diff --git a/internal/cmd/start_api.go b/internal/cmd/start_api.go
index 6ad40c4..85d4f0e 100644
--- a/internal/cmd/start_api.go
+++ b/internal/cmd/start_api.go
@@ -75,7 +75,7 @@ func StartApiCmdHandler(cmd *cobra.Command, args []string) {
 	}
 
 	// Load the policy into the enforcer.
-	_, err = authEnforcer.AddPolicies(rbac.GetRbacPolicies())
+	_, err = authEnforcer.AddPolicies(rbac.GetRbacPolicies(loadedConfig.TestMode))
 	if err != nil {
 		panic(err)
 	}
@@ -95,7 +95,13 @@ func StartApiCmdHandler(cmd *cobra.Command, args []string) {
 
 	// Router
 	router := mux.NewRouter()
-	v2HttpPaths.SetRoutes(router, authEnforcer)
+	if loadedConfig.TestMode {
+		router.StrictSlash(true)
+		v2HttpPaths.SetRoutes(router, authEnforcer, loadedConfig.TestMode)
+	} else {
+		subrouter := router.PathPrefix("/v2").Subrouter()
+		v2HttpPaths.SetRoutes(subrouter, authEnforcer, loadedConfig.TestMode)
+	}
 
 	// Start server and listen in port 80
 	log.Println("Listening port 80")
diff --git a/internal/config/config.go b/internal/config/config.go
index 70c919e..b3a561c 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -69,6 +69,7 @@ type Configuration struct {
 		Password string
 	}
 	ApplicationMode            string
+	TestMode                   bool
 	Organization               Organization
 	User                       User
 	ApiSecretKey               string
diff --git a/internal/http_path/v2/audit_paths.go b/internal/http_path/v2/audit_paths.go
index 90990b9..dbf841d 100644
--- a/internal/http_path/v2/audit_paths.go
+++ b/internal/http_path/v2/audit_paths.go
@@ -1,9 +1,9 @@
 package http_path
 
-const AuditListDataAgreementRecords = "/v2/audit/consent-records"
-const AuditDataAgreementRecordRead = "/v2/audit/consent-record/{consentRecordId}"
-const AuditListDataAgreements = "/v2/audit/data-agreements"
-const AuditReadDataAgreement = "/v2/audit/data-agreement/{dataAgreementId}"
+const AuditListDataAgreementRecords = "/audit/consent-records"
+const AuditDataAgreementRecordRead = "/audit/consent-record/{consentRecordId}"
+const AuditListDataAgreements = "/audit/data-agreements"
+const AuditReadDataAgreement = "/audit/data-agreement/{dataAgreementId}"
 
 // organization action logs
-const AuditGetOrgLogs = "/v2/audit/admin/logs"
+const AuditGetOrgLogs = "/audit/admin/logs"
diff --git a/internal/http_path/v2/config_paths.go b/internal/http_path/v2/config_paths.go
index e266fa7..c178ccf 100644
--- a/internal/http_path/v2/config_paths.go
+++ b/internal/http_path/v2/config_paths.go
@@ -1,66 +1,66 @@
 package http_path
 
 // Global policy configuration
-const ConfigCreatePolicy = "/v2/config/policy"
-const ConfigReadPolicy = "/v2/config/policy/{policyId}"
-const ConfigUpdatePolicy = "/v2/config/policy/{policyId}"
-const ConfigDeletePolicy = "/v2/config/policy/{policyId}"
-const ConfigListPolicies = "/v2/config/policies"
-const ConfigListPolicyRevisions = "/v2/config/policy/{policyId}/revisions"
+const ConfigCreatePolicy = "/config/policy"
+const ConfigReadPolicy = "/config/policy/{policyId}"
+const ConfigUpdatePolicy = "/config/policy/{policyId}"
+const ConfigDeletePolicy = "/config/policy/{policyId}"
+const ConfigListPolicies = "/config/policies"
+const ConfigListPolicyRevisions = "/config/policy/{policyId}/revisions"
 
 // Data agreements
-const ConfigCreateDataAgreement = "/v2/config/data-agreement"
-const ConfigReadDataAgreement = "/v2/config/data-agreement/{dataAgreementId}"
-const ConfigUpdateDataAgreement = "/v2/config/data-agreement/{dataAgreementId}"
-const ConfigDeleteDataAgreement = "/v2/config/data-agreement/{dataAgreementId}"
-const ConfigListDataAgreements = "/v2/config/data-agreements"
-const ConfigListDataAgreementRevisions = "/v2/config/data-agreement/{dataAgreementId}/revisions"
-const ConfigListDataAttributesForDataAgreement = "/v2/config/data-agreement/{dataAgreementId}/data-attributes"
+const ConfigCreateDataAgreement = "/config/data-agreement"
+const ConfigReadDataAgreement = "/config/data-agreement/{dataAgreementId}"
+const ConfigUpdateDataAgreement = "/config/data-agreement/{dataAgreementId}"
+const ConfigDeleteDataAgreement = "/config/data-agreement/{dataAgreementId}"
+const ConfigListDataAgreements = "/config/data-agreements"
+const ConfigListDataAgreementRevisions = "/config/data-agreement/{dataAgreementId}/revisions"
+const ConfigListDataAttributesForDataAgreement = "/config/data-agreement/{dataAgreementId}/data-attributes"
 
-const ReadDataAgreementRevision = "/v2/config/data-agreement/{dataAgreementId}/revision/{revisionId}"
+const ReadDataAgreementRevision = "/config/data-agreement/{dataAgreementId}/revision/{revisionId}"
 
 // Data attributes
-const ConfigReadDataAttribute = "/v2/config/data-agreements/data-attribute/{dataAttributeId}"
-const ConfigCreateDataAttribute = "/v2/config/data-agreements/data-attribute"
-const ConfigUpdateDataAttribute = "/v2/config/data-agreements/data-attribute/{dataAttributeId}"
-const ConfigListDataAttributeRevisions = "/v2/config/data-agreements/data-attribute/{dataAttributeId}/revisions"
-const ConfigDeleteDataAttribute = "/v2/config/data-agreements/data-attribute/{dataAttributeId}"
-const ConfigListDataAttributes = "/v2/config/data-agreements/data-attributes"
+const ConfigReadDataAttribute = "/config/data-agreements/data-attribute/{dataAttributeId}"
+const ConfigCreateDataAttribute = "/config/data-agreements/data-attribute"
+const ConfigUpdateDataAttribute = "/config/data-agreements/data-attribute/{dataAttributeId}"
+const ConfigListDataAttributeRevisions = "/config/data-agreements/data-attribute/{dataAttributeId}/revisions"
+const ConfigDeleteDataAttribute = "/config/data-agreements/data-attribute/{dataAttributeId}"
+const ConfigListDataAttributes = "/config/data-agreements/data-attributes"
 
 // Webhooks
-const ConfigReadWebhook = "/v2/config/webhook/{webhookId}"
-const ConfigCreateWebhook = "/v2/config/webhook"
-const ConfigUpdateWebhook = "/v2/config/webhook/{webhookId}"
-const ConfigDeleteWebhook = "/v2/config/webhook/{webhookId}"
-const ConfigListWebhooks = "/v2/config/webhooks"
-const ConfigPingWebhook = "/v2/config/webhook/{webhookId}/ping"
-const ConfigListRecentWebhookDeliveries = "/v2/config/webhooks/{webhookId}/deliveries"
-const ConfigReadRecentWebhookDelivery = "/v2/config/webhooks/{webhookId}/delivery/{deliveryId}"
-const ConfigRedeliverWebhookPayloadByDeliveryID = "/v2/config/webhooks/{webhookId}/delivery/{deliveryId}/redeliver"
-const ConfigListWebhookEventTypes = "/v2/config/webhooks/event-types"
-const ConfigListWebhookPayloadContentTypes = "/v2/config/webhooks/payload/content-types"
+const ConfigReadWebhook = "/config/webhook/{webhookId}"
+const ConfigCreateWebhook = "/config/webhook"
+const ConfigUpdateWebhook = "/config/webhook/{webhookId}"
+const ConfigDeleteWebhook = "/config/webhook/{webhookId}"
+const ConfigListWebhooks = "/config/webhooks"
+const ConfigPingWebhook = "/config/webhook/{webhookId}/ping"
+const ConfigListRecentWebhookDeliveries = "/config/webhooks/{webhookId}/deliveries"
+const ConfigReadRecentWebhookDelivery = "/config/webhooks/{webhookId}/delivery/{deliveryId}"
+const ConfigRedeliverWebhookPayloadByDeliveryID = "/config/webhooks/{webhookId}/delivery/{deliveryId}/redeliver"
+const ConfigListWebhookEventTypes = "/config/webhooks/event-types"
+const ConfigListWebhookPayloadContentTypes = "/config/webhooks/payload/content-types"
 
