UInfo)) {
                    StorageService()->ActionLinksDB().CancelAction(i.id);
                    continue;
+                } else if((i.action==OpenWifi::SecurityObjects::LinkActions::EMAIL_INVITATION) &&
+                        (OpenWifi::Now()-i.created)>(24*60*60)) {
+                    StorageService()->ActionLinksDB().CancelAction(i.id);
+                    continue;
                }

                switch(i.action) {
                    case OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD: {
-                            if(AuthService::SendEmailToUser(i.id, UInfo.email, AuthService::FORGOT_PASSWORD)) {
-                                Logger().information(fmt::format("Send password reset link to {}",UInfo.email));
+                            if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::FORGOT_PASSWORD)) {
+                                poco_information(Logger(),fmt::format("Send password reset link to {}",UInfo.email));
                            }
                            StorageService()->ActionLinksDB().SentAction(i.id);
                        }
                        break;

                    case OpenWifi::SecurityObjects::LinkActions::VERIFY_EMAIL: {
-                            if(AuthService::SendEmailToUser(i.id, UInfo.email, AuthService::EMAIL_VERIFICATION)) {
-                                Logger().information(fmt::format("Send email verification link to {}",UInfo.email));
+                            if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::EMAIL_VERIFICATION)) {
+                                poco_information(Logger(),fmt::format("Send email verification link to {}",UInfo.email));
+                            }
+                            StorageService()->ActionLinksDB().SentAction(i.id);
+                        }
+                        break;
+
+                    case OpenWifi::SecurityObjects::LinkActions::EMAIL_INVITATION: {
+                            if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::EMAIL_INVITATION)) {
+                                poco_information(Logger(),fmt::format("Send new subscriber email invitation link to {}",UInfo.email));
                            }
                            StorageService()->ActionLinksDB().SentAction(i.id);
                        }
                        break;

                    case OpenWifi::SecurityObjects::LinkActions::SUB_FORGOT_PASSWORD: {
-                            if(AuthService::SendEmailToSubUser(i.id, UInfo.email, AuthService::FORGOT_PASSWORD)) {
-                                Logger().information(fmt::format("Send subscriber password reset link to {}",UInfo.email));
+                            auto Signup = Poco::StringTokenizer(UInfo.signingUp,":");
+                            if(AuthService::SendEmailToSubUser(i.id, UInfo.email,MessagingTemplates::SUB_FORGOT_PASSWORD, Signup.count()==1 ? "" : Signup[0])) {
+                                poco_information(Logger(),fmt::format("Send subscriber password reset link to {}",UInfo.email));
                            }
                            StorageService()->ActionLinksDB().SentAction(i.id);
                        }
                        break;

                    case OpenWifi::SecurityObjects::LinkActions::SUB_VERIFY_EMAIL: {
-                            if(AuthService::SendEmailToSubUser(i.id, UInfo.email, AuthService::EMAIL_VERIFICATION)) {
-                                Logger().information(fmt::format("Send subscriber email verification link to {}",UInfo.email));
+                            auto Signup = Poco::StringTokenizer(UInfo.signingUp,":");
+                            if(AuthService::SendEmailToSubUser(i.id, UInfo.email, MessagingTemplates::SUB_EMAIL_VERIFICATION, Signup.count()==1 ? "" : Signup[0])) {
+                                poco_information(Logger(),fmt::format("Send subscriber email verification link to {}",UInfo.email));
                            }
                            StorageService()->ActionLinksDB().SentAction(i.id);
                        }
                        break;

                    case OpenWifi::SecurityObjects::LinkActions::SUB_SIGNUP: {
-                        if(AuthService::SendEmailToSubUser(i.id, UInfo.email, AuthService::SIGNUP_VERIFICATION)) {
-                            Logger().information(fmt::format("Send new subscriber email verification link to {}",UInfo.email));
+                        auto Signup = Poco::StringTokenizer(UInfo.signingUp,":");
+                        if(AuthService::SendEmailToSubUser(i.id, UInfo.email, MessagingTemplates::SUB_SIGNUP_VERIFICATION, Signup.count()==1 ? "" : Signup[0])) {
+                            poco_information(Logger(),fmt::format("Send new subscriber email verification link to {}",UInfo.email));
                        }
                        StorageService()->ActionLinksDB().SentAction(i.id);
                        }
--- a/src/ActionLinkManager.h
+++ b/src/ActionLinkManager.h
@@ -2,24 +2,15 @@
 // Created by stephane bourque on 2021-11-08.
 //

-#ifndef OWSEC_ACTIONLINKMANAGER_H
-#define OWSEC_ACTIONLINKMANAGER_H
+#pragma once

-#include "framework/MicroService.h"
+#include "framework/SubSystemServer.h"

 namespace OpenWifi {

    class ActionLinkManager : public SubSystemServer, Poco::Runnable {
    public:

-/*        enum Actions {
-            FORGOT_PASSWORD,
-            VERIFY_EMAIL,
-            SUB_FORGOT_PASSWORD,
-            SUB_VERIFY_EMAIL,
-            SUB_SIGNUP
-        };
-*/
        static ActionLinkManager * instance() {
            static auto instance_ = new ActionLinkManager;
            return instance_;
@@ -41,4 +32,3 @@ namespace OpenWifi {
    inline ActionLinkManager * ActionLinkManager() { return ActionLinkManager::instance(); }
 }

-#endif //OWSEC_ACTIONLINKMANAGER_H
--- a/src/AuthService.cpp
+++ b/src/AuthService.cpp
@@ -8,18 +8,21 @@

 #include <ctime>

+#include "framework/KafkaManager.h"
+#include "framework/KafkaTopics.h"
+
 #include "Poco/Net/OAuth20Credentials.h"
 #include "Poco/JWT/Token.h"
 #include "Poco/JWT/Signer.h"
 #include "Poco/StringTokenizer.h"

-#include "framework/MicroService.h"
 #include "StorageService.h"
 #include "AuthService.h"
-#include "framework/KafkaTopics.h"
+#include "framework/MicroServiceFuncs.h"

 #include "SMTPMailerService.h"
 #include "MFAServer.h"
+#include "MessagingTemplates.h"

 namespace OpenWifi {

@@ -33,7 +36,6 @@ namespace OpenWifi {
 		}
 	}

-
 	int AuthService::AccessTypeToInt(ACCESS_TYPE T) {
 		switch (T) {
 		case USERNAME: return 1;
@@ -43,27 +45,32 @@ namespace OpenWifi {
 		return 1;	// some compilers complain...
 	}

-    static const std::string DefaultPassword_8_u_l_n_1{"^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[\\{\\}\\(\\)~_\\+\\|\\\\\\[\\]\\;\\:\\<\\>\\.\\,\\/\\?\\\"\\'\\`\\=#?!@$%^&*-]).{8,}$"};
+#if defined(TIP_CERT_SERVICE)
+    static const std::string DefaultPasswordRule{"^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[\\{\\}\\(\\)~_\\+\\|\\\\\\[\\]\\;\\:\\<\\>\\.\\,\\/\\?\\\"\\'\\`\\=#?!@$%^&*-]).{12,}$"};
+#else
+    static const std::string DefaultPasswordRule{"^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[\\{\\}\\(\\)~_\\+\\|\\\\\\[\\]\\;\\:\\<\\>\\.\\,\\/\\?\\\"\\'\\`\\=#?!@$%^&*-]).{8,}$"};
+#endif

    int AuthService::Start() {
-		Logger().notice("Starting...");
-        TokenAging_ = (uint64_t) MicroService::instance().ConfigGetInt("authentication.token.ageing", 30 * 24 * 60 * 60);
-        RefreshTokenLifeSpan_ = (uint64_t) MicroService::instance().ConfigGetInt("authentication.refresh_token.lifespan", 90 * 24 * 60 * 600);
-        HowManyOldPassword_ = MicroService::instance().ConfigGetInt("authentication.oldpasswords", 5);
+        poco_information(Logger(),"Starting...");
+        TokenAging_ = (uint64_t) MicroServiceConfigGetInt("authentication.token.ageing", 30 * 24 * 60 * 60);
+        RefreshTokenLifeSpan_ = (uint64_t) MicroServiceConfigGetInt("authentication.refresh_token.lifespan", 90 * 24 * 60 * 600);
+        HowManyOldPassword_ = MicroServiceConfigGetInt("authentication.oldpasswords", 5);

-        AccessPolicy_ = MicroService::instance().ConfigPath("openwifi.document.policy.access", "/wwwassets/access_policy.html");
-        PasswordPolicy_ = MicroService::instance().ConfigPath("openwifi.document.policy.password", "/wwwassets/password_policy.html");
-        PasswordValidation_ = PasswordValidationStr_ = MicroService::instance().ConfigGetString("authentication.validation.expression",DefaultPassword_8_u_l_n_1);
+        AccessPolicy_ = MicroServiceConfigGetString("openwifi.document.policy.access", "/wwwassets/access_policy.html");
+        PasswordPolicy_ = MicroServiceConfigGetString("openwifi.document.policy.password", "/wwwassets/password_policy.html");
+        PasswordValidation_ = PasswordValidationStr_ = MicroServiceConfigGetString("authentication.validation.expression",DefaultPasswordRule);

-        SubPasswordValidation_ = SubPasswordValidationStr_ = MicroService::instance().ConfigGetString("subscriber.validation.expression",DefaultPassword_8_u_l_n_1);
-        SubAccessPolicy_ = MicroService::instance().ConfigPath("subscriber.policy.access", "/wwwassets/access_policy.html");
-        SubPasswordPolicy_ = MicroService::instance().ConfigPath("subscriber.policy.password", "/wwwassets/password_policy.html");
+        SubPasswordValidation_ = SubPasswordValidationStr_ = MicroServiceConfigGetString("subscriber.validation.expression",DefaultPasswordRule);
+        SubAccessPolicy_ = MicroServiceConfigGetString("subscriber.policy.access", "/wwwassets/access_policy.html");
+        SubPasswordPolicy_ = MicroServiceConfigGetString("subscriber.policy.password", "/wwwassets/password_policy.html");

        return 0;
    }

    void AuthService::Stop() {
-		Logger().notice("Stopping...");
+        poco_information(Logger(),"Stopping...");
+        poco_information(Logger(),"Stopped...");
    }

    bool AuthService::RefreshUserToken(Poco::Net::HTTPServerRequest & Request, const std::string & RefreshToken, SecurityObjects::UserInfoAndPolicy & UI) {
@@ -81,7 +88,7 @@ namespace OpenWifi {
            uint64_t                    RevocationDate=0;
            std::string                 UserId;
            if(StorageService()->UserTokenDB().GetToken(CallToken, UI.webtoken, UserId, RevocationDate) && UI.webtoken.refresh_token_==RefreshToken) {
-                auto now = OpenWifi::Now();
+                auto now = Utils::Now();

                //  Create a new token
                auto NewToken = GenerateTokenHMAC( UI.webtoken.access_token_, CUSTOM);
@@ -119,7 +126,7 @@ namespace OpenWifi {
            uint64_t                    RevocationDate=0;
            std::string                 UserId;
            if(StorageService()->SubTokenDB().GetToken(CallToken, UI.webtoken, UserId, RevocationDate) && UI.webtoken.refresh_token_==RefreshToken) {
-                auto now = OpenWifi::Now();
+                auto now = Utils::Now();

                //  Create a new token
                auto NewToken = GenerateTokenHMAC( UI.webtoken.access_token_, CUSTOM);
@@ -142,54 +149,73 @@ namespace OpenWifi {
        return false;
    }

-    bool AuthService::IsAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired )
-    {
-        std::lock_guard	Guard(Mutex_);
+    [[nodiscard]] bool AuthService::IsAuthorized(const std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired) {
+        // std::lock_guard	Guard(Mutex_);
+        std::string CallToken{SessionToken};
        Expired = false;
-		try {
-		    std::string CallToken;
-		    Poco::Net::OAuth20Credentials Auth(Request);
-		    if (Auth.getScheme() == "Bearer") {
-		        CallToken = Auth.getBearerToken();
-		    }
-
-            if(CallToken.empty()) {
-                return false;
-            }
-
+        try {
            SecurityObjects::WebToken   WT;
            uint64_t                    RevocationDate=0;
            std::string                 UserId;
            if(StorageService()->UserTokenDB().GetToken(CallToken, WT, UserId, RevocationDate)) {
-                if(RevocationDate!=0)
+                if(RevocationDate!=0) {
+                    poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, Utils::SanitizeToken(CallToken)));
                    return false;
-                auto now=OpenWifi::Now();
+                }
+                auto now=Utils::Now();
                Expired = (WT.created_ + WT.expires_in_) < now;
                if(StorageService()->UserDB().GetUserById(UserId,UInfo.userinfo)) {
                    UInfo.webtoken = WT;
-                    SessionToken = CallToken;
+                    poco_debug(Logger(), fmt::format("TokenValidation success for TID={} Token={}", TID, Utils::SanitizeToken(CallToken)));
                    return true;
                }
            }
-            return false;
-		} catch(const Poco::Exception &E) {
-		    Logger().log(E);
-		}
-		return false;
+        } catch(const Poco::Exception &E) {
+            Logger().log(E);
+        }
+        poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, Utils::SanitizeToken(CallToken)));
+        return false;
    }

-    bool AuthService::IsSubAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired )
+    bool AuthService::IsAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired )
    {
-        std::lock_guard	Guard(Mutex_);
+        // std::lock_guard	Guard(Mutex_);
+        std::string CallToken;
+        Expired = false;
+
+		try {
+            Poco::Net::OAuth20Credentials Auth(Request);
+            if (Auth.getScheme() == "Bearer") {
+                CallToken = Auth.getBearerToken();
+            }
+
+            if (CallToken.empty()) {
+                poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, Utils::SanitizeToken(CallToken)));
+                return false;
+            }
+            SessionToken = CallToken;
+            return IsAuthorized(SessionToken, UInfo, TID, Expired);
+        } catch(const Poco::Exception &E) {
+            Logger().log(E);
+        }
+        poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, Utils::SanitizeToken(CallToken)));
+        return false;
+    }
+
+    bool AuthService::IsSubAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired )
+    {
+        // std::lock_guard	Guard(Mutex_);
+
+        std::string CallToken;
        Expired = false;
        try {
-            std::string CallToken;
            Poco::Net::OAuth20Credentials Auth(Request);
            if (Auth.getScheme() == "Bearer") {
                CallToken = Auth.getBearerToken();
            }

            if(CallToken.empty()) {
+                poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, Utils::SanitizeToken(CallToken)));
                return false;
            }

@@ -197,20 +223,23 @@ namespace OpenWifi {
            uint64_t                    RevocationDate=0;
            std::string                 UserId;
            if(StorageService()->SubTokenDB().GetToken(CallToken, WT, UserId, RevocationDate)) {
-                if(RevocationDate!=0)
+                if(RevocationDate!=0) {
+                    poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, Utils::SanitizeToken(CallToken)));
                    return false;
-                auto now=OpenWifi::Now();
+                }
+                auto now=Utils::Now();
                Expired = (WT.created_ + WT.expires_in_) < now;
                if(StorageService()->SubDB().GetUserById(UserId,UInfo.userinfo)) {
                    UInfo.webtoken = WT;
                    SessionToken = CallToken;
+                    poco_debug(Logger(), fmt::format("TokenValidation success for TID={} Token={}", TID, Utils::SanitizeToken(CallToken)));
                    return true;
                }
            }
-            return false;
        } catch(const Poco::Exception &E) {
            Logger().log(E);
        }
+        poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, Utils::SanitizeToken(CallToken)));
        return false;
    }

@@ -247,11 +276,11 @@ namespace OpenWifi {
            if(KafkaManager()->Enabled()) {
                Poco::JSON::Object Obj;
                Obj.set("event", "remove-token");
-                Obj.set("id", MicroService::instance().ID());
+                Obj.set("id", MicroServiceID());
                Obj.set("token", token);
                std::stringstream ResultText;
                Poco::JSON::Stringifier::stringify(Obj, ResultText);
-                KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroService::instance().PrivateEndPoint(),
+                KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroServicePrivateEndPoint(),
                                            ResultText.str(),
                                            false);
            }
@@ -285,7 +314,7 @@ namespace OpenWifi {
    }

    [[nodiscard]] std::string AuthService::GenerateTokenHMAC(const std::string & UserName, [[maybe_unused]] ACCESS_TYPE Type) {
-        std::string Identity(UserName + ":" + fmt::format("{}",OpenWifi::Now()) + ":" + std::to_string(rand()));
+        std::string Identity(UserName + ":" + fmt::format("{}",Utils::Now()) + ":" + std::to_string(rand()));
        HMAC_.update(Identity);
        return Poco::DigestEngine::digestToHex(HMAC_.digest());
    }
@@ -305,7 +334,7 @@ namespace OpenWifi {
 		T.payload().set("identity", Identity);
 		T.setIssuedAt(Poco::Timestamp());
 		T.setExpiration(Poco::Timestamp() + (long long)TokenAging_);
-		std::string JWT = MicroService::instance().Sign(T,Poco::JWT::Signer::ALGO_RS256);
+		std::string JWT = MicroServiceSign(T,Poco::JWT::Signer::ALGO_RS256);

 		return JWT;
    }
@@ -501,20 +530,19 @@ namespace OpenWifi {
                    UInfo.webtoken.errorCode = 1;
                    return PASSWORD_ALREADY_USED;
                }
-                UInfo.userinfo.lastPasswordChange = OpenWifi::Now();
+                UInfo.userinfo.lastPasswordChange = Utils::Now();
                UInfo.userinfo.changePassword = false;
-                UInfo.userinfo.modified = OpenWifi::Now();
+                UInfo.userinfo.modified = Utils::Now();
                StorageService()->UserDB().UpdateUserInfo(AUTHENTICATION_SYSTEM, UInfo.userinfo.id,UInfo.userinfo);
            }

            //  so we have a good password, password up date has taken place if need be, now generate the token.
-            UInfo.userinfo.lastLogin=OpenWifi::Now();
+            UInfo.userinfo.lastLogin=Utils::Now();
            StorageService()->UserDB().SetLastLogin(UInfo.userinfo.id);
            CreateToken(UserName, UInfo );

            return SUCCESS;
        }
-
        return INVALID_CREDENTIALS;
    }

@@ -547,14 +575,14 @@ namespace OpenWifi {
                    UInfo.webtoken.errorCode = 1;
                    return PASSWORD_ALREADY_USED;
                }
-                UInfo.userinfo.lastPasswordChange = OpenWifi::Now();
+                UInfo.userinfo.lastPasswordChange = Utils::Now();
                UInfo.userinfo.changePassword = false;
-                UInfo.userinfo.modified = OpenWifi::Now();
+                UInfo.userinfo.modified = Utils::Now();
                StorageService()->SubDB().UpdateUserInfo(AUTHENTICATION_SYSTEM, UInfo.userinfo.id,UInfo.userinfo);
            }

            //  so we have a good password, password update has taken place if need be, now generate the token.
-            UInfo.userinfo.lastLogin=OpenWifi::Now();
+            UInfo.userinfo.lastLogin=Utils::Now();
            StorageService()->SubDB().SetLastLogin(UInfo.userinfo.id);
            CreateSubToken(UserName, UInfo );

@@ -564,33 +592,66 @@ namespace OpenWifi {
        return INVALID_CREDENTIALS;
    }

