fix: update custom stt/tss url

change property names for custom speech
add support for custom speech api
2026-01-25 02:08:24 +00:00 · 2023-03-05 06:33:25 +07:00 · 2023-03-02 15:28:25 -05:00 · 2023-03-02 14:04:03 -05:00 · 2023-02-26 11:31:39 -05:00 · 2023-02-24 10:05:14 -05:00
61 changed files with 9052 additions and 3460 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,17 +1,15 @@
 name: CI

-on:
-  push:
-  workflow_dispatch:
+on: [push, pull_request, workflow_dispatch]

 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
        with:
-          node-version: 14
+          node-version: lts/*
      - run: npm install
      - run: npm run jslint
      - run: npm test
--- a/.github/workflows/docker-publish-dbcreate.yml
+++ b/.github/workflows/docker-publish-dbcreate.yml
@@ -20,7 +20,7 @@ jobs:
    if: github.event_name == 'push'

    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3

      - name: Build image
        run: docker build . --file Dockerfile.db-create --tag $IMAGE_NAME
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -20,7 +20,7 @@ jobs:
    if: github.event_name == 'push'

    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3

      - name: Build image
        run: docker build . --file Dockerfile --tag $IMAGE_NAME
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 # Logs
 logs
 *.log
+run-tests.sh

 # Runtime data
 pids
--- a/25
+++ b/25
@@ -1,10 +1,23 @@
-FROM node:17
+FROM --platform=linux/amd64 node:18.14.1-alpine3.16 as base
+
+RUN apk --update --no-cache add --virtual .builds-deps build-base python3
+
 WORKDIR /opt/app/
-COPY package.json ./
-RUN npm install
-RUN npm prune
-COPY . /opt/app
+
+FROM base as build
+
+COPY package.json package-lock.json ./
+
+RUN npm ci
+
+COPY . .
+
+FROM base
+
+COPY --from=build /opt/app /opt/app/
+
 ARG NODE_ENV
+
 ENV NODE_ENV $NODE_ENV

-CMD [ "npm", "start" ]
+CMD [ "node", "app.js" ]
--- a/Dockerfile.db-create
+++ b/Dockerfile.db-create
@@ -1,10 +1,23 @@
-FROM node:17
+FROM --platform=linux/amd64 node:18.14.1-alpine3.16 as base
+
+RUN apk --update --no-cache add --virtual .builds-deps build-base python3
+
 WORKDIR /opt/app/
-COPY package.json ./
-RUN npm install
-RUN npm prune
-COPY . /opt/app
+
+FROM base as build
+
+COPY package.json package-lock.json ./
+
+RUN npm ci
+
+COPY . .
+
+FROM base
+
+COPY --from=build /opt/app /opt/app/
+
 ARG NODE_ENV
+
 ENV NODE_ENV $NODE_ENV

 CMD [ "npm", "run", "upgrade-db" ]
--- a/app.js
+++ b/app.js
@@ -21,7 +21,15 @@ assert.ok(process.env.JAMBONES_MYSQL_HOST &&
  process.env.JAMBONES_MYSQL_DATABASE, 'missing JAMBONES_MYSQL_XXX env vars');
 assert.ok(process.env.JAMBONES_REDIS_HOST, 'missing JAMBONES_REDIS_HOST env var');
 assert.ok(process.env.JAMBONES_TIME_SERIES_HOST, 'missing JAMBONES_TIME_SERIES_HOST env var');
-const {queryCdrs, queryAlerts, writeCdrs, writeAlerts, AlertType} = require('@jambonz/time-series')(
+const {
+  queryCdrs,
+  queryCdrsSP,
+  queryAlerts,
+  queryAlertsSP,
+  writeCdrs,
+  writeAlerts,
+  AlertType
+} = require('@jambonz/time-series')(
  logger, process.env.JAMBONES_TIME_SERIES_HOST
 );
 const {
@@ -32,7 +40,8 @@ const {
  retrieveSet,
  addKey,
  retrieveKey,
-  deleteKey
+  deleteKey,
+  getTtsVoices
 } = require('@jambonz/realtimedb-helpers')({
  host: process.env.JAMBONES_REDIS_HOST || 'localhost',
  port: process.env.JAMBONES_REDIS_PORT || 6379
@@ -70,6 +79,7 @@ app.locals = {
  addKey,
  retrieveKey,
  deleteKey,
+  getTtsVoices,
  lookupAppBySid,
  lookupAccountBySid,
  lookupAccountByPhoneNumber,
@@ -78,7 +88,9 @@ app.locals = {
  lookupSipGatewayBySid,
  lookupSmppGatewayBySid,
  queryCdrs,
+  queryCdrsSP,
  queryAlerts,
+  queryAlertsSP,
  writeCdrs,
  writeAlerts,
  AlertType
@@ -98,6 +110,17 @@ const limiter = rateLimit({
  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
 });

+if (process.env.JAMBONES_TRUST_PROXY) {
+  const proxyCount = parseInt(process.env.JAMBONES_TRUST_PROXY);
+  if (!isNaN(proxyCount) && proxyCount > 0) {
+    logger.info(`setting trust proxy to ${proxyCount} and mounting endpoint /ip`);
+    app.set('trust proxy', proxyCount);
+    app.get('/ip', (req, res) => {
+      logger.info({headers: req.headers}, 'received GET /ip');
+      res.send(req.ip);
+    });
+  }
+}
 app.use(limiter);
 app.use(helmet());
 app.use(helmet.hidePoweredBy());
--- a/db/add-predefined-carriers.sql
+++ b/db/add-predefined-carriers.sql
@@ -45,8 +45,6 @@ VALUES
 ('91cb050f-9826-4ac9-b736-84a10372a9fe', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.139.77', 32, 5060, 1, 0),
 ('58700fad-98bf-4d31-b61e-888c54911b35', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.140.77', 32, 5060, 1, 0),
 ('d020fd9e-7fdb-4bca-ae0d-e61b38142873', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.142.77', 32, 5060, 1, 0),
-('441fd2e7-c845-459c-963d-6e917063ed9a', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.141.77', 32, 5060, 1, 0),
-('1e0d3e80-9973-4184-9bec-07ae564f983f', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.143.77', 32, 5060, 1, 0),
-('e56ec745-5f37-443f-afb4-7bbda31ae7ac', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.140.34', 32, 5060, 1, 0),
-('e7447e7e-2c7d-4738-ab53-097c187236ff', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.143.66', 32, 5060, 1, 0),
+('38d8520a-527f-4f8e-8456-f9dfca742561', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '172.86.225.77', 32, 5060, 1, 0),
+('834f8b0c-d4c2-4f3e-93d9-cf307995eedd', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '172.86.225.88', 32, 5060, 1, 0),
 ('5f431d42-48e4-44ce-a311-d946f0b475b6', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', 'out.simwood.com', 32, 5060, 0, 1);
--- a/db/jambones-sql.sql
+++ b/db/jambones-sql.sql
@@ -4,6 +4,8 @@ SET FOREIGN_KEY_CHECKS=0;

 DROP TABLE IF EXISTS account_static_ips;

+DROP TABLE IF EXISTS account_limits;
+
 DROP TABLE IF EXISTS account_products;

 DROP TABLE IF EXISTS account_subscriptions;
@@ -18,6 +20,12 @@ DROP TABLE IF EXISTS lcr_carrier_set_entry;

 DROP TABLE IF EXISTS lcr_routes;

+DROP TABLE IF EXISTS password_settings;
+
+DROP TABLE IF EXISTS user_permissions;
+
+DROP TABLE IF EXISTS permissions;
+
 DROP TABLE IF EXISTS predefined_sip_gateways;

 DROP TABLE IF EXISTS predefined_smpp_gateways;
@@ -36,6 +44,8 @@ DROP TABLE IF EXISTS sbc_addresses;

 DROP TABLE IF EXISTS ms_teams_tenants;

+DROP TABLE IF EXISTS service_provider_limits;
+
 DROP TABLE IF EXISTS signup_history;

 DROP TABLE IF EXISTS smpp_addresses;
@@ -69,6 +79,15 @@ private_ipv4 VARBINARY(16) NOT NULL UNIQUE ,
 PRIMARY KEY (account_static_ip_sid)
 );

+CREATE TABLE account_limits
+(
+account_limits_sid CHAR(36) NOT NULL UNIQUE ,
+account_sid CHAR(36) NOT NULL,
+category ENUM('api_rate','voice_call_session', 'device','voice_call_minutes','voice_call_session_license', 'voice_call_minutes_license') NOT NULL,
+quantity INTEGER NOT NULL,
+PRIMARY KEY (account_limits_sid)
+);
+
 CREATE TABLE account_subscriptions
 (
 account_subscription_sid CHAR(36) NOT NULL UNIQUE ,
@@ -123,6 +142,21 @@ priority INTEGER NOT NULL UNIQUE  COMMENT 'lower priority routes are attempted f
 PRIMARY KEY (lcr_route_sid)
 ) COMMENT='Least cost routing table';

+CREATE TABLE password_settings
+(
+min_password_length INTEGER NOT NULL DEFAULT 8,
+require_digit BOOLEAN NOT NULL DEFAULT false,
+require_special_character BOOLEAN NOT NULL DEFAULT false
+);
+
+CREATE TABLE permissions
+(
+permission_sid CHAR(36) NOT NULL UNIQUE ,
+name VARCHAR(32) NOT NULL UNIQUE ,
+description VARCHAR(255),
+PRIMARY KEY (permission_sid)
+);
+
 CREATE TABLE predefined_carriers
 (
 predefined_carrier_sid CHAR(36) NOT NULL UNIQUE ,
@@ -228,6 +262,15 @@ tenant_fqdn VARCHAR(255) NOT NULL UNIQUE ,
 PRIMARY KEY (ms_teams_tenant_sid)
 ) COMMENT='A Microsoft Teams customer tenant';

+CREATE TABLE service_provider_limits
+(
+service_provider_limits_sid CHAR(36) NOT NULL UNIQUE ,
+service_provider_sid CHAR(36) NOT NULL,
+category ENUM('api_rate','voice_call_session', 'device','voice_call_minutes','voice_call_session_license', 'voice_call_minutes_license') NOT NULL,
+quantity INTEGER NOT NULL,
+PRIMARY KEY (service_provider_limits_sid)
+);
+
 CREATE TABLE signup_history
 (
 email VARCHAR(255) NOT NULL,
@@ -283,6 +326,7 @@ email_activation_code VARCHAR(16),
 email_validated BOOLEAN NOT NULL DEFAULT false,
 phone_validated BOOLEAN NOT NULL DEFAULT false,
 email_content_opt_out BOOLEAN NOT NULL DEFAULT false,
+is_active BOOLEAN NOT NULL DEFAULT true,
 PRIMARY KEY (user_sid)
 );

@@ -310,9 +354,20 @@ smpp_password VARCHAR(64),
 smpp_enquire_link_interval INTEGER DEFAULT 0,
 smpp_inbound_system_id VARCHAR(255),
 smpp_inbound_password VARCHAR(64),
+register_from_user VARCHAR(128),
+register_from_domain VARCHAR(255),
+register_public_ip_in_contact BOOLEAN NOT NULL DEFAULT false,
 PRIMARY KEY (voip_carrier_sid)
 ) COMMENT='A Carrier or customer PBX that can send or receive calls';

+CREATE TABLE user_permissions
+(
+user_permissions_sid CHAR(36) NOT NULL UNIQUE ,
+user_sid CHAR(36) NOT NULL,
+permission_sid CHAR(36) NOT NULL,
+PRIMARY KEY (user_permissions_sid)
+);
+
 CREATE TABLE smpp_gateways
 (
 smpp_gateway_sid CHAR(36) NOT NULL UNIQUE ,
@@ -330,7 +385,7 @@ PRIMARY KEY (smpp_gateway_sid)
 CREATE TABLE phone_numbers
 (
 phone_number_sid CHAR(36) UNIQUE ,
-number VARCHAR(32) NOT NULL UNIQUE ,
+number VARCHAR(132) NOT NULL UNIQUE ,
 voip_carrier_sid CHAR(36),
 account_sid CHAR(36),
 application_sid CHAR(36),
@@ -365,7 +420,7 @@ CREATE TABLE webhooks
 (
 webhook_sid CHAR(36) NOT NULL UNIQUE ,
 url VARCHAR(1024) NOT NULL,
-method ENUM("GET","POST","WS") NOT NULL DEFAULT 'POST',
+method ENUM("GET","POST") NOT NULL DEFAULT 'POST',
 username VARCHAR(255),
 password VARCHAR(255),
 PRIMARY KEY (webhook_sid)
@@ -380,6 +435,7 @@ account_sid CHAR(36) COMMENT 'account that this application belongs to (if null,
 call_hook_sid CHAR(36) COMMENT 'webhook to call for inbound calls ',
 call_status_hook_sid CHAR(36) COMMENT 'webhook to call for call status events',
 messaging_hook_sid CHAR(36) COMMENT 'webhook to call for inbound SMS/MMS ',
+app_json TEXT,
 speech_synthesis_vendor VARCHAR(64) NOT NULL DEFAULT 'google',
 speech_synthesis_language VARCHAR(12) NOT NULL DEFAULT 'en-US',
 speech_synthesis_voice VARCHAR(64),
@@ -422,6 +478,7 @@ subspace_client_id VARCHAR(255),
 subspace_client_secret VARCHAR(255),
 subspace_sip_teleport_id VARCHAR(255),
 subspace_sip_teleport_destinations VARCHAR(255),
+siprec_hook_sid CHAR(36),
 PRIMARY KEY (account_sid)
 ) COMMENT='An enterprise that uses the platform for comm services';

@@ -429,19 +486,23 @@ CREATE INDEX account_static_ip_sid_idx ON account_static_ips (account_static_ip_
 CREATE INDEX account_sid_idx ON account_static_ips (account_sid);
 ALTER TABLE account_static_ips ADD FOREIGN KEY account_sid_idxfk (account_sid) REFERENCES accounts (account_sid);

+CREATE INDEX account_sid_idx ON account_limits (account_sid);
+ALTER TABLE account_limits ADD FOREIGN KEY account_sid_idxfk_1 (account_sid) REFERENCES accounts (account_sid) ON DELETE CASCADE;
+
 CREATE INDEX account_subscription_sid_idx ON account_subscriptions (account_subscription_sid);
 CREATE INDEX account_sid_idx ON account_subscriptions (account_sid);
-ALTER TABLE account_subscriptions ADD FOREIGN KEY account_sid_idxfk_1 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE account_subscriptions ADD FOREIGN KEY account_sid_idxfk_2 (account_sid) REFERENCES accounts (account_sid);

 CREATE INDEX invite_code_idx ON beta_invite_codes (invite_code);
 CREATE INDEX call_route_sid_idx ON call_routes (call_route_sid);
-ALTER TABLE call_routes ADD FOREIGN KEY account_sid_idxfk_2 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE call_routes ADD FOREIGN KEY account_sid_idxfk_3 (account_sid) REFERENCES accounts (account_sid);

 ALTER TABLE call_routes ADD FOREIGN KEY application_sid_idxfk (application_sid) REFERENCES applications (application_sid);

 CREATE INDEX dns_record_sid_idx ON dns_records (dns_record_sid);
-ALTER TABLE dns_records ADD FOREIGN KEY account_sid_idxfk_3 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE dns_records ADD FOREIGN KEY account_sid_idxfk_4 (account_sid) REFERENCES accounts (account_sid);

+CREATE INDEX permission_sid_idx ON permissions (permission_sid);
 CREATE INDEX predefined_carrier_sid_idx ON predefined_carriers (predefined_carrier_sid);
 CREATE INDEX predefined_sip_gateway_sid_idx ON predefined_sip_gateways (predefined_sip_gateway_sid);
 CREATE INDEX predefined_carrier_sid_idx ON predefined_sip_gateways (predefined_carrier_sid);
@@ -460,14 +521,14 @@ ALTER TABLE account_products ADD FOREIGN KEY product_sid_idxfk (product_sid) REF

 CREATE INDEX account_offer_sid_idx ON account_offers (account_offer_sid);
 CREATE INDEX account_sid_idx ON account_offers (account_sid);
-ALTER TABLE account_offers ADD FOREIGN KEY account_sid_idxfk_4 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE account_offers ADD FOREIGN KEY account_sid_idxfk_5 (account_sid) REFERENCES accounts (account_sid);

 CREATE INDEX product_sid_idx ON account_offers (product_sid);
 ALTER TABLE account_offers ADD FOREIGN KEY product_sid_idxfk_1 (product_sid) REFERENCES products (product_sid);

 CREATE INDEX api_key_sid_idx ON api_keys (api_key_sid);
 CREATE INDEX account_sid_idx ON api_keys (account_sid);
-ALTER TABLE api_keys ADD FOREIGN KEY account_sid_idxfk_5 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE api_keys ADD FOREIGN KEY account_sid_idxfk_6 (account_sid) REFERENCES accounts (account_sid);

 CREATE INDEX service_provider_sid_idx ON api_keys (service_provider_sid);
 ALTER TABLE api_keys ADD FOREIGN KEY service_provider_sid_idxfk (service_provider_sid) REFERENCES service_providers (service_provider_sid);
@@ -481,44 +542,53 @@ ALTER TABLE sbc_addresses ADD FOREIGN KEY service_provider_sid_idxfk_1 (service_
 CREATE INDEX ms_teams_tenant_sid_idx ON ms_teams_tenants (ms_teams_tenant_sid);
 ALTER TABLE ms_teams_tenants ADD FOREIGN KEY service_provider_sid_idxfk_2 (service_provider_sid) REFERENCES service_providers (service_provider_sid);

-ALTER TABLE ms_teams_tenants ADD FOREIGN KEY account_sid_idxfk_6 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE ms_teams_tenants ADD FOREIGN KEY account_sid_idxfk_7 (account_sid) REFERENCES accounts (account_sid);

 ALTER TABLE ms_teams_tenants ADD FOREIGN KEY application_sid_idxfk_1 (application_sid) REFERENCES applications (application_sid);