 // Organisation identity provider related API(s)
-const AddIdentityProvider = "/v2/config/idp/open-id"
-const UpdateIdentityProvider = "/v2/config/idp/open-id/{idpId}"
-const DeleteIdentityProvider = "/v2/config/idp/open-id/{idpId}"
-const GetIdentityProvider = "/v2/config/idp/open-id/{idpId}"
-const ConfigListIdentityProviders = "/v2/config/idp/open-ids"
+const AddIdentityProvider = "/config/idp/open-id"
+const UpdateIdentityProvider = "/config/idp/open-id/{idpId}"
+const DeleteIdentityProvider = "/config/idp/open-id/{idpId}"
+const GetIdentityProvider = "/config/idp/open-id/{idpId}"
+const ConfigListIdentityProviders = "/config/idp/open-ids"
 
 // Individuals
-const ConfigCreateIndividual = "/v2/config/individual"
-const ConfigReadIndividual = "/v2/config/individual/{individualId}"
-const ConfigUpdateIndividual = "/v2/config/individual/{individualId}"
-const ConfigDeleteIndividual = "/v2/config/individual/{individualId}"
-const ConfigListIndividuals = "/v2/config/individuals"
-const ConfigCreateIndividualsInBulk = "/v2/config/individual/upload"
+const ConfigCreateIndividual = "/config/individual"
+const ConfigReadIndividual = "/config/individual/{individualId}"
+const ConfigUpdateIndividual = "/config/individual/{individualId}"
+const ConfigDeleteIndividual = "/config/individual/{individualId}"
+const ConfigListIndividuals = "/config/individuals"
+const ConfigCreateIndividualsInBulk = "/config/individual/upload"
 
 // Api key
-const ConfigCreateApiKey = "/v2/config/admin/apikey"
-const ConfigUpdateApiKey = "/v2/config/admin/apikey/{apiKeyId}"
-const ConfigDeleteApiKey = "/v2/config/admin/apikey/{apiKeyId}"
-const ConfigListApiKey = "/v2/config/admin/apikeys"
+const ConfigCreateApiKey = "/config/admin/apikey"
+const ConfigUpdateApiKey = "/config/admin/apikey/{apiKeyId}"
+const ConfigDeleteApiKey = "/config/admin/apikey/{apiKeyId}"
+const ConfigListApiKey = "/config/admin/apikeys"
 
-const ConfigReadPrivacyDashboard = "/v2/config/privacy-dashboard"
+const ConfigReadPrivacyDashboard = "/config/privacy-dashboard"
 
-const ConfigPurgeOrgLogs = "/v2/config/logs/purge"
+const ConfigPurgeOrgLogs = "/config/logs/purge"
diff --git a/internal/http_path/v2/onboard_paths.go b/internal/http_path/v2/onboard_paths.go
index 25ba26f..78139b3 100644
--- a/internal/http_path/v2/onboard_paths.go
+++ b/internal/http_path/v2/onboard_paths.go
@@ -1,31 +1,31 @@
 package http_path
 
 // login
-const LoginAdminUser = "/v2/onboard/admin/login"
-const LoginUser = "/v2/onboard/individual/login"
-const OnboardLogoutUser = "/v2/onboard/logout"
+const LoginAdminUser = "/onboard/admin/login"
+const LoginUser = "/onboard/individual/login"
+const OnboardLogoutUser = "/onboard/logout"
 
-const OnboardResetPassword = "/v2/onboard/password/reset"
-const OnboardForgotPassword = "/v2/onboard/password/forgot"
+const OnboardResetPassword = "/onboard/password/reset"
+const OnboardForgotPassword = "/onboard/password/forgot"
 
-// const ValidateUserEmail = "/v2/onboard/validate/email"
-// const ValidatePhoneNumber = "/v2/onboard/validate/phone"
-// const VerifyPhoneNumber = "/v2/onboard/verify/phone"
-// const VerifyOtp = "/v2/onboard/verify/otp"
+// const ValidateUserEmail = "/onboard/validate/email"
+// const ValidatePhoneNumber = "/onboard/validate/phone"
+// const VerifyPhoneNumber = "/onboard/verify/phone"
+// const VerifyOtp = "/onboard/verify/otp"
 
-const OnboardRefreshToken = "/v2/onboard/token/refresh"
-const ExchangeAuthorizationCode = "/v2/onboard/token/exchange"
+const OnboardRefreshToken = "/onboard/token/refresh"
+const ExchangeAuthorizationCode = "/onboard/token/exchange"
 
-const GetOrganizationByID = "/v2/onboard/organisation"
-const UpdateOrganization = "/v2/onboard/organisation"
-const UpdateOrganizationCoverImage = "/v2/onboard/organisation/coverimage"
-const UpdateOrganizationLogoImage = "/v2/onboard/organisation/logoimage"
-const GetOrganizationCoverImage = "/v2/onboard/organisation/coverimage"
-const GetOrganizationLogoImage = "/v2/onboard/organisation/logoimage"
+const GetOrganizationByID = "/onboard/organisation"
+const UpdateOrganization = "/onboard/organisation"
+const UpdateOrganizationCoverImage = "/onboard/organisation/coverimage"
+const UpdateOrganizationLogoImage = "/onboard/organisation/logoimage"
+const GetOrganizationCoverImage = "/onboard/organisation/coverimage"
+const GetOrganizationLogoImage = "/onboard/organisation/logoimage"
 
-const OnboardReadOrganisationAdmin = "/v2/onboard/admin"
-const OnboardUpdateOrganisationAdmin = "/v2/onboard/admin"
-const OnboardReadOrganisationAdminAvatar = "/v2/onboard/admin/avatarimage"
-const OnboardUpdateOrganisationAdminAvatar = "/v2/onboard/admin/avatarimage"
+const OnboardReadOrganisationAdmin = "/onboard/admin"
+const OnboardUpdateOrganisationAdmin = "/onboard/admin"
+const OnboardReadOrganisationAdminAvatar = "/onboard/admin/avatarimage"
+const OnboardUpdateOrganisationAdminAvatar = "/onboard/admin/avatarimage"
 
-const OnboardReadStatus = "/v2/onboard/status"
+const OnboardReadStatus = "/onboard/status"
diff --git a/internal/http_path/v2/routes.go b/internal/http_path/v2/routes.go
index 4a1da78..4b1df9f 100644
--- a/internal/http_path/v2/routes.go
+++ b/internal/http_path/v2/routes.go
@@ -1,6 +1,8 @@
 package http_path
 
 import (
+	"net/http"
+
 	auditHandler "github.com/bb-consent/api/internal/handler/v2/audit"
 	apiKeyHandler "github.com/bb-consent/api/internal/handler/v2/config/apikey"
 	dataAgreementHandler "github.com/bb-consent/api/internal/handler/v2/config/dataagreement"
@@ -21,148 +23,155 @@ import (
 )
 