-    bool AuthService::SendEmailToUser(const std::string &LinkId, std::string &Email, EMAIL_REASON Reason) {
+    bool AuthService::SendEmailChallengeCode(const SecurityObjects::UserInfoAndPolicy &UInfo, const std::string &Challenge) {
+        auto OperatorParts = Poco::StringTokenizer(UInfo.userinfo.signingUp,":");
+        if(UInfo.userinfo.signingUp.empty() || OperatorParts.count()!=2) {
+            MessageAttributes Attrs;
+            Attrs[RECIPIENT_EMAIL] = UInfo.userinfo.email;
+            Attrs[LOGO] = AuthService::GetLogoAssetURI();
+            Attrs[SUBJECT] = "Login validation code";
+            Attrs[CHALLENGE_CODE] = Challenge;
+            return SMTPMailerService()->SendMessage(UInfo.userinfo.email, MessagingTemplates::TemplateName(MessagingTemplates::VERIFICATION_CODE), Attrs, false);
+        } else {
+            MessageAttributes Attrs;
+            Attrs[RECIPIENT_EMAIL] = UInfo.userinfo.email;
+            Attrs[LOGO] = AuthService::GetSubLogoAssetURI();
+            Attrs[SUBJECT] = "Login validation code";
+            Attrs[CHALLENGE_CODE] = Challenge;
+            return SMTPMailerService()->SendMessage(UInfo.userinfo.email, MessagingTemplates::TemplateName(MessagingTemplates::SUB_VERIFICATION_CODE,OperatorParts[0]), Attrs, true );
+        }
+    }
+
+    bool AuthService::SendEmailToUser(const std::string &LinkId, std::string &Email, MessagingTemplates::EMAIL_REASON Reason) {
        SecurityObjects::UserInfo   UInfo;

        if(StorageService()->UserDB().GetUserByEmail(Email,UInfo)) {
            switch (Reason) {

-                case FORGOT_PASSWORD: {
+                case MessagingTemplates::FORGOT_PASSWORD: {
                        MessageAttributes Attrs;
                        Attrs[RECIPIENT_EMAIL] = UInfo.email;
                        Attrs[LOGO] = GetLogoAssetURI();
                        Attrs[SUBJECT] = "Password reset link";
-                        Attrs[ACTION_LINK] = MicroService::instance().GetPublicAPIEndPoint() + "/actionLink?action=password_reset&id=" + LinkId ;
-                        SMTPMailerService()->SendMessage(UInfo.email, "password_reset.txt", Attrs);
+                        Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=password_reset&id=" + LinkId ;
+                        Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=password_reset&id=" + LinkId ;
+                        SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::FORGOT_PASSWORD), Attrs, false);
                    }
                    break;

-                case EMAIL_VERIFICATION: {
+                case MessagingTemplates::EMAIL_VERIFICATION: {
                        MessageAttributes Attrs;
                        Attrs[RECIPIENT_EMAIL] = UInfo.email;
                        Attrs[LOGO] = GetLogoAssetURI();
                        Attrs[SUBJECT] = "e-mail Address Verification";
-                        Attrs[ACTION_LINK] = MicroService::instance().GetPublicAPIEndPoint() + "/actionLink?action=email_verification&id=" + LinkId ;
-                        SMTPMailerService()->SendMessage(UInfo.email, "email_verification.txt", Attrs);
+                        Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=email_verification&id=" + LinkId ;
+                        Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=email_verification&id=" + LinkId ;
+                        SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::EMAIL_VERIFICATION), Attrs, false);
                        UInfo.waitingForEmailCheck = true;
                    }
                    break;

+                case MessagingTemplates::EMAIL_INVITATION: {
+                    MessageAttributes Attrs;
+                    Attrs[RECIPIENT_EMAIL] = UInfo.email;
+                    Attrs[LOGO] = GetLogoAssetURI();
+                    Attrs[SUBJECT] = "e-mail Invitation";
+                    Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=email_invitation&id=" + LinkId ;
+                    Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=email_invitation&id=" + LinkId ;
+                    SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::EMAIL_INVITATION), Attrs, false);
+                    UInfo.waitingForEmailCheck = true;
+                    }
+                    break;
+
                default:
                    break;
            }
@@ -599,40 +660,43 @@ namespace OpenWifi {
        return false;
    }

-    bool AuthService::SendEmailToSubUser(const std::string &LinkId, std::string &Email, EMAIL_REASON Reason) {
+    bool AuthService::SendEmailToSubUser(const std::string &LinkId, std::string &Email, MessagingTemplates::EMAIL_REASON Reason, const std::string &OperatorName ) {
        SecurityObjects::UserInfo   UInfo;

        if(StorageService()->SubDB().GetUserByEmail(Email,UInfo)) {
            switch (Reason) {

-                case FORGOT_PASSWORD: {
+                case MessagingTemplates::SUB_FORGOT_PASSWORD: {
                    MessageAttributes Attrs;
                    Attrs[RECIPIENT_EMAIL] = UInfo.email;
-                    Attrs[LOGO] = GetLogoAssetURI();
+                    Attrs[LOGO] = GetSubLogoAssetURI();
                    Attrs[SUBJECT] = "Password reset link";
-                    Attrs[ACTION_LINK] = MicroService::instance().GetPublicAPIEndPoint() + "/actionLink?action=password_reset&id=" + LinkId ;
-                    SMTPMailerService()->SendMessage(UInfo.email, "password_reset.txt", Attrs);
+                    Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=sub_password_reset&id=" + LinkId ;
+                    Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=sub_password_reset&id=" + LinkId ;
+                    SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::SUB_FORGOT_PASSWORD, OperatorName), Attrs, true);
                }
                break;

-                case EMAIL_VERIFICATION: {
+                case MessagingTemplates::SUB_EMAIL_VERIFICATION: {
                    MessageAttributes Attrs;
                    Attrs[RECIPIENT_EMAIL] = UInfo.email;
-                    Attrs[LOGO] = GetLogoAssetURI();
+                    Attrs[LOGO] = GetSubLogoAssetURI();
                    Attrs[SUBJECT] = "e-mail Address Verification";
-                    Attrs[ACTION_LINK] = MicroService::instance().GetPublicAPIEndPoint() + "/actionLink?action=email_verification&id=" + LinkId ;
-                    SMTPMailerService()->SendMessage(UInfo.email, "email_verification.txt", Attrs);
+                    Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=sub_email_verification&id=" + LinkId ;
+                    Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=sub_email_verification&id=" + LinkId ;
+                    SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::SUB_EMAIL_VERIFICATION, OperatorName), Attrs, true);
                    UInfo.waitingForEmailCheck = true;
                }
                break;

-                case SIGNUP_VERIFICATION: {
+                case MessagingTemplates::SUB_SIGNUP_VERIFICATION: {
                    MessageAttributes Attrs;
                    Attrs[RECIPIENT_EMAIL] = UInfo.email;
-                    Attrs[LOGO] = GetLogoAssetURI();
+                    Attrs[LOGO] = GetSubLogoAssetURI();
                    Attrs[SUBJECT] = "Signup e-mail Address Verification";
-                    Attrs[ACTION_LINK] = MicroService::instance().GetPublicAPIEndPoint() + "/actionLink?action=signup_verification&id=" + LinkId ;
-                    SMTPMailerService()->SendMessage(UInfo.email, "signup_verification.txt", Attrs);
+                    Attrs[ACTION_LINK] = MicroServiceGetPublicAPIEndPoint() + "/actionLink?action=signup_verification&id=" + LinkId ;
+                    Attrs[ACTION_LINK_HTML] = "/api/v1/actionLink?action=signup_verification&id=" + LinkId ;
+                    SMTPMailerService()->SendMessage(UInfo.email, MessagingTemplates::TemplateName(MessagingTemplates::SUB_SIGNUP_VERIFICATION, OperatorName), Attrs, true);
                    UInfo.waitingForEmailCheck = true;
                }
                break;
@@ -650,8 +714,8 @@ namespace OpenWifi {

        A.action = OpenWifi::SecurityObjects::LinkActions::VERIFY_EMAIL;
        A.userId = UInfo.id;
-        A.id = MicroService::CreateUUID();
-        A.created = OpenWifi::Now();
+        A.id = MicroServiceCreateUUID();
+        A.created = Utils::Now();
        A.expires = A.created + 24*60*60;
        A.userAction = true;
        StorageService()->ActionLinksDB().CreateAction(A);
@@ -665,8 +729,8 @@ namespace OpenWifi {

        A.action = OpenWifi::SecurityObjects::LinkActions::SUB_VERIFY_EMAIL;
        A.userId = UInfo.id;
-        A.id = MicroService::CreateUUID();
-        A.created = OpenWifi::Now();
+        A.id = MicroServiceCreateUUID();
+        A.created = Utils::Now();
        A.expires = A.created + 24*60*60;
        A.userAction = false;
        StorageService()->ActionLinksDB().CreateAction(A);
@@ -686,14 +750,13 @@ namespace OpenWifi {
        if(StorageService()->UserTokenDB().GetToken(TToken, WT, UserId, RevocationDate)) {
            if(RevocationDate!=0)
                return false;
-            Expired = (WT.created_ + WT.expires_in_) < OpenWifi::Now();
+            Expired = (WT.created_ + WT.expires_in_) < Utils::Now();
            if(StorageService()->UserDB().GetUserById(UserId,UserInfo)) {
                WebToken = WT;
                return true;
            }
-            return false;
        }
-        return IsValidSubToken(Token, WebToken, UserInfo, Expired);
+        return false;
    }

    bool AuthService::IsValidSubToken(const std::string &Token, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired) {
@@ -706,12 +769,34 @@ namespace OpenWifi {
        if(StorageService()->SubTokenDB().GetToken(TToken, WT, UserId, RevocationDate)) {
            if(RevocationDate!=0)
                return false;
-            Expired = (WT.created_ + WT.expires_in_) < OpenWifi::Now();
+            Expired = (WT.created_ + WT.expires_in_) < Utils::Now();
            if(StorageService()->SubDB().GetUserById(UserId,UserInfo)) {
                WebToken = WT;
                return true;
            }
-            return false;
+        }
+        return false;
+    }
+
+    bool AuthService::IsValidApiKey(const std::string &ApiKey, SecurityObjects::WebToken &WebToken,
+                                    SecurityObjects::UserInfo &UserInfo, bool &Expired, std::uint64_t &expiresOn) {
+
+        std::lock_guard G(Mutex_);
+
+        std::string UserId;
+        SecurityObjects::WebToken   WT;
+        SecurityObjects::ApiKeyEntry    ApiKeyEntry;
+        if(StorageService()->ApiKeyDB().GetRecord("apiKey", ApiKey, ApiKeyEntry)) {
+            expiresOn = ApiKeyEntry.expiresOn;
+            Expired = ApiKeyEntry.expiresOn < Utils::Now();
+            if(Expired)
+                return false;
+            if(StorageService()->UserDB().GetUserById(ApiKeyEntry.userUuid,UserInfo)) {
+                WebToken = WT;
+                ApiKeyEntry.lastUse = Utils::Now();
+                StorageService()->ApiKeyDB().UpdateRecord("id", ApiKeyEntry.id, ApiKeyEntry);
+                return true;
+            }
        }
        return false;
    }
--- a/src/AuthService.h
+++ b/src/AuthService.h
@@ -6,11 +6,11 @@
 //	Arilia Wireless Inc.
 //

-#ifndef UCENTRAL_UAUTHSERVICE_H
-#define UCENTRAL_UAUTHSERVICE_H
+#pragma once

 #include <regex>

+#include "framework/SubSystemServer.h"
 #include "Poco/JSON/Object.h"
 #include "Poco/Net/HTTPServerRequest.h"
 #include "Poco/Net/HTTPServerResponse.h"
@@ -20,8 +20,11 @@
 #include "Poco/HMACEngine.h"
 #include "Poco/ExpireLRUCache.h"

-#include "framework/MicroService.h"
+#include "framework/MicroServiceFuncs.h"
+#include "framework/ow_constants.h"
+
 #include "RESTObjects/RESTAPI_SecurityObjects.h"
+#include "MessagingTemplates.h"

 namespace OpenWifi{

@@ -36,12 +39,6 @@ namespace OpenWifi{
            CUSTOM
        };

-        enum EMAIL_REASON {
-            FORGOT_PASSWORD,
-            EMAIL_VERIFICATION,
-            SIGNUP_VERIFICATION
-        };
-
        static ACCESS_TYPE IntToAccessType(int C);
        static int AccessTypeToInt(ACCESS_TYPE T);

@@ -53,15 +50,18 @@ namespace OpenWifi{
        int Start() override;
        void Stop() override;

-        [[nodiscard]] bool IsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired);
+        [[nodiscard]] bool IsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired);
+        [[nodiscard]] bool IsAuthorized(const std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired);
+
        [[nodiscard]] UNAUTHORIZED_REASON Authorize( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired );
        void CreateToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo);
        [[nodiscard]] bool SetPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo);
        [[nodiscard]] const std:: string & PasswordValidationExpression() const { return PasswordValidationStr_;};
        void Logout(const std::string &token, bool EraseFromCache=true);

-        [[nodiscard]] bool IsSubAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired);
+        [[nodiscard]] bool IsSubAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired);
        [[nodiscard]] UNAUTHORIZED_REASON AuthorizeSub( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired );
+
        void CreateSubToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo);
        [[nodiscard]] bool SetSubPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo);
        [[nodiscard]] const std:: string & SubPasswordValidationExpression() const { return PasswordValidationStr_;};
@@ -77,6 +77,7 @@ namespace OpenWifi{
        [[nodiscard]] std::string GenerateTokenJWT(const std::string & UserName, ACCESS_TYPE Type);
        [[nodiscard]] std::string GenerateTokenHMAC(const std::string & UserName, ACCESS_TYPE Type);

+        [[nodiscard]] bool IsValidApiKey(const std::string &ApiKey, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired, std::uint64_t & expiresOn);
        [[nodiscard]] std::string ComputeNewPasswordHash(const std::string &UserName, const std::string &Password);
        [[nodiscard]] bool ValidatePasswordHash(const std::string & UserName, const std::string & Password, const std::string &StoredPassword);
        [[nodiscard]] bool ValidateSubPasswordHash(const std::string & UserName, const std::string & Password, const std::string &StoredPassword);
@@ -90,21 +91,31 @@ namespace OpenWifi{
        [[nodiscard]] static bool VerifyEmail(SecurityObjects::UserInfo &UInfo);
        [[nodiscard]] static bool VerifySubEmail(SecurityObjects::UserInfo &UInfo);

-        [[nodiscard]] static bool SendEmailToUser(const std::string &LinkId, std::string &Email, EMAIL_REASON Reason);
-        [[nodiscard]] static bool SendEmailToSubUser(const std::string &LinkId, std::string &Email, EMAIL_REASON Reason);
+        [[nodiscard]] static bool SendEmailToUser(const std::string &LinkId, std::string &Email, MessagingTemplates::EMAIL_REASON Reason);
+        [[nodiscard]] static bool SendEmailToSubUser(const std::string &LinkId, std::string &Email, MessagingTemplates::EMAIL_REASON Reason, const std::string &OperatorName);
        [[nodiscard]] bool RequiresMFA(const SecurityObjects::UserInfoAndPolicy &UInfo);

+        [[nodiscard]] bool SendEmailChallengeCode(const SecurityObjects::UserInfoAndPolicy &UInfo, const std::string &code);
+
        bool DeleteUserFromCache(const std::string &UserName);
        bool DeleteSubUserFromCache(const std::string &UserName);
        void RevokeToken(std::string & Token);
        void RevokeSubToken(std::string & Token);

        [[nodiscard]] static inline const std::string GetLogoAssetURI() {
-            return MicroService::instance().PublicEndPoint() + "/wwwassets/the_logo.png";
+            return MicroServicePublicEndPoint() + "/wwwassets/logo.png";
        }

        [[nodiscard]] static inline const std::string GetLogoAssetFileName() {
-            return MicroService::instance().WWWAssetsDir() + "/the_logo.png";
+            return MicroServiceWWWAssetsDir() + "/logo.png";
+        }
+
+        [[nodiscard]] static inline const std::string GetSubLogoAssetURI() {
+            return MicroServicePublicEndPoint() + "/wwwassets/sub_logo.png";
+        }
+
+        [[nodiscard]] static inline const std::string GetSubLogoAssetFileName() {
+            return MicroServiceWWWAssetsDir() + "/sub_logo.png";
        }

        inline const std::string & GetPasswordPolicy() const { return PasswordPolicy_; }
@@ -158,13 +169,12 @@ namespace OpenWifi{

    inline auto AuthService() { return AuthService::instance(); }

-    [[nodiscard]] inline bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo , bool & Expired, bool Sub ) {
+    [[nodiscard]] inline bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo , std::uint64_t TID, bool & Expired, bool Sub ) {
        if(Sub)
-            return AuthService()->IsSubAuthorized(Request, SessionToken, UInfo, Expired );
+            return AuthService()->IsSubAuthorized(Request, SessionToken, UInfo, TID, Expired );
        else
-            return AuthService()->IsAuthorized(Request, SessionToken, UInfo, Expired );
+            return AuthService()->IsAuthorized(Request, SessionToken, UInfo, TID, Expired );
    }

 } // end of namespace

-#endif //UCENTRAL_UAUTHSERVICE_H
--- a/src/Daemon.cpp
+++ b/src/Daemon.cpp
@@ -26,6 +26,8 @@
 #include "SMSSender.h"
 #include "ActionLinkManager.h"
 #include "TotpCache.h"
+#include "framework/RESTAPI_RateLimiter.h"
+#include "framework/UI_WebSocketClientServer.h"

 namespace OpenWifi {
    class Daemon *Daemon::instance_ = nullptr;
@@ -44,7 +46,8 @@ namespace OpenWifi {
                                           SMTPMailerService(),
                                           RESTAPI_RateLimiter(),
                                           TotpCache(),
-                                           AuthService()
+                                           AuthService(),
+                                           UI_WebSocketClientServer()
                                   });
        }
        return instance_;
@@ -53,6 +56,10 @@ namespace OpenWifi {
    void Daemon::PostInitialization([[maybe_unused]] Poco::Util::Application &self) {
        AssetDir_ = MicroService::instance().ConfigPath("openwifi.restapi.wwwassets");
    }
+
+    void DaemonPostInitialization(Poco::Util::Application &self) {
+        Daemon()->PostInitialization(self);
+    }
 }

 int main(int argc, char **argv) {
--- a/src/Daemon.h
+++ b/src/Daemon.h
@@ -2,14 +2,16 @@
 // Created by stephane bourque on 2021-06-10.
 //

-#ifndef UCENTRALSEC_DAEMON_H
-#define UCENTRALSEC_DAEMON_H
+#pragma once

 #include <iostream>
 #include <cstdlib>
 #include <vector>
 #include <set>

+#include "framework/MicroServiceNames.h"
+#include "framework/MicroService.h"
+
 #include "Poco/Util/Application.h"
 #include "Poco/Util/ServerApplication.h"
 #include "Poco/Util/Option.h"
@@ -20,7 +22,6 @@
 #include "Poco/Crypto/CipherFactory.h"
 #include "Poco/Crypto/Cipher.h"

-#include "framework/MicroService.h"

 namespace OpenWifi {

@@ -49,9 +50,6 @@ namespace OpenWifi {
    };

    inline Daemon * Daemon() { return Daemon::instance(); }
-    inline void DaemonPostInitialization(Poco::Util::Application &self) {
-        Daemon()->PostInitialization(self);
-    }
+    void DaemonPostInitialization(Poco::Util::Application &self);
 }