 CREATE INDEX tenant_fqdn_idx ON ms_teams_tenants (tenant_fqdn);
+CREATE INDEX service_provider_sid_idx ON service_provider_limits (service_provider_sid);
+ALTER TABLE service_provider_limits ADD FOREIGN KEY service_provider_sid_idxfk_3 (service_provider_sid) REFERENCES service_providers (service_provider_sid) ON DELETE CASCADE;
+
 CREATE INDEX email_idx ON signup_history (email);
 CREATE INDEX smpp_address_sid_idx ON smpp_addresses (smpp_address_sid);
 CREATE INDEX service_provider_sid_idx ON smpp_addresses (service_provider_sid);
-ALTER TABLE smpp_addresses ADD FOREIGN KEY service_provider_sid_idxfk_3 (service_provider_sid) REFERENCES service_providers (service_provider_sid);
+ALTER TABLE smpp_addresses ADD FOREIGN KEY service_provider_sid_idxfk_4 (service_provider_sid) REFERENCES service_providers (service_provider_sid);

 CREATE UNIQUE INDEX speech_credentials_idx_1 ON speech_credentials (vendor,account_sid);

 CREATE INDEX speech_credential_sid_idx ON speech_credentials (speech_credential_sid);
 CREATE INDEX service_provider_sid_idx ON speech_credentials (service_provider_sid);
-ALTER TABLE speech_credentials ADD FOREIGN KEY service_provider_sid_idxfk_4 (service_provider_sid) REFERENCES service_providers (service_provider_sid);
+ALTER TABLE speech_credentials ADD FOREIGN KEY service_provider_sid_idxfk_5 (service_provider_sid) REFERENCES service_providers (service_provider_sid);

 CREATE INDEX account_sid_idx ON speech_credentials (account_sid);
-ALTER TABLE speech_credentials ADD FOREIGN KEY account_sid_idxfk_7 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE speech_credentials ADD FOREIGN KEY account_sid_idxfk_8 (account_sid) REFERENCES accounts (account_sid);

 CREATE INDEX user_sid_idx ON users (user_sid);
 CREATE INDEX email_idx ON users (email);
 CREATE INDEX phone_idx ON users (phone);
 CREATE INDEX account_sid_idx ON users (account_sid);
-ALTER TABLE users ADD FOREIGN KEY account_sid_idxfk_8 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE users ADD FOREIGN KEY account_sid_idxfk_9 (account_sid) REFERENCES accounts (account_sid);

 CREATE INDEX service_provider_sid_idx ON users (service_provider_sid);
-ALTER TABLE users ADD FOREIGN KEY service_provider_sid_idxfk_5 (service_provider_sid) REFERENCES service_providers (service_provider_sid);
+ALTER TABLE users ADD FOREIGN KEY service_provider_sid_idxfk_6 (service_provider_sid) REFERENCES service_providers (service_provider_sid);

 CREATE INDEX email_activation_code_idx ON users (email_activation_code);
 CREATE INDEX voip_carrier_sid_idx ON voip_carriers (voip_carrier_sid);
 CREATE INDEX account_sid_idx ON voip_carriers (account_sid);
-ALTER TABLE voip_carriers ADD FOREIGN KEY account_sid_idxfk_9 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE voip_carriers ADD FOREIGN KEY account_sid_idxfk_10 (account_sid) REFERENCES accounts (account_sid);

 CREATE INDEX service_provider_sid_idx ON voip_carriers (service_provider_sid);
-ALTER TABLE voip_carriers ADD FOREIGN KEY service_provider_sid_idxfk_6 (service_provider_sid) REFERENCES service_providers (service_provider_sid);
+ALTER TABLE voip_carriers ADD FOREIGN KEY service_provider_sid_idxfk_7 (service_provider_sid) REFERENCES service_providers (service_provider_sid);

 ALTER TABLE voip_carriers ADD FOREIGN KEY application_sid_idxfk_2 (application_sid) REFERENCES applications (application_sid);

+CREATE INDEX user_permissions_sid_idx ON user_permissions (user_permissions_sid);
+CREATE INDEX user_sid_idx ON user_permissions (user_sid);
+ALTER TABLE user_permissions ADD FOREIGN KEY user_sid_idxfk (user_sid) REFERENCES users (user_sid) ON DELETE CASCADE;
+
+ALTER TABLE user_permissions ADD FOREIGN KEY permission_sid_idxfk (permission_sid) REFERENCES permissions (permission_sid);
+
 CREATE INDEX smpp_gateway_sid_idx ON smpp_gateways (smpp_gateway_sid);
 CREATE INDEX voip_carrier_sid_idx ON smpp_gateways (voip_carrier_sid);
 ALTER TABLE smpp_gateways ADD FOREIGN KEY voip_carrier_sid_idxfk (voip_carrier_sid) REFERENCES voip_carriers (voip_carrier_sid);
@@ -528,12 +598,12 @@ CREATE INDEX number_idx ON phone_numbers (number);
 CREATE INDEX voip_carrier_sid_idx ON phone_numbers (voip_carrier_sid);
 ALTER TABLE phone_numbers ADD FOREIGN KEY voip_carrier_sid_idxfk_1 (voip_carrier_sid) REFERENCES voip_carriers (voip_carrier_sid);

-ALTER TABLE phone_numbers ADD FOREIGN KEY account_sid_idxfk_10 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE phone_numbers ADD FOREIGN KEY account_sid_idxfk_11 (account_sid) REFERENCES accounts (account_sid);

 ALTER TABLE phone_numbers ADD FOREIGN KEY application_sid_idxfk_3 (application_sid) REFERENCES applications (application_sid);

 CREATE INDEX service_provider_sid_idx ON phone_numbers (service_provider_sid);
-ALTER TABLE phone_numbers ADD FOREIGN KEY service_provider_sid_idxfk_7 (service_provider_sid) REFERENCES service_providers (service_provider_sid);
+ALTER TABLE phone_numbers ADD FOREIGN KEY service_provider_sid_idxfk_8 (service_provider_sid) REFERENCES service_providers (service_provider_sid);

 CREATE INDEX sip_gateway_idx_hostport ON sip_gateways (ipv4,port);

@@ -549,10 +619,10 @@ CREATE UNIQUE INDEX applications_idx_name ON applications (account_sid,name);

 CREATE INDEX application_sid_idx ON applications (application_sid);
 CREATE INDEX service_provider_sid_idx ON applications (service_provider_sid);
-ALTER TABLE applications ADD FOREIGN KEY service_provider_sid_idxfk_8 (service_provider_sid) REFERENCES service_providers (service_provider_sid);
+ALTER TABLE applications ADD FOREIGN KEY service_provider_sid_idxfk_9 (service_provider_sid) REFERENCES service_providers (service_provider_sid);

 CREATE INDEX account_sid_idx ON applications (account_sid);
-ALTER TABLE applications ADD FOREIGN KEY account_sid_idxfk_11 (account_sid) REFERENCES accounts (account_sid);
+ALTER TABLE applications ADD FOREIGN KEY account_sid_idxfk_12 (account_sid) REFERENCES accounts (account_sid);

 ALTER TABLE applications ADD FOREIGN KEY call_hook_sid_idxfk (call_hook_sid) REFERENCES webhooks (webhook_sid);

@@ -568,7 +638,7 @@ ALTER TABLE service_providers ADD FOREIGN KEY registration_hook_sid_idxfk (regis
 CREATE INDEX account_sid_idx ON accounts (account_sid);
 CREATE INDEX sip_realm_idx ON accounts (sip_realm);
 CREATE INDEX service_provider_sid_idx ON accounts (service_provider_sid);
-ALTER TABLE accounts ADD FOREIGN KEY service_provider_sid_idxfk_9 (service_provider_sid) REFERENCES service_providers (service_provider_sid);
+ALTER TABLE accounts ADD FOREIGN KEY service_provider_sid_idxfk_10 (service_provider_sid) REFERENCES service_providers (service_provider_sid);

 ALTER TABLE accounts ADD FOREIGN KEY registration_hook_sid_idxfk_1 (registration_hook_sid) REFERENCES webhooks (webhook_sid);

@@ -576,4 +646,6 @@ ALTER TABLE accounts ADD FOREIGN KEY queue_event_hook_sid_idxfk (queue_event_hoo

 ALTER TABLE accounts ADD FOREIGN KEY device_calling_application_sid_idxfk (device_calling_application_sid) REFERENCES applications (application_sid);

-SET FOREIGN_KEY_CHECKS=0;
+ALTER TABLE accounts ADD FOREIGN KEY siprec_hook_sid_idxfk (siprec_hook_sid) REFERENCES applications (application_sid);
+
+SET FOREIGN_KEY_CHECKS=1;
--- a/db/jambones.sqs
+++ b/db/jambones.sqs
--- a/db/reset_admin_password.js
+++ b/db/reset_admin_password.js
@@ -12,6 +12,9 @@ values (?, ?)`;
 const sqlQueryAccount = 'SELECT * from accounts LEFT JOIN api_keys ON api_keys.account_sid = accounts.account_sid';
 const sqlAddAccountToken = `INSERT into api_keys (api_key_sid, token, account_sid) 
 VALUES (?, ?, ?)`;
+const sqlInsertPermissions = `
+INSERT into user_permissions (user_permissions_sid, user_sid, permission_sid) 
+VALUES (?,?,?)`;

 const password = process.env.JAMBONES_ADMIN_INITIAL_PASSWORD || 'admin';
 console.log(`reset_admin_password, initial admin password is ${password}`);
@@ -21,6 +24,7 @@ const doIt = async() => {
  const sid = uuidv4();
  await promisePool.execute('DELETE from users where name = "admin"');
  await promisePool.execute('DELETE from api_keys where account_sid is null and service_provider_sid is null');
+
  await promisePool.execute(sqlInsert,
    [
      sid,
@@ -34,6 +38,12 @@ const doIt = async() => {
  );
  await promisePool.execute(sqlInsertAdminToken, [uuidv4(), uuidv4()]);

+  /* assign all permissions to the admin user */
+  const [p] = await promisePool.query('SELECT * from permissions');
+  for (const perm of p) {
+    await promisePool.execute(sqlInsertPermissions, [uuidv4(), sid, perm.permission_sid]);
+  }
+
  /* create admin token for single account */
  const [r] = await promisePool.query({sql: sqlQueryAccount, nestTables: true});
  if (1 === r.length && r[0].api_keys.api_key_sid === null) {
--- a/db/seed-integration-test.sql
+++ b/db/seed-integration-test.sql
@@ -1,5 +1,12 @@
 SET FOREIGN_KEY_CHECKS=0;

+-- create standard permissions 
+insert into permissions (permission_sid, name, description)
+values 
+('ffbc342a-546a-11ed-bdc3-0242ac120002', 'VIEW_ONLY', 'Can view data but not make changes'),
+('ffbc3a10-546a-11ed-bdc3-0242ac120002', 'PROVISION_SERVICES', 'Can provision services'),
+('ffbc3c5e-546a-11ed-bdc3-0242ac120002', 'PROVISION_USERS', 'Can provision users');
+
 insert into sbc_addresses (sbc_address_sid, ipv4, port) 
 values('f6567ae1-bf97-49af-8931-ca014b689995', '52.55.111.178', 5060);
 insert into sbc_addresses (sbc_address_sid, ipv4, port) 
@@ -91,10 +98,8 @@ VALUES
 ('91cb050f-9826-4ac9-b736-84a10372a9fe', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.139.77', 32, 5060, 1, 0),
 ('58700fad-98bf-4d31-b61e-888c54911b35', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.140.77', 32, 5060, 1, 0),
 ('d020fd9e-7fdb-4bca-ae0d-e61b38142873', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.142.77', 32, 5060, 1, 0),
-('441fd2e7-c845-459c-963d-6e917063ed9a', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.141.77', 32, 5060, 1, 0),
-('1e0d3e80-9973-4184-9bec-07ae564f983f', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.143.77', 32, 5060, 1, 0),
-('e56ec745-5f37-443f-afb4-7bbda31ae7ac', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.140.34', 32, 5060, 1, 0),
-('e7447e7e-2c7d-4738-ab53-097c187236ff', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.143.66', 32, 5060, 1, 0),
+('38d8520a-527f-4f8e-8456-f9dfca742561', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '172.86.225.77', 32, 5060, 1, 0),
+('834f8b0c-d4c2-4f3e-93d9-cf307995eedd', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '172.86.225.88', 32, 5060, 1, 0),
 ('5f431d42-48e4-44ce-a311-d946f0b475b6', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', 'out.simwood.com', 32, 5060, 0, 1);


--- a/db/seed-production-database-open-source.sql
+++ b/db/seed-production-database-open-source.sql
@@ -1,5 +1,12 @@
 SET FOREIGN_KEY_CHECKS=0;

+-- create standard permissions 
+insert into permissions (permission_sid, name, description)
+values 
+('ffbc342a-546a-11ed-bdc3-0242ac120002', 'VIEW_ONLY', 'Can view data but not make changes'),
+('ffbc3a10-546a-11ed-bdc3-0242ac120002', 'PROVISION_SERVICES', 'Can provision services'),
+('ffbc3c5e-546a-11ed-bdc3-0242ac120002', 'PROVISION_USERS', 'Can provision users');
+
 -- create one service provider and account
 insert into api_keys (api_key_sid, token) 
 values ('3f35518f-5a0d-4c2e-90a5-2407bb3b36f0', '38700987-c7a4-4685-a5bb-af378f9734de');
@@ -61,6 +68,9 @@ VALUES
 ('d2ccfcb1-9198-4fe9-a0ca-6e49395837c4', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.172.60.0', 30, 5060, 1, 0),
 ('6b1d0032-4430-41f1-87c6-f22233d394ef', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.244.51.0', 30, 5060, 1, 0),
 ('0de40217-8bd5-4aa8-a9fd-1994282953c6', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.171.127.192', 30, 5060, 1, 0),
+('48b108e3-1ce7-4f18-a4cb-e41e63688bdf', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.171.127.193', 30, 5060, 1, 0),
+('d9131a69-fe44-4c2a-ba82-4adc81f628dd', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.171.127.194', 30, 5060, 1, 0),
+('34a6a311-4bd6-49ca-aa77-edd3cb92c6e1', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.171.127.195', 30, 5060, 1, 0),
 ('37bc0b20-b53c-4c31-95a6-f82b1c3713e3', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '35.156.191.128', 30, 5060, 1, 0),
 ('39791f4e-b612-4882-a37e-e92711a39f3f', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.65.63.192', 30, 5060, 1, 0),
 ('81a0c8cb-a33e-42da-8f20-99083da6f02f', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.252.254.64', 30, 5060, 1, 0),
@@ -85,10 +95,8 @@ VALUES
 ('91cb050f-9826-4ac9-b736-84a10372a9fe', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.139.77', 32, 5060, 1, 0),
 ('58700fad-98bf-4d31-b61e-888c54911b35', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.140.77', 32, 5060, 1, 0),
 ('d020fd9e-7fdb-4bca-ae0d-e61b38142873', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.142.77', 32, 5060, 1, 0),
-('441fd2e7-c845-459c-963d-6e917063ed9a', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.141.77', 32, 5060, 1, 0),
-('1e0d3e80-9973-4184-9bec-07ae564f983f', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.143.77', 32, 5060, 1, 0),
-('e56ec745-5f37-443f-afb4-7bbda31ae7ac', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.140.34', 32, 5060, 1, 0),
-('e7447e7e-2c7d-4738-ab53-097c187236ff', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.143.66', 32, 5060, 1, 0),
+('38d8520a-527f-4f8e-8456-f9dfca742561', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '172.86.225.77', 32, 5060, 1, 0),
+('834f8b0c-d4c2-4f3e-93d9-cf307995eedd', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '172.86.225.88', 32, 5060, 1, 0),
 ('5f431d42-48e4-44ce-a311-d946f0b475b6', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', 'out.simwood.com', 32, 5060, 0, 1);

 SET FOREIGN_KEY_CHECKS=1;
--- a/db/seed-production-database.sql
+++ b/db/seed-production-database.sql
@@ -1,6 +1,15 @@
+SET FOREIGN_KEY_CHECKS=0;
+
+-- create standard permissions 
+insert into permissions (permission_sid, name, description)
+values 
+('ffbc342a-546a-11ed-bdc3-0242ac120002', 'VIEW_ONLY', 'Can view data but not make changes'),
+('ffbc3a10-546a-11ed-bdc3-0242ac120002', 'PROVISION_SERVICES', 'Can provision services'),
+('ffbc3c5e-546a-11ed-bdc3-0242ac120002', 'PROVISION_USERS', 'Can provision users');
+
 -- create one service provider
 insert into service_providers (service_provider_sid, name, description, root_domain) 
-values ('2708b1b3-2736-40ea-b502-c53d8396247f', 'sip.jambonz.us', 'jambonz.us service provider', 'sip.jambonz.us');
+values ('2708b1b3-2736-40ea-b502-c53d8396247f', 'sip.jambonz.xyz', 'jambonz.xyz service provider', 'sip.jambonz.xyz');
 insert into api_keys (api_key_sid, token) 
 values ('3f35518f-5a0d-4c2e-90a5-2407bb3b36f0', '38700987-c7a4-4685-a5bb-af378f9734de');

@@ -16,9 +25,9 @@ insert into predefined_carriers (predefined_carrier_sid, name, requires_static_i
 requires_register, register_username, register_password, 
 register_sip_realm, tech_prefix, inbound_auth_username, inbound_auth_password, diversion)
 VALUES
+('17479288-bb9f-421a-89d1-f4ac57af1dca', 'TelecomsXChange', 0, 0, 0, NULL, NULL, NULL, 'your-tech-prefix', NULL, NULL, NULL),
 ('7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', 'Twilio', 0, 1, 0, '<your-twilio-credential-username>', '<your-twilio-credential-password>', NULL, NULL, NULL, NULL, NULL),
 ('032d90d5-39e8-41c0-b807-9c88cffba65c', 'Voxbone', 0, 1, 0, '<your-voxbone-outbound-username>', '<your-voxbone-outbound-password>', NULL, NULL, NULL, NULL, '<your-voxbone-DID>'),
-('17479288-bb9f-421a-89d1-f4ac57af1dca', 'TelecomsXChange', 0, 0, 0, NULL, NULL, NULL, 'your-tech-prefix', NULL, NULL, NULL),
 ('e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', 'Simwood', 0, 1, 0, '<your-simwood-auth-trunk-username>',  '<your-simwood-auth-trunk-password>', NULL, NULL, NULL, NULL, NULL);