 // SetRoutes sets the routes that the back end server serves
-func SetRoutes(r *mux.Router, e *casbin.Enforcer) {
+func SetRoutes(r *mux.Router, e *casbin.Enforcer, testMode bool) {
+	var wrapper = func(path string, handler http.Handler) *mux.Route {
+		if testMode {
+			path = path + "/"
+		}
+		return r.Handle(path, handler)
+	}
+
 	// Policy
-	r.Handle(ConfigReadPolicy, m.Chain(policyHandler.ConfigReadPolicy, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigCreatePolicy, m.Chain(policyHandler.ConfigCreatePolicy, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ConfigUpdatePolicy, m.Chain(policyHandler.ConfigUpdatePolicy, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(ConfigListPolicyRevisions, m.Chain(policyHandler.ConfigListPolicyRevisions, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigDeletePolicy, m.Chain(policyHandler.ConfigDeletePolicy, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
-	r.Handle(ConfigListPolicies, m.Chain(policyHandler.ConfigListPolicies, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigReadPolicy, m.Chain(policyHandler.ConfigReadPolicy, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigCreatePolicy, m.Chain(policyHandler.ConfigCreatePolicy, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ConfigUpdatePolicy, m.Chain(policyHandler.ConfigUpdatePolicy, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(ConfigListPolicyRevisions, m.Chain(policyHandler.ConfigListPolicyRevisions, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigDeletePolicy, m.Chain(policyHandler.ConfigDeletePolicy, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
+	wrapper(ConfigListPolicies, m.Chain(policyHandler.ConfigListPolicies, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Data agreement
-	r.Handle(ConfigReadDataAgreement, m.Chain(dataAgreementHandler.ConfigReadDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigCreateDataAgreement, m.Chain(dataAgreementHandler.ConfigCreateDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ConfigUpdateDataAgreement, m.Chain(dataAgreementHandler.ConfigUpdateDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(ConfigListDataAgreementRevisions, m.Chain(dataAgreementHandler.ConfigListDataAgreementRevisions, m.Logger(), m.LogApiCalls(), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authorize(e), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigDeleteDataAgreement, m.Chain(dataAgreementHandler.ConfigDeleteDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
-	r.Handle(ConfigListDataAgreements, m.Chain(dataAgreementHandler.ConfigListDataAgreements, m.Logger(), m.LogApiCalls(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigListDataAttributesForDataAgreement, m.Chain(dataAgreementHandler.ConfigListDataAttributesForDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigReadDataAgreement, m.Chain(dataAgreementHandler.ConfigReadDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigCreateDataAgreement, m.Chain(dataAgreementHandler.ConfigCreateDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ConfigUpdateDataAgreement, m.Chain(dataAgreementHandler.ConfigUpdateDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(ConfigListDataAgreementRevisions, m.Chain(dataAgreementHandler.ConfigListDataAgreementRevisions, m.Logger(), m.LogApiCalls(), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authorize(e), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigDeleteDataAgreement, m.Chain(dataAgreementHandler.ConfigDeleteDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
+	wrapper(ConfigListDataAgreements, m.Chain(dataAgreementHandler.ConfigListDataAgreements, m.Logger(), m.LogApiCalls(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigListDataAttributesForDataAgreement, m.Chain(dataAgreementHandler.ConfigListDataAttributesForDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Data attribute
-	r.Handle(ConfigUpdateDataAttribute, m.Chain(dataAttributeHandler.ConfigUpdateDataAttribute, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(ConfigListDataAttributes, m.Chain(dataAttributeHandler.ConfigListDataAttributes, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigUpdateDataAttribute, m.Chain(dataAttributeHandler.ConfigUpdateDataAttribute, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(ConfigListDataAttributes, m.Chain(dataAttributeHandler.ConfigListDataAttributes, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Organisation webhooks related api(s)
-	r.Handle(ConfigReadWebhook, m.Chain(webhookHandler.ConfigReadWebhook, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigCreateWebhook, m.Chain(webhookHandler.ConfigCreateWebhook, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ConfigUpdateWebhook, m.Chain(webhookHandler.ConfigUpdateWebhook, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(ConfigDeleteWebhook, m.Chain(webhookHandler.ConfigDeleteWebhook, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
-	r.Handle(ConfigListWebhooks, m.Chain(webhookHandler.ConfigListWebhooks, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigPingWebhook, m.Chain(webhookHandler.ConfigPingWebhook, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ConfigListRecentWebhookDeliveries, m.Chain(webhookHandler.ConfigListRecentWebhookDeliveries, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigReadRecentWebhookDelivery, m.Chain(webhookHandler.ConfigReadRecentWebhookDelivery, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigRedeliverWebhookPayloadByDeliveryID, m.Chain(webhookHandler.ConfigRedeliverWebhookPayloadByDeliveryID, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ConfigListWebhookEventTypes, m.Chain(webhookHandler.ConfigListWebhookEventTypes, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigListWebhookPayloadContentTypes, m.Chain(webhookHandler.ConfigListWebhookPayloadContentTypes, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigReadWebhook, m.Chain(webhookHandler.ConfigReadWebhook, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigCreateWebhook, m.Chain(webhookHandler.ConfigCreateWebhook, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ConfigUpdateWebhook, m.Chain(webhookHandler.ConfigUpdateWebhook, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(ConfigDeleteWebhook, m.Chain(webhookHandler.ConfigDeleteWebhook, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
+	wrapper(ConfigListWebhooks, m.Chain(webhookHandler.ConfigListWebhooks, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigPingWebhook, m.Chain(webhookHandler.ConfigPingWebhook, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ConfigListRecentWebhookDeliveries, m.Chain(webhookHandler.ConfigListRecentWebhookDeliveries, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigReadRecentWebhookDelivery, m.Chain(webhookHandler.ConfigReadRecentWebhookDelivery, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigRedeliverWebhookPayloadByDeliveryID, m.Chain(webhookHandler.ConfigRedeliverWebhookPayloadByDeliveryID, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ConfigListWebhookEventTypes, m.Chain(webhookHandler.ConfigListWebhookEventTypes, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigListWebhookPayloadContentTypes, m.Chain(webhookHandler.ConfigListWebhookPayloadContentTypes, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Organisation identity provider related API(s)
-	r.Handle(AddIdentityProvider, m.Chain(idpHandler.ConfigCreateIdp, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(UpdateIdentityProvider, m.Chain(idpHandler.UpdateIdentityProvider, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(DeleteIdentityProvider, m.Chain(idpHandler.DeleteIdentityProvider, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
-	r.Handle(GetIdentityProvider, m.Chain(idpHandler.GetIdentityProvider, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigListIdentityProviders, m.Chain(idpHandler.ConfigListIdps, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(AddIdentityProvider, m.Chain(idpHandler.ConfigCreateIdp, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(UpdateIdentityProvider, m.Chain(idpHandler.UpdateIdentityProvider, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(DeleteIdentityProvider, m.Chain(idpHandler.DeleteIdentityProvider, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
+	wrapper(GetIdentityProvider, m.Chain(idpHandler.GetIdentityProvider, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigListIdentityProviders, m.Chain(idpHandler.ConfigListIdps, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Individual related api(s)
-	r.Handle(ConfigReadIndividual, m.Chain(configIndividualHandler.ConfigReadIndividual, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ConfigCreateIndividual, m.Chain(configIndividualHandler.ConfigCreateIndividual, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ConfigUpdateIndividual, m.Chain(configIndividualHandler.ConfigUpdateIndividual, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(ConfigListIndividuals, m.Chain(configIndividualHandler.ConfigListIndividuals, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigReadIndividual, m.Chain(configIndividualHandler.ConfigReadIndividual, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigCreateIndividual, m.Chain(configIndividualHandler.ConfigCreateIndividual, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ConfigUpdateIndividual, m.Chain(configIndividualHandler.ConfigUpdateIndividual, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(ConfigListIndividuals, m.Chain(configIndividualHandler.ConfigListIndividuals, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Api key related api(s)
-	r.Handle(ConfigCreateApiKey, m.Chain(apiKeyHandler.ConfigCreateApiKey, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ConfigDeleteApiKey, m.Chain(apiKeyHandler.ConfigDeleteApiKey, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
-	r.Handle(ConfigUpdateApiKey, m.Chain(apiKeyHandler.ConfigUpdateApiKey, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(ConfigListApiKey, m.Chain(apiKeyHandler.ConfigListApiKey, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigCreateApiKey, m.Chain(apiKeyHandler.ConfigCreateApiKey, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ConfigDeleteApiKey, m.Chain(apiKeyHandler.ConfigDeleteApiKey, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
+	wrapper(ConfigUpdateApiKey, m.Chain(apiKeyHandler.ConfigUpdateApiKey, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(ConfigListApiKey, m.Chain(apiKeyHandler.ConfigListApiKey, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
-	r.Handle(ConfigCreateIndividualsInBulk, m.Chain(configIndividualHandler.ConfigCreateIndividualsInBulk, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ConfigCreateIndividualsInBulk, m.Chain(configIndividualHandler.ConfigCreateIndividualsInBulk, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
 
-	r.Handle(ConfigReadPrivacyDashboard, m.Chain(privacyDashboardHandler.ConfigReadPrivacyDashboard, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ConfigReadPrivacyDashboard, m.Chain(privacyDashboardHandler.ConfigReadPrivacyDashboard, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Purge logs
-	r.Handle(ConfigPurgeOrgLogs, m.Chain(logHandler.ConfigPurgeOrgLogs, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
+	wrapper(ConfigPurgeOrgLogs, m.Chain(logHandler.ConfigPurgeOrgLogs, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
 
 	// Service api(s)
 