-#endif //UCENTRALSEC_DAEMON_H
--- a/src/MFAServer.cpp
+++ b/src/MFAServer.cpp
@@ -5,10 +5,12 @@
 #include "MFAServer.h"
 #include "SMSSender.h"
 #include "SMTPMailerService.h"
-#include "framework/MicroService.h"
 #include "AuthService.h"
 #include "TotpCache.h"

+#include "framework/MicroServiceFuncs.h"
+#include "framework/utils.h"
+
 namespace OpenWifi {

    int MFAServer::Start() {
@@ -27,8 +29,8 @@ namespace OpenWifi {
            return false;

        std::string Challenge = MakeChallenge();
-        std::string uuid = MicroService::CreateUUID();
-        uint64_t Created = OpenWifi::Now();
+        std::string uuid = MicroServiceCreateUUID();
+        uint64_t Created = Utils::Now();

        ChallengeStart.set("uuid",uuid);
        ChallengeStart.set("created", Created);
@@ -44,12 +46,7 @@ namespace OpenWifi {
            std::string Message = "This is your login code: " + Challenge + " Please enter this in your login screen.";
            return SMSSender()->Send(UInfo.userinfo.userTypeProprietaryInfo.mobiles[0].number, Message);
        } else if(Method==MFAMETHODS::EMAIL && SMTPMailerService()->Enabled() && !UInfo.userinfo.email.empty()) {
-            MessageAttributes Attrs;
-            Attrs[RECIPIENT_EMAIL] = UInfo.userinfo.email;
-            Attrs[LOGO] = AuthService::GetLogoAssetURI();
-            Attrs[SUBJECT] = "Login validation code";
-            Attrs[CHALLENGE_CODE] = Challenge;
-            return SMTPMailerService()->SendMessage(UInfo.userinfo.email, "verification_code.txt", Attrs);
+            return AuthService()->SendEmailChallengeCode(UInfo,Challenge);
        } else if(Method==MFAMETHODS::AUTHENTICATOR && !UInfo.userinfo.userTypeProprietaryInfo.authenticatorSecret.empty()) {
            return true;
        }
@@ -107,7 +104,7 @@ namespace OpenWifi {

    void MFAServer::CleanCache() {
        // it is assumed that you have locked Cache_ at this point.
-        uint64_t Now = OpenWifi::Now();
+        uint64_t Now = Utils::Now();
        for(auto i=begin(Cache_);i!=end(Cache_);) {
            if((Now-i->second.Created)>300) {
                i = Cache_.erase(i);
--- a/src/MFAServer.h
+++ b/src/MFAServer.h
@@ -4,9 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
 #include "Poco/JSON/Object.h"
 #include "RESTObjects/RESTAPI_SecurityObjects.h"
+#include "framework/SubSystemServer.h"
+#include "framework/MicroServiceFuncs.h"
+
+#include "fmt/format.h"

 namespace OpenWifi {

@@ -46,7 +49,7 @@ namespace OpenWifi {
        static bool SendChallenge(const SecurityObjects::UserInfoAndPolicy &UInfo, const std::string &Method, const std::string &Challenge);

        static inline std::string MakeChallenge() {
-            return fmt::format("{0:06}" , MicroService::instance().Random(1,999999) );
+            return fmt::format("{0:06}" , MicroServiceRandom(1,999999) );
        }

    private:
--- a/src/MessagingTemplates.cpp
+++ b/src/MessagingTemplates.cpp
@@ -0,0 +1,8 @@
+//
+// Created by stephane bourque on 2022-07-25.
+//
+
+#include "MessagingTemplates.h"
+
+namespace OpenWifi {
+} // OpenWifi
--- a/src/MessagingTemplates.h
+++ b/src/MessagingTemplates.h
@@ -0,0 +1,75 @@
+//
+// Created by stephane bourque on 2022-07-25.
+//
+
+#pragma once
+
+#include <string>
+#include <vector>
+
+namespace OpenWifi {
+
+    class MessagingTemplates {
+    public:
+        static MessagingTemplates & instance() {
+            static auto instance = new MessagingTemplates;
+            return *instance;
+        }
+
+        enum EMAIL_REASON {
+            FORGOT_PASSWORD = 0,
+            EMAIL_VERIFICATION,
+            SUB_SIGNUP_VERIFICATION,
+            EMAIL_INVITATION,
+            VERIFICATION_CODE,
+            SUB_FORGOT_PASSWORD,
+            SUB_EMAIL_VERIFICATION,
+            SUB_VERIFICATION_CODE
+        };
+
+        static std::string AddOperator(const std::string & filename, const std::string &OperatorName) {
+            if(OperatorName.empty())
+                return "/" + filename;
+            return "/" + OperatorName + "/" + filename;
+        }
+
+        static std::string TemplateName( EMAIL_REASON r , const std::string &OperatorName="") {
+            switch (r) {
+                case FORGOT_PASSWORD: return AddOperator(EmailTemplateNames[FORGOT_PASSWORD],OperatorName);
+                case EMAIL_VERIFICATION: return AddOperator(EmailTemplateNames[EMAIL_VERIFICATION],OperatorName);
+                case SUB_SIGNUP_VERIFICATION: return AddOperator(EmailTemplateNames[SUB_SIGNUP_VERIFICATION],OperatorName);
+                case EMAIL_INVITATION: return AddOperator(EmailTemplateNames[EMAIL_INVITATION],OperatorName);
+                case VERIFICATION_CODE: return AddOperator(EmailTemplateNames[VERIFICATION_CODE],OperatorName);
+                case SUB_FORGOT_PASSWORD: return AddOperator(EmailTemplateNames[SUB_FORGOT_PASSWORD],OperatorName);
+                case SUB_EMAIL_VERIFICATION: return AddOperator(EmailTemplateNames[SUB_EMAIL_VERIFICATION],OperatorName);
+                case SUB_VERIFICATION_CODE: return AddOperator(EmailTemplateNames[SUB_VERIFICATION_CODE],OperatorName);
+                default:
+                    return "";
+            }
+        }
+
+        static std::string Logo(const std::string &OperatorName = "" ) {
+            return AddOperator("logo.png", OperatorName);
+        }
+
+        static std::string SubLogo(const std::string &OperatorName = "" ) {
+            return AddOperator("sub_logo.png", OperatorName);
+        }
+
+    private:
+        inline const static std::vector<std::string>  EmailTemplateNames = {
+                "password_reset",
+                "email_verification",
+                "sub_signup_verification",
+                "email_invitation",
+                "verification_code",
+                "sub_password_reset",
+                "sub_email_verification",
+                "sub_verification_code"
+        };
+    };
+
+    inline MessagingTemplates & MessagingTemplates() { return MessagingTemplates::instance(); }
+
+} // OpenWifi
+
--- a/src/RESTAPI/RESTAPI_action_links.cpp
+++ b/src/RESTAPI/RESTAPI_action_links.cpp
@@ -7,7 +7,9 @@

 #include "RESTAPI_action_links.h"
 #include "StorageService.h"
-#include "framework/MicroService.h"
+#include "framework/RESTAPI_PartHandler.h"
+#include "framework/OpenAPIRequests.h"
+
 #include "Daemon.h"

 namespace OpenWifi {
@@ -23,8 +25,12 @@ namespace OpenWifi {

        if(Action=="password_reset")
            return RequestResetPassword(Link);
+        else if(Action=="sub_password_reset")
+            return RequestSubResetPassword(Link);
        else if(Action=="email_verification")
            return DoEmailVerification(Link);
+        else if(Action=="sub_email_verification")
+            return DoSubEmailVerification(Link);
        else if(Action=="signup_verification")
            return DoNewSubVerification(Link);
        else
@@ -36,8 +42,12 @@ namespace OpenWifi {

        if(Action=="password_reset")
            return CompleteResetPassword();
+        else if(Action=="sub_password_reset")
+            return CompleteResetPassword();
        else if(Action=="signup_completion")
            return CompleteSubVerification();
+        else if(Action=="email_invitation")
+            return CompleteEmailInvitation();
        else
            return DoReturnA404();
    }
@@ -52,7 +62,7 @@ namespace OpenWifi {

    void RESTAPI_action_links::DoNewSubVerification(SecurityObjects::ActionLink &Link) {
        Logger_.information(fmt::format("REQUEST-SUB-SIGNUP({}): For ID={}", Request->clientAddress().toString(), Link.userId));
-        Poco::File  FormFile{ Daemon()->AssetDir() + "/signup_verification.html"};
+        Poco::File  FormFile{ Daemon()->AssetDir() + "/sub_signup_verification.html"};
        Types::StringPairVec    FormVars{ {"UUID", Link.id},
                                          {"PASSWORD_VALIDATION", AuthService()->PasswordValidationExpression()}};
        SendHTMLFileBack(FormFile,FormVars);
@@ -151,7 +161,7 @@ namespace OpenWifi {
            }

            if(Password1!=Password2 || !AuthService()->ValidateSubPassword(Password1)) {
-                Poco::File  FormFile{ Daemon()->AssetDir() + "/password_reset_error.html"};
+                Poco::File  FormFile{ Daemon()->AssetDir() + "/sub_password_reset_error.html"};
                Types::StringPairVec    FormVars{ {"UUID", Id},
                                                  {"ERROR_TEXT", "For some reason, the passwords entered do not match or they do not comply with"
                                                                 " accepted password creation restrictions. Please consult our on-line help"
@@ -163,14 +173,14 @@ namespace OpenWifi {
            SecurityObjects::UserInfo   UInfo;
            bool Found = StorageService()->SubDB().GetUserById(Link.userId,UInfo);
            if(!Found) {
-                Poco::File  FormFile{ Daemon()->AssetDir() + "/signup_verification_error.html"};
+                Poco::File  FormFile{ Daemon()->AssetDir() + "/sub_signup_verification_error.html"};
                Types::StringPairVec    FormVars{ {"UUID", Id},
                                                  {"ERROR_TEXT", "This request does not contain a valid user ID. Please contact your system administrator."}};
                return SendHTMLFileBack(FormFile,FormVars);
            }

            if(UInfo.blackListed || UInfo.suspended) {
-                Poco::File  FormFile{ Daemon()->AssetDir() + "/signup_verification_error.html"};
+                Poco::File  FormFile{ Daemon()->AssetDir() + "/sub_signup_verification_error.html"};
                Types::StringPairVec    FormVars{ {"UUID", Id},
                                                  {"ERROR_TEXT", "Please contact our system administrators. We have identified an error in your account that must be resolved first."}};
                return SendHTMLFileBack(FormFile,FormVars);
@@ -178,7 +188,7 @@ namespace OpenWifi {

            bool GoodPassword = AuthService()->SetSubPassword(Password1,UInfo);
            if(!GoodPassword) {
-                Poco::File  FormFile{ Daemon()->AssetDir() + "/signup_verification_error.html"};
+                Poco::File  FormFile{ Daemon()->AssetDir() + "/sub_signup_verification_error.html"};
                Types::StringPairVec    FormVars{ {"UUID", Id},
                                                  {"ERROR_TEXT", "You cannot reuse one of your recent passwords."}};
                return SendHTMLFileBack(FormFile,FormVars);
@@ -192,17 +202,18 @@ namespace OpenWifi {

            StorageService()->SubDB().UpdateUserInfo(UInfo.email,Link.userId,UInfo);

-            Poco::File  FormFile{ Daemon()->AssetDir() + "/signup_verification_success.html"};
+            Poco::File  FormFile{ Daemon()->AssetDir() + "/sub_signup_verification_success.html"};
            Types::StringPairVec    FormVars{ {"UUID", Id},
                                              {"USERNAME", UInfo.email} };
            StorageService()->ActionLinksDB().CompleteAction(Id);

            //  Send the update to the provisioning service
            Poco::JSON::Object  Body;
-            Body.set("signupUUID", UInfo.signingUp);
+            auto RawSignup = Poco::StringTokenizer(UInfo.signingUp,":");
+            Body.set("signupUUID", RawSignup.count()==1 ? UInfo.signingUp : RawSignup[1]);
            OpenAPIRequestPut   ProvRequest(uSERVICE_PROVISIONING,"/api/v1/signup",
                                            {
-                                                {"signupUUID", UInfo.signingUp} ,
+                                                {"signupUUID", RawSignup.count()==1 ? UInfo.signingUp : RawSignup[1]} ,
                                                {"operation", "emailVerified"}
                                            },
                                            Body,30000);
@@ -238,7 +249,8 @@ namespace OpenWifi {
            return SendHTMLFileBack(FormFile, FormVars);
        }

-        Logger_.information(fmt::format("EMAIL-VERIFICATION(%s): For ID={}", Request->clientAddress().toString(), UInfo.email));
+        Logger_.information(fmt::format("EMAIL-VERIFICATION(%s): For ID={}", Request->clientAddress().toString(),
+                                        UInfo.email));
        UInfo.waitingForEmailCheck = false;
        UInfo.validated = true;
        UInfo.lastEmailCheck = OpenWifi::Now();
@@ -262,4 +274,16 @@ namespace OpenWifi {
        SendHTMLFileBack(FormFile, FormVars);
    }

+    void RESTAPI_action_links::CompleteEmailInvitation() {
+        /// TODO:
+    }
+
+    void RESTAPI_action_links::RequestSubResetPassword([[maybe_unused]] SecurityObjects::ActionLink &Link) {
+
+    }
+
+    void RESTAPI_action_links::DoSubEmailVerification([[maybe_unused]] SecurityObjects::ActionLink &Link) {
+
+    }
+
 }
--- a/src/RESTAPI/RESTAPI_action_links.h
+++ b/src/RESTAPI/RESTAPI_action_links.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_action_links : public RESTAPIHandler {
    public:
-        RESTAPI_action_links(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_action_links(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
             std::vector<std::string>{
                                        Poco::Net::HTTPRequest::HTTP_GET,
@@ -22,11 +22,14 @@ namespace OpenWifi {
                                        true, RateLimit{.Interval=1000,.MaxCalls=10}) {}
        static auto PathName() { return std::list<std::string>{"/api/v1/actionLink"}; };
        void RequestResetPassword(SecurityObjects::ActionLink &Link);
+        void RequestSubResetPassword(SecurityObjects::ActionLink &Link);
        void CompleteResetPassword();
        void CompleteSubVerification();
        void DoEmailVerification(SecurityObjects::ActionLink &Link);
+        void DoSubEmailVerification(SecurityObjects::ActionLink &Link);
        void DoReturnA404();
        void DoNewSubVerification(SecurityObjects::ActionLink &Link);
+        void CompleteEmailInvitation();

        void DoGet() final;
        void DoPost() final;
--- a/src/RESTAPI/RESTAPI_apiKey_handler.cpp
+++ b/src/RESTAPI/RESTAPI_apiKey_handler.cpp
@@ -0,0 +1,158 @@
+//
+// Created by stephane bourque on 2022-11-04.
+//
+
+#include "RESTAPI_apiKey_handler.h"
+#include "RESTAPI/RESTAPI_db_helpers.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_apiKey_handler::DoGet() {
+        std::string     user_uuid = GetBinding("uuid","");
+        if(user_uuid.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+        if(user_uuid!=UserInfo_.userinfo.id && UserInfo_.userinfo.userRole!=SecurityObjects::ROOT) {
+            return UnAuthorized(RESTAPI::Errors::ACCESS_DENIED);
+        }
+
+        SecurityObjects::ApiKeyEntryList    List;
+        if(DB_.GetRecords(0,500, List.apiKeys, fmt::format(" userUuid='{}' ", user_uuid))) {
+            for(auto &key:List.apiKeys) {
+                Sanitize(UserInfo_, key);
+            }
+            Poco::JSON::Object  Answer;
+            List.to_json(Answer);
+            return ReturnObject(Answer);
+        }
+        return NotFound();
+    }
+
+    void RESTAPI_apiKey_handler::DoDelete() {
+        std::string     user_uuid = GetBinding("uuid","");
+        if(user_uuid.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(user_uuid!=UserInfo_.userinfo.id && UserInfo_.userinfo.userRole!=SecurityObjects::ROOT) {
+            return UnAuthorized(RESTAPI::Errors::ACCESS_DENIED);
+        }
+
+        if(user_uuid!=UserInfo_.userinfo.id) {
+            if(!StorageService()->UserDB().Exists("id",user_uuid)) {
+                return NotFound();
+            }
+        }
+
+        std::string ApiKeyId= GetParameter("keyUuid","");
+        if(ApiKeyId.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        SecurityObjects::ApiKeyEntry    ApiKey;
+        if(StorageService()->ApiKeyDB().GetRecord("id",ApiKeyId,ApiKey)) {
+            if(ApiKey.userUuid==user_uuid) {
+                AuthService()->RemoveTokenSystemWide(ApiKey.apiKey);
+                DB_.DeleteRecord("id", ApiKeyId);
+                return OK();
+            }
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+        return NotFound();
+    }
+
+    void RESTAPI_apiKey_handler::DoPost() {
+        std::string     user_uuid = GetBinding("uuid","");
+
+        if(user_uuid.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(user_uuid!=UserInfo_.userinfo.id && UserInfo_.userinfo.userRole!=SecurityObjects::ROOT) {
+            return UnAuthorized(RESTAPI::Errors::ACCESS_DENIED);
+        }
+
+        if(user_uuid!=UserInfo_.userinfo.id) {
+            //  Must verify if the user exists
+            if(!StorageService()->UserDB().Exists("id",user_uuid)) {
+                return BadRequest(RESTAPI::Errors::UserMustExist);
+            }
+        }
+
+        SecurityObjects::ApiKeyEntry    NewKey;
+        if(!NewKey.from_json(ParsedBody_)) {
+            return BadRequest(RESTAPI::Errors::InvalidJSONDocument);
+        }
+        NewKey.lastUse = 0 ;
+
+        if(!Utils::IsAlphaNumeric(NewKey.name) || NewKey.name.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        Poco::toLowerInPlace(NewKey.name);
+        NewKey.userUuid = user_uuid;
+        if(NewKey.expiresOn < Utils::Now()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        //  does a key of that name already exit for this user?
+        SecurityObjects::ApiKeyEntryList    ExistingList;
+        if(DB_.GetRecords(0,500, ExistingList.apiKeys, fmt::format(" userUuid='{}' ", user_uuid))) {
+            if(std::find_if(ExistingList.apiKeys.begin(),ExistingList.apiKeys.end(), [NewKey](const SecurityObjects::ApiKeyEntry &E) -> bool {
+                return E.name==NewKey.name;
+            })!=ExistingList.apiKeys.end()) {
+                return BadRequest(RESTAPI::Errors::ApiKeyNameAlreadyExists);
+            }
+        }
+
+        if(ExistingList.apiKeys.size()>=10) {
+            return BadRequest(RESTAPI::Errors::TooManyApiKeys);
+        }
+
+        NewKey.id = MicroServiceCreateUUID();
+        NewKey.userUuid = user_uuid;
+        NewKey.salt = std::to_string(Utils::Now());
+        NewKey.apiKey = Utils::ComputeHash(NewKey.salt, UserInfo_.userinfo.id, UserInfo_.webtoken.access_token_ );
+        NewKey.created = Utils::Now();
+
+        if(DB_.CreateRecord(NewKey)) {
+            Poco::JSON::Object  Answer;
+            NewKey.to_json(Answer);
+            return ReturnObject(Answer);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_apiKey_handler::DoPut() {
+        std::string     user_uuid = GetBinding("uuid","");
+        if(user_uuid.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+        if(user_uuid!=UserInfo_.userinfo.id && UserInfo_.userinfo.userRole!=SecurityObjects::ROOT) {
+            return UnAuthorized(RESTAPI::Errors::ACCESS_DENIED);
+        }
+        SecurityObjects::ApiKeyEntry    NewKey;
+        if(!NewKey.from_json(ParsedBody_)) {
+            return BadRequest(RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        SecurityObjects::ApiKeyEntry    ExistingKey;
+        if(!DB_.GetRecord("id",NewKey.id,ExistingKey)) {
+            return BadRequest(RESTAPI::Errors::ApiKeyDoesNotExist);
+        }
+
+        if(ExistingKey.userUuid!=user_uuid) {
+            return BadRequest(RESTAPI::Errors::MissingUserID);
+        }
+
+        AssignIfPresent(ParsedBody_,"description",ExistingKey.description);
+
+        if(DB_.UpdateRecord("id",ExistingKey.id,ExistingKey)) {
+            Poco::JSON::Object  Answer;
+            ExistingKey.to_json(Answer);
+            return ReturnObject(Answer);
+        }
+        BadRequest(RESTAPI::Errors::RecordNotUpdated);
+    }
+
+}
--- a/src/RESTAPI/RESTAPI_apiKey_handler.h
+++ b/src/RESTAPI/RESTAPI_apiKey_handler.h
@@ -0,0 +1,34 @@
+//
+// Created by stephane bourque on 2022-11-04.
+//
+
+#pragma once
+
+#include "framework/RESTAPI_Handler.h"
+#include "StorageService.h"
+namespace OpenWifi {
+    class RESTAPI_apiKey_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_apiKey_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{
+                                         Poco::Net::HTTPRequest::HTTP_GET,
+                                         Poco::Net::HTTPRequest::HTTP_PUT,
+                                         Poco::Net::HTTPRequest::HTTP_POST,
+                                         Poco::Net::HTTPRequest::HTTP_DELETE,
+                                         Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server,
+                                 TransactionId,
+                                 Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/apiKey/{uuid}"}; };
+    private:
+        ApiKeyDB     &DB_=StorageService()->ApiKeyDB();
+
+        void DoGet() final;
+        void DoPut() final;
+        void DoPost() final;
+        void DoDelete() final;
+
+    };
+}
+
--- a/src/RESTAPI/RESTAPI_asset_server.h
+++ b/src/RESTAPI/RESTAPI_asset_server.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "../framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_asset_server : public RESTAPIHandler {
    public:
-        RESTAPI_asset_server(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_asset_server(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
                                 std::vector<std::string>
                                         {Poco::Net::HTTPRequest::HTTP_POST,
--- a/src/RESTAPI/RESTAPI_avatar_handler.cpp
+++ b/src/RESTAPI/RESTAPI_avatar_handler.cpp
@@ -8,7 +8,8 @@
 #include "RESTAPI_avatar_handler.h"
 #include "StorageService.h"
 #include "Poco/Net/HTMLForm.h"
-#include "framework/MicroService.h"
+#include "Poco/CountingStream.h"
+#include "framework/MicroServiceFuncs.h"