 -- TelecomXchange gateways
@@ -63,9 +72,8 @@ VALUES
 ('91cb050f-9826-4ac9-b736-84a10372a9fe', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.139.77', 32, 5060, 1, 0),
 ('58700fad-98bf-4d31-b61e-888c54911b35', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.140.77', 32, 5060, 1, 0),
 ('d020fd9e-7fdb-4bca-ae0d-e61b38142873', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.142.77', 32, 5060, 1, 0),
-('441fd2e7-c845-459c-963d-6e917063ed9a', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.141.77', 32, 5060, 1, 0),
-('1e0d3e80-9973-4184-9bec-07ae564f983f', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.143.77', 32, 5060, 1, 0),
-('e56ec745-5f37-443f-afb4-7bbda31ae7ac', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.140.34', 32, 5060, 1, 0),
-('e7447e7e-2c7d-4738-ab53-097c187236ff', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.143.66', 32, 5060, 1, 0),
+('38d8520a-527f-4f8e-8456-f9dfca742561', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '172.86.225.77', 32, 5060, 1, 0),
+('834f8b0c-d4c2-4f3e-93d9-cf307995eedd', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '172.86.225.88', 32, 5060, 1, 0),
 ('5f431d42-48e4-44ce-a311-d946f0b475b6', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', 'out.simwood.com', 32, 5060, 0, 1);

+SET FOREIGN_KEY_CHECKS=1;
--- a/db/upgrade-jambonz-db.js
+++ b/db/upgrade-jambonz-db.js
@@ -1,4 +1,5 @@
 #!/usr/bin/env node
+/* eslint-disable max-len */
 const assert = require('assert');
 const mysql = require('mysql2/promise');
 const {readFile} = require('fs/promises');
@@ -22,6 +23,73 @@ const opts = {
  multipleStatements: true
 };

+const sql = {
+  '7006': [
+    'ALTER TABLE `accounts` ADD COLUMN `siprec_hook_sid` CHAR(36)',
+    'ALTER TABLE accounts ADD FOREIGN KEY siprec_hook_sid_idxfk (siprec_hook_sid) REFERENCES applications (application_sid)'
+  ],
+  '7007': [
+    `CREATE TABLE service_provider_limits 
+    (service_provider_limits_sid CHAR(36) NOT NULL UNIQUE,
+    service_provider_sid CHAR(36) NOT NULL,
+    category ENUM('api_rate','voice_call_session', 'device') NOT NULL,
+    quantity INTEGER NOT NULL,
+    PRIMARY KEY (service_provider_limits_sid)
+    )`,
+    `CREATE TABLE account_limits
+    (
+    account_limits_sid CHAR(36) NOT NULL UNIQUE ,
+    account_sid CHAR(36) NOT NULL,
+    category ENUM('api_rate','voice_call_session', 'device') NOT NULL,
+    quantity INTEGER NOT NULL,
+    PRIMARY KEY (account_limits_sid)
+    )`,
+    'CREATE INDEX service_provider_sid_idx ON service_provider_limits (service_provider_sid)',
+    `ALTER TABLE service_provider_limits 
+    ADD FOREIGN KEY service_provider_sid_idxfk_3 (service_provider_sid) 
+    REFERENCES service_providers (service_provider_sid) 
+    ON DELETE CASCADE`,
+    'CREATE INDEX account_sid_idx ON account_limits (account_sid)',
+    `ALTER TABLE account_limits 
+    ADD FOREIGN KEY account_sid_idxfk_2 (account_sid) 
+    REFERENCES accounts (account_sid) 
+    ON DELETE CASCADE`,
+    'ALTER TABLE `voip_carriers` ADD COLUMN `register_from_user` VARCHAR(128)',
+    'ALTER TABLE `voip_carriers` ADD COLUMN `register_from_domain` VARCHAR(256)',
+    'ALTER TABLE `voip_carriers` ADD COLUMN `register_public_ip_in_contact` BOOLEAN NOT NULL DEFAULT false'
+  ],
+  '8000': [
+    'ALTER TABLE `applications` ADD COLUMN `app_json` TEXT',
+    'ALTER TABLE voip_carriers CHANGE register_public_domain_in_contact register_public_ip_in_contact BOOLEAN',
+    'alter table phone_numbers modify number varchar(132) NOT NULL UNIQUE',
+    `CREATE TABLE permissions
+    (
+    permission_sid CHAR(36) NOT NULL UNIQUE ,
+    name VARCHAR(32) NOT NULL UNIQUE ,
+    description VARCHAR(255),
+    PRIMARY KEY (permission_sid)
+    )`,
+    `CREATE TABLE user_permissions
+    (
+    user_permissions_sid CHAR(36) NOT NULL UNIQUE ,
+    user_sid CHAR(36) NOT NULL,
+    permission_sid CHAR(36) NOT NULL,
+    PRIMARY KEY (user_permissions_sid)
+    )`,
+    `CREATE TABLE password_settings
+    (
+    min_password_length INTEGER NOT NULL DEFAULT 8,
+    require_digit BOOLEAN NOT NULL DEFAULT false,
+    require_special_character BOOLEAN NOT NULL DEFAULT false
+    )`,
+    'CREATE INDEX user_permissions_sid_idx ON user_permissions (user_permissions_sid)',
+    'CREATE INDEX user_sid_idx ON user_permissions (user_sid)',
+    'ALTER TABLE user_permissions ADD FOREIGN KEY user_sid_idxfk (user_sid) REFERENCES users (user_sid) ON DELETE CASCADE',
+    'ALTER TABLE user_permissions ADD FOREIGN KEY permission_sid_idxfk (permission_sid) REFERENCES permissions (permission_sid)',
+    'ALTER TABLE `users` ADD COLUMN `is_active` BOOLEAN NOT NULL default true',
+  ]
+};
+
 const doIt = async() => {
  let connection;
  try {
@@ -35,10 +103,34 @@ const doIt = async() => {
  try {
    /* does the schema exist at all ? */
    const [r] = await connection.execute('SELECT version from schema_version');
+    let errors = 0;
    if (r.length) {
-      //TODO: check against desired version and perform upgrades
-      logger.info(`current version is ${r[0].version}, no upgrade will be performed`);
+      const {version} = r[0];
+      const arr = /v?(\d+)\.(\d+)\.(\d+)/.exec(version);
+      if (arr) {
+        const upgrades = [];
+        logger.info(`performing schema migration: ${version} => ${desiredVersion}`);
+        const val = (1000 * arr[1]) + (100 * arr[2]) + arr[3];
+        logger.info(`current schema value: ${val}`);
+
+        if (val < 7006) upgrades.push(...sql['7006']);
+        if (val < 7007) upgrades.push(...sql['7007']);
+        if (val < 8000) upgrades.push(...sql['8000']);
+
+        // perform all upgrades
+        logger.info({upgrades}, 'applying schema upgrades..');
+        for (const upgrade of upgrades) {
+          try {
+            await connection.execute(upgrade);
+          } catch (err) {
+            errors++;
+            logger.info({statement:upgrade, err}, 'Error applying statement');
+          }
+        }
+      }
+      if (errors === 0) await connection.execute(`UPDATE schema_version SET version = '${desiredVersion}'`);
      await connection.end();
+      logger.info(`schema migration to ${desiredVersion} completed with ${errors} errors`);
      return;
    }
  } catch (err) {
@@ -70,5 +162,6 @@ const seedDatabase = async(connection) => {
  await connection.query(sql);
 };

+
 doIt();

--- a/db/webapp-tests.sql
+++ b/db/webapp-tests.sql
@@ -85,9 +85,6 @@ VALUES
 -- simwood gateways
 insert into predefined_sip_gateways (predefined_sip_gateway_sid, predefined_carrier_sid, ipv4, netmask, port, inbound, outbound)
 VALUES
-('91cb050f-9826-4ac9-b736-84a10372a9fe', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '149.91.14.0', 24, 5060, 1, 0),
-('58700fad-98bf-4d31-b61e-888c54911b35', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '154.51.137.96', 27, 5060, 1, 0),
-('d020fd9e-7fdb-4bca-ae0d-e61b38142873', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '78.40.245.160', 27, 5060, 1, 0),
 ('441fd2e7-c845-459c-963d-6e917063ed9a', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.136.24', 29, 5060, 1, 0),
 ('1e0d3e80-9973-4184-9bec-07ae564f983f', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.136.28', 28, 5060, 1, 0),
 ('e56ec745-5f37-443f-afb4-7bbda31ae7ac', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.140.48', 28, 5060, 1, 0),
@@ -98,7 +95,7 @@ VALUES
 ('b6ae6240-55ac-4c11-892f-a71b2155ea60', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.142.0', 26, 5060, 1, 0),
 ('5a976337-164b-408e-8748-d8bfb4bd5d76', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '185.63.143.0', 26, 5060, 1, 0),
 ('ed0434ca-7f26-4624-9523-0419d0d2924d', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '178.22.139.0', 26, 5060, 1, 0),
-('d1a594c2-c14f-4ead-b621-96129bc87886', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '172.86.224.0', 24, 5060, 1, 0),
+('6bfb55e5-e248-48dc-a104-4f3eedd7d7de', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', '172.86.225.0', 24, 5060, 1, 0),
 ('5f431d42-48e4-44ce-a311-d946f0b475b6', 'e6fb301a-1af0-4fb8-a1f6-f65530c6e1c6', 'out.simwood.com', 32, 5060, 0, 1);


--- a/lib/auth/index.js
+++ b/lib/auth/index.js
@@ -11,7 +11,7 @@ const sql = `
 function makeStrategy(logger, retrieveKey) {
  return new Strategy(
    async function(token, done) {
-      logger.debug(`validating with token ${token}`);
+      //logger.debug(`validating with token ${token}`);
      jwt.verify(token, process.env.JWT_SECRET, async(err, decoded) => {
        if (err) {
          if (err.name === 'TokenExpiredError') {
@@ -35,20 +35,21 @@ function makeStrategy(logger, retrieveKey) {
            debug(err);
            logger.info({err}, 'Error checking blacklist for jwt');
          }
-          const {user_sid, account_sid, email, name} = decoded;
-          //logger.debug({user_sid, account_sid}, 'successfully validated jwt');
-          const scope = ['account'];
+          const {user_sid, service_provider_sid, account_sid, email, name, scope, permissions} = decoded;
          const user = {
+            service_provider_sid,
            account_sid,
            user_sid,
            jwt: token,
            email,
            name,
-            hasScope: (s) => s === 'account',
-            hasAdminAuth: false,
-            hasServiceProviderAuth: false,
-            hasAccountAuth: true
+            permissions,
+            hasScope: (s) => s === scope,
+            hasAdminAuth: scope === 'admin',
+            hasServiceProviderAuth: scope === 'service_provider',
+            hasAccountAuth: scope === 'account'
          };
+          logger.debug({user}, 'successfully validated jwt');
          return done(null, user, {scope});
        }
      });
@@ -75,24 +76,28 @@ const checkApiTokens = (logger, token, done) => {
      }

      // found api key
-      const scope = [];
+      let scope;
+      //const scope = [];
      if (results[0].account_sid === null && results[0].service_provider_sid === null) {
-        scope.push.apply(scope, ['admin', 'service_provider', 'account']);
+        //scope.push.apply(scope, ['admin', 'service_provider', 'account']);
+        scope = 'admin';
      }
      else if (results[0].service_provider_sid) {
-        scope.push.apply(scope, ['service_provider', 'account']);
+        //scope.push.apply(scope, ['service_provider', 'account']);
+        scope = 'service_provider';
      }
      else {
-        scope.push('account');
+        //scope.push('account');
+        scope = 'account';
      }

      const user = {
        account_sid: results[0].account_sid,
        service_provider_sid: results[0].service_provider_sid,
-        hasScope: (s) => scope.includes(s),
-        hasAdminAuth: scope.length === 3,
-        hasServiceProviderAuth: scope.includes('service_provider'),
-        hasAccountAuth: scope.includes('account') && !scope.includes('service_provider')
+        hasScope: (s) => s === scope,
+        hasAdminAuth: scope === 'admin',
+        hasServiceProviderAuth: scope === 'service_provider',
+        hasAccountAuth: scope === 'account'
      };
      logger.info(user, `successfully validated with scope ${scope}`);
      return done(null, user, {scope});
--- a/lib/models/account-limits.js
+++ b/lib/models/account-limits.js
@@ -0,0 +1,41 @@
+const Model = require('./model');
+const {promisePool} = require('../db');
+const sql = 'SELECT * FROM account_limits WHERE account_sid = ?';
+
+class AccountLimits extends Model {
+  constructor() {
+    super();
+  }
+
+  static async retrieve(account_sid) {
+    const [rows] = await promisePool.query(sql, [account_sid]);
+    return rows;
+  }
+
+}
+
+AccountLimits.table = 'account_limits';
+AccountLimits.fields = [
+  {
+    name: 'account_limits_sid',
+    type: 'string',
+    primaryKey: true
+  },
+  {
+    name: 'account_sid',
+    type: 'string',
+    required: true
+  },
+  {
+    name: 'category',
+    type: 'string',
+    required: true
+  },
+  {
+    name: 'quantity',
+    type: 'number',
+    required: true
+  }
+];
+
+module.exports = AccountLimits;
--- a/lib/models/account.js
+++ b/lib/models/account.js
@@ -314,6 +314,10 @@ Account.fields = [
    name: 'subspace_sip_teleport_destinations',
    type: 'string',
  },
+  {
+    name: 'siprec_hook_sid',
+    type: 'string',
+  },
 ];

 module.exports = Account;
--- a/lib/models/api-key.js
+++ b/lib/models/api-key.js
@@ -27,6 +27,25 @@ class ApiKey extends Model {
    });
  }

+  /**
+  * list all api keys for a service provider
+  */
+  static retrieveAllForSP(service_provider_sid) {
+    const sql = 'SELECT * from api_keys WHERE service_provider_sid = ?';
+    const args = [service_provider_sid];
+
+    return new Promise((resolve, reject) => {
+      getMysqlConnection((err, conn) => {
+        if (err) return reject(err);
+        conn.query(sql, args, (err, results) => {
+          conn.release();
+          if (err) return reject(err);
+          resolve(results);
+        });
+      });
+    });
+  }
+
  /**
  * update last_used api key for an account
  */
--- a/lib/models/password-settings.js
+++ b/lib/models/password-settings.js
@@ -0,0 +1,70 @@
+const {promisePool} = require('../db');
+
+class PasswordSettings {
+
+  /**
+   * Retrieve object from database
+   */
+  static async retrieve() {
+    const [r] = await promisePool.execute(`SELECT * FROM ${this.table}`);
+    return r;
+  }
+
+  /**
+  * Update object into the database
+  */
+  static async update(obj) {
+    let sql = `UPDATE ${this.table} SET `;
+    const values = [];
+    const keys = Object.keys(obj);
+    this.fields.forEach(({name}) => {
+      if (keys.includes(name)) {
+        sql = sql + `${name} = ?,`;
+        values.push(obj[name]);
+      }
+    });
+    if (values.length) {
+      sql = sql.slice(0, -1);
+      await promisePool.execute(sql, values);
+    }
+  }
+
+  /**
+     * insert object into the database
+     */
+  static async make(obj) {
+    let params = '', marks = '';
+    const values = [];
+    const keys = Object.keys(obj);
+    this.fields.forEach(({name}) => {
+      if (keys.includes(name)) {
+        params = params + `${name},`;
+        marks = marks + '?,';
+        values.push(obj[name]);
+      }
+    });
+    if (values.length) {
+      params = `(${params.slice(0, -1)})`;
+      marks = `values(${marks.slice(0, -1)})`;
+      return await promisePool.execute(`INSERT into ${this.table} ${params} ${marks}`, values);
+    }
+  }
+}
+
+
+PasswordSettings.table = 'password_settings';
+PasswordSettings.fields = [
+  {
+    name: 'min_password_length',
+    type: 'number'
+  },
+  {
+    name: 'require_digit',
+    type: 'number'
+  },
+  {
+    name: 'require_special_character',
+    type: 'number'
+  }
+];
+module.exports = PasswordSettings;
--- a/lib/models/service-provider-limits.js
+++ b/lib/models/service-provider-limits.js
@@ -0,0 +1,39 @@
+const Model = require('./model');
+const {promisePool} = require('../db');
+const sql = 'SELECT * FROM service_provider_limits WHERE service_provider_sid = ?';
+
+class ServiceProviderLimits extends Model {
+  constructor() {
+    super();
+  }
+  static async retrieve(service_provider_sid) {
+    const [rows] = await promisePool.query(sql, [service_provider_sid]);
+    return rows;
+  }
+}
+
+ServiceProviderLimits.table = 'service_provider_limits';
+ServiceProviderLimits.fields = [
+  {
+    name: 'service_provider_limits_sid',
+    type: 'string',
+    primaryKey: true
+  },
+  {
+    name: 'service_provider_sid',
+    type: 'string',
+    required: true
+  },
+  {
+    name: 'category',
+    type: 'string',
+    required: true
+  },
+  {
+    name: 'quantity',
+    type: 'number',
+    required: true
+  }
+];
+
+module.exports = ServiceProviderLimits;
--- a/lib/models/speech-credential.js
+++ b/lib/models/speech-credential.js
@@ -86,6 +86,14 @@ SpeechCredential.fields = [
  {
    name: 'last_tested',
    type: 'date'
+  },
+  {
+    name: 'custom_tts_url',
+    type: 'date'
+  },
+  {
+    name: 'custom_stt_url',
+    type: 'date'
  }
 ];