 	//  Data agreements
-	r.Handle(ServiceReadDataAgreement, m.Chain(serviceHandler.ServiceReadDataAgreement, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ServiceListDataAgreements, m.Chain(serviceHandler.ServiceListDataAgreements, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceReadDataAgreement, m.Chain(serviceHandler.ServiceReadDataAgreement, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceListDataAgreements, m.Chain(serviceHandler.ServiceListDataAgreements, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Read an idp
-	r.Handle(ServiceReadIdp, m.Chain(serviceHandler.ServiceReadIdp, m.LoggerNoAuth(), m.SetApplicationMode(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceReadIdp, m.Chain(serviceHandler.ServiceReadIdp, m.LoggerNoAuth(), m.SetApplicationMode(), m.AddContentType())).Methods("GET")
 
 	// Policy
-	r.Handle(ServiceReadPolicy, m.Chain(serviceHandler.ServiceReadPolicy, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceReadPolicy, m.Chain(serviceHandler.ServiceReadPolicy, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Data attributes
-	r.Handle(ServiceListDataAttributesForDataAgreement, m.Chain(serviceHandler.ServiceListDataAttributesForDataAgreement, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceListDataAttributesForDataAgreement, m.Chain(serviceHandler.ServiceListDataAttributesForDataAgreement, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Verification mechanisms
 
-	r.Handle(ServiceVerificationListDataAgreements, m.Chain(serviceHandler.ServiceVerificationListDataAgreements, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ServiceVerificationFetchDataAgreementRecord, m.Chain(serviceHandler.ServiceVerificationFetchDataAgreementRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ServiceVerificationFetchDataAgreementRecords, m.Chain(serviceHandler.ServiceVerificationFetchDataAgreementRecords, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceVerificationListDataAgreements, m.Chain(serviceHandler.ServiceVerificationListDataAgreements, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceVerificationFetchDataAgreementRecord, m.Chain(serviceHandler.ServiceVerificationFetchDataAgreementRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceVerificationFetchDataAgreementRecords, m.Chain(serviceHandler.ServiceVerificationFetchDataAgreementRecords, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Recording consent
-	r.Handle(ServiceCreateDraftConsentRecord, m.Chain(serviceHandler.ServiceCreateDraftConsentRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ServiceCreateDataAgreementRecord, m.Chain(serviceHandler.ServiceCreateDataAgreementRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ServiceUpdateDataAgreementRecord, m.Chain(serviceHandler.ServiceUpdateDataAgreementRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(ServiceDeleteIndividualDataAgreementRecords, m.Chain(serviceHandler.ServiceDeleteIndividualDataAgreementRecords, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
-	r.Handle(ServiceCreatePairedDataAgreementRecord, m.Chain(serviceHandler.ServiceCreatePairedDataAgreementRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ServiceUpdateSignatureObject, m.Chain(serviceHandler.ServiceUpdateSignatureObject, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(ServiceCreateBlankSignature, m.Chain(serviceHandler.ServiceCreateBlankSignature, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ServiceCreateDraftConsentRecord, m.Chain(serviceHandler.ServiceCreateDraftConsentRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ServiceCreateDataAgreementRecord, m.Chain(serviceHandler.ServiceCreateDataAgreementRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ServiceUpdateDataAgreementRecord, m.Chain(serviceHandler.ServiceUpdateDataAgreementRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(ServiceDeleteIndividualDataAgreementRecords, m.Chain(serviceHandler.ServiceDeleteIndividualDataAgreementRecords, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("DELETE")
+	wrapper(ServiceCreatePairedDataAgreementRecord, m.Chain(serviceHandler.ServiceCreatePairedDataAgreementRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ServiceUpdateSignatureObject, m.Chain(serviceHandler.ServiceUpdateSignatureObject, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(ServiceCreateBlankSignature, m.Chain(serviceHandler.ServiceCreateBlankSignature, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
 
-	r.Handle(ServiceReadDataAgreementRecord, m.Chain(serviceHandler.ServiceReadDataAgreementRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ServiceFetchIndividualDataAgreementRecords, m.Chain(serviceHandler.ServiceFetchIndividualDataAgreementRecords, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ServiceFetchRecordsForDataAgreement, m.Chain(serviceHandler.ServiceFetchRecordsForDataAgreement, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceReadDataAgreementRecord, m.Chain(serviceHandler.ServiceReadDataAgreementRecord, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceFetchIndividualDataAgreementRecords, m.Chain(serviceHandler.ServiceFetchIndividualDataAgreementRecords, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceFetchRecordsForDataAgreement, m.Chain(serviceHandler.ServiceFetchRecordsForDataAgreement, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
-	r.Handle(ServiceFetchRecordsHistory, m.Chain(serviceHandler.ServiceFetchRecordsHistory, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceFetchRecordsHistory, m.Chain(serviceHandler.ServiceFetchRecordsHistory, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
-	r.Handle(ServiceReadOrganisation, m.Chain(serviceHandler.ServiceReadOrganisation, m.LoggerNoAuth(), m.SetApplicationMode(), m.AddContentType())).Methods("GET")
-	r.Handle(ServiceReadOrganisationLogoImage, m.Chain(serviceHandler.ServiceReadOrganisationLogoImage, m.LoggerNoAuth(), m.SetApplicationMode(), m.AddContentType())).Methods("GET")
-	r.Handle(ServiceReadOrganisationCoverImage, m.Chain(serviceHandler.ServiceReadOrganisationCoverImage, m.LoggerNoAuth(), m.SetApplicationMode(), m.AddContentType())).Methods("GET")
-	r.Handle(ServiceReadOrganisationImage, m.Chain(serviceHandler.ServiceReadOrganisationImage, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceReadOrganisation, m.Chain(serviceHandler.ServiceReadOrganisation, m.LoggerNoAuth(), m.SetApplicationMode(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceReadOrganisationLogoImage, m.Chain(serviceHandler.ServiceReadOrganisationLogoImage, m.LoggerNoAuth(), m.SetApplicationMode(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceReadOrganisationCoverImage, m.Chain(serviceHandler.ServiceReadOrganisationCoverImage, m.LoggerNoAuth(), m.SetApplicationMode(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceReadOrganisationImage, m.Chain(serviceHandler.ServiceReadOrganisationImage, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Individual related api(s)
-	r.Handle(ServiceReadIndividual, m.Chain(serviceIndividualHandler.ServiceReadIndividual, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(ServiceCreateIndividual, m.Chain(serviceIndividualHandler.ServiceCreateIndividual, m.Logger(), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(ServiceUpdateIndividual, m.Chain(serviceIndividualHandler.ServiceUpdateIndividual, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(ServiceListIndividuals, m.Chain(serviceIndividualHandler.ServiceListIndividuals, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceReadIndividual, m.Chain(serviceIndividualHandler.ServiceReadIndividual, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(ServiceCreateIndividual, m.Chain(serviceIndividualHandler.ServiceCreateIndividual, m.Logger(), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(ServiceUpdateIndividual, m.Chain(serviceIndividualHandler.ServiceUpdateIndividual, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(ServiceListIndividuals, m.Chain(serviceIndividualHandler.ServiceListIndividuals, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKey(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Audit api(s)
 
-	r.Handle(AuditListDataAgreementRecords, m.Chain(auditHandler.AuditListDataAgreementRecords, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(AuditDataAgreementRecordRead, m.Chain(auditHandler.AuditDataAgreementRecordRead, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(AuditListDataAgreements, m.Chain(auditHandler.AuditListDataAgreements, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(AuditReadDataAgreement, m.Chain(auditHandler.AuditReadDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(AuditListDataAgreementRecords, m.Chain(auditHandler.AuditListDataAgreementRecords, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(AuditDataAgreementRecordRead, m.Chain(auditHandler.AuditDataAgreementRecordRead, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(AuditListDataAgreements, m.Chain(auditHandler.AuditListDataAgreements, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(AuditReadDataAgreement, m.Chain(auditHandler.AuditReadDataAgreement, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// organization action logs
-	r.Handle(AuditGetOrgLogs, m.Chain(auditHandler.AuditGetOrgLogs, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(AuditGetOrgLogs, m.Chain(auditHandler.AuditGetOrgLogs, m.Logger(), m.LogApiCalls(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
 	// Onboard api(s)
 
-	r.Handle(LoginAdminUser, m.Chain(onboardHandler.LoginAdminUser, m.LoggerNoAuth(), m.AddContentType())).Methods("POST")
-	r.Handle(LoginUser, m.Chain(onboardHandler.LoginUser, m.LoggerNoAuth(), m.AddContentType())).Methods("POST")
-	r.Handle(OnboardResetPassword, m.Chain(onboardHandler.OnboardResetPassword, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(OnboardLogoutUser, m.Chain(onboardHandler.OnboardLogoutUser, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(LoginAdminUser, m.Chain(onboardHandler.LoginAdminUser, m.LoggerNoAuth(), m.AddContentType())).Methods("POST")
+	wrapper(LoginUser, m.Chain(onboardHandler.LoginUser, m.LoggerNoAuth(), m.AddContentType())).Methods("POST")
+	wrapper(OnboardResetPassword, m.Chain(onboardHandler.OnboardResetPassword, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(OnboardLogoutUser, m.Chain(onboardHandler.OnboardLogoutUser, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
 