 namespace OpenWifi {

@@ -34,7 +35,7 @@ namespace OpenWifi {
        Poco::Net::HTMLForm form(*Request, Request->stream(), partHandler);
        Poco::JSON::Object Answer;

-        if (!partHandler.Name().empty() && partHandler.Length()< MicroService::instance().ConfigGetInt("openwifi.avatar.maxsize",2000000)) {
+        if (!partHandler.Name().empty() && partHandler.Length()< MicroServiceConfigGetInt("openwifi.avatar.maxsize",2000000)) {
            Answer.set(RESTAPI::Protocol::AVATARID, Id);
            Answer.set(RESTAPI::Protocol::ERRORCODE, 0);
            Logger_.information(fmt::format("Uploaded avatar: {} Type: {}", partHandler.Name(), partHandler.ContentType()));
--- a/src/RESTAPI/RESTAPI_avatar_handler.h
+++ b/src/RESTAPI/RESTAPI_avatar_handler.h
@@ -3,7 +3,8 @@
 //
 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"
+#include "Poco/Net/PartHandler.h"

 namespace OpenWifi {

@@ -32,7 +33,7 @@ namespace OpenWifi {

    class RESTAPI_avatar_handler : public RESTAPIHandler {
    public:
-        RESTAPI_avatar_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_avatar_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
                                 std::vector<std::string>{
                                         Poco::Net::HTTPRequest::HTTP_GET,
@@ -48,6 +49,5 @@ namespace OpenWifi {
        void DoPost() final;
        void DoDelete() final;
        void DoPut() final {};
-
    };
 }
--- a/src/RESTAPI/RESTAPI_db_helpers.h
+++ b/src/RESTAPI/RESTAPI_db_helpers.h
@@ -14,4 +14,7 @@ namespace OpenWifi {
        U.oauthType.clear();
    }

+    inline void Sanitize([[maybe_unused]] const SecurityObjects::UserInfoAndPolicy &User, SecurityObjects::ApiKeyEntry & U) {
+        U.salt.clear();
+    }
 }
--- a/src/RESTAPI/RESTAPI_email_handler.cpp
+++ b/src/RESTAPI/RESTAPI_email_handler.cpp
@@ -3,14 +3,10 @@
 //

 #include "RESTAPI_email_handler.h"
-
-
-#include "Poco/Exception.h"
 #include "Poco/JSON/Parser.h"

 #include "SMTPMailerService.h"
 #include "framework/ow_constants.h"
-#include "framework/MicroService.h"

 namespace OpenWifi {
    void RESTAPI_email_handler::DoPost() {
@@ -28,7 +24,7 @@ namespace OpenWifi {
            Attrs[SUBJECT] = Obj->get("subject").toString();
            Attrs[TEXT] = Obj->get("text").toString();
            Attrs[SENDER] = Obj->get("from").toString();
-            if(SMTPMailerService()->SendMessage(Recipient, "password_reset.txt", Attrs)) {
+            if(SMTPMailerService()->SendMessage(Recipient, "password_reset.txt", Attrs, false)) {
                return OK();
            }
            return ReturnStatus(Poco::Net::HTTPResponse::HTTP_SERVICE_UNAVAILABLE);
--- a/src/RESTAPI/RESTAPI_email_handler.h
+++ b/src/RESTAPI/RESTAPI_email_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_email_handler : public RESTAPIHandler {
    public:
-        RESTAPI_email_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_email_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
        : RESTAPIHandler(bindings, L,
                         std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_POST,
                                                  Poco::Net::HTTPRequest::HTTP_OPTIONS},
--- a/src/RESTAPI/RESTAPI_oauth2_handler.cpp
+++ b/src/RESTAPI/RESTAPI_oauth2_handler.cpp
@@ -12,10 +12,11 @@
 #include "RESTAPI_oauth2_handler.h"
 #include "MFAServer.h"
 #include "framework/ow_constants.h"
-#include "framework/MicroService.h"
 #include "StorageService.h"
 #include "RESTAPI_db_helpers.h"

+#include "framework/MicroServiceFuncs.h"
+
 namespace OpenWifi {

    void RESTAPI_oauth2_handler::DoGet() {
@@ -99,7 +100,7 @@ namespace OpenWifi {
                SecurityObjects::ActionLink NewLink;

                NewLink.action = OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD;
-                NewLink.id = MicroService::CreateUUID();
+                NewLink.id = MicroServiceCreateUUID();
                NewLink.userId = UInfo1.id;
                NewLink.created = OpenWifi::Now();
                NewLink.expires = NewLink.created + (24*60*60);
--- a/src/RESTAPI/RESTAPI_oauth2_handler.h
+++ b/src/RESTAPI/RESTAPI_oauth2_handler.h
@@ -7,12 +7,12 @@
 //

 #pragma once
-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
 	class RESTAPI_oauth2_handler : public RESTAPIHandler {
 	  public:
-	    RESTAPI_oauth2_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+	    RESTAPI_oauth2_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
 			: RESTAPIHandler(bindings, L,
 							 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_POST,
 													  Poco::Net::HTTPRequest::HTTP_DELETE,
--- a/src/RESTAPI/RESTAPI_preferences.h
+++ b/src/RESTAPI/RESTAPI_preferences.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_preferences : public RESTAPIHandler {
    public:
-        RESTAPI_preferences(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_preferences(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
        : RESTAPIHandler(bindings, L,
                         std::vector<std::string>{
            Poco::Net::HTTPRequest::HTTP_GET,
--- a/src/RESTAPI/RESTAPI_routers.cpp
+++ b/src/RESTAPI/RESTAPI_routers.cpp
@@ -2,8 +2,6 @@
 // Created by stephane bourque on 2021-10-23.
 //

-#include "framework/MicroService.h"
-
 #include "RESTAPI/RESTAPI_oauth2_handler.h"
 #include "RESTAPI/RESTAPI_user_handler.h"
 #include "RESTAPI/RESTAPI_users_handler.h"
@@ -25,11 +23,17 @@
 #include "RESTAPI/RESTAPI_totp_handler.h"
 #include "RESTAPI/RESTAPI_subtotp_handler.h"
 #include "RESTAPI/RESTAPI_signup_handler.h"
+#include "RESTAPI/RESTAPI_apiKey_handler.h"
+#include "RESTAPI/RESTAPI_validate_apikey.h"
+
+#include "framework/RESTAPI_SystemCommand.h"
+#include "framework/RESTAPI_WebSocketServer.h"

 namespace OpenWifi {

    Poco::Net::HTTPRequestHandler * RESTAPI_ExtRouter(const std::string &Path, RESTAPIHandler::BindingMap &Bindings,
-                                                            Poco::Logger & L, RESTAPI_GenericServer & S, uint64_t TransactionId) {
+                                                            Poco::Logger & L, RESTAPI_GenericServerAccounting & S,
+                                                            uint64_t TransactionId) {
        return RESTAPI_Router<
            RESTAPI_oauth2_handler,
            RESTAPI_user_handler,
@@ -52,12 +56,15 @@ namespace OpenWifi {
            RESTAPI_subtotp_handler,
            RESTAPI_signup_handler,
            RESTAPI_validate_sub_token_handler,
-            RESTAPI_validate_token_handler
+            RESTAPI_validate_token_handler,
+            RESTAPI_validate_apikey,
+            RESTAPI_webSocketServer,
+            RESTAPI_apiKey_handler
        >(Path, Bindings, L, S,TransactionId);
    }

    Poco::Net::HTTPRequestHandler * RESTAPI_IntRouter(const std::string &Path, RESTAPIHandler::BindingMap &Bindings,
-                                                            Poco::Logger & L, RESTAPI_GenericServer & S, uint64_t TransactionId) {
+                                                            Poco::Logger & L, RESTAPI_GenericServerAccounting & S, uint64_t TransactionId) {

        return RESTAPI_Router_I<
            RESTAPI_oauth2_handler,
@@ -81,6 +88,7 @@ namespace OpenWifi {
            RESTAPI_subtotp_handler,
            RESTAPI_validate_sub_token_handler,
            RESTAPI_validate_token_handler,
+            RESTAPI_validate_apikey,
            RESTAPI_signup_handler
        >(Path, Bindings, L, S, TransactionId);
    }
--- a/src/RESTAPI/RESTAPI_signup_handler.cpp
+++ b/src/RESTAPI/RESTAPI_signup_handler.cpp
@@ -5,6 +5,7 @@
 #include "RESTAPI_signup_handler.h"
 #include "StorageService.h"
 #include "RESTObjects/RESTAPI_SecurityObjects.h"
+#include "framework/MicroServiceFuncs.h"

 #define __DBG__ std::cout << __LINE__ << std::endl;
 namespace OpenWifi {
@@ -13,8 +14,9 @@ namespace OpenWifi {
        auto UserName = GetParameter("email");
        auto signupUUID = GetParameter("signupUUID");
        auto owner = GetParameter("owner");
-        if(UserName.empty() || signupUUID.empty() || owner.empty()) {
-            Logger().error("Signup requires: email, signupUUID, and owner.");
+        auto operatorName = GetParameter("operatorName");
+        if(UserName.empty() || signupUUID.empty() || owner.empty() || operatorName.empty()) {
+            Logger().error("Signup requires: email, signupUUID, operatorName, and owner.");
            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
        }

@@ -37,12 +39,12 @@ namespace OpenWifi {
        }

        SecurityObjects::UserInfo   NewSub;
-        NewSub.signingUp = signupUUID;
+        NewSub.signingUp = operatorName + ":" + signupUUID;
        NewSub.waitingForEmailCheck = true;
        NewSub.name = UserName;
        NewSub.modified = OpenWifi::Now();
        NewSub.creationDate = OpenWifi::Now();
-        NewSub.id = MicroService::instance().CreateUUID();
+        NewSub.id = MicroServiceCreateUUID();
        NewSub.email = UserName;
        NewSub.userRole = SecurityObjects::SUBSCRIBER;
        NewSub.changePassword = true;
@@ -54,7 +56,7 @@ namespace OpenWifi {
        SecurityObjects::ActionLink NewLink;

        NewLink.action = OpenWifi::SecurityObjects::LinkActions::SUB_SIGNUP;
-        NewLink.id = MicroService::CreateUUID();
+        NewLink.id = MicroServiceCreateUUID();
        NewLink.userId = NewSub.id;
        NewLink.created = OpenWifi::Now();
        NewLink.expires = NewLink.created + (1*60*60);  // 1 hour
--- a/src/RESTAPI/RESTAPI_signup_handler.h
+++ b/src/RESTAPI/RESTAPI_signup_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_signup_handler : public RESTAPIHandler {
    public:
-        RESTAPI_signup_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer & Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_signup_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting & Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
                                 std::vector<std::string>{
                                         Poco::Net::HTTPRequest::HTTP_POST,
--- a/src/RESTAPI/RESTAPI_sms_handler.cpp
+++ b/src/RESTAPI/RESTAPI_sms_handler.cpp
@@ -5,13 +5,16 @@
 #include "RESTAPI_sms_handler.h"
 #include "SMSSender.h"
 #include "framework/ow_constants.h"
-#include "framework/MicroService.h"

 namespace OpenWifi {

    void OpenWifi::RESTAPI_sms_handler::DoPost() {
        const auto &Obj = ParsedBody_;

+        if(!SMSSender()->Enabled()) {
+            return BadRequest(RESTAPI::Errors::SMSMFANotEnabled);
+        }
+
        std::string Arg;
        if(HasParameter("validateNumber",Arg) && Arg=="true" && Obj->has("to")) {
            auto Number = Obj->get("to").toString();
--- a/src/RESTAPI/RESTAPI_sms_handler.h
+++ b/src/RESTAPI/RESTAPI_sms_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_sms_handler : public RESTAPIHandler {
    public:
-        RESTAPI_sms_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_sms_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
        : RESTAPIHandler(bindings, L,
                         std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_POST,
                                                  Poco::Net::HTTPRequest::HTTP_OPTIONS},
--- a/src/RESTAPI/RESTAPI_subavatar_handler.cpp
+++ b/src/RESTAPI/RESTAPI_subavatar_handler.cpp
@@ -8,7 +8,8 @@
 #include "RESTAPI_subavatar_handler.h"
 #include "StorageService.h"
 #include "Poco/Net/HTMLForm.h"
-#include "framework/MicroService.h"
+#include "Poco/CountingStream.h"
+#include "framework/MicroServiceFuncs.h"

 namespace OpenWifi {

@@ -34,7 +35,7 @@ namespace OpenWifi {
        Poco::Net::HTMLForm form(*Request, Request->stream(), partHandler);
        Poco::JSON::Object Answer;

-        if (!partHandler.Name().empty() && partHandler.Length()< MicroService::instance().ConfigGetInt("openwifi.avatar.maxsize",2000000)) {
+        if (!partHandler.Name().empty() && partHandler.Length()< MicroServiceConfigGetInt("openwifi.avatar.maxsize",2000000)) {
            Answer.set(RESTAPI::Protocol::AVATARID, Id);
            Answer.set(RESTAPI::Protocol::ERRORCODE, 0);
            Logger_.information(fmt::format("Uploaded avatar: {} Type: {}", partHandler.Name(), partHandler.ContentType()));
--- a/src/RESTAPI/RESTAPI_subavatar_handler.h
+++ b/src/RESTAPI/RESTAPI_subavatar_handler.h
@@ -3,7 +3,8 @@
 //
 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"
+#include "Poco/Net/PartHandler.h"

 namespace OpenWifi {

@@ -32,7 +33,7 @@ namespace OpenWifi {

    class RESTAPI_subavatar_handler : public RESTAPIHandler {
    public:
-        RESTAPI_subavatar_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_subavatar_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
                                 std::vector<std::string>{
                                         Poco::Net::HTTPRequest::HTTP_GET,
--- a/src/RESTAPI/RESTAPI_submfa_handler.cpp
+++ b/src/RESTAPI/RESTAPI_submfa_handler.cpp
@@ -5,6 +5,7 @@
 #include "RESTAPI_submfa_handler.h"
 #include "StorageService.h"
 #include "SMSSender.h"
+#include "framework/MicroServiceFuncs.h"

 namespace OpenWifi {

@@ -64,7 +65,7 @@ namespace OpenWifi {
                MFC.sms = MFC.sms;
                MFC.type = "email";
                MFC.email = UserInfo_.userinfo.email;
-                MFC.id = MicroService::instance().CreateUUID();
+                MFC.id = MicroServiceCreateUUID();

                Poco::JSON::Object Answer;
                MFC.to_json(Answer);
@@ -76,12 +77,21 @@ namespace OpenWifi {
                        return BadRequest(RESTAPI::Errors::SMSMissingPhoneNumber);
                    }

+                    if(!SMSSender()->Enabled()) {
+                        return BadRequest(RESTAPI::Errors::SMSMFANotEnabled);
+                    }
+
                    if (SMSSender()->StartValidation(MFC.sms, UserInfo_.userinfo.email)) {
                        return OK();
                    } else {
                        return InternalError(RESTAPI::Errors::SMSTryLater);
                    }
                } else if (GetBoolParameter("completeValidation", false)) {
+
+                    if(!SMSSender()->Enabled()) {
+                        return BadRequest(RESTAPI::Errors::SMSMFANotEnabled);
+                    }
+
                    auto ChallengeCode = GetParameter("challengeCode", "");
                    if (ChallengeCode.empty()) {
                        return BadRequest(RESTAPI::Errors::SMSMissingChallenge);
@@ -107,7 +117,7 @@ namespace OpenWifi {
                        MFC.sms = MFC.sms;
                        MFC.type = "sms";
                        MFC.email = UserInfo_.userinfo.email;
-                        MFC.id = MicroService::instance().CreateUUID();
+                        MFC.id = MicroServiceCreateUUID();

                        Poco::JSON::Object Answer;
                        MFC.to_json(Answer);
--- a/src/RESTAPI/RESTAPI_submfa_handler.h
+++ b/src/RESTAPI/RESTAPI_submfa_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_submfa_handler : public RESTAPIHandler {
    public:
-        RESTAPI_submfa_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_submfa_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
        : RESTAPIHandler(bindings, L,
                         std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_PUT,
                                                  Poco::Net::HTTPRequest::HTTP_GET,
--- a/src/RESTAPI/RESTAPI_suboauth2_handler.cpp
+++ b/src/RESTAPI/RESTAPI_suboauth2_handler.cpp
@@ -5,7 +5,6 @@
 #include "RESTAPI_suboauth2_handler.h"
 #include "AuthService.h"
 #include "MFAServer.h"
-#include "framework/MicroService.h"
 #include "StorageService.h"
 #include "RESTAPI/RESTAPI_db_helpers.h"