--- a/lib/models/user.js
+++ b/lib/models/user.js
@@ -0,0 +1,117 @@
+const Model = require('./model');
+const {promisePool} = require('../db');
+const sqlAll = `
+SELECT u.user_sid, u.name, u.email, u.account_sid, u.service_provider_sid, u.is_active, 
+u.force_change, u.phone, u.pending_email, u.provider, u.provider_userid, 
+u.email_activation_code, u.email_validated, 
+sp.name as service_provider_name, acc.name as account_name  
+FROM users u   
+LEFT JOIN service_providers as sp ON u.service_provider_sid = sp.service_provider_sid 
+LEFT JOIN accounts acc ON u.account_sid = acc.account_sid  
+`;
+const sqlAccount = `
+SELECT u.user_sid, u.name, u.email, u.account_sid, u.service_provider_sid, u.is_active, 
+u.force_change, u.phone, u.pending_email, u.provider, u.provider_userid, 
+u.email_activation_code, u.email_validated, 
+sp.name as service_provider_name, acc.name as account_name  
+FROM users u   
+LEFT JOIN service_providers as sp ON u.service_provider_sid = sp.service_provider_sid 
+LEFT JOIN accounts acc ON u.account_sid = acc.account_sid  
+WHERE u.account_sid = ? 
+`;
+const sqlSP = `
+SELECT u.user_sid, u.name, u.email, u.account_sid, u.service_provider_sid, u.is_active, 
+u.force_change, u.phone, u.pending_email, u.provider, u.provider_userid, 
+u.email_activation_code, u.email_validated, 
+sp.name as service_provider_name, acc.name as account_name  
+FROM users u   
+LEFT JOIN service_providers as sp ON u.service_provider_sid = sp.service_provider_sid 
+LEFT JOIN accounts acc ON u.account_sid = acc.account_sid  
+WHERE u.service_provider_sid = ? 
+`;
+
+class User extends Model {
+  constructor() {
+    super();
+  }
+
+  static async retrieveAll() {
+    const [rows] = await promisePool.query(sqlAll);
+    return rows;
+  }
+
+  static async retrieveAllForAccount(account_sid) {
+    const [rows] = await promisePool.query(sqlAccount, [account_sid]);
+    return rows;
+  }
+
+  static async retrieveAllForServiceProvider(service_provider_sid) {
+    const [rows] = await promisePool.query(sqlSP, [service_provider_sid]);
+    return rows;
+  }
+}
+
+User.table = 'users';
+User.fields = [
+  {
+    name: 'user_sid',
+    type: 'string',
+    primaryKey: true
+  },
+  {
+    name: 'name',
+    type: 'string',
+    required: true
+  },
+  {
+    name: 'email',
+    type: 'string',
+    required: true
+  },
+  {
+    name: 'pending_email',
+    type: 'string'
+  },
+  {
+    name: 'phone',
+    type: 'string'
+  },
+  {
+    name: 'hashed_password',
+    type: 'string'
+  },
+  {
+    name: 'account_sid',
+    type: 'string'
+  },
+  {
+    name: 'service_provider_sid',
+    type: 'string'
+  },
+  {
+    name: 'force_change',
+    type: 'number'
+  },
+  {
+    name: 'provider',
+    type: 'string'
+  },
+  {
+    name: 'provider_userid',
+    type: 'string'
+  },
+  {
+    name: 'email_activation_code',
+    type: 'string'
+  },
+  {
+    name: 'email_validated',
+    type: 'number'
+  },
+  {
+    name: 'is_active',
+    type: 'number'
+  },
+];
+
+module.exports = User;
--- a/lib/models/voip-carrier.js
+++ b/lib/models/voip-carrier.js
@@ -111,6 +111,18 @@ VoipCarrier.fields = [
    name: 'smpp_system_id',
    type: 'string'
  },
+  {
+    name: 'register_from_user',
+    type: 'string'
+  },
+  {
+    name: 'register_from_domain',
+    type: 'string'
+  },
+  {
+    name: 'register_public_ip_in_contact',
+    type: 'number'
+  }
 ];

 module.exports = VoipCarrier;
--- a/lib/routes/api/accounts.js
+++ b/lib/routes/api/accounts.js
@@ -1,6 +1,6 @@
 const router = require('express').Router();
 const request = require('request');
-const {DbErrorBadRequest, DbErrorUnprocessableRequest} = require('../../utils/errors');
+const {DbErrorBadRequest, DbErrorForbidden, DbErrorUnprocessableRequest} = require('../../utils/errors');
 const Account = require('../../models/account');
 const Application = require('../../models/application');
 const Webhook = require('../../models/webhook');
@@ -20,7 +20,10 @@ const translator = short();
 let idx = 0;

 const getFsUrl = async(logger, retrieveSet, setName) => {
-  if (process.env.K8S) return `http://${process.env.K8S_FEATURE_SERVER_SERVICE_NAME}:3000/v1/createCall`;
+  if (process.env.K8S) {
+    const port = process.env.K8S_FEATURE_SERVER_SERVICE_PORT || 3000;
+    return `http://${process.env.K8S_FEATURE_SERVER_SERVICE_NAME}:${port}/v1/createCall`;
+  }

  try {
    const fs = await retrieveSet(setName);
@@ -42,12 +45,28 @@ const stripPort = (hostport) => {
  return hostport;
 };

+const validateUpdateForCarrier = async(req) => {
+  const account_sid = parseAccountSid(req);
+  if (req.user.hasScope('admin')) return ;
+  if (req.user.hasScope('account')) {
+    if (account_sid === req.user.account_sid) return ;
+    throw new DbErrorForbidden('insufficient permissions to update account');
+  }
+  if (req.user.hasScope('service_provider')) {
+    const [r] = await promisePool.execute(
+      'SELECT service_provider_sid from accounts WHERE account_sid = ?', [account_sid]);
+    if (r.length === 1 && r[0].service_provider_sid === req.user.service_provider_sid) return;
+    throw new DbErrorForbidden('insufficient permissions to update account');
+  }
+};
+
 router.use('/:sid/SpeechCredentials', hasAccountPermissions, require('./speech-credentials'));
 router.use('/:sid/RecentCalls', hasAccountPermissions, require('./recent-calls'));
 router.use('/:sid/Alerts', hasAccountPermissions, require('./alerts'));
 router.use('/:sid/Charges', hasAccountPermissions, require('./charges'));
 router.use('/:sid/SipRealms', hasAccountPermissions, require('./sip-realm'));
 router.use('/:sid/PredefinedCarriers', hasAccountPermissions, require('./add-from-predefined-carrier'));
+router.use('/:sid/Limits', hasAccountPermissions, require('./limits'));
 router.get('/:sid/Applications', async(req, res) => {
  const logger = req.app.locals.logger;
  try {
@@ -68,6 +87,20 @@ router.get('/:sid/VoipCarriers', async(req, res) => {
    sysError(logger, res, err);
  }
 });
+router.put('/:sid/VoipCarriers/:voip_carrier_sid', async(req, res) => {
+  const logger = req.app.locals.logger;
+  try {
+    await validateUpdateForCarrier(req);
+    const rowsAffected = await VoipCarrier.update(req.params.voip_carrier_sid, req.body);
+    if (rowsAffected === 0) {
+      return res.sendStatus(404);
+    }
+    res.status(204).end();
+  } catch (err) {
+    sysError(logger, res, err);
+  }
+});
+
 router.post('/:sid/VoipCarriers', async(req, res) => {
  const logger = req.app.locals.logger;
  const payload = req.body;
@@ -117,7 +150,8 @@ function validateUpdateCall(opts) {
    'conf_hold_status',
    'conf_mute_status',
    'mute_status',
-    'sip_request'
+    'sip_request',
+    'record'
  ]
    .reduce((acc, prop) => (opts[prop] ? ++acc : acc), 0);

@@ -156,6 +190,12 @@ function validateUpdateCall(opts) {
    (!opts.sip_request.method && !opts.sip_request.content_type ||  !opts.sip_request.content_type)) {
    throw new DbErrorBadRequest('sip_request requires content_type and content properties');
  }
+  if (opts.record && !opts.record.action) {
+    throw new DbErrorBadRequest('record requires action property');
+  }
+  if ('startCallRecording' === opts.record?.action && !opts.record.siprecServerURL) {
+    throw new DbErrorBadRequest('record requires siprecServerURL property when starting recording');
+  }
 }

 function validateTo(to) {
@@ -206,15 +246,14 @@ async function validateCreateCall(logger, sid, req) {
  }
  else {
    delete obj.application_sid;
-
-    // TODO: these should be retrieved from account, using account_sid if provided
-    Object.assign(obj, {
-      speech_synthesis_vendor: 'google',
-      speech_synthesis_voice: 'en-US-Wavenet-C',
-      speech_synthesis_language: 'en-US',
-      speech_recognizer_vendor: 'google',
-      speech_recognizer_language: 'en-US'
-    });
+    if (!obj.speech_synthesis_vendor ||
+      !obj.speech_synthesis_language ||
+      !obj.speech_synthesis_voice ||
+      !obj.speech_recognizer_vendor ||
+      !obj.speech_recognizer_language)
+      throw new DbErrorBadRequest('either application_sid or set of' +
+        ' speech_synthesis_vendor, speech_synthesis_language, speech_synthesis_voice,' +
+        ' speech_recognizer_vendor, speech_recognizer_language required');
  }

  if (!obj.call_hook && !obj.application_sid) {
@@ -240,10 +279,10 @@ async function validateCreateCall(logger, sid, req) {
  if (typeof obj.call_status_hook === 'object' && typeof obj.call_status_hook.url != 'string') {
    throw new DbErrorBadRequest('call_status_hook must be string or an object containing a url property');
  }
-  if (obj.call_hook && !/^https?:/.test(obj.call_hook.url)) {
+  if (obj.call_hook && !/^https?:/.test(obj.call_hook.url) && !/^wss?:/.test(obj.call_hook.url)) {
    throw new DbErrorBadRequest('call_hook url be an absolute url');
  }
-  if (obj.call_status_hook && !/^https?:/.test(obj.call_status_hook.url)) {
+  if (obj.call_status_hook && !/^https?:/.test(obj.call_status_hook.url) && !/^wss?:/.test(obj.call_status_hook.url)) {
    throw new DbErrorBadRequest('call_status_hook url be an absolute url');
  }
 }
@@ -519,7 +558,7 @@ router.delete('/:sid', async(req, res) => {
    await validateDelete(req, sid);

    const [account] = await promisePool.query('SELECT * FROM accounts WHERE account_sid = ?', sid);
-    const {sip_realm, stripe_customer_id} = account[0];
+    const {sip_realm, stripe_customer_id, registration_hook_sid} = account[0];
    /* remove dns records */
    if (process.env.NODE_ENV !== 'test' || process.env.DME_API_KEY) {

@@ -560,6 +599,15 @@ account_subscriptions WHERE account_sid = ?)
    await promisePool.execute('DELETE from applications where account_sid = ?', [sid]);
    await promisePool.execute('DELETE from accounts where account_sid = ?', [sid]);

+    if (registration_hook_sid) {
+      /* remove registration hook if only used by this account */
+      const sql = 'SELECT COUNT(*) as count FROM accounts WHERE registration_hook_sid = ?';
+      const [r] = await promisePool.query(sql, registration_hook_sid);
+      if (r[0]?.count === 0) {
+        await promisePool.execute('DELETE from webhooks where webhook_sid = ?', [registration_hook_sid]);
+      }
+    }
+
    if (stripe_customer_id) {
      const response = await deleteCustomer(logger, stripe_customer_id);
      logger.info({response}, `deleted stripe customer_id ${stripe_customer_id} for account_si ${sid}`);
@@ -591,29 +639,31 @@ router.post('/:sid/Calls', async(req, res) => {
  const {retrieveSet, logger} = req.app.locals;

  const serviceUrl = await getFsUrl(logger, retrieveSet, setName);
-  if (!serviceUrl) res.json({msg: 'no available feature servers at this time'}).status(480);
-  try {
-    await validateCreateCall(logger, sid, req);
-
-    updateLastUsed(logger, sid, req).catch((err) => {});
-    request({
-      url: serviceUrl,
-      method: 'POST',
-      json: true,
-      body: Object.assign(req.body, {account_sid: sid})
-    }, (err, response, body) => {
-      if (err) {
-        logger.error(err, `Error sending createCall POST to ${serviceUrl}`);
-        return res.sendStatus(500);
-      }
-      if (response.statusCode !== 201) {
-        logger.error({statusCode: response.statusCode}, `Non-success response returned by createCall ${serviceUrl}`);
-        return res.sendStatus(500);
-      }
-      res.status(201).json(body);
-    });
-  } catch (err) {
-    sysError(logger, res, err);
+  if (!serviceUrl) {
+    res.status(480).json({msg: 'no available feature servers at this time'});
+  } else {
+    try {
+      await validateCreateCall(logger, sid, req);
+      updateLastUsed(logger, sid, req).catch((err) => {});
+      request({
+        url: serviceUrl,
+        method: 'POST',
+        json: true,
+        body: Object.assign(req.body, {account_sid: sid})
+      }, (err, response, body) => {
+        if (err) {
+          logger.error(err, `Error sending createCall POST to ${serviceUrl}`);
+          return res.sendStatus(500);
+        }
+        if (response.statusCode !== 201) {
+          logger.error({statusCode: response.statusCode}, `Non-success response returned by createCall ${serviceUrl}`);
+          return res.sendStatus(500);
+        }
+        res.status(201).json(body);
+      });
+    } catch (err) {
+      sysError(logger, res, err);
+    }
  }
 });

--- a/lib/routes/api/add-from-predefined-carrier.js
+++ b/lib/routes/api/add-from-predefined-carrier.js
@@ -8,9 +8,7 @@ const short = require('short-uuid');
 const {promisePool} = require('../../db');
 const sysError = require('../error');

-const sqlSelectCarrierByName = `SELECT * FROM voip_carriers 
-WHERE account_sid = ? 
-AND name = ?`;
+
 const sqlSelectCarrierByNameForSP = `SELECT * FROM voip_carriers 
 WHERE service_provider_sid = ? 
 AND name = ?`;
@@ -25,22 +23,20 @@ router.post('/:sid', async(req, res) => {
  const {sid } = req.params;
  let service_provider_sid;
  const {account_sid} = req.user;
+
  if (!account_sid) {
-    if (!req.user.hasScope('service_provider')) {
-      logger.error({user: req.user}, 'invalid creds');
-      return res.sendStatus(403);
-    }
    service_provider_sid = parseServiceProviderSid(req);
+  } else {
+    service_provider_sid = req.user.service_provider_sid;
  }
+
  try {
    const [template] = await PredefinedCarrier.retrieve(sid);
    logger.debug({template}, `Retrieved template carrier for sid ${sid}`);
    if (!template) return res.sendStatus(404);

    /* make sure not to add the same carrier twice */
-    const [r2] = account_sid ?
-      await promisePool.query(sqlSelectCarrierByName, [account_sid, template.name]) :
-      await promisePool.query(sqlSelectCarrierByNameForSP, [service_provider_sid, template.name]);
+    const [r2] = await promisePool.query(sqlSelectCarrierByNameForSP, [service_provider_sid, template.name]);

    if (r2.length > 0) {
      template.name =  `${template.name}-${short.generate()}`;
--- a/lib/routes/api/alerts.js
+++ b/lib/routes/api/alerts.js
@@ -7,26 +7,47 @@ const parseAccountSid = (url) => {
  if (arr) return arr[1];
 };

+const parseServiceProviderSid = (url) => {
+  const arr = /ServiceProviders\/([^\/]*)/.exec(url);
+  if (arr) return arr[1];
+};
+
 router.get('/', async(req, res) => {
-  const {logger, queryAlerts} = req.app.locals;
+  const {logger, queryAlerts, queryAlertsSP} = req.app.locals;
  try {
    logger.debug({opts: req.query}, 'GET /Alerts');
    const account_sid = parseAccountSid(req.originalUrl);
+    const service_provider_sid = account_sid ? null : parseServiceProviderSid(req.originalUrl);
    const {page, count, alert_type, days, start, end} = req.query || {};
    if (!page || page < 1) throw new DbErrorBadRequest('missing or invalid "page" query arg');
    if (!count || count < 25 || count > 500) throw new DbErrorBadRequest('missing or invalid "count" query arg');

-    const data = await queryAlerts({
-      account_sid,
-      page,
-      page_size: count,
-      alert_type,
-      days,
-      start: days ? undefined : start,
-      end: days ? undefined : end,
-    });
+    if (account_sid) {
+      const data = await queryAlerts({
+        account_sid,
+        page,
+        page_size: count,
+        alert_type,
+        days,
+        start: days ? undefined : start,
+        end: days ? undefined : end,
+      });

-    res.status(200).json(data);
+      res.status(200).json(data);
+    }
+    else {
+      const data = await queryAlertsSP({
+        service_provider_sid,
+        page,
+        page_size: count,
+        alert_type,
+        days,
+        start: days ? undefined : start,
+        end: days ? undefined : end,
+      });
+
+      res.status(200).json(data);
+    }
  } catch (err) {
    sysError(logger, res, err);
  }
--- a/lib/routes/api/applications.js
+++ b/lib/routes/api/applications.js
@@ -3,12 +3,13 @@ const {DbErrorBadRequest, DbErrorUnprocessableRequest} = require('../../utils/er
 const Application = require('../../models/application');
 const Account = require('../../models/account');
 const Webhook = require('../../models/webhook');
+const {promisePool} = require('../../db');
 const decorate = require('./decorate');
 const sysError = require('../error');
+const { validate } = require('@jambonz/verb-specifications');
 const preconditions = {
  'add': validateAdd,
-  'update': validateUpdate,
-  'delete': validateDelete
+  'update': validateUpdate
 };

 /* only user-level tokens can add applications */
@@ -59,7 +60,7 @@ async function validateDelete(req, sid) {
  if (assignedPhoneNumbers > 0) throw new DbErrorUnprocessableRequest('cannot delete application with phone numbers');
 }