-	r.Handle(OnboardRefreshToken, m.Chain(onboardHandler.OnboardRefreshToken, m.AddContentType())).Methods("POST")
-	r.Handle(ExchangeAuthorizationCode, m.Chain(onboardHandler.ExchangeAuthorizationCode, m.LoggerNoAuth(), m.SetApplicationMode())).Methods("POST")
-	r.Handle(OnboardForgotPassword, m.Chain(onboardHandler.OnboardForgotPassword, m.LoggerNoAuth(), m.SetApplicationMode())).Methods("PUT")
+	wrapper(OnboardRefreshToken, m.Chain(onboardHandler.OnboardRefreshToken, m.AddContentType())).Methods("POST")
+	wrapper(ExchangeAuthorizationCode, m.Chain(onboardHandler.ExchangeAuthorizationCode, m.LoggerNoAuth(), m.SetApplicationMode())).Methods("POST")
+	wrapper(OnboardForgotPassword, m.Chain(onboardHandler.OnboardForgotPassword, m.LoggerNoAuth(), m.SetApplicationMode())).Methods("PUT")
 
-	r.Handle(GetOrganizationByID, m.Chain(onboardHandler.OnboardReadOrganisation, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(UpdateOrganization, m.Chain(onboardHandler.UpdateOrganization, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(UpdateOrganizationCoverImage, m.Chain(onboardHandler.UpdateOrganizationCoverImage, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(UpdateOrganizationLogoImage, m.Chain(onboardHandler.UpdateOrganizationLogoImage, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
-	r.Handle(GetOrganizationCoverImage, m.Chain(onboardHandler.GetOrganizationCoverImage, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(GetOrganizationLogoImage, m.Chain(onboardHandler.GetOrganizationLogoImage, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(GetOrganizationByID, m.Chain(onboardHandler.OnboardReadOrganisation, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(UpdateOrganization, m.Chain(onboardHandler.UpdateOrganization, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(UpdateOrganizationCoverImage, m.Chain(onboardHandler.UpdateOrganizationCoverImage, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(UpdateOrganizationLogoImage, m.Chain(onboardHandler.UpdateOrganizationLogoImage, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("POST")
+	wrapper(GetOrganizationCoverImage, m.Chain(onboardHandler.GetOrganizationCoverImage, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(GetOrganizationLogoImage, m.Chain(onboardHandler.GetOrganizationLogoImage, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
-	r.Handle(OnboardReadOrganisationAdmin, m.Chain(onboardHandler.OnboardReadOrganisationAdmin, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(OnboardUpdateOrganisationAdmin, m.Chain(onboardHandler.OnboardUpdateOrganisationAdmin, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
-	r.Handle(OnboardReadOrganisationAdminAvatar, m.Chain(onboardHandler.OnboardReadOrganisationAdminAvatar, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
-	r.Handle(OnboardUpdateOrganisationAdminAvatar, m.Chain(onboardHandler.OnboardUpdateOrganisationAdminAvatar, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(OnboardReadOrganisationAdmin, m.Chain(onboardHandler.OnboardReadOrganisationAdmin, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(OnboardUpdateOrganisationAdmin, m.Chain(onboardHandler.OnboardUpdateOrganisationAdmin, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
+	wrapper(OnboardReadOrganisationAdminAvatar, m.Chain(onboardHandler.OnboardReadOrganisationAdminAvatar, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(OnboardUpdateOrganisationAdminAvatar, m.Chain(onboardHandler.OnboardUpdateOrganisationAdminAvatar, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("PUT")
 
-	r.Handle(OnboardReadStatus, m.Chain(onboardHandler.OnboardReadStatus, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
+	wrapper(OnboardReadStatus, m.Chain(onboardHandler.OnboardReadStatus, m.Logger(), m.Authorize(e), m.SetApplicationMode(), m.ValidateAPIKeyAndIndividualId(), m.Authenticate(), m.AddContentType())).Methods("GET")
 
-	r.Handle(ServiceShowDataSharingUi, m.Chain(serviceDataSharingHandler.ServiceShowDataSharingUiHandler, m.LoggerNoAuth())).Methods("GET")
+	wrapper(ServiceShowDataSharingUi, m.Chain(serviceDataSharingHandler.ServiceShowDataSharingUiHandler, m.LoggerNoAuth())).Methods("GET")
 }
diff --git a/internal/http_path/v2/service_paths.go b/internal/http_path/v2/service_paths.go
index b19ae7f..9cd74ea 100644
--- a/internal/http_path/v2/service_paths.go
+++ b/internal/http_path/v2/service_paths.go
@@ -1,50 +1,50 @@
 package http_path
 
 // Data agreements
-const ServiceReadDataAgreement = "/v2/service/data-agreement/{dataAgreementId}"
-const ServiceListDataAgreements = "/v2/service/data-agreements"
+const ServiceReadDataAgreement = "/service/data-agreement/{dataAgreementId}"
+const ServiceListDataAgreements = "/service/data-agreements"
 
 // Policy
-const ServiceReadPolicy = "/v2/service/policy/{policyId}"
+const ServiceReadPolicy = "/service/policy/{policyId}"
 
 // Data attributes
-const ServiceListDataAttributesForDataAgreement = "/v2/service/data-agreement/{dataAgreementId}/data-attributes"
+const ServiceListDataAttributesForDataAgreement = "/service/data-agreement/{dataAgreementId}/data-attributes"
 
 // Verification mechanisms
-const ServiceVerificationListDataAgreements = "/v2/service/verification/data-agreements"
-const ServiceVerificationFetchDataAgreementRecord = "/v2/service/verification/consent-record/{consentRecordId}"
-const ServiceVerificationFetchDataAgreementRecords = "/v2/service/verification/consent-records"
+const ServiceVerificationListDataAgreements = "/service/verification/data-agreements"
+const ServiceVerificationFetchDataAgreementRecord = "/service/verification/consent-record/{consentRecordId}"
+const ServiceVerificationFetchDataAgreementRecords = "/service/verification/consent-records"
 
 // Recording consent
-const ServiceCreateDraftConsentRecord = "/v2/service/individual/record/consent-record/draft"
-const ServiceCreateDataAgreementRecord = "/v2/service/individual/record/data-agreement/{dataAgreementId}"
-const ServiceReadDataAgreementRecord = "/v2/service/individual/record/data-agreement/{dataAgreementId}"
-const ServiceUpdateDataAgreementRecord = "/v2/service/individual/record/consent-record/{consentRecordId}"
-const ServiceDeleteIndividualDataAgreementRecords = "/v2/service/individual/record"
-const ServiceCreatePairedDataAgreementRecord = "/v2/service/individual/record/consent-record"
+const ServiceCreateDraftConsentRecord = "/service/individual/record/consent-record/draft"
+const ServiceCreateDataAgreementRecord = "/service/individual/record/data-agreement/{dataAgreementId}"
+const ServiceReadDataAgreementRecord = "/service/individual/record/data-agreement/{dataAgreementId}"
+const ServiceUpdateDataAgreementRecord = "/service/individual/record/consent-record/{consentRecordId}"
+const ServiceDeleteIndividualDataAgreementRecords = "/service/individual/record"
+const ServiceCreatePairedDataAgreementRecord = "/service/individual/record/consent-record"
 
-const ServiceCreateBlankSignature = "/v2/service/individual/record/consent-record/{consentRecordId}/signature"
-const ServiceUpdateSignatureObject = "/v2/service/individual/record/consent-record/{consentRecordId}/signature"
+const ServiceCreateBlankSignature = "/service/individual/record/consent-record/{consentRecordId}/signature"
+const ServiceUpdateSignatureObject = "/service/individual/record/consent-record/{consentRecordId}/signature"
 
-const ServiceFetchIndividualDataAgreementRecords = "/v2/service/individual/record/consent-record"
-const ServiceFetchRecordsForDataAgreement = "/v2/service/individual/record/data-agreement/{dataAgreementId}/all"
+const ServiceFetchIndividualDataAgreementRecords = "/service/individual/record/consent-record"
+const ServiceFetchRecordsForDataAgreement = "/service/individual/record/data-agreement/{dataAgreementId}/all"
 