@@ -87,7 +86,7 @@ namespace OpenWifi {
                SecurityObjects::ActionLink NewLink;

                NewLink.action = OpenWifi::SecurityObjects::LinkActions::SUB_FORGOT_PASSWORD;
-                NewLink.id = MicroService::CreateUUID();
+                NewLink.id = MicroServiceCreateUUID();
                NewLink.userId = UInfo1.id;
                NewLink.created = OpenWifi::Now();
                NewLink.expires = NewLink.created + (24*60*60);
--- a/src/RESTAPI/RESTAPI_suboauth2_handler.h
+++ b/src/RESTAPI/RESTAPI_suboauth2_handler.h
@@ -3,12 +3,12 @@
 //

 #pragma once
-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_suboauth2_handler : public RESTAPIHandler {
    public:
-        RESTAPI_suboauth2_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_suboauth2_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
        : RESTAPIHandler(bindings, L,
                         std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_POST,
                                                  Poco::Net::HTTPRequest::HTTP_DELETE,
--- a/src/RESTAPI/RESTAPI_subpreferences.h
+++ b/src/RESTAPI/RESTAPI_subpreferences.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_subpreferences : public RESTAPIHandler {
    public:
-        RESTAPI_subpreferences(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_subpreferences(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
        : RESTAPIHandler(bindings, L,
                         std::vector<std::string>{
            Poco::Net::HTTPRequest::HTTP_GET,
--- a/src/RESTAPI/RESTAPI_subtotp_handler.cpp
+++ b/src/RESTAPI/RESTAPI_subtotp_handler.cpp
@@ -5,6 +5,7 @@
 #include "RESTAPI_subtotp_handler.h"

 #include "TotpCache.h"
+#include "framework/MicroServiceFuncs.h"

 namespace OpenWifi {

--- a/src/RESTAPI/RESTAPI_subtotp_handler.h
+++ b/src/RESTAPI/RESTAPI_subtotp_handler.h
@@ -2,12 +2,12 @@
 // Created by stephane bourque on 2022-01-31.
 //

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_subtotp_handler : public RESTAPIHandler {
    public:
-        RESTAPI_subtotp_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_subtotp_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
                                 std::vector<std::string>
                                         {
--- a/src/RESTAPI/RESTAPI_subuser_handler.cpp
+++ b/src/RESTAPI/RESTAPI_subuser_handler.cpp
@@ -13,6 +13,8 @@
 #include "MFAServer.h"
 #include "TotpCache.h"

+#include "framework/MicroServiceFuncs.h"
+
 namespace OpenWifi {

    void RESTAPI_subuser_handler::DoGet() {
@@ -183,7 +185,7 @@ namespace OpenWifi {

            SecurityObjects::ActionLink NewLink;
            NewLink.action = OpenWifi::SecurityObjects::LinkActions::SUB_FORGOT_PASSWORD;
-            NewLink.id = MicroService::CreateUUID();
+            NewLink.id = MicroServiceCreateUUID();
            NewLink.userId = Existing.id;
            NewLink.created = OpenWifi::Now();
            NewLink.expires = NewLink.created + (24*60*60);
--- a/src/RESTAPI/RESTAPI_subuser_handler.h
+++ b/src/RESTAPI/RESTAPI_subuser_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_subuser_handler : public RESTAPIHandler {
    public:
-        RESTAPI_subuser_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_subuser_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
        : RESTAPIHandler(bindings, L,
                         std::vector<std::string>
                         {Poco::Net::HTTPRequest::HTTP_POST,
--- a/src/RESTAPI/RESTAPI_subusers_handler.cpp
+++ b/src/RESTAPI/RESTAPI_subusers_handler.cpp
@@ -4,7 +4,6 @@

 #include "RESTAPI_subusers_handler.h"
 #include "StorageService.h"
-#include "framework/MicroService.h"
 #include "RESTAPI/RESTAPI_db_helpers.h"

 namespace OpenWifi {
--- a/src/RESTAPI/RESTAPI_subusers_handler.h
+++ b/src/RESTAPI/RESTAPI_subusers_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_subusers_handler : public RESTAPIHandler {
    public:
-        RESTAPI_subusers_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_subusers_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
        : RESTAPIHandler(bindings, L,
                         std::vector<std::string>
                         {Poco::Net::HTTPRequest::HTTP_GET,
--- a/src/RESTAPI/RESTAPI_system_endpoints_handler.cpp
+++ b/src/RESTAPI/RESTAPI_system_endpoints_handler.cpp
@@ -4,11 +4,12 @@

 #include "RESTAPI_system_endpoints_handler.h"
 #include "RESTObjects/RESTAPI_SecurityObjects.h"
+#include "framework/MicroServiceFuncs.h"

 namespace OpenWifi {

    void RESTAPI_system_endpoints_handler::DoGet() {
-        auto Services = MicroService::instance().GetServices();
+        auto Services = MicroServiceGetServices();
        SecurityObjects::SystemEndpointList L;
        for(const auto &i:Services) {
            SecurityObjects::SystemEndpoint S{
--- a/src/RESTAPI/RESTAPI_system_endpoints_handler.h
+++ b/src/RESTAPI/RESTAPI_system_endpoints_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "../framework/MicroService.h"
+#include "../framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_system_endpoints_handler : public RESTAPIHandler {
    public:
-        RESTAPI_system_endpoints_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_system_endpoints_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
--- a/src/RESTAPI/RESTAPI_totp_handler.h
+++ b/src/RESTAPI/RESTAPI_totp_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_totp_handler : public RESTAPIHandler {
    public:
-        RESTAPI_totp_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_totp_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
                                 std::vector<std::string>
                                         {
--- a/src/RESTAPI/RESTAPI_user_handler.cpp
+++ b/src/RESTAPI/RESTAPI_user_handler.cpp
@@ -12,6 +12,7 @@
 #include "RESTAPI/RESTAPI_db_helpers.h"
 #include "MFAServer.h"
 #include "TotpCache.h"
+#include "framework/MicroServiceFuncs.h"

 namespace OpenWifi {

@@ -65,6 +66,7 @@ namespace OpenWifi {
        StorageService()->AvatarDB().DeleteAvatar(UserInfo_.userinfo.email,Id);
        StorageService()->PreferencesDB().DeletePreferences(UserInfo_.userinfo.email,Id);
        StorageService()->UserTokenDB().RevokeAllTokens(Id);
+        StorageService()->ApiKeyDB().RemoveAllApiKeys(Id);
        Logger_.information(fmt::format("User '{}' deleted by '{}'.",Id,UserInfo_.userinfo.email));
        OK();
    }
@@ -191,7 +193,7 @@ namespace OpenWifi {
            SecurityObjects::ActionLink NewLink;

            NewLink.action = OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD;
-            NewLink.id = MicroService::CreateUUID();
+            NewLink.id = MicroServiceCreateUUID();
            NewLink.userId = Existing.id;
            NewLink.created = OpenWifi::Now();
            NewLink.expires = NewLink.created + (24*60*60);
--- a/src/RESTAPI/RESTAPI_user_handler.h
+++ b/src/RESTAPI/RESTAPI_user_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_user_handler : public RESTAPIHandler {
    public:
-        RESTAPI_user_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_user_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
                                 std::vector<std::string>
                                         {Poco::Net::HTTPRequest::HTTP_POST,
--- a/src/RESTAPI/RESTAPI_users_handler.cpp
+++ b/src/RESTAPI/RESTAPI_users_handler.cpp
@@ -4,7 +4,6 @@

 #include "RESTAPI_users_handler.h"
 #include "StorageService.h"
-#include "framework/MicroService.h"
 #include "RESTAPI/RESTAPI_db_helpers.h"

 namespace OpenWifi {
--- a/src/RESTAPI/RESTAPI_users_handler.h
+++ b/src/RESTAPI/RESTAPI_users_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_users_handler : public RESTAPIHandler {
    public:
-        RESTAPI_users_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_users_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
                                 std::vector<std::string>
                                 {Poco::Net::HTTPRequest::HTTP_GET,
--- a/src/RESTAPI/RESTAPI_validate_apikey.cpp
+++ b/src/RESTAPI/RESTAPI_validate_apikey.cpp
@@ -0,0 +1,31 @@
+//
+// Created by stephane bourque on 2022-11-07.
+//
+
+#include "RESTAPI_validate_apikey.h"
+#include "AuthService.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_validate_apikey::DoGet() {
+        Poco::URI URI(Request->getURI());
+        auto Parameters = URI.getQueryParameters();
+        for(auto const &i:Parameters) {
+            if (i.first == "apikey") {
+                //  can we find this token?
+                SecurityObjects::UserInfoAndPolicy SecObj;
+                bool Expired = false;
+                std::uint64_t expiresOn=0;
+                if (AuthService()->IsValidApiKey(i.second, SecObj.webtoken, SecObj.userinfo, Expired, expiresOn)) {
+                    Poco::JSON::Object Answer;
+                    SecObj.to_json(Answer);
+                    Answer.set("expiresOn", expiresOn);
+                    return ReturnObject(Answer);
+                }
+                return UnAuthorized(RESTAPI::Errors::ACCESS_DENIED);
+            }
+        }
+        return NotFound();
+    }
+
+} // OpenWifi
--- a/src/RESTAPI/RESTAPI_validate_apikey.h
+++ b/src/RESTAPI/RESTAPI_validate_apikey.h
@@ -0,0 +1,27 @@
+//
+// Created by stephane bourque on 2022-11-07.
+//
+
+#pragma once
+
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_validate_apikey : public RESTAPIHandler {
+    public:
+        RESTAPI_validate_apikey(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>
+                                         {Poco::Net::HTTPRequest::HTTP_GET,
+                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server,
+                                 TransactionId,
+                                 Internal) {};
+        static auto PathName() { return std::list<std::string>{"/api/v1/validateApiKey"}; };
+        void DoGet() final;
+        void DoPost() final {};
+        void DoDelete() final {};
+        void DoPut() final {};
+    };
+}
+
--- a/src/RESTAPI/RESTAPI_validate_sub_token_handler.h
+++ b/src/RESTAPI/RESTAPI_validate_sub_token_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_validate_sub_token_handler : public RESTAPIHandler {
    public:
-        RESTAPI_validate_sub_token_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_validate_sub_token_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
        : RESTAPIHandler(bindings, L,
                         std::vector<std::string>
                         {Poco::Net::HTTPRequest::HTTP_GET,
--- a/src/RESTAPI/RESTAPI_validate_token_handler.h
+++ b/src/RESTAPI/RESTAPI_validate_token_handler.h
@@ -4,12 +4,12 @@

 #pragma once

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_Handler.h"

 namespace OpenWifi {
    class RESTAPI_validate_token_handler : public RESTAPIHandler {
    public:
-        RESTAPI_validate_token_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, uint64_t TransactionId, bool Internal)
+        RESTAPI_validate_token_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId, bool Internal)
                : RESTAPIHandler(bindings, L,
                                 std::vector<std::string>
                                         {Poco::Net::HTTPRequest::HTTP_GET,
--- a/src/RESTObjects/RESTAPI_AnalyticsObjects.cpp
+++ b/src/RESTObjects/RESTAPI_AnalyticsObjects.cpp
@@ -4,7 +4,7 @@

 #include "RESTAPI_AnalyticsObjects.h"
 #include "RESTAPI_ProvObjects.h"
-#include "framework/MicroService.h"
+#include "framework/RESTAPI_utils.h"

 using OpenWifi::RESTAPI_utils::field_to_json;
 using OpenWifi::RESTAPI_utils::field_from_json;
--- a/src/RESTObjects/RESTAPI_AnalyticsObjects.h
+++ b/src/RESTObjects/RESTAPI_AnalyticsObjects.h
@@ -5,6 +5,7 @@
 #pragma once

 #include "RESTAPI_ProvObjects.h"
+#include "framework/utils.h"
 #include <vector>

 namespace OpenWifi {
@@ -375,7 +376,7 @@ namespace OpenWifi {
        };

        struct WifiClientHistory {
-            uint64_t        timestamp=OpenWifi::Now();
+            uint64_t        timestamp=Utils::Now();
            std::string     station_id;
            std::string     bssid;
            std::string     ssid;
--- a/src/RESTObjects/RESTAPI_CertObjects.cpp
+++ b/src/RESTObjects/RESTAPI_CertObjects.cpp
@@ -3,7 +3,7 @@
 //

 #include "RESTAPI_CertObjects.h"
-#include "framework/MicroService.h"
+#include "framework/RESTAPI_utils.h"

 using OpenWifi::RESTAPI_utils::field_to_json;
 using OpenWifi::RESTAPI_utils::field_from_json;
@@ -154,6 +154,7 @@ namespace OpenWifi::CertObjects {
        field_to_json(Obj,"submitted", submitted);
        field_to_json(Obj,"started", started);
        field_to_json(Obj,"completed", completed);
+        field_to_json(Obj,"requesterUsername", requesterUsername);
    }

    bool JobEntry::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -171,6 +172,7 @@ namespace OpenWifi::CertObjects {
            field_from_json(Obj,"submitted", submitted);
            field_from_json(Obj,"started", started);
            field_from_json(Obj,"completed", completed);
+            field_from_json(Obj,"requesterUsername", requesterUsername);
            return true;
        } catch (...) {
        }
--- a/src/RESTObjects/RESTAPI_CertObjects.h
+++ b/src/RESTObjects/RESTAPI_CertObjects.h
@@ -91,6 +91,7 @@ namespace OpenWifi::CertObjects {
        uint64_t                        submitted=0;
        uint64_t                        started=0;
        uint64_t                        completed=0;
+        std::string                     requesterUsername;

        void to_json(Poco::JSON::Object &Obj) const;
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
--- a/src/RESTObjects/RESTAPI_FMSObjects.cpp
+++ b/src/RESTObjects/RESTAPI_FMSObjects.cpp
@@ -3,7 +3,8 @@
 //

 #include "RESTAPI_FMSObjects.h"
-#include "framework/MicroService.h"
+#include "framework/RESTAPI_utils.h"
+#include "framework/utils.h"

 using OpenWifi::RESTAPI_utils::field_to_json;
 using OpenWifi::RESTAPI_utils::field_from_json;
@@ -233,7 +234,7 @@ namespace OpenWifi::FMSObjects {
        UnknownFirmwares_.clear();
        totalSecondsOld_.clear();
        numberOfDevices = 0 ;
-        snapshot = OpenWifi::Now();
+        snapshot = Utils::Now();
    }

    bool DeviceReport::from_json([[maybe_unused]] const Poco::JSON::Object::Ptr &Obj) {
--- a/src/RESTObjects/RESTAPI_GWobjects.cpp
+++ b/src/RESTObjects/RESTAPI_GWobjects.cpp
@@ -11,12 +11,13 @@

 #include "Daemon.h"
 #ifdef	TIP_GATEWAY_SERVICE
-#include "DeviceRegistry.h"
+#include "AP_WS_Server.h"
 #include "CapabilitiesCache.h"
 #endif

 #include "RESTAPI_GWobjects.h"
-#include "framework/MicroService.h"
+#include "framework/RESTAPI_utils.h"
+#include "framework/utils.h"

 using OpenWifi::RESTAPI_utils::field_to_json;
 using OpenWifi::RESTAPI_utils::field_from_json;
@@ -49,6 +50,8 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj,"entity", entity);
 		field_to_json(Obj,"modified", modified);
 		field_to_json(Obj,"locale", locale);
+		field_to_json(Obj,"restrictedDevice", restrictedDevice);
+
 	}

 	void Device::to_json_with_status(Poco::JSON::Object &Obj) const {
@@ -57,7 +60,7 @@ namespace OpenWifi::GWObjects {
 #ifdef TIP_GATEWAY_SERVICE
 		ConnectionState ConState;

-		if (DeviceRegistry()->GetState(SerialNumber, ConState)) {
+		if (AP_WS_Server()->GetState(SerialNumber, ConState)) {
 			ConState.to_json(Obj);
 		} else {
 			field_to_json(Obj,"ipAddress", "");
@@ -69,6 +72,7 @@ namespace OpenWifi::GWObjects {
 			field_to_json(Obj,"verifiedCertificate", "NO_CERTIFICATE");
 			field_to_json(Obj,"associations_2G", (uint64_t) 0);
 			field_to_json(Obj,"associations_5G", (uint64_t) 0);
+			field_to_json(Obj,"associations_6G", (uint64_t) 0);
 		}
 #endif
 	}
@@ -88,6 +92,7 @@ namespace OpenWifi::GWObjects {
 			field_from_json(Obj,"subscriber", subscriber);
 			field_from_json(Obj,"entity", entity);
 			field_from_json(Obj,"locale", locale);
+			field_from_json(Obj,"restrictedDevice", restrictedDevice);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}
@@ -198,11 +203,17 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj,"lastContact", LastContact);
 		field_to_json(Obj,"associations_2G", Associations_2G);
 		field_to_json(Obj,"associations_5G", Associations_5G);
+		field_to_json(Obj,"associations_6G", Associations_6G);
 		field_to_json(Obj,"webSocketClients", webSocketClients);
 		field_to_json(Obj,"websocketPackets", websocketPackets);
 		field_to_json(Obj,"kafkaClients", kafkaClients);
 		field_to_json(Obj,"kafkaPackets", kafkaPackets);
 		field_to_json(Obj,"locale", locale);
+		field_to_json(Obj,"started", started);
+		field_to_json(Obj,"sessionId", sessionId);
+		field_to_json(Obj,"connectionCompletionTime", connectionCompletionTime);
+		field_to_json(Obj,"totalConnectionTime", Utils::Now() - started);
+		field_to_json(Obj,"certificateExpiryDate", certificateExpiryDate);

 		switch(VerifiedCertificate) {
 			case NO_CERTIFICATE:
@@ -218,6 +229,23 @@ namespace OpenWifi::GWObjects {
 		}
 	}