-decorate(router, Application, ['delete'], preconditions);
+decorate(router, Application, [], preconditions);

 /* add */
 router.post('/', async(req, res) => {
@@ -76,6 +77,16 @@ router.post('/', async(req, res) => {
      }
    }

+    // validate app json if required
+    if (obj['app_json']) {
+      const app_json = JSON.parse(obj['app_json']);
+      try {
+        validate(logger, app_json);
+      } catch (err) {
+        throw new DbErrorBadRequest(err);
+      }
+    }
+
    const uuid = await Application.make(obj);
    res.status(201).json({sid: uuid});
  } catch (err) {
@@ -104,13 +115,54 @@ router.get('/:sid', async(req, res) => {
    const account_sid = req.user.hasAccountAuth ? req.user.account_sid : null;
    const results = await Application.retrieve(req.params.sid, service_provider_sid, account_sid);
    if (results.length === 0) return res.status(404).end();
-    return res.status(200).json(results);
+    return res.status(200).json(results[0]);
  }
  catch (err) {
    sysError(logger, res, err);
  }
 });

+/* delete */
+router.delete('/:sid', async(req, res) => {
+  const sid = req.params.sid;
+  const logger = req.app.locals.logger;
+  try {
+    await validateDelete(req, sid);
+
+    const [application] = await promisePool.query('SELECT * FROM applications WHERE application_sid = ?', sid);
+    const {call_hook_sid, call_status_hook_sid, messaging_hook_sid} = application[0];
+    logger.info({call_hook_sid, call_status_hook_sid, messaging_hook_sid, sid}, 'deleting application');
+    await promisePool.execute('DELETE from applications where application_sid = ?', [sid]);
+
+    if (call_hook_sid) {
+      /* remove call hook if only used by this app */
+      const sql = 'SELECT COUNT(*) as count FROM applications WHERE call_hook_sid = ?';
+      const [r] = await promisePool.query(sql, call_hook_sid);
+      if (r[0]?.count === 0) {
+        await promisePool.execute('DELETE from webhooks where webhook_sid = ?', [call_hook_sid]);
+      }
+    }
+    if (call_status_hook_sid) {
+      const sql = 'SELECT COUNT(*) as count FROM applications WHERE call_status_hook_sid = ?';
+      const [r] = await promisePool.query(sql, call_status_hook_sid);
+      if (r[0]?.count === 0) {
+        await promisePool.execute('DELETE from webhooks where webhook_sid = ?', [call_status_hook_sid]);
+      }
+    }
+    if (messaging_hook_sid) {
+      const sql = 'SELECT COUNT(*) as count FROM applications WHERE messaging_hook_sid = ?';
+      const [r] = await promisePool.query(sql, messaging_hook_sid);
+      if (r[0]?.count === 0) {
+        await promisePool.execute('DELETE from webhooks where webhook_sid = ?', [messaging_hook_sid]);
+      }
+    }
+
+    res.status(204).end();
+  } catch (err) {
+    sysError(logger, res, err);
+  }
+});
+
 /* update */
 router.put('/:sid', async(req, res) => {
  const sid = req.params.sid;
@@ -138,6 +190,16 @@ router.put('/:sid', async(req, res) => {
      delete obj[prop];
    }

+    // validate app json if required
+    if (obj['app_json']) {
+      const app_json = JSON.parse(obj['app_json']);
+      try {
+        validate(logger, app_json);
+      } catch (err) {
+        throw new DbErrorBadRequest(err);
+      }
+    }
+
    const rowsAffected = await Application.update(sid, obj);
    if (rowsAffected === 0) {
      return res.status(404).end();
--- a/lib/routes/api/index.js
+++ b/lib/routes/api/index.js
@@ -7,9 +7,16 @@ const isAdminScope = (req, res, next) => {
    message: 'insufficient privileges'
  });
 };
+// const isAdminOrSPScope = (req, res, next) => {
+//   if (req.user.hasScope('admin') || req.user.hasScope('service_provider')) return next();
+//   res.status(403).json({
+//     status: 'fail',
+//     message: 'insufficient privileges'
+//   });
+// };

 api.use('/BetaInviteCodes', isAdminScope, require('./beta-invite-codes'));
-api.use('/ServiceProviders', isAdminScope, require('./service-providers'));
+api.use('/ServiceProviders', require('./service-providers'));
 api.use('/VoipCarriers', require('./voip-carriers'));
 api.use('/Webhooks', require('./webhooks'));
 api.use('/SipGateways', require('./sip-gateways'));
@@ -37,6 +44,7 @@ api.use('/Subscriptions', require('./subscriptions'));
 api.use('/Invoices', require('./invoices'));
 api.use('/InviteCodes', require('./invite-codes'));
 api.use('/PredefinedCarriers', require('./predefined-carriers'));
+api.use('/PasswordSettings', require('./password-settings'));

 // messaging
 api.use('/Smpps', require('./smpps'));   // our smpp server info
--- a/lib/routes/api/limits.js
+++ b/lib/routes/api/limits.js
@@ -0,0 +1,128 @@
+const router = require('express').Router();
+const sysError = require('../error');
+const AccountLimits = require('../../models/account-limits');
+const ServiceProviderLimits = require('../../models/service-provider-limits');
+const {parseAccountSid, parseServiceProviderSid} = require('./utils');
+const {promisePool} = require('../../db');
+const sqlDeleteSPLimits = `
+DELETE FROM service_provider_limits 
+WHERE service_provider_sid = ? 
+`;
+const sqlDeleteSPLimitsByCategory = `
+DELETE FROM service_provider_limits 
+WHERE service_provider_sid = ? 
+AND category = ?
+`;
+const sqlDeleteAccountLimits = `
+DELETE FROM account_limits 
+WHERE account_sid = ? 
+`;
+const sqlDeleteAccountLimitsByCategory = `
+DELETE FROM account_limits 
+WHERE account_sid = ? 
+AND category = ?
+`;
+router.post('/', async(req, res) => {
+  const logger = req.app.locals.logger;
+  const {
+    category,
+    quantity
+  } = req.body;
+  const account_sid = parseAccountSid(req);
+  let service_provider_sid;
+  if (!account_sid) {
+    if (!req.user.hasServiceProviderAuth && !req.user.hasAdminAuth) {
+      logger.error('POST /SpeechCredentials invalid credentials');
+      return res.sendStatus(403);
+    }
+    service_provider_sid = parseServiceProviderSid(req);
+  }
+  try {
+    let uuid;
+    if (account_sid) {
+      const existing = (await AccountLimits.retrieve(account_sid) || [])
+        .find((el) => el.category === category);
+      if (existing) {
+        uuid = existing.account_limits_sid;
+        await AccountLimits.update(uuid, {category, quantity});
+      }
+      else {
+        uuid = await AccountLimits.make({
+          account_sid,
+          category,
+          quantity
+        });
+      }
+    }
+    else {
+      const existing = (await ServiceProviderLimits.retrieve(service_provider_sid) || [])
+        .find((el) => el.category === category);
+      if (existing) {
+        uuid = existing.service_provider_limits_sid;
+        await ServiceProviderLimits.update(uuid, {category, quantity});
+      }
+      else {
+        uuid = await ServiceProviderLimits.make({
+          service_provider_sid,
+          category,
+          quantity
+        });
+      }
+    }
+    res.status(201).json({sid: uuid});
+  } catch (err) {
+    sysError(logger, res, err);
+  }
+});
+
+/**
+ * retrieve all limits for an account or service provider
+ */
+router.get('/', async(req, res) => {
+  let service_provider_sid;
+  const account_sid = parseAccountSid(req);
+  if (!account_sid) service_provider_sid = parseServiceProviderSid(req);
+  const logger = req.app.locals.logger;
+  try {
+    const limits = account_sid ?
+      await AccountLimits.retrieve(account_sid) :
+      await ServiceProviderLimits.retrieve(service_provider_sid);
+
+    if (req.query?.category) {
+      return res.status(200).json(limits.filter((el) => el.category === req.query.category));
+    }
+    res.status(200).json(limits);
+  } catch (err) {
+    sysError(logger, res, err);
+  }
+});
+
+router.delete('/', async(req, res) => {
+  const logger = req.app.locals.logger;
+  const account_sid = parseAccountSid(req);
+  const {category} = req.query;
+  const service_provider_sid = parseServiceProviderSid(req);
+  try {
+    if (account_sid) {
+      if (category) {
+        await promisePool.execute(sqlDeleteAccountLimitsByCategory, [account_sid, category]);
+      }
+      else {
+        await promisePool.execute(sqlDeleteAccountLimits, [account_sid]);
+      }
+    }
+    else {
+      if (category) {
+        await promisePool.execute(sqlDeleteSPLimitsByCategory, [service_provider_sid, category]);
+      }
+      else {
+        await promisePool.execute(sqlDeleteSPLimits, [service_provider_sid]);
+      }
+    }
+    res.status(204).end();
+  } catch (err) {
+    sysError(logger, res, err);
+  }
+});
+
+module.exports = router;
--- a/lib/routes/api/login.js
+++ b/lib/routes/api/login.js
@@ -1,12 +1,21 @@
 const router = require('express').Router();
-const {getMysqlConnection} = require('../../db');
+const jwt = require('jsonwebtoken');
 const {verifyPassword} = require('../../utils/password-utils');
-
+const {promisePool} = require('../../db');
+const Account = require('../../models/account');
+const ServiceProvider = require('../../models/service-provider');
+const sysError = require('../error');
+const retrievePemissionsSql = `
+SELECT p.name 
+FROM permissions p, user_permissions up 
+WHERE up.permission_sid = p.permission_sid 
+AND up.user_sid = ? 
+`;
 const retrieveSql = 'SELECT * from users where name = ?';
 const tokenSql = 'SELECT token from api_keys where account_sid IS NULL AND service_provider_sid IS NULL';


-router.post('/', (req, res) => {
+router.post('/', async(req, res) => {
  const logger = req.app.locals.logger;
  const {username, password} = req.body;
  if (!username || !password) {
@@ -14,48 +23,63 @@ router.post('/', (req, res) => {
    return res.sendStatus(400);
  }

-  getMysqlConnection((err, conn) => {
-    if (err) {
-      logger.error({err}, 'Error getting db connection');
+  try {
+    const [r] = await promisePool.query(retrieveSql, username);
+    if (r.length === 0) {
+      logger.info(`Failed login attempt for user ${username}`);
+      return res.sendStatus(403);
+    }
+    logger.info({r}, 'successfully retrieved user account');
+    const isCorrect = await verifyPassword(r[0].hashed_password, password);
+    if (!isCorrect) return res.sendStatus(403);
+    const force_change = !!r[0].force_change;
+    const [t] = await promisePool.query(tokenSql);
+    if (t.length === 0) {
+      logger.error('Database has no admin token provisioned...run reset_admin_password');
      return res.sendStatus(500);
    }
-    conn.query(retrieveSql, [username], async(err, results) => {
-      conn.release();
-      if (err) {
-        logger.error({err}, 'Error getting db connection');
-        return res.sendStatus(500);
-      }
-      if (0 === results.length) {
-        logger.info(`Failed login attempt for user ${username}`);
-        return res.sendStatus(403);
-      }

-      logger.info({results}, 'successfully retrieved account');
-      const isCorrect = await verifyPassword(results[0].hashed_password, password);
-      if (!isCorrect) return res.sendStatus(403);
-
-      const force_change = !!results[0].force_change;
-
-      getMysqlConnection((err, conn) => {
-        if (err) {
-          logger.error({err}, 'Error getting db connection');
-          return res.sendStatus(500);
-        }
-        conn.query(tokenSql, (err, tokenResults) => {
-          conn.release();
-          if (err) {
-            logger.error({err}, 'Error getting db connection');
-            return res.sendStatus(500);
-          }
-          if (0 === tokenResults.length) {
-            logger.error('Database has no admin token provisioned...run reset_admin_password');
-            return res.sendStatus(500);
-          }
-          res.json({user_sid: results[0].user_sid, force_change, token: tokenResults[0].token});
-        });
-      });
-    });
-  });
+    const [p] = await promisePool.query(retrievePemissionsSql, r[0].user_sid);
+    const permissions = p.map((x) => x.name);
+    const obj = {user_sid: r[0].user_sid, scope: 'admin', force_change, permissions};
+    if (r[0].service_provider_sid && r[0].account_sid) {
+      const account = await Account.retrieve(r[0].account_sid);
+      const service_provider = await ServiceProvider.retrieve(r[0].service_provider_sid);
+      obj.scope = 'account';
+      obj.service_provider_sid = r[0].service_provider_sid;
+      obj.account_sid = r[0].account_sid;
+      obj.account_name = account[0].name;
+      obj.service_provider_name = service_provider[0].name;
+    }
+    else if (r[0].service_provider_sid) {
+      const service_provider = await ServiceProvider.retrieve(r[0].service_provider_sid);
+      obj.scope = 'service_provider';
+      obj.service_provider_sid = r[0].service_provider_sid;
+      obj.service_provider_name = service_provider[0].name;
+    }
+    const payload = {
+      scope: obj.scope,
+      permissions,
+      ...(obj.service_provider_sid && {
+        service_provider_sid: obj.service_provider_sid,
+        service_provider_name: obj.service_provider_name
+      }),
+      ...(obj.account_sid && {
+        account_sid: obj.account_sid,
+        account_name: obj.account_name,
+        service_provider_name: obj.service_provider_name
+      }),
+      user_sid: obj.user_sid
+    };
+    const token = jwt.sign(
+      payload,
+      process.env.JWT_SECRET,
+      { expiresIn: parseInt(process.env.JWT_EXPIRES_IN || 60) * 60 }
+    );
+    res.json({token, ...obj});
+  } catch (err) {
+    sysError(logger, res, err);
+  }
 });


--- a/lib/routes/api/password-settings.js
+++ b/lib/routes/api/password-settings.js
@@ -0,0 +1,42 @@
+const router = require('express').Router();
+const sysError = require('../error');
+const PasswordSettings = require('../../models/password-settings');
+const { DbErrorBadRequest } = require('../../utils/errors');
+
+const validate = (obj) => {
+  if (obj.min_password_length && (
+    obj.min_password_length < 8 ||
+    obj.min_password_length > 20
+  )) {
+    throw new DbErrorBadRequest('invalid min_password_length property: should be between 8-20');
+  }
+};
+
+router.post('/', async(req, res) => {
+  const logger = req.app.locals.logger;
+  try {
+    validate(req.body);
+    const [existing] = (await PasswordSettings.retrieve() || []);
+    if (existing) {
+      await PasswordSettings.update(req.body);
+    } else {
+      await PasswordSettings.make(req.body);
+    }
+    res.status(201).json({});
+  }
+  catch (err) {
+    sysError(logger, res, err);
+  }
+});
+
+router.get('/', async(req, res) => {
+  const logger = req.app.locals.logger;
+  try {
+    const [results] = (await PasswordSettings.retrieve() || []);
+    return res.status(200).json(results || {min_password_length: 8});
+  }
+  catch (err) {
+    sysError(logger, res, err);
+  }
+});
+module.exports = router;
--- a/lib/routes/api/recent-calls.js
+++ b/lib/routes/api/recent-calls.js
@@ -7,28 +7,49 @@ const parseAccountSid = (url) => {
  if (arr) return arr[1];
 };

+const parseServiceProviderSid = (url) => {
+  const arr = /ServiceProviders\/([^\/]*)/.exec(url);
+  if (arr) return arr[1];
+};
+
 router.get('/', async(req, res) => {
-  const {logger, queryCdrs} = req.app.locals;
+  const {logger, queryCdrs, queryCdrsSP} = req.app.locals;
  try {
    logger.debug({opts: req.query}, 'GET /RecentCalls');
    const account_sid = parseAccountSid(req.originalUrl);
+    const service_provider_sid = account_sid ? null : parseServiceProviderSid(req.originalUrl);
    const {page, count, trunk, direction, days, answered, start, end} = req.query || {};
    if (!page || page < 1) throw new DbErrorBadRequest('missing or invalid "page" query arg');
    if (!count || count < 25 || count > 500) throw new DbErrorBadRequest('missing or invalid "count" query arg');

-    const data = await queryCdrs({
-      account_sid,
-      page,
-      page_size: count,
-      trunk,
-      direction,
-      days,
-      answered,
-      start: days ? undefined : start,
-      end: days ? undefined : end,
-    });
-
-    res.status(200).json(data);
+    if (account_sid) {
+      const data = await queryCdrs({
+        account_sid,
+        page,
+        page_size: count,
+        trunk,
+        direction,
+        days,
+        answered,
+        start: days ? undefined : start,
+        end: days ? undefined : end,
+      });
+      res.status(200).json(data);
+    }
+    else {
+      const data = await queryCdrsSP({
+        service_provider_sid,
+        page,
+        page_size: count,
+        trunk,
+        direction,
+        days,
+        answered,
+        start: days ? undefined : start,
+        end: days ? undefined : end,
+      });
+      res.status(200).json(data);
+    }
  } catch (err) {
    sysError(logger, res, err);
  }
--- a/lib/routes/api/register.js
+++ b/lib/routes/api/register.js
@@ -347,7 +347,7 @@ router.post('/', async(req, res) => {
      account_sid: userProfile.account_sid,
      email: userProfile.email,
      name: userProfile.name
-    }, process.env.JWT_SECRET, { expiresIn: '1h' });
+    }, process.env.JWT_SECRET, { expiresIn: parseInt(process.env.JWT_EXPIRES_IN || 60) * 60 });

    logger.debug({
      user_sid: userProfile.user_sid,
--- a/lib/routes/api/service-providers.js
+++ b/lib/routes/api/service-providers.js
@@ -1,17 +1,18 @@
 const router = require('express').Router();
 const {promisePool} = require('../../db');
-const {DbErrorUnprocessableRequest} = require('../../utils/errors');
+const {DbErrorUnprocessableRequest, DbErrorForbidden} = require('../../utils/errors');
 const Webhook = require('../../models/webhook');
 const ServiceProvider = require('../../models/service-provider');
 const Account = require('../../models/account');
 const VoipCarrier = require('../../models/voip-carrier');
 const Application = require('../../models/application');
 const PhoneNumber = require('../../models/phone-number');
+const ApiKey = require('../../models/api-key');
 const {hasServiceProviderPermissions, parseServiceProviderSid} = require('./utils');
 const sysError = require('../error');
 const decorate = require('./decorate');
 const preconditions = {
-  'delete': noActiveAccounts
+  'delete': noActiveAccountsOrUsers
 };
 const sqlDeleteSipGateways = `DELETE from sip_gateways 
 WHERE voip_carrier_sid IN (
@@ -26,10 +27,52 @@ WHERE voip_carrier_sid IN (
  WHERE service_provider_sid = ?
 )`;