-const ServiceFetchRecordsHistory = "/v2/service/individual/record/consent-record/history"
+const ServiceFetchRecordsHistory = "/service/individual/record/consent-record/history"
 
 // Idp
-const ServiceReadIdp = "/v2/service/idp/open-id"
+const ServiceReadIdp = "/service/idp/open-id"
 
 // Organisation
-const ServiceReadOrganisation = "/v2/service/organisation"
-const ServiceReadOrganisationLogoImage = "/v2/service/organisation/logoimage"
-const ServiceReadOrganisationCoverImage = "/v2/service/organisation/coverimage"
-const ServiceReadOrganisationImage = "/v2/service/image/{imageId}"
+const ServiceReadOrganisation = "/service/organisation"
+const ServiceReadOrganisationLogoImage = "/service/organisation/logoimage"
+const ServiceReadOrganisationCoverImage = "/service/organisation/coverimage"
+const ServiceReadOrganisationImage = "/service/image/{imageId}"
 
 // Individuals
-const ServiceCreateIndividual = "/v2/service/individual"
-const ServiceReadIndividual = "/v2/service/individual/{individualId}"
-const ServiceUpdateIndividual = "/v2/service/individual/{individualId}"
-const ServiceListIndividuals = "/v2/service/individuals"
+const ServiceCreateIndividual = "/service/individual"
+const ServiceReadIndividual = "/service/individual/{individualId}"
+const ServiceUpdateIndividual = "/service/individual/{individualId}"
+const ServiceListIndividuals = "/service/individuals"
 
 // Data sharing
-const ServiceShowDataSharingUi = "/v2/service/data-sharing"
+const ServiceShowDataSharingUi = "/service/data-sharing"
diff --git a/internal/rbac/rbac.go b/internal/rbac/rbac.go
index ed48863..bdb9bcc 100644
--- a/internal/rbac/rbac.go
+++ b/internal/rbac/rbac.go
@@ -9,153 +9,159 @@ const (
 )
 
 // GetRbacPolicies
-func GetRbacPolicies() [][]string {
+func GetRbacPolicies(testMode bool) [][]string {
 