+	void DeviceConnectionStatistics::to_json(Poco::JSON::Object &Obj) const {
+		field_to_json(Obj,"averageConnectionTime", averageConnectionTime);
+		field_to_json(Obj,"connectedDevices", connectedDevices );
+		field_to_json(Obj,"connectingDevices", connectingDevices );
+	}
+
+	bool DeviceConnectionStatistics::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj,"averageConnectionTime", averageConnectionTime);
+			field_from_json(Obj,"connectedDevices", connectedDevices );
+			field_from_json(Obj,"connectingDevices", connectingDevices );
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
 	void RttySessionDetails::to_json(Poco::JSON::Object &Obj) const {
 		field_to_json(Obj,"serialNumber", SerialNumber);
 		field_to_json(Obj,"server", Server);
@@ -264,7 +292,7 @@ namespace OpenWifi::GWObjects {
 		lastContact.clear();
 		associations.clear();
 		numberOfDevices = 0 ;
-		snapshot = OpenWifi::Now();
+		snapshot = Utils::Now();
 	}

 	void CapabilitiesModel::to_json(Poco::JSON::Object &Obj) const{
@@ -276,9 +304,12 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj,"serialNumber",serialNumber);
 		field_to_json(Obj,"timeout",timeout);
 		field_to_json(Obj,"type",type);
-		field_to_json(Obj,"script",script);
 		field_to_json(Obj,"scriptId",scriptId);
+		field_to_json(Obj,"script",script);
 		field_to_json(Obj,"when",when);
+		field_to_json(Obj,"signature", signature);
+		field_to_json(Obj,"deferred", deferred);
+		field_to_json(Obj,"uri", uri);
 	}

 	bool ScriptRequest::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -289,11 +320,13 @@ namespace OpenWifi::GWObjects {
 			field_from_json(Obj,"script",script);
 			field_from_json(Obj,"scriptId",scriptId);
 			field_from_json(Obj,"when",when);
+			field_from_json(Obj,"signature", signature);
+			field_from_json(Obj,"deferred", deferred);
+			field_from_json(Obj,"uri", uri);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}
 		return false;
-
 	}

 	void RadiusProxyPoolList::to_json(Poco::JSON::Object &Obj) const {
@@ -314,6 +347,8 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj,"description",description);
 		field_to_json(Obj,"authConfig",authConfig);
 		field_to_json(Obj,"acctConfig",acctConfig);
+		field_to_json(Obj,"coaConfig",coaConfig);
+		field_to_json(Obj,"useByDefault",useByDefault);
 	}

 	bool RadiusProxyPool::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -322,6 +357,8 @@ namespace OpenWifi::GWObjects {
 			field_from_json(Obj,"description",description);
 			field_from_json(Obj,"authConfig",authConfig);
 			field_from_json(Obj,"acctConfig",acctConfig);
+			field_from_json(Obj,"coaConfig",coaConfig);
+			field_from_json(Obj,"useByDefault",useByDefault);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}
@@ -329,7 +366,7 @@ namespace OpenWifi::GWObjects {
 	}

 	void RadiusProxyServerConfig::to_json(Poco::JSON::Object &Obj) const {
-		field_to_json(Obj,"policy",strategy);
+		field_to_json(Obj,"strategy",strategy);
 		field_to_json(Obj,"monitor",monitor);
 		field_to_json(Obj,"monitorMethod",monitorMethod);
 		field_to_json(Obj,"methodParameters",methodParameters);
@@ -338,7 +375,7 @@ namespace OpenWifi::GWObjects {

 	bool RadiusProxyServerConfig::from_json(const Poco::JSON::Object::Ptr &Obj) {
 		try {
-			field_from_json(Obj,"policy",strategy);
+			field_from_json(Obj,"strategy",strategy);
 			field_from_json(Obj,"monitor",monitor);
 			field_from_json(Obj,"monitorMethod",monitorMethod);
 			field_from_json(Obj,"methodParameters",methodParameters);
@@ -354,6 +391,16 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj,"ip",ip);
 		field_to_json(Obj,"port",port);
 		field_to_json(Obj,"weight",weight);
+		field_to_json(Obj,"secret",secret);
+		field_to_json(Obj,"certificate",certificate);
+		field_to_json(Obj,"radsec",radsec);
+		field_to_json(Obj,"radsecPort",radsecPort);
+		field_to_json(Obj,"radsecSecret",radsecSecret);
+		field_to_json(Obj,"radsecCacerts",radsecCacerts);
+		field_to_json(Obj,"radsecCert",radsecCert);
+		field_to_json(Obj,"radsecKey",radsecKey);
+		field_to_json(Obj,"radsecRealms",radsecRealms);
+		field_to_json(Obj,"ignore",ignore);
 	}

 	bool RadiusProxyServerEntry::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -362,10 +409,71 @@ namespace OpenWifi::GWObjects {
 			field_from_json(Obj,"ip",ip);
 			field_from_json(Obj,"port",port);
 			field_from_json(Obj,"weight",weight);
+			field_from_json(Obj,"secret",secret);
+			field_from_json(Obj,"certificate",certificate);
+			field_from_json(Obj,"radsec",radsec);
+			field_from_json(Obj,"radsecSecret",radsecSecret);
+			field_from_json(Obj,"radsecPort",radsecPort);
+			field_from_json(Obj,"radsecCacerts",radsecCacerts);
+			field_from_json(Obj,"radsecCert",radsecCert);
+			field_from_json(Obj,"radsecKey",radsecKey);
+			field_from_json(Obj,"radsecRealms",radsecRealms);
+			field_from_json(Obj,"ignore",ignore);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}
 		return false;
 	}
+
+	void ScriptEntry::to_json(Poco::JSON::Object &Obj) const {
+		field_to_json(Obj,"id", id);
+		field_to_json(Obj,"name", name);
+		field_to_json(Obj,"description", description);
+		field_to_json(Obj,"uri", uri);
+		field_to_json(Obj,"content", content);
+		field_to_json(Obj,"version", version);
+		field_to_json(Obj,"type", type);
+		field_to_json(Obj,"created", created);
+		field_to_json(Obj,"modified", modified);
+		field_to_json(Obj,"author", author);
+		field_to_json(Obj,"restricted", restricted);
+		field_to_json(Obj,"deferred", deferred);
+		field_to_json(Obj,"timeout", timeout);
+	}
+
+	bool ScriptEntry::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj,"id", id);
+			field_from_json(Obj,"name", name);
+			field_from_json(Obj,"description", description);
+			field_from_json(Obj,"uri", uri);
+			field_from_json(Obj,"content", content);
+			field_from_json(Obj,"version", version);
+			field_from_json(Obj,"type", type);
+			field_from_json(Obj,"created", created);
+			field_from_json(Obj,"modified", modified);
+			field_from_json(Obj,"author", author);
+			field_from_json(Obj,"restricted", restricted);
+			field_from_json(Obj,"deferred", deferred);
+			field_from_json(Obj,"timeout", timeout);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
+	void ScriptEntryList::to_json(Poco::JSON::Object &Obj) const {
+		field_to_json(Obj,"scripts",scripts);
+	}
+
+	bool ScriptEntryList::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj,"scripts",scripts);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
 }

--- a/src/RESTObjects/RESTAPI_GWobjects.h
+++ b/src/RESTObjects/RESTAPI_GWobjects.h
@@ -28,16 +28,22 @@ namespace OpenWifi::GWObjects {
 		uint64_t TX = 0, RX = 0;
 		uint64_t Associations_2G=0;
 		uint64_t Associations_5G=0;
+		uint64_t Associations_6G=0;
 		bool Connected = false;
 		uint64_t LastContact=0;
 		std::string Firmware;
 		CertificateValidation VerifiedCertificate = NO_CERTIFICATE;
-		std::string Compatible;
-		uint64_t 	kafkaClients=0;
-		uint64_t 	webSocketClients=0;
-		uint64_t 	kafkaPackets=0;
-		uint64_t 	websocketPackets=0;
-		std::string locale;
+		std::string 	Compatible;
+		uint64_t 		kafkaClients=0;
+		uint64_t 		webSocketClients=0;
+		uint64_t 		kafkaPackets=0;
+		uint64_t 		websocketPackets=0;
+		std::string 	locale;
+		uint64_t 		started=0;
+		uint64_t 		sessionId=0;
+		double      	connectionCompletionTime=0.0;
+		std::uint64_t	certificateExpiryDate=0;
+
 		void to_json(Poco::JSON::Object &Obj) const;
 	};

@@ -64,6 +70,7 @@ namespace OpenWifi::GWObjects {
 		std::string entity;
 		uint64_t 	modified=0;
 		std::string locale;
+		bool 		restrictedDevice=false;

 		void to_json(Poco::JSON::Object &Obj) const;
 		void to_json_with_status(Poco::JSON::Object &Obj) const;
@@ -71,6 +78,15 @@ namespace OpenWifi::GWObjects {
 		void Print() const;
 	};

+	struct DeviceConnectionStatistics {
+		std::uint64_t connectedDevices = 0;
+		std::uint64_t averageConnectionTime = 0;
+		std::uint64_t connectingDevices = 0;
+
+		void to_json(Poco::JSON::Object &Obj) const;
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+
 	struct Statistics {
 		std::string SerialNumber;
 		uint64_t 	UUID = 0 ;
@@ -200,13 +216,43 @@ namespace OpenWifi::GWObjects {
 		void to_json(Poco::JSON::Object &Obj) const;
 	};

+	struct ScriptEntry {
+		std::string 		id;
+		std::string 		name;
+		std::string 		description;
+		std::string 		uri;
+		std::string 		content;
+		std::string 		version;
+		std::string 		type;
+		std::uint64_t 		created;
+		std::uint64_t 		modified;
+		std::string 		author;
+		Types::StringVec 	restricted;
+		bool				deferred=false;
+		std::uint64_t 		timeout=30;
+
+		void to_json(Poco::JSON::Object &Obj) const;
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+
+	struct ScriptEntryList {
+		std::vector<ScriptEntry>	scripts;
+
+		void to_json(Poco::JSON::Object &Obj) const;
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+
 	struct ScriptRequest {
-		uint64_t 	timeout=30;
 		std::string serialNumber;
+		uint64_t 	timeout=30;
 		std::string type;
 		std::string script;
 		std::string scriptId;
-		uint64_t 	when=0;
+		std::uint64_t when;
+		std::string signature;
+		bool deferred;
+		std::string uri;
+
 		void to_json(Poco::JSON::Object &Obj) const;
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
 	};
@@ -216,6 +262,16 @@ namespace OpenWifi::GWObjects {
 		std::string ip;
 		uint16_t 	port=0;
 		uint64_t 	weight=0;
+		std::string secret;
+		std::string certificate;
+		bool 		radsec=false;
+		uint16_t 	radsecPort=2083;
+		std::string radsecSecret;
+		std::string radsecKey;
+		std::string radsecCert;
+		std::vector<std::string> 	radsecCacerts;
+		std::vector<std::string>	radsecRealms;
+		bool 		ignore=false;

 		void to_json(Poco::JSON::Object &Obj) const;
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
@@ -237,6 +293,8 @@ namespace OpenWifi::GWObjects {
 		std::string description;
 		RadiusProxyServerConfig	authConfig;
 		RadiusProxyServerConfig	acctConfig;
+		RadiusProxyServerConfig	coaConfig;
+		bool 		useByDefault=false;

 		void to_json(Poco::JSON::Object &Obj) const;
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
--- a/src/RESTObjects/RESTAPI_OWLSobjects.cpp
+++ b/src/RESTObjects/RESTAPI_OWLSobjects.cpp
@@ -0,0 +1,110 @@
+//
+// Created by stephane bourque on 2021-08-31.
+//
+
+#include "framework/RESTAPI_utils.h"
+
+using OpenWifi::RESTAPI_utils::field_to_json;
+using OpenWifi::RESTAPI_utils::field_from_json;
+using OpenWifi::RESTAPI_utils::EmbedDocument;
+
+#include "RESTAPI_OWLSobjects.h"
+
+// SIM -> 0x53/0x073, 0x49/0x69, 0x4d/0x6d
+
+namespace OpenWifi::OWLSObjects {
+
+    void SimulationDetails::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj,"id", id);
+        field_to_json(Obj,"name", name);
+        field_to_json(Obj,"gateway", gateway);
+        field_to_json(Obj,"certificate", certificate);
+        field_to_json(Obj,"key", key);
+        field_to_json(Obj,"macPrefix", macPrefix);
+        field_to_json(Obj,"deviceType", deviceType);
+        field_to_json(Obj,"devices", devices);
+        field_to_json(Obj,"healthCheckInterval", healthCheckInterval);
+        field_to_json(Obj,"stateInterval", stateInterval);
+        field_to_json(Obj,"minAssociations", minAssociations);
+        field_to_json(Obj,"maxAssociations", maxAssociations);
+        field_to_json(Obj,"minClients", minClients);
+        field_to_json(Obj,"maxClients", maxClients);
+        field_to_json(Obj,"simulationLength", simulationLength);
+        field_to_json(Obj,"threads", threads);
+        field_to_json(Obj,"clientInterval", clientInterval);
+        field_to_json(Obj,"keepAlive", keepAlive);
+        field_to_json(Obj,"reconnectInterval", reconnectInterval);
+        field_to_json(Obj,"concurrentDevices", concurrentDevices);
+    }
+
+    bool SimulationDetails::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj,"id", id);
+            field_from_json(Obj,"name", name);
+            field_from_json(Obj,"gateway", gateway);
+            field_from_json(Obj,"certificate", certificate);
+            field_from_json(Obj,"key", key);
+            field_from_json(Obj,"macPrefix", macPrefix);
+            field_from_json(Obj,"deviceType", deviceType);
+            field_from_json(Obj,"devices", devices);
+            field_from_json(Obj,"healthCheckInterval", healthCheckInterval);
+            field_from_json(Obj,"stateInterval", stateInterval);
+            field_from_json(Obj,"minAssociations", minAssociations);
+            field_from_json(Obj,"maxAssociations", maxAssociations);
+            field_from_json(Obj,"minClients", minClients);
+            field_from_json(Obj,"maxClients", maxClients);
+            field_from_json(Obj,"simulationLength", simulationLength);
+            field_from_json(Obj,"threads", threads);
+            field_from_json(Obj,"clientInterval", clientInterval);
+            field_from_json(Obj,"keepAlive", keepAlive);
+            field_from_json(Obj,"reconnectInterval", reconnectInterval);
+            field_from_json(Obj,"concurrentDevices", concurrentDevices);
+            return true;
+        } catch(...) {
+
+        }
+        return false;
+    }
+
+    void SimulationDetailsList::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj,"list", list);
+    }
+
+    bool SimulationDetailsList::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj,"list", list);
+            return true;
+        } catch(...) {
+
+        }
+        return false;
+    }
+
+    void SimulationStatus::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj,"id", id);
+        field_to_json(Obj,"simulationId", simulationId);
+        field_to_json(Obj,"state", state);
+        field_to_json(Obj,"tx", tx);
+        field_to_json(Obj,"rx", rx);
+        field_to_json(Obj,"msgsTx", msgsTx);
+        field_to_json(Obj,"msgsRx", msgsRx);
+        field_to_json(Obj,"liveDevices", liveDevices);
+        field_to_json(Obj,"timeToFullDevices", timeToFullDevices);
+        field_to_json(Obj,"startTime", startTime);
+        field_to_json(Obj,"endTime", endTime);
+        field_to_json(Obj,"errorDevices", errorDevices);
+        field_to_json(Obj,"owner", owner);
+    }
+
+    void Dashboard::to_json([[maybe_unused]] Poco::JSON::Object &Obj) const {
+
+    }
+
+    bool Dashboard::from_json([[maybe_unused]] const Poco::JSON::Object::Ptr &Obj) {
+        return true;
+    }
+
+    void Dashboard::reset() {
+
+    }
+}
--- a/src/RESTObjects/RESTAPI_OWLSobjects.h
+++ b/src/RESTObjects/RESTAPI_OWLSobjects.h
@@ -0,0 +1,77 @@
+//
+// Created by stephane bourque on 2021-08-31.
+//
+
+#ifndef UCENTRALSIM_RESTAPI_OWLSOBJECTS_H
+#define UCENTRALSIM_RESTAPI_OWLSOBJECTS_H
+
+#include <vector>
+#include "Poco/JSON/Object.h"
+
+namespace OpenWifi::OWLSObjects {
+
+    struct SimulationDetails {
+        std::string     id;
+        std::string     name;
+        std::string     gateway;
+        std::string     certificate;
+        std::string     key;
+        std::string     macPrefix;
+        std::string     deviceType;
+        uint64_t        devices = 5;
+        uint64_t        healthCheckInterval = 60;
+        uint64_t        stateInterval = 60 ;
+        uint64_t        minAssociations = 1;
+        uint64_t        maxAssociations = 3;
+        uint64_t        minClients = 1 ;
+        uint64_t        maxClients = 3;
+        uint64_t        simulationLength = 60 * 60;
+        uint64_t        threads = 16;
+        uint64_t        clientInterval = 1;
+        uint64_t        keepAlive = 300;
+        uint64_t        reconnectInterval = 30 ;
+        uint64_t        concurrentDevices = 5;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct SimulationDetailsList {
+        std::vector<SimulationDetails>  list;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct SimulationStatus {
+        std::string     id;
+        std::string     simulationId;
+        std::string     state;
+        uint64_t        tx;
+        uint64_t        rx;
+        uint64_t        msgsTx;
+        uint64_t        msgsRx;
+        uint64_t        liveDevices;
+        uint64_t        timeToFullDevices;
+        uint64_t        startTime;
+        uint64_t        endTime;
+        uint64_t        errorDevices;
+        std::string     owner;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+    };
+
+
+    struct Dashboard {
+        int O;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+        void reset();
+
+    };
+
+}
+
+
+#endif //UCENTRALSIM_RESTAPI_OWLSOBJECTS_H
--- a/src/RESTObjects/RESTAPI_ProvObjects.cpp
+++ b/src/RESTObjects/RESTAPI_ProvObjects.cpp
@@ -8,7 +8,9 @@


 #include "RESTAPI_ProvObjects.h"
-#include "framework/MicroService.h"
+#include "framework/RESTAPI_utils.h"
+#include "framework/MicroServiceFuncs.h"
+#include "framework/utils.h"

 using OpenWifi::RESTAPI_utils::field_to_json;
 using OpenWifi::RESTAPI_utils::field_from_json;
@@ -600,6 +602,7 @@ namespace OpenWifi::ProvObjects {
        field_to_json( Obj, "devClass",devClass);
        field_to_json( Obj, "locale",locale);
        field_to_json( Obj, "realMacAddress",realMacAddress);
+        field_to_json( Obj, "doNotAllowOverrides",doNotAllowOverrides);
    }

    bool InventoryTag::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -621,6 +624,7 @@ namespace OpenWifi::ProvObjects {
            field_from_json( Obj,"devClass",devClass);
            field_from_json( Obj,"locale",locale);
            field_from_json( Obj,"realMacAddress",realMacAddress);
+            field_from_json( Obj, "doNotAllowOverrides",doNotAllowOverrides);
            return true;
        } catch(...) {

@@ -1091,7 +1095,7 @@ namespace OpenWifi::ProvObjects {
    }

    bool UpdateObjectInfo(const Poco::JSON::Object::Ptr &O, const SecurityObjects::UserInfo &U, ObjectInfo &I) {
-        uint64_t Now = OpenWifi::Now();
+        uint64_t Now = Utils::Now();
        if(O->has("name"))
            I.name = O->get("name").toString();

@@ -1112,7 +1116,7 @@ namespace OpenWifi::ProvObjects {
    }

    bool CreateObjectInfo(const Poco::JSON::Object::Ptr &O, const SecurityObjects::UserInfo &U, ObjectInfo &I) {
-        uint64_t Now = OpenWifi::Now();
+        uint64_t Now = Utils::Now();
        if(O->has("name"))
            I.name = O->get("name").toString();

@@ -1130,14 +1134,14 @@ namespace OpenWifi::ProvObjects {
        }
        I.notes = N;
        I.modified = I.created = Now;
-        I.id = MicroService::CreateUUID();
+        I.id = MicroServiceCreateUUID();

        return true;
    }

    bool CreateObjectInfo([[maybe_unused]] const SecurityObjects::UserInfo &U, ObjectInfo &I) {
-        I.modified = I.created = OpenWifi::Now();
-        I.id = MicroService::CreateUUID();
+        I.modified = I.created = Utils::Now();
+        I.id = MicroServiceCreateUUID();
        return true;
    }

@@ -1159,5 +1163,82 @@ namespace OpenWifi::ProvObjects {
        return false;
    }