+/* only admin users can add a service provider */
+function validateAdd(req) {
+  if (!req.user.hasAdminAuth) {
+    throw new DbErrorForbidden('only admin users can add a service provider');
+  }
+}
+
+async function validateRetrieve(req) {
+  const service_provider_sid = parseServiceProviderSid(req);
+  if (req.user.hasScope('admin')) return ;
+  if (req.user.hasScope('service_provider')) {
+    if (service_provider_sid === req.user.service_provider_sid) return ;
+  }
+  if (req.user.hasScope('account')) {
+    /* allow account users to retrieve service provider data from parent SP */
+    const sid = req.user.account_sid;
+    const [r] = await promisePool.execute('SELECT service_provider_sid from accounts WHERE account_sid = ?', [sid]);
+    if (r.length === 1 && r[0].service_provider_sid === req.user.service_provider_sid) return;
+  }
+  throw new DbErrorForbidden('insufficient permissions to update service provider');
+}
+
+function validateUpdate(req) {
+  if (req.user.hasScope('admin')) return ;
+  if (req.user.hasScope('service_provider')) {
+    const service_provider_sid = parseServiceProviderSid(req);
+    if (service_provider_sid === req.user.service_provider_sid) return ;
+  }
+  throw new DbErrorForbidden('insufficient permissions to update service provider');
+}
+
 /* can not delete a service provider if it has any active accounts */
-async function noActiveAccounts(req, sid) {
+async function noActiveAccountsOrUsers(req, sid) {
+  if (!req.user.hasAdminAuth) {
+    throw new DbErrorForbidden('only admin users can delete a service provider');
+  }
  const activeAccounts = await ServiceProvider.getForeignKeyReferences('accounts.service_provider_sid', sid);
+  const activeUsers = await ServiceProvider.getForeignKeyReferences('users.service_provider_sid', sid);
+  if (activeAccounts > 0 && activeUsers > 0) throw new DbErrorUnprocessableRequest(
+    'cannot delete service provider with active accounts or users'
+  );
+
  if (activeAccounts > 0) throw new DbErrorUnprocessableRequest('cannot delete service provider with active accounts');
+  if (activeUsers > 0) throw new DbErrorUnprocessableRequest(
+    'cannot delete service provider with active service provider level users'
+  );

  /* ok we can delete -- no active accounts.  remove carriers and speech credentials */
  await promisePool.execute('DELETE from speech_credentials WHERE service_provider_sid = ?', [sid]);
@@ -40,13 +83,20 @@ async function noActiveAccounts(req, sid) {

 decorate(router, ServiceProvider, ['delete'], preconditions);

-router.use('/:sid/SpeechCredentials', hasServiceProviderPermissions, require('./speech-credentials'));
+router.use('/:sid/RecentCalls', hasServiceProviderPermissions, require('./recent-calls'));
+router.use('/:sid/Alerts', hasServiceProviderPermissions, require('./alerts'));
+router.use('/:sid/SpeechCredentials', require('./speech-credentials'));
+router.use('/:sid/Limits', hasServiceProviderPermissions, require('./limits'));
 router.use('/:sid/PredefinedCarriers', hasServiceProviderPermissions, require('./add-from-predefined-carrier'));
 router.get('/:sid/Accounts', async(req, res) => {
  const logger = req.app.locals.logger;
  try {
+    await validateRetrieve(req);
    const service_provider_sid = parseServiceProviderSid(req);
-    const results = await Account.retrieveAll(service_provider_sid);
+    let results = await Account.retrieveAll(service_provider_sid);
+    if (req.user.hasScope('account')) {
+      results = results.filter((r) => r.account_sid === req.user.account_sid);
+    }
    res.status(200).json(results);
  } catch (err) {
    sysError(logger, res, err);
@@ -55,8 +105,12 @@ router.get('/:sid/Accounts', async(req, res) => {
 router.get('/:sid/Applications', async(req, res) => {
  const logger = req.app.locals.logger;
  try {
+    await validateRetrieve(req);
    const service_provider_sid = parseServiceProviderSid(req);
-    const results = await Application.retrieveAll(service_provider_sid);
+    let results = await Application.retrieveAll(service_provider_sid);
+    if (req.user.hasScope('account')) {
+      results = results.filter((r) => r.account_sid === req.user.account_sid);
+    }
    res.status(200).json(results);
  } catch (err) {
    sysError(logger, res, err);
@@ -65,8 +119,12 @@ router.get('/:sid/Applications', async(req, res) => {
 router.get('/:sid/PhoneNumbers', async(req, res) => {
  const logger = req.app.locals.logger;
  try {
+    await validateRetrieve(req);
    const service_provider_sid = parseServiceProviderSid(req);
-    const results = await PhoneNumber.retrieveAllForSP(service_provider_sid);
+    let results = await PhoneNumber.retrieveAllForSP(service_provider_sid);
+    if (req.user.hasScope('account')) {
+      results = results.filter((r) => r.account_sid === req.user.account_sid);
+    }
    res.status(200).json(results);
  } catch (err) {
    sysError(logger, res, err);
@@ -75,9 +133,15 @@ router.get('/:sid/PhoneNumbers', async(req, res) => {
 router.get('/:sid/VoipCarriers', async(req, res) => {
  const logger = req.app.locals.logger;
  try {
+    await validateRetrieve(req);
    const service_provider_sid = parseServiceProviderSid(req);
-    const results = await VoipCarrier.retrieveAllForSP(service_provider_sid);
-    res.status(200).json(results);
+    const carriers = await VoipCarrier.retrieveAllForSP(service_provider_sid);
+
+    if (req.user.hasScope('account')) {
+      return res.status(200).json(carriers.filter((c) => c.account_sid === req.user.account_sid || !c.account_sid));
+    }
+
+    res.status(200).json(carriers);
  } catch (err) {
    sysError(logger, res, err);
  }
@@ -85,6 +149,7 @@ router.get('/:sid/VoipCarriers', async(req, res) => {
 router.post('/:sid/VoipCarriers', async(req, res) => {
  const logger = req.app.locals.logger;
  try {
+    validateUpdate(req);
    const service_provider_sid = parseServiceProviderSid(req);
    const uuid = await VoipCarrier.make({...req.body, service_provider_sid});
    res.status(201).json({sid: uuid});
@@ -95,6 +160,7 @@ router.post('/:sid/VoipCarriers', async(req, res) => {
 router.put('/:sid/VoipCarriers/:voip_carrier_sid', async(req, res) => {
  const logger = req.app.locals.logger;
  try {
+    validateUpdate(req);
    const rowsAffected = await VoipCarrier.update(req.params.voip_carrier_sid, req.body);
    if (rowsAffected === 0) {
      return res.sendStatus(404);
@@ -104,12 +170,17 @@ router.put('/:sid/VoipCarriers/:voip_carrier_sid', async(req, res) => {
    sysError(logger, res, err);
  }
 });
-router.get(':sid/Acccounts', async(req, res) => {
+router.get('/:sid/ApiKeys', async(req, res) => {
  const logger = req.app.locals.logger;
+  const {sid} = req.params;
  try {
-    const service_provider_sid = parseServiceProviderSid(req);
-    const results = await Account.retrieveAll(service_provider_sid);
+    await validateRetrieve(req);
+    let results = await ApiKey.retrieveAllForSP(sid);
+    if (req.user.hasScope('account')) {
+      results = results.filter((r) => r.account_sid === req.user.account_sid);
+    }
    res.status(200).json(results);
+    await ApiKey.updateLastUsed(sid);
  } catch (err) {
    sysError(logger, res, err);
  }
@@ -119,6 +190,7 @@ router.get(':sid/Acccounts', async(req, res) => {
 router.post('/', async(req, res) => {
  const logger = req.app.locals.logger;
  try {
+    validateAdd(req);

    // create webhooks if provided
    const obj = Object.assign({}, req.body);
@@ -140,8 +212,15 @@ router.post('/', async(req, res) => {
 /* list */
 router.get('/', async(req, res) => {
  const logger = req.app.locals.logger;
+
  try {
    const results = await ServiceProvider.retrieveAll();
+    logger.debug({results, user: req.user}, 'ServiceProvider.retrieveAll');
+    if (req.user.hasScope('service_provider') || req.user.hasScope('account')) {
+      logger.debug(`Filtering results for ${req.user.service_provider_sid}`);
+      return res.status(200).json(results.filter((e) => req.user.service_provider_sid === e.service_provider_sid));
+    }
+
    res.status(200).json(results);
  } catch (err) {
    sysError(logger, res, err);
@@ -166,6 +245,8 @@ router.put('/:sid', async(req, res) => {
  const sid = req.params.sid;
  const logger = req.app.locals.logger;
  try {
+    validateUpdate(req);
+
    // create webhooks if provided
    const obj = Object.assign({}, req.body);
    for (const prop of ['registration_hook']) {
--- a/lib/routes/api/signin.js
+++ b/lib/routes/api/signin.js
@@ -68,7 +68,7 @@ router.post('/', async(req, res) => {
    const token = jwt.sign({
      user_sid: userProfile.user_sid,
      account_sid: userProfile.account_sid
-    }, process.env.JWT_SECRET, { expiresIn: '1h' });
+    }, process.env.JWT_SECRET, { expiresIn: parseInt(process.env.JWT_EXPIRES_IN || 60) * 60 });

    logger.debug({
      user_sid: userProfile.user_sid,
--- a/lib/routes/api/speech-credentials.js
+++ b/lib/routes/api/speech-credentials.js
@@ -1,5 +1,6 @@
 const router = require('express').Router();
 const assert = require('assert');
+const Account = require('../../models/account');
 const SpeechCredential = require('../../models/speech-credential');
 const sysError = require('../error');
 const {decrypt, encrypt} = require('../../utils/encrypt-decrypt');
@@ -12,9 +13,25 @@ const {
  testAwsStt,
  testMicrosoftStt,
  testMicrosoftTts,
-  testWellSaidTts
+  testWellSaidTts,
+  testNuanceStt,
+  testNuanceTts,
+  testDeepgramStt,
+  testSonioxStt,
+  testIbmTts,
+  testIbmStt
 } = require('../../utils/speech-utils');

+const obscureKey = (key) => {
+  const key_spoiler_length = 6;
+  const key_spoiler_char = 'X';
+
+  if (key.length <= key_spoiler_length) {
+    return key;
+  }
+
+  return `${key.slice(0, key_spoiler_length)}${key_spoiler_char.repeat(key.length - key_spoiler_length)}`;
+};

 const encryptCredential = (obj) => {
  const {
@@ -24,7 +41,22 @@ const encryptCredential = (obj) => {
    secret_access_key,
    aws_region,
    api_key,
-    region
+    region,
+    client_id,
+    secret,
+    use_custom_tts,
+    custom_tts_endpoint,
+    use_custom_stt,
+    custom_stt_endpoint,
+    tts_api_key,
+    tts_region,
+    stt_api_key,
+    stt_region,
+    riva_server_uri,
+    instance_id,
+    custom_stt_url,
+    custom_tts_url,
+    auth_token = ''
  } = obj;

  switch (vendor) {
@@ -49,7 +81,14 @@ const encryptCredential = (obj) => {
    case 'microsoft':
      assert(region, 'invalid azure speech credential: region is required');
      assert(api_key, 'invalid azure speech credential: api_key is required');
-      const azureData = JSON.stringify({region, api_key});
+      const azureData = JSON.stringify({
+        region,
+        api_key,
+        use_custom_tts,
+        custom_tts_endpoint,
+        use_custom_stt,
+        custom_stt_endpoint
+      });
      return encrypt(azureData);

    case 'wellsaid':
@@ -57,8 +96,37 @@ const encryptCredential = (obj) => {
      const wsData = JSON.stringify({api_key});
      return encrypt(wsData);

+    case 'nuance':
+      assert(client_id, 'invalid nuance speech credential: client_id is required');
+      assert(secret, 'invalid nuance speech credential: secret is required');
+      const nuanceData = JSON.stringify({client_id, secret});
+      return encrypt(nuanceData);
+
+    case 'deepgram':
+      assert(api_key, 'invalid deepgram speech credential: api_key is required');
+      const deepgramData = JSON.stringify({api_key});
+      return encrypt(deepgramData);
+
+    case 'ibm':
+      const ibmData = JSON.stringify({tts_api_key, tts_region, stt_api_key, stt_region, instance_id});
+      return encrypt(ibmData);
+
+    case 'nvidia':
+      assert(riva_server_uri, 'invalid riva server uri: riva_server_uri is required');
+      const nvidiaData = JSON.stringify({ riva_server_uri });
+      return encrypt(nvidiaData);
+
+    case 'soniox':
+      assert(api_key, 'invalid soniox speech credential: api_key is required');
+      const sonioxData = JSON.stringify({api_key});
+      return encrypt(sonioxData);
+
    default:
-      assert(false, `invalid or missing vendor: ${vendor}`);
+      if (vendor.startsWith('custom:')) {
+        const customData = JSON.stringify({auth_token, custom_stt_url, custom_tts_url});
+        return encrypt(customData);
+      }
+      else assert(false, `invalid or missing vendor: ${vendor}`);
  }
 };

@@ -70,13 +138,13 @@ router.post('/', async(req, res) => {
    vendor,
  } = req.body;
  const account_sid = req.user.account_sid || req.body.account_sid;
-  let service_provider_sid;
+  const service_provider_sid = req.user.service_provider_sid ||
+  req.body.service_provider_sid || parseServiceProviderSid(req);
  if (!account_sid) {
-    if (!req.user.hasServiceProviderAuth) {
+    if (!req.user.hasServiceProviderAuth && !req.user.hasAdminAuth) {
      logger.error('POST /SpeechCredentials invalid credentials');
-      return res.send(403);
+      return res.sendStatus(403);
    }
-    service_provider_sid = parseServiceProviderSid(req);
  }
  try {
    const encrypted_credential = encryptCredential(req.body);
@@ -98,36 +166,82 @@ router.post('/', async(req, res) => {
 * retrieve all speech credentials for an account
 */
 router.get('/', async(req, res) => {
-  let service_provider_sid;
-  const account_sid = parseAccountSid(req);
-  if (!account_sid) service_provider_sid = parseServiceProviderSid(req);
+  const account_sid = parseAccountSid(req) || req.user.account_sid;
+  const service_provider_sid = parseServiceProviderSid(req) || req.user.service_provider_sid;
  const logger = req.app.locals.logger;
  try {
-    const creds = account_sid ?
-      await SpeechCredential.retrieveAll(account_sid) :
-      await SpeechCredential.retrieveAllForSP(service_provider_sid);
+    const credsAccount = account_sid ? await SpeechCredential.retrieveAll(account_sid) : [];
+    const credsSP = service_provider_sid ?
+      await SpeechCredential.retrieveAllForSP(service_provider_sid) :
+      await SpeechCredential.retrieveAllForSP((await Account.retrieve(account_sid))[0].service_provider_sid);
+
+    // filter out duplicates and discard those from other non-matching accounts
+    let creds = [...new Set([...credsAccount, ...credsSP].map((c) => JSON.stringify(c)))].map((c) => JSON.parse(c));
+    if (req.user.hasScope('account')) {
+      creds = creds.filter((c) => c.account_sid === req.user.account_sid || !c.account_sid);
+    }