 	policies := [][]string{
-		{"organisation_admin", "/v2/config/policy", "POST"},
-		{"organisation_admin", "/v2/config/policy/{policyId}", "(GET)|(PUT)|(DELETE)"},
-		{"organisation_admin", "/v2/config/policy/{policyId}/revisions", "GET"},
-		{"organisation_admin", "/v2/config/policies", "GET"},
-		{"organisation_admin", "/v2/config/data-agreement/{dataAgreementId}", "(GET)|(PUT)|(DELETE)"},
-		{"organisation_admin", "/v2/config/data-agreement", "POST"},
-		{"organisation_admin", "/v2/config/data-agreements", "GET"},
-		{"organisation_admin", "/v2/config/data-agreement/{dataAgreementId}/revisions", "GET"},
-		{"organisation_admin", "/v2/config/data-agreement/{dataAgreementId}/revision/{revisionId}", "GET"},
-		{"organisation_admin", "/v2/config/data-agreement/{dataAgreementId}/data-attributes", "GET"},
-		{"organisation_admin", "/v2/config/data-agreements/data-attribute", "POST"},
-		{"organisation_admin", "/v2/config/data-agreements/data-attribute/{dataAttributeId}", "(GET)|(PUT)|(DELETE)"},
-		{"organisation_admin", "/v2/config/data-agreements/data-attribute/{dataAttributeId}/revisions", "GET"},
-		{"organisation_admin", "/v2/config/data-agreements/data-attributes", "GET"},
-		{"organisation_admin", "/v2/config/webhooks/event-types", "GET"},
-		{"organisation_admin", "/v2/config/webhooks/payload/content-types", "GET"},
-		{"organisation_admin", "/v2/config/webhooks", "GET"},
-		{"organisation_admin", "/v2/config/webhook", "POST"},
-		{"organisation_admin", "/v2/config/webhook/{webhookId}", "(GET)|(PUT)|(DELETE)"},
-		{"organisation_admin", "/v2/config/webhook/{webhookId}/ping", "POST"},
-		{"organisation_admin", "/v2/config/webhooks/{webhookId}/deliveries", "GET"},
-		{"organisation_admin", "/v2/config/webhooks/{webhookId}/delivery/{deliveryId}", "GET"},
-		{"organisation_admin", "/v2/config/webhooks/{webhookId}/delivery/{deliveryId}/redeliver", "POST"},
-		{"organisation_admin", "/v2/config/idp/open-id", "POST"},
-		{"organisation_admin", "/v2/config/idp/open-ids", "GET"},
-		{"organisation_admin", "/v2/config/idp/open-id/{idpId}", "(GET)|(PUT)|(DELETE)"},
-		{"organisation_admin", "/v2/config/individuals", "GET"},
-		{"organisation_admin", "/v2/config/individual", "POST"},
-		{"organisation_admin", "/v2/config/individual/{individualId}", "(GET)|(PUT)"},
-		{"organisation_admin", "/v2/config/admin/apikey", "POST"},
-		{"organisation_admin", "/v2/config/admin/apikey/{apiKeyId}", "(PUT)|(DELETE)"},
-		{"organisation_admin", "/v2/config/admin/apikeys", "GET"},
-		{"user", "/v2/service/data-agreements", "GET"},
-		{"user", "/v2/service/data-agreement/{dataAgreementId}", "GET"},
-		{"user", "/v2/service/data-agreement/{dataAgreementId}/data-attributes", "GET"},
-		{"user", "/v2/service/policy/{policyId}", "GET"},
-		{"user", "/v2/service/verification/data-agreements", "GET"},
-		{"user", "/v2/service/verification/consent-record/{consentRecordId}", "GET"},
-		{"user", "/v2/service/verification/consent-records", "GET"},
-		{"user", "/v2/service/individual/record/consent-record/draft", "POST"},
-		{"user", "/v2/service/individual/record/data-agreement/{dataAgreementId}", "(GET)|(POST)"},
-		{"user", "/v2/service/individual/record/consent-record/{consentRecordId}", "PUT"},
-		{"user", "/v2/service/individual/record/consent-record", "(GET)|(POST)"},
-		{"user", "/v2/service/individual/record/consent-record/{consentRecordId}/signature", "(POST)|(PUT)"},
-		{"user", "/v2/service/individual/record/data-agreement/{dataAgreementId}/all", "GET"},
-		{"organisation_admin", "/v2/audit/consent-records", "GET"},
-		{"organisation_admin", "/v2/audit/consent-record/{consentRecordId}", "GET"},
-		{"organisation_admin", "/v2/audit/data-agreements", "GET"},
-		{"organisation_admin", "/v2/audit/data-agreement/{dataAgreementId}", "GET"},
-		{"organisation_admin", "/v2/audit/admin/logs", "GET"},
-		{"organisation_admin", "/v2/onboard/organisation", "(GET)|(PUT)"},
-		{"organisation_admin", "/v2/onboard/organisation/coverimage", "(GET)|(POST)"},
-		{"organisation_admin", "/v2/onboard/organisation/logoimage", "(GET)|(POST)"},
-		{"user", "/v2/onboard/organisation", "GET"},
-		{"user", "/v2/onboard/organisation/coverimage", "GET"},
-		{"user", "/v2/onboard/organisation/logoimage", "GET"},
-		{"organisation_admin", "/v2/onboard/password/reset", "PUT"},
-		{"organisation_admin", "/v2/onboard/admin", "(GET)|(PUT)"},
-		{"organisation_admin", "/v2/onboard/admin/avatarimage", "(GET)|(PUT)"},
-		{"organisation_admin", "/v2/config/individual/upload", "POST"},
-		{"organisation_admin", "/v2/config/privacy-dashboard", "GET"},
-		{"organisation_admin", "/v2/onboard/status", "GET"},
-		{"user", "/v2/onboard/password/reset", "PUT"},
-		{"user", "/v2/service/individual/record/consent-record/history", "GET"},
-		{"user", "/v2/service/idp/open-id", "GET"},
-		{"user", "/v2/service/organisation", "GET"},
-		{"user", "/v2/service/organisation/coverimage", "GET"},
-		{"user", "/v2/service/organisation/logoimage", "GET"},
-		{"user", "/v2/service/individuals", "GET"},
-		{"user", "/v2/service/individual", "POST"},
-		{"user", "/v2/service/individual/{individualId}", "(GET)|(PUT)"},
-		{"user", "/v2/service/image/{imageId}", "GET"},
-		{"user", "/v2/service/individual/record", "DELETE"},
-		{"user", "/v2/onboard/logout", "POST"},
-		{"organisation_admin", "/v2/onboard/logout", "POST"},
-		{"audit", "/v2/audit/consent-records", "GET"},
-		{"audit", "/v2/audit/consent-record/{consentRecordId}", "GET"},
-		{"audit", "/v2/audit/data-agreements", "GET"},
-		{"audit", "/v2/audit/data-agreement/{dataAgreementId}", "GET"},
-		{"audit", "/v2/audit/admin/logs", "GET"},
-		{"config", "/v2/config/policy", "POST"},
-		{"config", "/v2/config/policy/{policyId}", "(GET)|(PUT)|(DELETE)"},
-		{"config", "/v2/config/policy/{policyId}/revisions", "GET"},
-		{"config", "/v2/config/policies", "GET"},
-		{"config", "/v2/config/data-agreement/{dataAgreementId}", "(GET)|(PUT)|(DELETE)"},
-		{"config", "/v2/config/data-agreement", "POST"},
-		{"config", "/v2/config/data-agreements", "GET"},
-		{"config", "/v2/config/data-agreement/{dataAgreementId}/revisions", "GET"},
-		{"config", "/v2/config/data-agreement/{dataAgreementId}/revision/{revisionId}", "GET"},
-		{"config", "/v2/config/data-agreement/{dataAgreementId}/data-attributes", "GET"},
-		{"config", "/v2/config/data-agreements/data-attribute/{dataAttributeId}", "PUT"},
-		{"config", "/v2/config/data-agreements/data-attributes", "GET"},
-		{"config", "/v2/config/webhooks/event-types", "GET"},
-		{"config", "/v2/config/webhooks/payload/content-types", "GET"},
-		{"config", "/v2/config/webhooks", "GET"},
-		{"config", "/v2/config/webhook", "POST"},
-		{"config", "/v2/config/webhook/{webhookId}", "(GET)|(PUT)|(DELETE)"},
-		{"config", "/v2/config/webhook/{webhookId}/ping", "POST"},
-		{"config", "/v2/config/webhooks/{webhookId}/deliveries", "GET"},
-		{"config", "/v2/config/webhooks/{webhookId}/delivery/{deliveryId}", "GET"},
-		{"config", "/v2/config/webhooks/{webhookId}/delivery/{deliveryId}/redeliver", "POST"},
-		{"config", "/v2/config/idp/open-id", "POST"},
-		{"config", "/v2/config/idp/open-ids", "GET"},
-		{"config", "/v2/config/idp/open-id/{idpId}", "(GET)|(PUT)|(DELETE)"},
-		{"config", "/v2/config/individuals", "GET"},
-		{"config", "/v2/config/individual", "POST"},
-		{"config", "/v2/config/individual/{individualId}", "(GET)|(PUT)"},
-		{"config", "/v2/config/admin/apikey", "POST"},
-		{"config", "/v2/config/admin/apikey/{apiKeyId}", "(PUT)|(DELETE)"},
-		{"config", "/v2/config/admin/apikeys", "GET"},
-		{"service", "/v2/service/data-agreements", "GET"},
-		{"service", "/v2/service/data-agreement/{dataAgreementId}", "GET"},
-		{"service", "/v2/service/data-agreement/{dataAgreementId}/data-attributes", "GET"},
-		{"service", "/v2/service/policy/{policyId}", "GET"},
-		{"service", "/v2/service/verification/data-agreements", "GET"},
-		{"service", "/v2/service/verification/consent-record/{consentRecordId}", "GET"},
-		{"service", "/v2/service/verification/consent-records", "GET"},
-		{"service", "/v2/service/individual/record/consent-record/draft", "POST"},
-		{"service", "/v2/service/individual/record/data-agreement/{dataAgreementId}", "(GET)|(POST)"},
-		{"service", "/v2/service/individual/record/consent-record/{consentRecordId}", "PUT"},
-		{"service", "/v2/service/individual/record/consent-record", "(GET)|(POST)"},
-		{"service", "/v2/service/individual/record/consent-record/{consentRecordId}/signature", "(POST)|(PUT)"},
-		{"service", "/v2/service/individual/record/data-agreement/{dataAgreementId}/all", "GET"},
-		{"service", "/v2/service/individual/record/consent-record/history", "GET"},
-		{"service", "/v2/service/idp/open-id", "GET"},
-		{"service", "/v2/service/organisation", "GET"},
-		{"service", "/v2/service/organisation/coverimage", "GET"},
-		{"service", "/v2/service/organisation/logoimage", "GET"},
-		{"service", "/v2/service/individuals", "GET"},
-		{"service", "/v2/service/individual", "POST"},
-		{"service", "/v2/service/individual/{individualId}", "(GET)|(PUT)"},
-		{"service", "/v2/service/image/{imageId}", "GET"},
-		{"service", "/v2/service/individual/record", "DELETE"},
-		{"onboard", "/v2/onboard/organisation", "(GET)|(PUT)"},
-		{"onboard", "/v2/onboard/organisation/coverimage", "(GET)|(POST)"},
-		{"onboard", "/v2/onboard/organisation/logoimage", "(GET)|(POST)"},
-		{"onboard", "/v2/onboard/organisation", "GET"},
-		{"onboard", "/v2/onboard/password/reset", "PUT"},
-		{"onboard", "/v2/onboard/admin", "(GET)|(PUT)"},
-		{"onboard", "/v2/onboard/admin/avatarimage", "(GET)|(PUT)"},
-		{"onboard", "/v2/onboard/status", "GET"},
-		{"onboard", "/v2/onboard/logout", "POST"},