+    void RRMAlgorithmDetails::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj,"name",name);
+        field_to_json(Obj,"parameters",parameters);
+    }
+
+    bool RRMAlgorithmDetails::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj,"name",name);
+            field_from_json(Obj,"parameters",parameters);
+            return true;
+        } catch(...) {
+
+        }
+        return false;
+    }
+
+    void RRMDetails::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj,"vendor",vendor);
+        field_to_json(Obj,"schedule",schedule);
+        field_to_json(Obj,"algorithms",algorithms);
+    }
+
+    bool RRMDetails::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj,"vendor",vendor);
+            field_from_json(Obj,"schedule",schedule);
+            field_from_json(Obj,"algorithms",algorithms);
+            return true;
+        } catch(...) {
+
+        }
+        return false;
+    }
+
+    void ConfigurationOverride::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj,"source",source);
+        field_to_json(Obj,"reason",reason);
+        field_to_json(Obj,"parameterName",parameterName);
+        field_to_json(Obj,"parameterType",parameterType);
+        field_to_json(Obj,"parameterValue",parameterValue);
+        field_to_json(Obj,"modified",modified);
+    }
+
+    bool ConfigurationOverride::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj,"source",source);
+            field_from_json(Obj,"reason",reason);
+            field_from_json(Obj,"parameterName",parameterName);
+            field_from_json(Obj,"parameterType",parameterType);
+            field_from_json(Obj,"parameterValue",parameterValue);
+            field_from_json(Obj,"modified",modified);
+            return true;
+        } catch(...) {
+
+        }
+        return false;
+    }
+
+    void ConfigurationOverrideList::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj,"serialNumber",serialNumber);
+        field_to_json(Obj,"managementPolicy",managementPolicy);
+        field_to_json(Obj,"overrides",overrides);
+    }
+
+    bool ConfigurationOverrideList::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj,"serialNumber",serialNumber);
+            field_from_json(Obj,"managementPolicy",managementPolicy);
+            field_from_json(Obj,"overrides",overrides);
+            return true;
+        } catch(...) {
+
+        }
+        return false;
+    }
+
 }

+
--- a/src/RESTObjects/RESTAPI_ProvObjects.h
+++ b/src/RESTObjects/RESTAPI_ProvObjects.h
@@ -8,8 +8,7 @@

 #pragma once

-#include <string>
-#include "RESTAPI_SecurityObjects.h"
+#include "RESTObjects/RESTAPI_SecurityObjects.h"

 namespace OpenWifi::ProvObjects {

@@ -62,6 +61,21 @@ namespace OpenWifi::ProvObjects {
    };
    typedef std::vector<ManagementPolicy>      ManagementPolicyVec;

+    struct RRMAlgorithmDetails {
+        std::string     name;
+        std::string     parameters;
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct RRMDetails {
+        std::string     vendor;
+        std::string     schedule;
+        std::vector<RRMAlgorithmDetails>    algorithms;
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
    struct DeviceRules {
        std::string     rcOnly{"inherit"};
        std::string     rrm{"inherit"};
@@ -414,6 +428,7 @@ namespace OpenWifi::ProvObjects {
        std::string     devClass;
        std::string     locale;
        std::string     realMacAddress;
+        bool            doNotAllowOverrides=false;

        void to_json(Poco::JSON::Object &Obj) const;
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
@@ -679,6 +694,27 @@ namespace OpenWifi::ProvObjects {
        bool from_json(const Poco::JSON::Object::Ptr &Obj);
    };

+    struct ConfigurationOverride {
+        std::string     source;
+        std::string     reason;
+        std::string     parameterName;
+        std::string     parameterType;
+        std::string     parameterValue;
+        std::uint64_t   modified;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct ConfigurationOverrideList {
+        std::string     serialNumber;
+        Types::UUID_t   managementPolicy;
+        std::vector<ConfigurationOverride>  overrides;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
    bool UpdateObjectInfo(const Poco::JSON::Object::Ptr &O, const SecurityObjects::UserInfo &U, ObjectInfo &I);
    bool CreateObjectInfo(const Poco::JSON::Object::Ptr &O, const SecurityObjects::UserInfo &U, ObjectInfo &I);
    bool CreateObjectInfo(const SecurityObjects::UserInfo &U, ObjectInfo &I);
--- a/src/RESTObjects/RESTAPI_SecurityObjects.cpp
+++ b/src/RESTObjects/RESTAPI_SecurityObjects.cpp
@@ -9,7 +9,7 @@
 #include "Poco/JSON/Parser.h"
 #include "Poco/JSON/Stringifier.h"

-#include "framework/MicroService.h"
+#include "framework/RESTAPI_utils.h"
 #include "RESTAPI_SecurityObjects.h"

 using OpenWifi::RESTAPI_utils::field_to_json;
@@ -433,7 +433,7 @@ namespace OpenWifi::SecurityObjects {
 	            SecurityObjects::NoteInfoVec NIV;
 	            NIV = RESTAPI_utils::to_object_array<SecurityObjects::NoteInfo>(Obj->get("notes").toString());
 	            for(auto const &i:NIV) {
-	                SecurityObjects::NoteInfo   ii{.created=(uint64_t)OpenWifi::Now(), .createdBy=UInfo.email, .note=i.note};
+	                SecurityObjects::NoteInfo   ii{.created=(uint64_t)Utils::Now(), .createdBy=UInfo.email, .note=i.note};
 	                Notes.push_back(ii);
 	            }
 	        }
@@ -446,7 +446,7 @@ namespace OpenWifi::SecurityObjects {

 	bool MergeNotes(const NoteInfoVec & NewNotes, const UserInfo &UInfo, NoteInfoVec & ExistingNotes) {
 	    for(auto const &i:NewNotes) {
-	        SecurityObjects::NoteInfo   ii{.created=(uint64_t)OpenWifi::Now(), .createdBy=UInfo.email, .note=i.note};
+	        SecurityObjects::NoteInfo   ii{.created=(uint64_t)Utils::Now(), .createdBy=UInfo.email, .note=i.note};
 	        ExistingNotes.push_back(ii);
 	    }
        return true;
@@ -619,5 +619,80 @@ namespace OpenWifi::SecurityObjects {
        field_to_json(Obj,"login",login);
        field_to_json(Obj,"logout",logout);
    }
+
+    void ApiKeyAccessRight::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "service", service);
+        field_to_json(Obj, "access", access);
+    }
+
+    bool ApiKeyAccessRight::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "service", service);
+            field_from_json(Obj, "access", access);
+            return true;
+        } catch(...) {
+            std::cout << "Cannot parse: Token" << std::endl;
+        }
+        return false;
+    }
+
+    void ApiKeyAccessRightList::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "acls", acls);
+    }
+
+    bool ApiKeyAccessRightList::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "acls", acls);
+            return true;
+        } catch(...) {
+            std::cout << "Cannot parse: Token" << std::endl;
+        }
+        return false;
+    }
+
+    void ApiKeyEntry::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "id", id);
+        field_to_json(Obj, "userUuid", userUuid);
+        field_to_json(Obj, "name", name);
+        field_to_json(Obj, "apiKey", apiKey);
+        field_to_json(Obj, "salt", salt);
+        field_to_json(Obj, "description", description);
+        field_to_json(Obj, "expiresOn", expiresOn);
+        field_to_json(Obj, "rights", rights);
+        field_to_json(Obj, "lastUse", lastUse);
+    }
+
+    bool ApiKeyEntry::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "id", id);
+            field_from_json(Obj, "userUuid", userUuid);
+            field_from_json(Obj, "name", name);
+            field_from_json(Obj, "apiKey", apiKey);
+            field_from_json(Obj, "salt", salt);
+            field_from_json(Obj, "description", description);
+            field_from_json(Obj, "expiresOn", expiresOn);
+            field_from_json(Obj, "rights", rights);
+            field_from_json(Obj, "lastUse", lastUse);
+            return true;
+        } catch(...) {
+            std::cout << "Cannot parse: Token" << std::endl;
+        }
+        return false;
+    }
+
+    void ApiKeyEntryList::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "apiKeys", apiKeys);
+    }
+
+    bool ApiKeyEntryList::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "apiKeys", apiKeys);
+            return true;
+        } catch(...) {
+            std::cout << "Cannot parse: Token" << std::endl;
+        }
+        return false;
+    }
+
 }

--- a/src/RESTObjects/RESTAPI_SecurityObjects.h
+++ b/src/RESTObjects/RESTAPI_SecurityObjects.h
@@ -14,6 +14,7 @@
 #include "Poco/JSON/Object.h"
 #include "Poco/Data/LOB.h"
 #include "Poco/Data/LOBStream.h"
+#include "framework/utils.h"

 namespace OpenWifi {
    uint64_t Now();
@@ -62,7 +63,7 @@ namespace OpenWifi {
        std::string UserTypeToString(USER_ROLE U);

        struct NoteInfo {
-            uint64_t    created=0; // = OpenWifi::Now();
+            uint64_t    created=0; // = Utils::Now();
            std::string createdBy;
            std::string note;

@@ -101,7 +102,7 @@ namespace OpenWifi {
            std::string uuid;
            std::string question;
            std::string method;
-            uint64_t    created = OpenWifi::Now();
+            uint64_t    created = Utils::Now();

            void to_json(Poco::JSON::Object &Obj) const;
            bool from_json(const Poco::JSON::Object::Ptr &Obj);
@@ -251,7 +252,8 @@ namespace OpenWifi {
            VERIFY_EMAIL,
            SUB_FORGOT_PASSWORD,
            SUB_VERIFY_EMAIL,
-            SUB_SIGNUP
+            SUB_SIGNUP,
+            EMAIL_INVITATION
        };

        struct ActionLink {
@@ -263,7 +265,7 @@ namespace OpenWifi {
            std::string         locale;
            std::string         message;
            uint64_t            sent=0;
-            uint64_t            created=OpenWifi::Now();
+            uint64_t            created=Utils::Now();
            uint64_t            expires=0;
            uint64_t            completed=0;
            uint64_t            canceled=0;
@@ -323,5 +325,44 @@ namespace OpenWifi {

            void to_json(Poco::JSON::Object &Obj) const;
        };
+
+        struct ApiKeyAccessRight {
+            std::string     service;
+            std::string     access;
+
+            void to_json(Poco::JSON::Object &Obj) const;
+            bool from_json(const Poco::JSON::Object::Ptr &Obj);
+        };
+
+        struct ApiKeyAccessRightList {
+            std::vector<ApiKeyAccessRight>      acls;
+
+            void to_json(Poco::JSON::Object &Obj) const;
+            bool from_json(const Poco::JSON::Object::Ptr &Obj);
+        };
+
+        struct ApiKeyEntry {
+            Types::UUID_t           id;
+            Types::UUID_t           userUuid;
+            std::string             name;
+            std::string             description;
+            std::string             apiKey;
+            std::string             salt;
+            std::uint64_t           created;
+            std::uint64_t           expiresOn=0;
+            ApiKeyAccessRightList   rights;
+            std::uint64_t           lastUse=0;
+
+            void to_json(Poco::JSON::Object &Obj) const;
+            bool from_json(const Poco::JSON::Object::Ptr &Obj);
+        };
+
+        struct ApiKeyEntryList {
+            std::vector<ApiKeyEntry>    apiKeys;
+
+            void to_json(Poco::JSON::Object &Obj) const;
+            bool from_json(const Poco::JSON::Object::Ptr &Obj);
+        };
+
    }
 }
--- a/src/RESTObjects/RESTAPI_SubObjects.cpp
+++ b/src/RESTObjects/RESTAPI_SubObjects.cpp
@@ -3,12 +3,11 @@
 //

 #include "RESTAPI_SubObjects.h"
-#include "framework/MicroService.h"
+#include "framework/RESTAPI_utils.h"

 using OpenWifi::RESTAPI_utils::field_to_json;
 using OpenWifi::RESTAPI_utils::field_from_json;

-
 namespace OpenWifi::SubObjects {

    void HomeDeviceMode::to_json(Poco::JSON::Object &Obj) const {
--- a/src/SMSSender.cpp
+++ b/src/SMSSender.cpp
@@ -2,23 +2,18 @@
 // Created by stephane bourque on 2021-10-09.
 //

-#include <aws/sns/SNSClient.h>
-#include <aws/sns/model/PublishRequest.h>
-#include <aws/sns/model/PublishResult.h>
-#include <aws/sns/model/GetSMSAttributesRequest.h>
-
 #include "MFAServer.h"
 #include "SMS_provider_aws.h"
 #include "SMS_provider_twilio.h"
 #include "SMSSender.h"
-#include "framework/MicroService.h"

+#include "framework/MicroServiceFuncs.h"
 namespace OpenWifi {

    int SMSSender::Start() {
-        Enabled_ = MicroService::instance().ConfigGetBool("smssender.enabled",false);
+        Enabled_ = MicroServiceConfigGetBool("smssender.enabled",false);
        if(Enabled_) {
-            Provider_ = MicroService::instance().ConfigGetString("smssender.provider","aws");
+            Provider_ = MicroServiceConfigGetString("smssender.provider","aws");
            if(Provider_=="aws") {
                ProviderImpl_ = std::make_unique<SMS_provider_aws>(Logger());
            } else if(Provider_=="twilio") {
@@ -45,6 +40,8 @@ namespace OpenWifi {

    bool SMSSender::StartValidation(const std::string &Number, const std::string &UserName) {
        std::lock_guard     G(Mutex_);
+        if(!Enabled_)
+            return false;
        CleanCache();
        uint64_t Now=OpenWifi::Now();
        auto Challenge = MFAServer::MakeChallenge();
@@ -56,6 +53,9 @@ namespace OpenWifi {
    bool SMSSender::IsNumberValid(const std::string &Number, const std::string &UserName) {
        std::lock_guard     G(Mutex_);

+        if(!Enabled_)
+            return false;
+
        for(const auto &i:Cache_) {
            if(i.Number==Number && i.UserName==UserName)
                return i.Validated;
@@ -66,6 +66,9 @@ namespace OpenWifi {
    bool SMSSender::CompleteValidation(const std::string &Number, const std::string &Code, const std::string &UserName) {
        std::lock_guard     G(Mutex_);

+        if(!Enabled_)
+            return false;
+
        for(auto &i:Cache_) {
            if(i.Code==Code && i.Number==Number && i.UserName==UserName) {
                i.Validated=true;
@@ -77,7 +80,7 @@ namespace OpenWifi {

    bool SMSSender::Send(const std::string &PhoneNumber, const std::string &Message) {
        if(!Enabled_) {
-            Logger().information("SMS has not been enabled. Messages cannot be sent.");
+            poco_information(Logger(),"SMS has not been enabled. Messages cannot be sent.");
            return false;
        }
        return ProviderImpl_->Send(PhoneNumber,Message);
--- a/src/SMSSender.h
+++ b/src/SMSSender.h
@@ -2,14 +2,13 @@
 // Created by stephane bourque on 2021-10-09.
 //

-#ifndef OWSEC_SMSSENDER_H
-#define OWSEC_SMSSENDER_H
+#pragma once

 #include <aws/core/Aws.h>
 #include <aws/s3/S3Client.h>
 #include <aws/core/auth/AWSCredentials.h>

-#include "framework/MicroService.h"
+#include "framework/SubSystemServer.h"
 #include "SMS_provider.h"

 namespace OpenWifi {
@@ -54,6 +53,3 @@ namespace OpenWifi {
    inline SMSSender * SMSSender() { return SMSSender::instance(); }

 }
-
-
-#endif //OWSEC_SMSSENDER_H
--- a/src/SMS_provider_aws.cpp
+++ b/src/SMS_provider_aws.cpp
@@ -2,22 +2,23 @@
 // Created by stephane bourque on 2021-10-15.
 //

+#include "SMS_provider_aws.h"

 #include <aws/sns/SNSClient.h>
 #include <aws/sns/model/PublishRequest.h>
 #include <aws/sns/model/PublishResult.h>

-#include "framework/MicroService.h"
-#include "SMS_provider_aws.h"
+#include "framework/MicroServiceFuncs.h"
+#include "fmt/format.h"

 namespace OpenWifi {
    bool SMS_provider_aws::Initialize() {
-        SecretKey_ = MicroService::instance().ConfigGetString("smssender.aws.secretkey","");
-        AccessKey_ = MicroService::instance().ConfigGetString("smssender.aws.accesskey","");
-        Region_ = MicroService::instance().ConfigGetString("smssender.aws.region","");
+        SecretKey_ = MicroServiceConfigGetString("smssender.aws.secretkey","");
+        AccessKey_ = MicroServiceConfigGetString("smssender.aws.accesskey","");
+        Region_ = MicroServiceConfigGetString("smssender.aws.region","");

        if(SecretKey_.empty() || AccessKey_.empty() || Region_.empty()) {
-            Logger().debug("SMSSender is disabled. Please provide key, secret, and region.");
+            poco_debug(Logger(),"SMSSender is disabled. Please provide key, secret, and region.");
            return false;
        }
        Running_=true;
@@ -51,16 +52,16 @@ namespace OpenWifi {

            auto psms_out = sns.Publish(psms_req);
            if (psms_out.IsSuccess()) {
-                Logger().debug(fmt::format("SMS sent to {}",PhoneNumber));
+                poco_debug(Logger(),fmt::format("SMS sent to {}",PhoneNumber));
                return true;
            }
            std::string ErrMsg{psms_out.GetError().GetMessage()};
-            Logger().debug(fmt::format("SMS NOT sent to {}: {}",PhoneNumber, ErrMsg));
+            poco_debug(Logger(),fmt::format("SMS NOT sent to {}: {}",PhoneNumber, ErrMsg));
            return false;
        } catch (...) {

        }
-        Logger().debug(fmt::format("SMS NOT sent to {}: failure in SMS service",PhoneNumber));
+        poco_debug(Logger(),fmt::format("SMS NOT sent to {}: failure in SMS service",PhoneNumber));
        return false;
    }

--- a/src/SMS_provider_aws.h
+++ b/src/SMS_provider_aws.h
@@ -2,8 +2,7 @@
 // Created by stephane bourque on 2021-10-15.
 //

-#ifndef OWSEC_SMS_PROVIDER_AWS_H
-#define OWSEC_SMS_PROVIDER_AWS_H
+#pragma once