    res.status(200).json(creds.map((c) => {
      const {credential, ...obj} = c;
      if ('google' === obj.vendor) {
-        obj.service_key = JSON.parse(decrypt(credential));
+        const o = JSON.parse(decrypt(credential));
+        const key_header = '-----BEGIN PRIVATE KEY-----\n';
+        const obscured = {
+          ...o,
+          private_key: `${key_header}${obscureKey(o.private_key.slice(key_header.length, o.private_key.length))}`
+        };
+        obj.service_key = obscured;
      }
      else if ('aws' === obj.vendor) {
        const o = JSON.parse(decrypt(credential));
        obj.access_key_id = o.access_key_id;
-        obj.secret_access_key = o.secret_access_key;
+        obj.secret_access_key = obscureKey(o.secret_access_key);
        obj.aws_region = o.aws_region;
        logger.info({obj, o}, 'retrieving aws speech credential');
      }
      else if ('microsoft' === obj.vendor) {
        const o = JSON.parse(decrypt(credential));
-        obj.api_key = o.api_key;
+        obj.api_key = obscureKey(o.api_key);
        obj.region = o.region;
+        obj.use_custom_tts = o.use_custom_tts;
+        obj.custom_tts_endpoint = o.custom_tts_endpoint;
+        obj.use_custom_stt = o.use_custom_stt;
+        obj.custom_stt_endpoint = o.custom_stt_endpoint;
        logger.info({obj, o}, 'retrieving azure speech credential');
      }
      else if ('wellsaid' === obj.vendor) {
        const o = JSON.parse(decrypt(credential));
-        obj.api_key = o.api_key;
+        obj.api_key = obscureKey(o.api_key);
+      }
+      else if ('nuance' === obj.vendor) {
+        const o = JSON.parse(decrypt(credential));
+        obj.client_id = o.client_id;
+        obj.secret = obscureKey(o.secret);
+      }
+      else if ('deepgram' === obj.vendor) {
+        const o = JSON.parse(decrypt(credential));
+        obj.api_key = obscureKey(o.api_key);
+      }
+      else if ('ibm' === obj.vendor) {
+        const o = JSON.parse(decrypt(credential));
+        obj.tts_api_key = obscureKey(o.tts_api_key);
+        obj.tts_region = o.tts_region;
+        obj.stt_api_key = obscureKey(o.stt_api_key);
+        obj.stt_region = o.stt_region;
+        obj.instance_id = o.instance_id;
+      } else if ('nvidia' == obj.vendor) {
+        const o = JSON.parse(decrypt(credential));
+        obj.riva_server_uri = o.riva_server_uri;
+      }
+      else if ('soniox' === obj.vendor) {
+        const o = JSON.parse(decrypt(credential));
+        obj.api_key = obscureKey(o.api_key);
+      }
+      else if (obj.vendor.startsWith('custom:')) {
+        const o = JSON.parse(decrypt(credential));
+        obj.auth_token = obscureKey(o.auth_token);
+        obj.custom_stt_url = o.custom_stt_url;
+        obj.custom_tts_url = o.custom_tts_url;
      }
      return obj;
    }));
@@ -147,18 +261,58 @@ router.get('/:sid', async(req, res) => {
    if (0 === cred.length) return res.sendStatus(404);
    const {credential, ...obj} = cred[0];
    if ('google' === obj.vendor) {
-      obj.service_key = decrypt(credential);
+      const o = JSON.parse(decrypt(credential));
+      const key_header = '-----BEGIN PRIVATE KEY-----\n';
+      const obscured = {
+        ...o,
+        private_key: `${key_header}${obscureKey(o.private_key.slice(key_header.length, o.private_key.length))}`
+      };
+      obj.service_key = JSON.stringify(obscured);
    }
    else if ('aws' === obj.vendor) {
      const o = JSON.parse(decrypt(credential));
      obj.access_key_id = o.access_key_id;
-      obj.secret_access_key = o.secret_access_key;
+      obj.secret_access_key = obscureKey(o.secret_access_key);
      obj.aws_region = o.aws_region;
    }
    else if ('microsoft' === obj.vendor) {
      const o = JSON.parse(decrypt(credential));
-      obj.api_key = o.api_key;
+      obj.api_key = obscureKey(o.api_key);
      obj.region = o.region;
+      obj.use_custom_tts = o.use_custom_tts;
+      obj.custom_tts_endpoint = o.custom_tts_endpoint;
+      obj.use_custom_stt = o.use_custom_stt;
+      obj.custom_stt_endpoint = o.custom_stt_endpoint;
+    }
+    else if ('wellsaid' === obj.vendor) {
+      const o = JSON.parse(decrypt(credential));
+      obj.api_key = obscureKey(o.api_key);
+    }
+    else if ('nuance' === obj.vendor) {
+      const o = JSON.parse(decrypt(credential));
+      obj.client_id = o.client_id;
+      obj.secret = obscureKey(o.secret);
+    }
+    else if ('deepgram' === obj.vendor) {
+      const o = JSON.parse(decrypt(credential));
+      obj.api_key = obscureKey(o.api_key);
+    }
+    else if ('ibm' === obj.vendor) {
+      const o = JSON.parse(decrypt(credential));
+      obj.tts_api_key = obscureKey(o.tts_api_key);
+      obj.tts_region = o.tts_region;
+      obj.stt_api_key = obscureKey(o.stt_api_key);
+      obj.stt_region = o.stt_region;
+      obj.instance_id = o.instance_id;
+    } else if ('nvidia' == obj.vendor) {
+      const o = JSON.parse(decrypt(credential));
+      obj.riva_server_uri = o.riva_server_uri;
+    }
+    else if (obj.vendor.startsWith('custom:')) {
+      const o = JSON.parse(decrypt(credential));
+      obj.auth_token = obscureKey(o.auth_token);
+      obj.custom_stt_url = o.custom_stt_url;
+      obj.custom_tts_url = o.custom_tts_url;
    }
    res.status(200).json(obj);
  } catch (err) {
@@ -189,7 +343,8 @@ router.put('/:sid', async(req, res) => {
  const sid = req.params.sid;
  const logger = req.app.locals.logger;
  try {
-    const {use_for_tts, use_for_stt} = req.body;
+    const {use_for_tts, use_for_stt, region, aws_region, stt_region, tts_region,
+      riva_server_uri, custom_stt_url, custom_tts_url} = req.body;
    if (typeof use_for_tts === 'undefined' && typeof use_for_stt === 'undefined') {
      throw new DbErrorUnprocessableRequest('use_for_tts and use_for_stt are the only updateable fields');
    }
@@ -203,9 +358,44 @@ router.put('/:sid', async(req, res) => {

    /* update the credential if provided */
    try {
-      obj.credential = encryptCredential(req.body);
-    } catch (err) {}
+      const cred = await SpeechCredential.retrieve(sid);
+      if (1 === cred.length) {
+        const {credential, vendor} = cred[0];
+        const o = JSON.parse(decrypt(credential));
+        const {
+          use_custom_tts,
+          custom_tts_endpoint,
+          use_custom_stt,
+          custom_stt_endpoint
+        } = req.body;

+        const newCred = {
+          ...o,
+          region,
+          vendor,
+          aws_region,
+          use_custom_tts,
+          custom_tts_endpoint,
+          use_custom_stt,
+          custom_stt_endpoint,
+          stt_region,
+          tts_region,
+          riva_server_uri,
+          custom_stt_url,
+          custom_tts_url
+        };
+        logger.info({o, newCred}, 'updating speech credential with this new credential');
+        obj.credential = encryptCredential(newCred);
+        obj.vendor = vendor;
+      }
+      else {
+        logger.info({sid}, 'speech credential not found!!');
+      }
+    } catch (err) {
+      logger.error({err}, 'error updating speech credential');
+    }
+
+    logger.info({obj}, 'updating speech credential with changes');
    const rowsAffected = await SpeechCredential.update(sid, obj);
    if (rowsAffected === 0) {
      return res.sendStatus(404);
@@ -295,10 +485,24 @@ router.get('/:sid/test', async(req, res) => {
      }
    }
    else if (cred.vendor === 'microsoft') {
-      const {api_key, region} = credential;
+      const {
+        api_key,
+        region,
+        use_custom_tts,
+        custom_tts_endpoint,
+        use_custom_stt,
+        custom_stt_endpoint
+      } = credential;
      if (cred.use_for_tts) {
        try {
-          await testMicrosoftTts(logger, {api_key, region});
+          await testMicrosoftTts(logger, {
+            api_key,
+            region,
+            use_custom_tts,
+            custom_tts_endpoint,
+            use_custom_stt,
+            custom_stt_endpoint
+          });
          results.tts.status = 'ok';
          SpeechCredential.ttsTestResult(sid, true);
        } catch (err) {
@@ -330,7 +534,103 @@ router.get('/:sid/test', async(req, res) => {
        }
      }
    }
+    else if (cred.vendor === 'nuance') {
+      const {getTtsVoices} = req.app.locals;
+
+      const {
+        client_id,
+        secret
+      } = credential;
+      if (cred.use_for_tts) {
+        try {
+          await testNuanceTts(logger, getTtsVoices, {
+            client_id,
+            secret
+          });
+          results.tts.status = 'ok';
+          SpeechCredential.ttsTestResult(sid, true);
+        } catch (err) {
+          logger.error({err}, 'error testing nuance tts');
+          const reason = err.statusCode === 401 ?
+            'invalid client_id or secret' :
+            (err.message || 'error accessing nuance tts service with provided credentials');
+          results.tts = {status: 'fail', reason};
+          SpeechCredential.ttsTestResult(sid, false);
+        }
+      }
+      if (cred.use_for_stt) {
+        try {
+          await testNuanceStt(logger, {client_id, secret});
+          results.stt.status = 'ok';
+          SpeechCredential.sttTestResult(sid, true);
+        } catch (err) {
+          results.stt = {status: 'fail', reason: err.message};
+          SpeechCredential.sttTestResult(sid, false);
+        }
+      }
+    }
+    else if (cred.vendor === 'deepgram') {
+      const {api_key} = credential;
+      if (cred.use_for_stt) {
+        try {
+          await testDeepgramStt(logger, {api_key});
+          results.stt.status = 'ok';
+          SpeechCredential.sttTestResult(sid, true);
+        } catch (err) {
+          results.stt = {status: 'fail', reason: err.message};
+          SpeechCredential.sttTestResult(sid, false);
+        }
+      }
+    }
+    else if (cred.vendor === 'ibm') {
+      const {getTtsVoices} = req.app.locals;
+
+      if (cred.use_for_tts) {
+        const {tts_api_key, tts_region} = credential;
+        try {
+          await testIbmTts(logger, getTtsVoices, {
+            tts_api_key,
+            tts_region
+          });
+          results.tts.status = 'ok';
+          SpeechCredential.ttsTestResult(sid, true);
+        } catch (err) {
+          logger.error({err}, 'error testing ibm tts');
+          const reason = err.statusCode === 401 ?
+            'invalid api_key or region' :
+            (err.message || 'error accessing ibm tts service with provided credentials');
+          results.tts = {status: 'fail', reason};
+          SpeechCredential.ttsTestResult(sid, false);
+        }
+      }
+      if (cred.use_for_stt) {
+        const {stt_api_key, stt_region, instance_id} = credential;
+        try {
+          await testIbmStt(logger, {stt_region, stt_api_key, instance_id});
+          results.stt.status = 'ok';
+          SpeechCredential.sttTestResult(sid, true);
+        } catch (err) {
+          results.stt = {status: 'fail', reason: err.message};
+          SpeechCredential.sttTestResult(sid, false);
+        }
+      }
+    }
+    else if (cred.vendor === 'soniox') {
+      const {api_key} = credential;
+      if (cred.use_for_stt) {
+        try {
+          await testSonioxStt(logger, {api_key});
+          results.stt.status = 'ok';
+          SpeechCredential.sttTestResult(sid, true);
+        } catch (err) {
+          results.stt = {status: 'fail', reason: err.message};
+          SpeechCredential.sttTestResult(sid, false);
+        }
+      }
+    }
+
    res.status(200).json(results);
+
  } catch (err) {
    sysError(logger, res, err);
  }
--- a/lib/routes/api/users.js
+++ b/lib/routes/api/users.js
@@ -1,6 +1,7 @@
-//const assert = require('assert');
-//const debug = require('debug')('jambonz:api-server');
 const router = require('express').Router();
+const User = require('../../models/user');
+const jwt = require('jsonwebtoken');
+const request = require('request');
 const {DbErrorBadRequest} = require('../../utils/errors');
 const {generateHashedPassword, verifyPassword} = require('../../utils/password-utils');
 const {promisePool} = require('../../db');
@@ -11,6 +12,11 @@ FROM users user
 JOIN accounts AS account ON account.account_sid = user.account_sid 
 LEFT JOIN service_providers as sp ON account.service_provider_sid = sp.service_provider_sid  
 WHERE user.user_sid = ?`;
+const retrieveMyDetails2 = `SELECT * 
+FROM users user
+LEFT JOIN accounts AS account ON account.account_sid = user.account_sid 
+LEFT JOIN service_providers as sp ON sp.service_provider_sid = user.service_provider_sid 
+WHERE user.user_sid = ?`;
 const retrieveSql = 'SELECT * from users where user_sid = ?';
 const retrieveProducts = `SELECT * 
 FROM account_products 
@@ -23,7 +29,15 @@ const updateSql = 'UPDATE users set hashed_password = ?, force_change = false WH
 const retrieveStaticIps = 'SELECT * FROM account_static_ips WHERE account_sid = ?';

 const validateRequest = async(user_sid, payload) => {
-  const {old_password, new_password, name, email, email_activation_code} = payload;
+  const {
+    old_password,
+    new_password,
+    initial_password,
+    name,
+    email,
+    email_activation_code,
+    force_change,
+    is_active} = payload;

  const [r] = await promisePool.query(retrieveSql, user_sid);
  if (r.length === 0) return null;
@@ -37,94 +51,195 @@ const validateRequest = async(user_sid, payload) => {
    throw new DbErrorBadRequest('can not change password when using oauth2');
  }

-  if ((email && !email_activation_code) || (email_activation_code && !email)) {
+  if (email_activation_code && !email) {
    throw new DbErrorBadRequest('email and email_activation_code both required');
  }
-  if (!name && !new_password && !email) throw new DbErrorBadRequest('no updates requested');
+  if (!name && !new_password && !email && !initial_password && !force_change && !is_active)
+    throw new DbErrorBadRequest('no updates requested');

  return user;
 };

+router.get('/', async(req, res) => {
+  const logger = req.app.locals.logger;
+  const token = req.user.jwt;
+  const decodedJwt = jwt.verify(token, process.env.JWT_SECRET);
+
+  let usersList;
+  try {
+    let results;
+    if (decodedJwt.scope === 'admin') {
+      results = await User.retrieveAll();
+    }
+    else if (decodedJwt.scope === 'account') {
+      results = await User.retrieveAllForAccount(decodedJwt.account_sid, true);
+    }
+    else if (decodedJwt.scope === 'service_provider') {
+      results = await User.retrieveAllForServiceProvider(decodedJwt.service_provider_sid, true);
+    }
+    else {
+      throw new DbErrorBadRequest(`invalid scope: ${decodedJwt.scope}`);
+    }
+
+    if (results.length === 0) throw new Error('failure retrieving users list');
+
+    usersList = results.map((user) => {
+      const {
+        user_sid,
+        name,
+        email,
+        force_change,
+        is_active,
+        account_sid,
+        service_provider_sid,
+        account_name,
+        service_provider_name
+      } = user;
+      let scope;
+      if (account_sid && service_provider_sid) {
+        scope = 'account';
+      } else if (service_provider_sid) {
+        scope = 'service_provider';
+      } else {
+        scope = 'admin';
+      }
+
+      const obj = {
+        user_sid,
+        name,
+        email,
+        scope,
+        force_change,
+        is_active,
+        ...(account_sid && {account_sid}),
+        ...(account_name && {account_name}),
+        ...(service_provider_sid && {service_provider_sid}),
+        ...(service_provider_name && {service_provider_name})
+      };
+      return obj;
+    });
+  } catch (err) {
+    sysError(logger, res, err);
+  }
+  res.status(200).json(usersList);
+});
+
 router.get('/me', async(req, res) => {
  const logger = req.app.locals.logger;
  const {user_sid} = req.user;

  if (!user_sid) return res.sendStatus(403);

+  let payload;
  try {
-    const [r] = await promisePool.query({sql: retrieveMyDetails, nestTables: true}, user_sid);
-    logger.debug(r, 'retrieved user details');
-    const payload = r[0];
-    const {user, account, sp} = payload;
-    ['hashed_password', 'salt', 'phone_activation_code', 'email_activation_code', 'account_sid'].forEach((prop) => {
-      delete user[prop];
-    });
-    ['email_validated', 'phone_validated', 'force_change'].forEach((prop) => user[prop] = !!user[prop]);
-    ['is_active'].forEach((prop) => account[prop] = !!account[prop]);
-    account.root_domain = sp.root_domain;
-    delete payload.sp;
-
-    /* get api keys */
-    const [keys] = await promisePool.query('SELECT * from api_keys WHERE account_sid = ?', account.account_sid);
-    payload.api_keys = keys.map((k) => {
-      return {
-        api_key_sid: k.api_key_sid,
-        //token: k.token.replace(/.(?=.{4,}$)/g, '*'),
-        token: k.token,
-        last_used: k.last_used,
-        created_at: k.created_at
-      };
-    });
-
-    /* get products */
-    const [products] = await promisePool.query({sql: retrieveProducts, nestTables: true}, account.account_sid);
-    if (!products.length || !products[0].account_subscriptions) {
-      throw new Error('account is missing a subscription');
-    }
-    const account_subscription = products[0].account_subscriptions;
-    payload.subscription = {
-      status: 'active',
-      account_subscription_sid: account_subscription.account_subscription_sid,
-      start_date: account_subscription.effective_start_date,
-      products: products.map((prd) => {
-        return {
-          name: prd.products.name,
-          units: prd.products.unit_label,
-          quantity: prd.account_products.quantity
-        };
-      })
-    };
-    if (account_subscription.pending) {
-      Object.assign(payload.subscription, {
-        status: 'suspended',
-        suspend_reason: account_subscription.pending_reason
+    if (process.env.JAMBONES_HOSTING) {
+      const [r] = await promisePool.query({sql: retrieveMyDetails, nestTables: true}, user_sid);
+      logger.debug(r, 'retrieved user details');
+      payload = r[0];
+      const {user, account, sp} = payload;
+      ['hashed_password', 'salt', 'phone_activation_code', 'email_activation_code', 'account_sid'].forEach((prop) => {
+        delete user[prop];
      });
-    }
-    const {
-      last4,
-      exp_month,
-      exp_year,
-      card_type,
-      stripe_statement_descriptor
-    } = account_subscription;
-    if (last4) {
-      const real_last4 = decrypt(last4);
-      Object.assign(payload.subscription, {
-        last4: real_last4,
+      ['email_validated', 'phone_validated', 'force_change'].forEach((prop) => user[prop] = !!user[prop]);
+      ['is_active'].forEach((prop) => account[prop] = !!account[prop]);
+      account.root_domain = sp.root_domain;
+      delete payload.sp;
+
+      /* get api keys */
+      const [keys] = await promisePool.query('SELECT * from api_keys WHERE account_sid = ?', account.account_sid);
+      payload.api_keys = keys.map((k) => {
+        return {
+          api_key_sid: k.api_key_sid,
+          //token: k.token.replace(/.(?=.{4,}$)/g, '*'),
+          token: k.token,
+          last_used: k.last_used,
+          created_at: k.created_at
+        };
+      });
+
+      /* get products */
+      const [products] = await promisePool.query({sql: retrieveProducts, nestTables: true}, account.account_sid);
+      if (!products.length || !products[0].account_subscriptions) {
+        throw new Error('account is missing a subscription');
+      }
+      const account_subscription = products[0].account_subscriptions;
+      payload.subscription = {
+        status: 'active',
+        account_subscription_sid: account_subscription.account_subscription_sid,
+        start_date: account_subscription.effective_start_date,
+        products: products.map((prd) => {
+          return {
+            name: prd.products.name,
+            units: prd.products.unit_label,
+            quantity: prd.account_products.quantity
+          };
+        })
+      };
+      if (account_subscription.pending) {
+        Object.assign(payload.subscription, {
+          status: 'suspended',
+          suspend_reason: account_subscription.pending_reason
+        });
+      }
+      const {
+        last4,
        exp_month,
        exp_year,
        card_type,
-        statement_descriptor: stripe_statement_descriptor
+        stripe_statement_descriptor
+      } = account_subscription;
+      if (last4) {
+        const real_last4 = decrypt(last4);
+        Object.assign(payload.subscription, {
+          last4: real_last4,
+          exp_month,
+          exp_year,
+          card_type,
+          statement_descriptor: stripe_statement_descriptor
+        });
+      }
+
+      /* get static ips */
+      const [static_ips] = await promisePool.query(retrieveStaticIps, account.account_sid);
+      payload.static_ips = static_ips.map((r) => r.public_ipv4);
+    }
+    else {
+      const [r] = await promisePool.query({sql: retrieveMyDetails2, nestTables: true}, user_sid);
+      logger.debug(r, 'retrieved user details');
+      payload = r[0];
+      const {user} = payload;
+      ['hashed_password', 'salt', 'phone_activation_code', 'email_activation_code'].forEach((prop) => {
+        delete user[prop];
      });
+      ['email_validated', 'phone_validated', 'force_change'].forEach((prop) => user[prop] = !!user[prop]);
+    }
+    logger.debug({payload}, 'returning user details');
+    res.json(payload);
+  } catch (err) {
+    sysError(logger, res, err);
+  }
+});
+
+router.get('/:user_sid', async(req, res) => {
+  const logger = req.app.locals.logger;
+  const token = req.user.jwt;
+  const decodedJwt = jwt.verify(token, process.env.JWT_SECRET);
+  const {user_sid} = req.params;
+
+  try {
+    const [user] = await User.retrieve(user_sid);
+    // eslint-disable-next-line no-unused-vars
+    const {hashed_password, ...rest} = user;
+    if (!user) throw new Error('failure retrieving user');
+
+    if (decodedJwt.scope === 'admin' ||
+    decodedJwt.scope === 'account' && decodedJwt.account_sid === user.account_sid ||
+    decodedJwt.scope === 'service_provider' && decodedJwt.service_provider_sid === user.service_provider_sid) {
+      res.status(200).json(rest);
+    } else {
+      res.sendStatus(403);
    }