-		{"config", "/v2/config/logs/purge", "DELETE"},
-		{"organisation_admin", "/v2/config/logs/purge", "DELETE"},
+		{"organisation_admin", "/config/policy", "POST"},
+		{"organisation_admin", "/config/policy/{policyId}", "(GET)|(PUT)|(DELETE)"},
+		{"organisation_admin", "/config/policy/{policyId}/revisions", "GET"},
+		{"organisation_admin", "/config/policies", "GET"},
+		{"organisation_admin", "/config/data-agreement/{dataAgreementId}", "(GET)|(PUT)|(DELETE)"},
+		{"organisation_admin", "/config/data-agreement", "POST"},
+		{"organisation_admin", "/config/data-agreements", "GET"},
+		{"organisation_admin", "/config/data-agreement/{dataAgreementId}/revisions", "GET"},
+		{"organisation_admin", "/config/data-agreement/{dataAgreementId}/revision/{revisionId}", "GET"},
+		{"organisation_admin", "/config/data-agreement/{dataAgreementId}/data-attributes", "GET"},
+		{"organisation_admin", "/config/data-agreements/data-attribute", "POST"},
+		{"organisation_admin", "/config/data-agreements/data-attribute/{dataAttributeId}", "(GET)|(PUT)|(DELETE)"},
+		{"organisation_admin", "/config/data-agreements/data-attribute/{dataAttributeId}/revisions", "GET"},
+		{"organisation_admin", "/config/data-agreements/data-attributes", "GET"},
+		{"organisation_admin", "/config/webhooks/event-types", "GET"},
+		{"organisation_admin", "/config/webhooks/payload/content-types", "GET"},
+		{"organisation_admin", "/config/webhooks", "GET"},
+		{"organisation_admin", "/config/webhook", "POST"},
+		{"organisation_admin", "/config/webhook/{webhookId}", "(GET)|(PUT)|(DELETE)"},
+		{"organisation_admin", "/config/webhook/{webhookId}/ping", "POST"},
+		{"organisation_admin", "/config/webhooks/{webhookId}/deliveries", "GET"},
+		{"organisation_admin", "/config/webhooks/{webhookId}/delivery/{deliveryId}", "GET"},
+		{"organisation_admin", "/config/webhooks/{webhookId}/delivery/{deliveryId}/redeliver", "POST"},
+		{"organisation_admin", "/config/idp/open-id", "POST"},
+		{"organisation_admin", "/config/idp/open-ids", "GET"},
+		{"organisation_admin", "/config/idp/open-id/{idpId}", "(GET)|(PUT)|(DELETE)"},
+		{"organisation_admin", "/config/individuals", "GET"},
+		{"organisation_admin", "/config/individual", "POST"},
+		{"organisation_admin", "/config/individual/{individualId}", "(GET)|(PUT)"},
+		{"organisation_admin", "/config/admin/apikey", "POST"},
+		{"organisation_admin", "/config/admin/apikey/{apiKeyId}", "(PUT)|(DELETE)"},
+		{"organisation_admin", "/config/admin/apikeys", "GET"},
+		{"user", "/service/data-agreements", "GET"},
+		{"user", "/service/data-agreement/{dataAgreementId}", "GET"},
+		{"user", "/service/data-agreement/{dataAgreementId}/data-attributes", "GET"},
+		{"user", "/service/policy/{policyId}", "GET"},
+		{"user", "/service/verification/data-agreements", "GET"},
+		{"user", "/service/verification/consent-record/{consentRecordId}", "GET"},
+		{"user", "/service/verification/consent-records", "GET"},
+		{"user", "/service/individual/record/consent-record/draft", "POST"},
+		{"user", "/service/individual/record/data-agreement/{dataAgreementId}", "(GET)|(POST)"},
+		{"user", "/service/individual/record/consent-record/{consentRecordId}", "PUT"},
+		{"user", "/service/individual/record/consent-record", "(GET)|(POST)"},
+		{"user", "/service/individual/record/consent-record/{consentRecordId}/signature", "(POST)|(PUT)"},
+		{"user", "/service/individual/record/data-agreement/{dataAgreementId}/all", "GET"},
+		{"organisation_admin", "/audit/consent-records", "GET"},
+		{"organisation_admin", "/audit/consent-record/{consentRecordId}", "GET"},
+		{"organisation_admin", "/audit/data-agreements", "GET"},
+		{"organisation_admin", "/audit/data-agreement/{dataAgreementId}", "GET"},
+		{"organisation_admin", "/audit/admin/logs", "GET"},
+		{"organisation_admin", "/onboard/organisation", "(GET)|(PUT)"},
+		{"organisation_admin", "/onboard/organisation/coverimage", "(GET)|(POST)"},
+		{"organisation_admin", "/onboard/organisation/logoimage", "(GET)|(POST)"},
+		{"user", "/onboard/organisation", "GET"},
+		{"user", "/onboard/organisation/coverimage", "GET"},
+		{"user", "/onboard/organisation/logoimage", "GET"},
+		{"organisation_admin", "/onboard/password/reset", "PUT"},
+		{"organisation_admin", "/onboard/admin", "(GET)|(PUT)"},
+		{"organisation_admin", "/onboard/admin/avatarimage", "(GET)|(PUT)"},
+		{"organisation_admin", "/config/individual/upload", "POST"},
+		{"organisation_admin", "/config/privacy-dashboard", "GET"},
+		{"organisation_admin", "/onboard/status", "GET"},
+		{"user", "/onboard/password/reset", "PUT"},
+		{"user", "/service/individual/record/consent-record/history", "GET"},
+		{"user", "/service/idp/open-id", "GET"},
+		{"user", "/service/organisation", "GET"},
+		{"user", "/service/organisation/coverimage", "GET"},
+		{"user", "/service/organisation/logoimage", "GET"},
+		{"user", "/service/individuals", "GET"},
+		{"user", "/service/individual", "POST"},
+		{"user", "/service/individual/{individualId}", "(GET)|(PUT)"},
+		{"user", "/service/image/{imageId}", "GET"},
+		{"user", "/service/individual/record", "DELETE"},
+		{"user", "/onboard/logout", "POST"},
+		{"organisation_admin", "/onboard/logout", "POST"},
+		{"audit", "/audit/consent-records", "GET"},
+		{"audit", "/audit/consent-record/{consentRecordId}", "GET"},
+		{"audit", "/audit/data-agreements", "GET"},
+		{"audit", "/audit/data-agreement/{dataAgreementId}", "GET"},
+		{"audit", "/audit/admin/logs", "GET"},
+		{"config", "/config/policy", "POST"},
+		{"config", "/config/policy/{policyId}", "(GET)|(PUT)|(DELETE)"},
+		{"config", "/config/policy/{policyId}/revisions", "GET"},
+		{"config", "/config/policies", "GET"},
+		{"config", "/config/data-agreement/{dataAgreementId}", "(GET)|(PUT)|(DELETE)"},
+		{"config", "/config/data-agreement", "POST"},
+		{"config", "/config/data-agreements", "GET"},
+		{"config", "/config/data-agreement/{dataAgreementId}/revisions", "GET"},
+		{"config", "/config/data-agreement/{dataAgreementId}/revision/{revisionId}", "GET"},
+		{"config", "/config/data-agreement/{dataAgreementId}/data-attributes", "GET"},
+		{"config", "/config/data-agreements/data-attribute/{dataAttributeId}", "PUT"},
+		{"config", "/config/data-agreements/data-attributes", "GET"},
+		{"config", "/config/webhooks/event-types", "GET"},
+		{"config", "/config/webhooks/payload/content-types", "GET"},
+		{"config", "/config/webhooks", "GET"},
+		{"config", "/config/webhook", "POST"},
+		{"config", "/config/webhook/{webhookId}", "(GET)|(PUT)|(DELETE)"},
+		{"config", "/config/webhook/{webhookId}/ping", "POST"},
+		{"config", "/config/webhooks/{webhookId}/deliveries", "GET"},
+		{"config", "/config/webhooks/{webhookId}/delivery/{deliveryId}", "GET"},
+		{"config", "/config/webhooks/{webhookId}/delivery/{deliveryId}/redeliver", "POST"},
+		{"config", "/config/idp/open-id", "POST"},
+		{"config", "/config/idp/open-ids", "GET"},
+		{"config", "/config/idp/open-id/{idpId}", "(GET)|(PUT)|(DELETE)"},
+		{"config", "/config/individuals", "GET"},
+		{"config", "/config/individual", "POST"},
+		{"config", "/config/individual/{individualId}", "(GET)|(PUT)"},
+		{"config", "/config/admin/apikey", "POST"},
+		{"config", "/config/admin/apikey/{apiKeyId}", "(PUT)|(DELETE)"},
+		{"config", "/config/admin/apikeys", "GET"},
+		{"service", "/service/data-agreements", "GET"},
+		{"service", "/service/data-agreement/{dataAgreementId}", "GET"},
+		{"service", "/service/data-agreement/{dataAgreementId}/data-attributes", "GET"},
+		{"service", "/service/policy/{policyId}", "GET"},
+		{"service", "/service/verification/data-agreements", "GET"},
+		{"service", "/service/verification/consent-record/{consentRecordId}", "GET"},
+		{"service", "/service/verification/consent-records", "GET"},
+		{"service", "/service/individual/record/consent-record/draft", "POST"},
+		{"service", "/service/individual/record/data-agreement/{dataAgreementId}", "(GET)|(POST)"},
+		{"service", "/service/individual/record/consent-record/{consentRecordId}", "PUT"},
+		{"service", "/service/individual/record/consent-record", "(GET)|(POST)"},
+		{"service", "/service/individual/record/consent-record/{consentRecordId}/signature", "(POST)|(PUT)"},
+		{"service", "/service/individual/record/data-agreement/{dataAgreementId}/all", "GET"},
+		{"service", "/service/individual/record/consent-record/history", "GET"},
+		{"service", "/service/idp/open-id", "GET"},
+		{"service", "/service/organisation", "GET"},
+		{"service", "/service/organisation/coverimage", "GET"},
+		{"service", "/service/organisation/logoimage", "GET"},
+		{"service", "/service/individuals", "GET"},
+		{"service", "/service/individual", "POST"},
+		{"service", "/service/individual/{individualId}", "(GET)|(PUT)"},
+		{"service", "/service/image/{imageId}", "GET"},
+		{"service", "/service/individual/record", "DELETE"},
+		{"onboard", "/onboard/organisation", "(GET)|(PUT)"},
+		{"onboard", "/onboard/organisation/coverimage", "(GET)|(POST)"},
+		{"onboard", "/onboard/organisation/logoimage", "(GET)|(POST)"},
+		{"onboard", "/onboard/organisation", "GET"},
+		{"onboard", "/onboard/password/reset", "PUT"},
+		{"onboard", "/onboard/admin", "(GET)|(PUT)"},
+		{"onboard", "/onboard/admin/avatarimage", "(GET)|(PUT)"},
+		{"onboard", "/onboard/status", "GET"},
+		{"onboard", "/onboard/logout", "POST"},
+		{"config", "/config/logs/purge", "DELETE"},
+		{"organisation_admin", "/config/logs/purge", "DELETE"},
+	}
+
+	for _, policy := range policies {
+		if !testMode {
+			policy[1] = "/v2" + policy[1] + "/" // Prefix with '/v2' and suffix with '/' if testmode is false
+		}
 	}
 
 	return policies