 #include <aws/core/Aws.h>
 #include <aws/s3/S3Client.h>
@@ -32,5 +31,3 @@ namespace OpenWifi {
        Aws::Auth::AWSCredentials           AwsCreds_;
    };
 }
-
-#endif //OWSEC_SMS_PROVIDER_AWS_H
--- a/src/SMS_provider_twilio.cpp
+++ b/src/SMS_provider_twilio.cpp
@@ -9,16 +9,18 @@
 #include "Poco/Net/HTMLForm.h"
 #include "Poco/Net/HTTPSClientSession.h"
 #include "Poco/Net/HTTPResponse.h"
-#include "framework/MicroService.h"
+
+#include "framework/MicroServiceFuncs.h"
+#include "fmt/format.h"

 namespace OpenWifi {
    bool SMS_provider_twilio::Initialize() {
-        Sid_ = MicroService::instance().ConfigGetString("smssender.twilio.sid","");
-        Token_ = MicroService::instance().ConfigGetString("smssender.twilio.token","");
-        PhoneNumber_ = MicroService::instance().ConfigGetString("smssender.twilio.phonenumber","");
+        Sid_ = MicroServiceConfigGetString("smssender.twilio.sid","");
+        Token_ = MicroServiceConfigGetString("smssender.twilio.token","");
+        PhoneNumber_ = MicroServiceConfigGetString("smssender.twilio.phonenumber","");

        if(Sid_.empty() || Token_.empty() || PhoneNumber_.empty()) {
-            Logger().debug("SMSSender is disabled. Please provide SID, TOKEN, and PHONE NUMBER.");
+            poco_debug(Logger(),"SMSSender is disabled. Please provide SID, TOKEN, and PHONE NUMBER.");
            return false;
        }
        Running_=true;
@@ -64,12 +66,12 @@ namespace OpenWifi {
        std::istream& rs = session.receiveResponse(res);

        if(res.getStatus()==Poco::Net::HTTPResponse::HTTP_OK) {
-            Logger().information(fmt::format("Message sent to {}", PhoneNumber));
+            poco_information(Logger(),fmt::format("Message sent to {}", PhoneNumber));
            return true;
        } else {
            std::ostringstream os;
            Poco::StreamCopier::copyStream(rs,os);
-            Logger().information(fmt::format("Message was not to {}: Error:{}", PhoneNumber, os.str()));
+            poco_information(Logger(),fmt::format("Message was not to {}: Error:{}", PhoneNumber, os.str()));
            return false;
        }
    }
--- a/src/SMTPMailerService.cpp
+++ b/src/SMTPMailerService.cpp
@@ -1,8 +1,6 @@
 //
 // Created by stephane bourque on 2021-06-17.
 //
-#include <iostream>
-#include <fstream>

 #include "Poco/Net/MailMessage.h"
 #include "Poco/Net/MailRecipient.h"
@@ -12,26 +10,32 @@
 #include "Poco/Exception.h"
 #include "Poco/Net/SSLManager.h"
 #include "Poco/Net/Context.h"
+#include "Poco/Net/NetException.h"

 #include "SMTPMailerService.h"
-#include "framework/MicroService.h"
 #include "AuthService.h"

+#include "framework/MicroServiceFuncs.h"
+#include "framework/utils.h"
+#include "fmt/format.h"
+
 namespace OpenWifi {

    void SMTPMailerService::LoadMyConfig() {
-        Enabled_ = MicroService::instance().ConfigGetBool("mailer.enabled",false);
+        Enabled_ = MicroServiceConfigGetBool("mailer.enabled",false);
        if(Enabled_) {
-            MailHost_ = MicroService::instance().ConfigGetString("mailer.hostname");
-            SenderLoginUserName_ = MicroService::instance().ConfigGetString("mailer.username");
-            SenderLoginPassword_ = MicroService::instance().ConfigGetString("mailer.password");
-            Sender_ = MicroService::instance().ConfigGetString("mailer.sender");
-            LoginMethod_ = MicroService::instance().ConfigGetString("mailer.loginmethod");
-            MailHostPort_ = MicroService::instance().ConfigGetInt("mailer.port");
-            TemplateDir_ = MicroService::instance().ConfigPath("mailer.templates", MicroService::instance().DataDir());
-            MailRetry_ = MicroService::instance().ConfigGetInt("mailer.retry",2*60);
-            MailAbandon_ = MicroService::instance().ConfigGetInt("mailer.abandon",2*60*60);
+            MailHost_ = MicroServiceConfigGetString("mailer.hostname","");
+            SenderLoginUserName_ = MicroServiceConfigGetString("mailer.username","");
+            SenderLoginPassword_ = MicroServiceConfigGetString("mailer.password","");
+            Sender_ = MicroServiceConfigGetString("mailer.sender","");
+            LoginMethod_ = MicroServiceConfigGetString("mailer.loginmethod","");
+            MailHostPort_ = MicroServiceConfigGetInt("mailer.port", 587);
+            TemplateDir_ = MicroServiceConfigPath("mailer.templates", MicroServiceDataDirectory());
+            MailRetry_ = MicroServiceConfigGetInt("mailer.retry",2*60);
+            MailAbandon_ = MicroServiceConfigGetInt("mailer.abandon",2*60*60);
+            UseHTML_ = MicroServiceConfigGetBool("mailer.html",false);
            Enabled_ = (!MailHost_.empty() && !SenderLoginPassword_.empty() && !SenderLoginUserName_.empty());
+            EmailLogo_ = TemplateDir_ + "/" + MicroServiceConfigGetString("mailer.logo","logo.png");
        }
    }

@@ -48,24 +52,25 @@ namespace OpenWifi {
    }

    void SMTPMailerService::reinitialize([[maybe_unused]] Poco::Util::Application &self) {
-        MicroService::instance().LoadConfigurationFile();
-        Logger().information("Reinitializing.");
+        MicroServiceLoadConfigurationFile();
+        poco_information(Logger(),"Reinitializing.");
        LoadMyConfig();
    }

-    bool SMTPMailerService::SendMessage([[maybe_unused]] const std::string &Recipient, const std::string &Name, const MessageAttributes &Attrs) {
+    bool SMTPMailerService::SendMessage([[maybe_unused]] const std::string &Recipient, const std::string &Name, const MessageAttributes &Attrs, bool Subscriber) {
        std::lock_guard G(Mutex_);
        PendingMessages_.push_back(MessageEvent{.Posted= OpenWifi::Now(),
                                            .LastTry=0,
                                            .Sent=0,
-                                            .File=Poco::File(TemplateDir_ + "/" +Name),
-                                            .Attrs=Attrs});
+                                            .TemplateName=Name,
+                                            .Attrs=Attrs,
+                                            .Subscriber=Subscriber});
        return true;
    }

    void SMTPMailerService::run() {
        Running_ = true;
-
+        Utils::SetThreadName("smtp-mailer");
        while(Running_) {

            Poco::Thread::trySleep(10000);
@@ -83,15 +88,23 @@ namespace OpenWifi {
                auto Recipient = i->Attrs.find(RECIPIENT_EMAIL)->second;
                uint64_t now = OpenWifi::Now();
                if((i->LastTry==0 || (now-i->LastTry)>MailRetry_)) {
-                    if (SendIt(*i)) {
-                        Logger().information(fmt::format("Attempting to deliver for mail '{}'.", Recipient));
-                        i = Messages_.erase(i);
-                    } else {
-                        i->LastTry = now;
-                        ++i;
+                    switch(SendIt(*i)) {
+                        case MessageSendStatus::msg_sent: {
+                            poco_information(Logger(),fmt::format("Attempting to deliver for mail '{}'.", Recipient));
+                            i = Messages_.erase(i);
+                        } break;
+                        case MessageSendStatus::msg_not_sent_but_resend: {
+                            poco_information(Logger(),fmt::format("Mail for '{}' was not. We will retry later.", Recipient));
+                            i->LastTry = now;
+                            ++i;
+                        } break;
+                        case MessageSendStatus::msg_not_sent_but_do_not_resend: {
+                            poco_information(Logger(),fmt::format("Mail for '{}' will not be sent. Check email address", Recipient));
+                            i = Messages_.erase(i);
+                        } break;
                    }
                } else if ((now-i->Posted)>MailAbandon_) {
-                    Logger().information(fmt::format("Mail for '{}' has timed out and will not be sent.", Recipient));
+                    poco_information(Logger(),fmt::format("Mail for '{}' has timed out and will not be sent.", Recipient));
                    i = Messages_.erase(i);
                } else {
                    ++i;
@@ -106,14 +119,12 @@ namespace OpenWifi {
        }
    }

-    bool SMTPMailerService::SendIt(const MessageEvent &Msg) {
+    MessageSendStatus SMTPMailerService::SendIt(const MessageEvent &Msg) {
+
        std::string             Recipient;

        try
        {
-            Poco::Net::MailMessage  Message;
-            Recipient = Msg.Attrs.find(RECIPIENT_EMAIL)->second;
-
            auto H1 = Msg.Attrs.find(SENDER);
            std::string TheSender;
            if(H1!=Msg.Attrs.end()) {
@@ -121,34 +132,40 @@ namespace OpenWifi {
            } else {
                TheSender = Sender_ ;
            }
-            Message.setSender( TheSender );
-            Logger().information(fmt::format("Sending message to:{} from {}",Recipient,TheSender));
-            Message.addRecipient(Poco::Net::MailRecipient(Poco::Net::MailRecipient::PRIMARY_RECIPIENT, Recipient));
-            Message.setSubject(Msg.Attrs.find(SUBJECT)->second);
+
+            auto Message = std::make_unique<Poco::Net::MailMessage>();
+
+            Recipient = Msg.Attrs.find(RECIPIENT_EMAIL)->second;
+            Message->setSender( TheSender );
+            Message->addRecipient(Poco::Net::MailRecipient(Poco::Net::MailRecipient::PRIMARY_RECIPIENT, Recipient));
+            Message->setSubject(Msg.Attrs.find(SUBJECT)->second);
+
+            poco_information(Logger(),fmt::format("Sending message to:{} from {}",Recipient,TheSender));

            if(Msg.Attrs.find(TEXT) != Msg.Attrs.end()) {
                std::string Content = Msg.Attrs.find(TEXT)->second;
-                Message.addContent(new Poco::Net::StringPartSource(Content));
+                Message->addContent(new Poco::Net::StringPartSource(Content));
            } else {
-                std::string Content = Utils::LoadFile(Msg.File);
-                // std::cout << "Mailing " << Content << std::endl;
-                Types::StringPairVec    Variables;
-                FillVariables(Msg.Attrs, Variables);
-                Utils::ReplaceVariables(Content, Variables);
-                // std::cout << "Mailing " << Content << std::endl;
-                Message.addContent(new Poco::Net::StringPartSource(Content));
+                for(const auto &format:{"html","txt"}) {
+                    std::string Content = Utils::LoadFile(TemplateDir_ + Msg.TemplateName + "." + format );
+                    Types::StringPairVec Variables;
+                    FillVariables(Msg.Attrs, Variables);
+                    Utils::ReplaceVariables(Content, Variables);
+                    Message->addContent(
+                            new Poco::Net::StringPartSource(Content, (strcmp(format,"html") == 0 ? "text/html" : "text/plain") ));
+                }
            }

            auto Logo = Msg.Attrs.find(LOGO);
            if(Logo!=Msg.Attrs.end()) {
                try {
-                    Poco::File          LogoFile(AuthService::GetLogoAssetFileName());
+                    Poco::File          LogoFile( Msg.Subscriber ? AuthService::GetSubLogoAssetFileName() :  AuthService::GetLogoAssetFileName ());
                    std::ifstream       IF(LogoFile.path());
                    std::ostringstream  OS;
                    Poco::StreamCopier::copyStream(IF, OS);
-                    Message.addAttachment("logo", new Poco::Net::StringPartSource(OS.str(), "image/png"));
+                    Message->addAttachment("logo", new Poco::Net::StringPartSource(OS.str(), "image/png"));
                } catch (...) {
-                    Logger().warning(fmt::format("Cannot add '{}' logo in email",AuthService::GetLogoAssetFileName()));
+                    poco_warning(Logger(),fmt::format("Cannot add '{}' logo in email",AuthService::GetLogoAssetFileName()));
                }
            }

@@ -169,18 +186,23 @@ namespace OpenWifi {
                          SenderLoginUserName_,
                          SenderLoginPassword_
            );
-            session.sendMessage(Message);
+            session.sendMessage(*Message);
            session.close();
-            return true;
+            return MessageSendStatus::msg_sent;
+        }
+        catch (const Poco::Net::SMTPException &S) {
+            Logger().log(S);
+            return MessageSendStatus::msg_not_sent_but_do_not_resend;
        }
        catch (const Poco::Exception& E)
        {
            Logger().log(E);
+            return MessageSendStatus::msg_not_sent_but_resend;
        }
        catch (const std::exception &E) {
-            Logger().warning(fmt::format("Cannot send message to:{}, error: {}",Recipient, E.what()));
+            poco_warning(Logger(),fmt::format("Cannot send message to:{}, error: {}",Recipient, E.what()));
+            return MessageSendStatus::msg_not_sent_but_do_not_resend;
        }
-        return false;
    }

 }
--- a/src/SMTPMailerService.h
+++ b/src/SMTPMailerService.h
@@ -2,15 +2,14 @@
 // Created by stephane bourque on 2021-06-17.
 //

-#ifndef UCENTRALSEC_SMTPMAILERSERVICE_H
-#define UCENTRALSEC_SMTPMAILERSERVICE_H
-
-#include "framework/MicroService.h"
+#pragma once

 #include "Poco/File.h"
 #include "Poco/Net/InvalidCertificateHandler.h"
 #include "Poco/Net/AcceptCertificateHandler.h"

+#include "framework/SubSystemServer.h"
+
 namespace OpenWifi {

    enum MESSAGE_ATTRIBUTES {
@@ -27,7 +26,8 @@ namespace OpenWifi {
        LOGO,
        TEXT,
        CHALLENGE_CODE,
-        SENDER
+        SENDER,
+        ACTION_LINK_HTML
    };

    static const std::map<MESSAGE_ATTRIBUTES,const std::string>
@@ -44,7 +44,8 @@ namespace OpenWifi {
                                 {  LOGO, "LOGO"},
                                 {  TEXT, "TEXT"},
                                 {  CHALLENGE_CODE, "CHALLENGE_CODE"},
-                                 {  SENDER, "SENDER"}
+                                 {  SENDER, "SENDER"},
+                                 {  ACTION_LINK_HTML, "ACTION_LINK_HTML"},
                                 };

    inline const std::string & MessageAttributeToVar(MESSAGE_ATTRIBUTES Attr) {
@@ -56,6 +57,12 @@ namespace OpenWifi {
    }
    typedef std::map<MESSAGE_ATTRIBUTES, std::string>   MessageAttributes;

+    enum class MessageSendStatus {
+        msg_sent,
+        msg_not_sent_but_resend,
+        msg_not_sent_but_do_not_resend
+    };
+
    class SMTPMailerService : public SubSystemServer, Poco::Runnable {
        public:
           static SMTPMailerService *instance() {
@@ -67,16 +74,17 @@ namespace OpenWifi {
               uint64_t             Posted=0;
               uint64_t             LastTry=0;
               uint64_t             Sent=0;
-               Poco::File           File;
+               std::string          TemplateName;
               MessageAttributes    Attrs;
+               bool                 Subscriber=false;
            };

            void run() override;
            int Start() override;
            void Stop() override;

-            bool SendMessage(const std::string &Recipient, const std::string &Name, const MessageAttributes &Attrs);
-            bool SendIt(const MessageEvent &Msg);
+            bool SendMessage(const std::string &Recipient, const std::string &Name, const MessageAttributes &Attrs, bool Subscriber);
+            MessageSendStatus SendIt(const MessageEvent &Msg);
            void LoadMyConfig();
            void reinitialize(Poco::Util::Application &self) override;
            bool Enabled() const { return Enabled_; }
@@ -96,6 +104,8 @@ namespace OpenWifi {
            Poco::Thread            SenderThr_;
            std::atomic_bool        Running_=false;
            bool                    Enabled_=false;
+            bool                    UseHTML_=false;
+            std::string             EmailLogo_{"logo.png"};

            SMTPMailerService() noexcept:
                SubSystemServer("SMTPMailer", "MAILER-SVR", "smtpmailer")
@@ -106,4 +116,3 @@ namespace OpenWifi {
    inline SMTPMailerService * SMTPMailerService() { return SMTPMailerService::instance(); }
 }

-#endif //UCENTRALSEC_SMTPMAILERSERVICE_H
--- a/src/SpecialUserHelpers.h
+++ b/src/SpecialUserHelpers.h
@@ -5,6 +5,8 @@
 #pragma once

 #include "StorageService.h"
+#include "framework/AppServiceRegistry.h"
+#include "framework/MicroServiceFuncs.h"

 namespace OpenWifi {

@@ -17,9 +19,9 @@ namespace OpenWifi {

            AppServiceRegistry().Get("defaultusercreated", DefaultUserCreated);
            if (!StorageService()->UserDB().GetUserById(NewDefaultUseridStockUUID, U) && !DefaultUserCreated) {
-                U.currentPassword = MicroService::instance().ConfigGetString("authentication.default.password", "");
+                U.currentPassword = MicroServiceConfigGetString("authentication.default.password", "");
                U.lastPasswords.push_back(U.currentPassword);
-                U.email = MicroService::instance().ConfigGetString("authentication.default.username", "");
+                U.email = MicroServiceConfigGetString("authentication.default.username", "");
                U.id = NewDefaultUseridStockUUID;
                U.userRole = SecurityObjects::ROOT;
                U.creationDate = OpenWifi::Now();
--- a/src/StorageService.cpp
+++ b/src/StorageService.cpp
@@ -8,11 +8,14 @@

 #include "StorageService.h"
 #include "SpecialUserHelpers.h"
+#include "framework/MicroServiceFuncs.h"
+#include "framework/utils.h"

 namespace OpenWifi {

    int StorageService::Start() {
 		std::lock_guard		Guard(Mutex_);
+        poco_information(Logger(),"Starting...");

 		StorageClass::Start();

@@ -33,6 +36,7 @@ namespace OpenWifi {
        SubAvatarDB_ = std::make_unique<OpenWifi::AvatarDB>("SubAvatars", "avs", dbType_,*Pool_, Logger());
        LoginDB_ = std::make_unique<OpenWifi::LoginDB>("Logins", "lin", dbType_,*Pool_, Logger());
        SubLoginDB_ = std::make_unique<OpenWifi::LoginDB>("SubLogins", "lis", dbType_,*Pool_, Logger());
+        ApiKeyDB_ = std::make_unique<OpenWifi::ApiKeyDB>("ApiKeys", "api", dbType_,*Pool_, Logger());

        UserDB_->Create();
        SubDB_->Create();
@@ -44,6 +48,7 @@ namespace OpenWifi {
        AvatarDB_->Create();
        SubAvatarDB_->Create();
        LoginDB_->Create();
+        ApiKeyDB_->Create();
        SubLoginDB_->Create();

 		OpenWifi::SpecialUserHelpers::InitializeDefaultUser();
@@ -51,24 +56,28 @@ namespace OpenWifi {
 		Archivercallback_ = std::make_unique<Poco::TimerCallback<Archiver>>(Archiver_,&Archiver::onTimer);
 		Timer_.setStartInterval( 5 * 60 * 1000);  // first run in 5 minutes
 		Timer_.setPeriodicInterval(1 * 60 * 60 * 1000); // 1 hours
-		Timer_.start(*Archivercallback_);
+		Timer_.start(*Archivercallback_, MicroServiceTimerPool());

 		return 0;
    }

    void StorageService::Stop() {
-        Logger().notice("Stopping.");
+        poco_information(Logger(),"Stopping...");
        Timer_.stop();
        StorageClass::Stop();
+        poco_information(Logger(),"Stopped...");
    }

    void Archiver::onTimer([[maybe_unused]] Poco::Timer &timer) {
+        Utils::SetThreadName("strg-arch");
        Poco::Logger &logger = Poco::Logger::get("STORAGE-ARCHIVER");
        logger.information("Squiggy the DB: removing old tokens.");
        StorageService()->SubTokenDB().CleanExpiredTokens();
        StorageService()->UserTokenDB().CleanExpiredTokens();
        logger.information("Squiggy the DB: removing old actionLinks.");
        StorageService()->ActionLinksDB().CleanOldActionLinks();
+        logger.information("Squiggy the DB: removing old expired API Keys.");
+        StorageService()->ActionLinksDB().CleanOldActionLinks();
    }

 }
--- a/Show More
+++ b/Show More