-    /* get static ips */
-    const [static_ips] = await promisePool.query(retrieveStaticIps, account.account_sid);
-    payload.static_ips = static_ips.map((r) => r.public_ipv4);
-
-    logger.debug({payload}, 'returning user details');
-
-    res.json(payload);
  } catch (err) {
    sysError(logger, res, err);
  }
@@ -133,9 +248,30 @@ router.get('/me', async(req, res) => {
 router.put('/:user_sid', async(req, res) => {
  const logger = req.app.locals.logger;
  const {user_sid} = req.params;
-  const {old_password, new_password, name, email, email_activation_code} = req.body;
+  const user = await User.retrieve(user_sid);
+  const token = req.user.jwt;
+  const decodedJwt = jwt.verify(token, process.env.JWT_SECRET);
+  const {
+    old_password,
+    new_password,
+    initial_password,
+    email_activation_code,
+    email,
+    name,
+    is_active,
+    force_change,
+    account_sid,
+    service_provider_sid
+  } = req.body;

-  if (req.user.user_sid && req.user.user_sid !== user_sid) return res.sendStatus(403);
+  //if (req.user.user_sid && req.user.user_sid !== user_sid) return res.sendStatus(403);
+
+  if (decodedJwt.scope !== 'admin' &&
+  !(decodedJwt.scope === 'account' && decodedJwt.account_sid === user[0].account_sid) &&
+  !(decodedJwt.scope === 'service_provider' && decodedJwt.service_provider_sid === user[0].service_provider_sid) &&
+  (req.user.user_sid && req.user.user_sid !== user_sid)) {
+    return res.sendStatus(403);
+  }

  try {
    const user = await validateRequest(user_sid, req.body);
@@ -149,6 +285,11 @@ router.put('/:user_sid', async(req, res) => {
        //debug(`PUT /Users/:sid pwd ${old_password} does not match hash ${old_hashed_password}`);
        return res.sendStatus(403);
      }
+
+      if (old_password === new_password) {
+        throw new Error('new password cannot be your old password');
+      }
+
      const passwordHash = await generateHashedPassword(new_password);
      //debug(`updating hashed_password to ${passwordHash}`);
      const r = await promisePool.execute(updateSql, [passwordHash, user_sid]);
@@ -160,10 +301,51 @@ router.put('/:user_sid', async(req, res) => {
      if (0 === r.changedRows) throw new Error('database update failed');
    }

-    if (email) {
+    if (initial_password) {
+      const passwordHash = await generateHashedPassword(initial_password);
      const r = await promisePool.execute(
-        'UPDATE users SET email = ?, email_activation_code = ?, email_validated = 0 WHERE user_sid = ?',
-        [email, email_activation_code, user_sid]);
+        'UPDATE users SET hashed_password = ? WHERE user_sid = ?',
+        [passwordHash, user_sid]
+      );
+      if (0 === r.changedRows) throw new Error('database update failed');
+    }
+
+    if (typeof is_active !== 'undefined') {
+      const r = await promisePool.execute('UPDATE users SET is_active = ? WHERE user_sid = ?', [is_active, user_sid]);
+      if (0 === r.changedRows) throw new Error('database update failed');
+    }
+
+    if (typeof force_change !== 'undefined') {
+      const r = await promisePool.execute(
+        'UPDATE users SET force_change = ? WHERE user_sid = ?',
+        [force_change, user_sid]);
+      if (0 === r.changedRows) throw new Error('database update failed');
+    }
+
+    if (account_sid || account_sid === null) {
+      const r = await promisePool.execute(
+        'UPDATE users SET account_sid = ? WHERE user_sid = ?',
+        [account_sid, user_sid]);
+      if (0 === r.changedRows) throw new Error('database update failed');
+    }
+
+    if (service_provider_sid || service_provider_sid === null) {
+      const r = await promisePool.execute(
+        'UPDATE users SET service_provider_sid = ? WHERE user_sid = ?',
+        [service_provider_sid, user_sid]);
+      if (0 === r.changedRows) throw new Error('database update failed');
+    }
+
+    if (email) {
+      if (email_activation_code) {
+        const r = await promisePool.execute(
+          'UPDATE users SET email = ?, email_activation_code = ?, email_validated = 0 WHERE user_sid = ?',
+          [email, email_activation_code, user_sid]);
+        if (0 === r.changedRows) throw new Error('database update failed');
+      }
+      const r = await promisePool.execute(
+        'UPDATE users SET email = ? WHERE user_sid = ?',
+        [email, user_sid]);
      if (0 === r.changedRows) throw new Error('database update failed');

      if (process.env.NODE_ENV !== 'test') {
@@ -176,5 +358,102 @@ router.put('/:user_sid', async(req, res) => {
  }
 });

+router.post('/', async(req, res) => {
+  const logger = req.app.locals.logger;
+  const passwordHash = await generateHashedPassword(req.body.initial_password);
+  const payload = {
+    ...req.body,
+    provider: 'local',
+    hashed_password: passwordHash,
+  };
+  const allUsers = await User.retrieveAll();
+  const token = req.user.jwt;
+  const decodedJwt = jwt.verify(token, process.env.JWT_SECRET);
+  delete payload.initial_password;
+
+  try {
+    const email = allUsers.find((e) => e.email === payload.email);
+    const name = allUsers.find((e) => e.name === payload.name);
+
+    if (name) {
+      logger.debug({payload}, 'user with this username already exists');
+      return res.status(422).json({msg: 'user with this username already exists'});
+    }
+
+    if (email) {
+      logger.debug({payload}, 'user with this email already exists');
+      return res.status(422).json({msg: 'user with this email already exists'});
+    }
+
+    if (decodedJwt.scope === 'admin') {
+      logger.debug({payload}, 'POST /users');
+      const uuid = await User.make(payload);
+      res.status(201).json({user_sid: uuid});
+    }
+    else if (decodedJwt.scope === 'account') {
+      logger.debug({payload}, 'POST /users');
+      const uuid = await User.make({
+        ...payload,
+        account_sid: decodedJwt.account_sid,
+      });
+      res.status(201).json({user_sid: uuid});
+    }
+    else if (decodedJwt.scope === 'service_provider') {
+      logger.debug({payload}, 'POST /users');
+      const uuid = await User.make({
+        ...payload,
+        service_provider_sid: decodedJwt.service_provider_sid,
+      });
+      res.status(201).json({user_sid: uuid});
+    }
+    else {
+      throw new DbErrorBadRequest(`invalid scope: ${decodedJwt.scope}`);
+    }
+  } catch (err) {
+    sysError(logger, res, err);
+  }
+});
+
+router.delete('/:user_sid', async(req, res) => {
+  const logger = req.app.locals.logger;
+  const {user_sid} = req.params;
+  const token = req.user.jwt;
+  const decodedJwt = jwt.verify(token, process.env.JWT_SECRET);
+  const allUsers = await User.retrieveAll();
+  const activeAdminUsers = allUsers.filter((e) => !e.account_sid && !e.service_provider_sid && e.is_active);
+  const user = await User.retrieve(user_sid);
+
+  try {
+    if (decodedJwt.scope === 'admin' && !user.account_sid && !user.service_provider_sid &&
+     activeAdminUsers.length === 1) {
+      throw new Error('cannot delete this admin user - there are no other active admin users');
+    }
+
+    if (decodedJwt.scope === 'admin' ||
+    (decodedJwt.scope === 'account' && decodedJwt.account_sid === user[0].account_sid) ||
+    (decodedJwt.scope === 'service_provider' && decodedJwt.service_provider_sid === user[0].service_provider_sid)) {
+      await User.remove(user_sid);
+      //logout user after self-delete
+      if (decodedJwt.user_sid === user_sid) {
+        request({
+          url:'http://localhost:3000/v1/logout',
+          method: 'POST',
+        }, (err) => {
+          if (err) {
+            logger.error(err, 'could not log out user');
+            return res.sendStatus(500);
+          }
+          logger.debug({user}, 'user deleted and logged out');
+        });
+      }
+      return res.sendStatus(204);
+    } else {
+      throw new DbErrorBadRequest(`invalid scope: ${decodedJwt.scope}`);
+    }
+  } catch (err) {
+    sysError(logger, res, err);
+  }
+});
+

 module.exports = router;
--- a/lib/routes/api/utils.js
+++ b/lib/routes/api/utils.js
@@ -126,7 +126,7 @@ const createTestAlerts = async(writeAlerts, AlertType, account_sid) => {
        data.push({timestamp, account_sid, alert_type: AlertType.CARRIER_NOT_PROVISIONED});
        break;
      case 4:
-        data.push({timestamp, account_sid, alert_type: AlertType.CALL_LIMIT, count: 50});
+        data.push({timestamp, account_sid, alert_type: AlertType.ACCOUNT_CALL_LIMIT, count: 50});
        break;
      default:
        break;
@@ -149,6 +149,7 @@ const parseAccountSid = (req) => {

 const hasAccountPermissions = (req, res, next) => {
  if (req.user.hasScope('admin')) return next();
+  if (req.user.hasScope('service_provider')) return next();
  if (req.user.hasScope('account')) {
    const account_sid = parseAccountSid(req);
    if (account_sid === req.user.account_sid) return next();
--- a/lib/swagger/swagger.yaml
+++ b/lib/swagger/swagger.yaml
@@ -515,6 +515,28 @@ paths:
            application/json:
              schema:
                $ref: '#/components/schemas/GeneralError'
+  /Users:
+    get: 
+      summary: list all users
+      operationId: listUsers
+      responses:
+        200:
+          description: list of users
+          content:
+            application/json:
+              schema:
+                type:
+                  array
+                items:
+                  $ref: '#/components/schemas/Users'
+        403:
+          description: unauthorized
+        500:
+          description: system error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GeneralError'
  /Users/{UserSid}:
    parameters:
      - name: UserSid
@@ -524,6 +546,42 @@ paths:
        explode: false
        schema:
          type: string
+    get:
+      summary: retrieve user information
+      operationId: getUser
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                email: 
+                  type: string
+                is_active:
+                  type: boolean
+                force_change:
+                  type: boolean
+                scope:
+                  type: string
+                permissions:
+                  type: array
+      responses:
+        204:
+          description: user information
+        403:
+          description: user information
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GeneralError'
+        500:
+          description: system error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GeneralError'
    put:
      summary: update user information
      operationId: updateUser
@@ -545,11 +603,21 @@ paths:
                new_password:
                  type: string
                  description: new password
+                name:
+                  type: string
+                is_active:
+                  type: boolean
+                force_change:
+                  type: boolean
+                scope:
+                  type: string
+                permissions:
+                  type: array
      responses:
        204:
          description: user updated
        403:
-          description: password change failed
+          description: user update failed
          content:
            application/json:
              schema:
@@ -560,6 +628,63 @@ paths:
            application/json:
              schema:
                $ref: '#/components/schemas/GeneralError'
+    post:
+      summary: create a new user
+      operationId: createUser
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                email: 
+                  type: string
+                is_active:
+                  type: boolean
+                force_change:
+                  type: boolean
+                scope:
+                  type: string
+                permissions:
+                  type: array
+                force_change:
+                  type: boolean
+                old_password:
+                  type: string
+                  description: existing password, which is to be replaced
+      responses:
+        204:
+          description: user created
+        403:
+          description: user creation failed
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GeneralError'
+        500:
+          description: system error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GeneralError'
+    delete:
+      summary: delete a user
+      operationId: deleteUser
+      responses:
+        204:
+          description: user deleted
+        404:
+          description: user not found
+        403:
+          description: unauthorized
+        500:
+          description: system error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GeneralError'
  /Users/me:
    get:
      summary: retrieve details about logged-in user and associated account
@@ -909,6 +1034,15 @@ paths:
                  type: string
                  description: sip password to authenticate with, if registration is required
                  example: bar
+                register_from_user:
+                  type: string
+                  description: optional username to apply in From header
+                register_from_domain:
+                  type: string
+                  description: optional domain to apply in From header
+                register_public_ip_in_contact:
+                  type: boolean
+                  description: if true, use our public ip in Contact header; otherwise, use sip realm
                tech_prefix:
                  type: string
                  description: prefix to be applied to the called number for outbound call attempts
@@ -1346,6 +1480,12 @@ paths:
            schema:
              type: object
              properties:
+                account_sid:
+                  type: string
+                  format: uuid
+                application_sid:
+                  type: string
+                  format: uuid
                number:
                  type: string
                  description: telephone number
@@ -1800,7 +1940,7 @@ paths:
      summary: test a speech credential
      operationId: testSpeechCredential
      parameters:
-        - name: AccountSid
+        - name: ServiceProviderSid
          in: path
          required: true
          schema:
@@ -1849,6 +1989,122 @@ paths:
            application/json:
              schema:
                $ref: '#/components/schemas/GeneralError'
+  /ServiceProviders/{ServiceProviderSid}/Limits:
+    post:
+      summary: create a limit for a service provider
+      operationId: addLimitForServiceProvider
+      parameters:
+        - name: ServiceProviderSid
+          in: path
+          required: true
+          schema:
+            type: string
+            format: uuid
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Limits'
+      responses:
+        201:
+          description: limit successfully created or updated
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SuccessfulAdd'
+        404:
+          description: service provider not found
+        500:
+          description: system error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GeneralError'
+    get:
+      summary: retrieve call capacity and other limits from the service provider
+      operationId: getServiceProviderLimits
+      parameters:
+        - name: ServiceProviderSid
+          in: path
+          required: true
+          schema:
+            type: string
+            format: uuid
+      responses:
+        200:
+          description: service provider limits
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Limits'
+        404:
+          description: service provider not found
+        500:
+          description: system error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GeneralError'
+  /Accounts/{AccountSid}/Limits:
+    post:
+      summary: create a limit for an account
+      operationId: addLimitForAccount
+      parameters:
+        - name: AccountSid
+          in: path
+          required: true
+          schema:
+            type: string
+            format: uuid
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Limits'
+      responses:
+        201:
+          description: limit successfully created or updated
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SuccessfulAdd'
+        404:
+          description: account not found
+        500:
+          description: system error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GeneralError'
+    get:
+      summary: retrieve call capacity and other limits from the account
+      operationId: getAccountLimits
+      parameters:
+        - name: AccountSid
+          in: path
+          required: true
+          schema:
+            type: string
+            format: uuid
+      responses:
+        200:
+          description: account limits
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Limits'
+        404:
+          description: account not found
+        500:
+          description: system error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GeneralError'
  /MicrosoftTeamsTenants:
    post:
      summary: provision a customer tenant for MS Teams
@@ -2663,6 +2919,202 @@ paths:
                type: object
        404:
          description: account or call not found
+  /ServiceProviders/{ServiceProviderSid}/RecentCalls/{CallId}/pcap:
+    parameters:
+      - name: ServiceProviderSid
+        in: path
+        required: true
+        schema:
+          type: string
+          format: uuid
+      - name: CallId
+        in: path
+        required: true
+        schema:
+          type: string
+    get:
+      summary: retrieve pcap for a call
+      operationId: getRecentCallTrace
+      responses:
+        200:
+          description: retrieve sip trace data
+          content:
+            application/octet-stream:
+              schema:
+                type: object
+        404:
+          description: account or call not found
+  /ServiceProviders/{ServiceProviderSid}/RecentCalls:
+    parameters:
+      - name: ServiceProviderSid
+        in: path
+        required: true
+        schema:
+          type: string
+          format: uuid
+      - in: query
+        name: page
+        required: true
+        schema:
+          type: number
+          format: integer
+          description: page number of data to retrieve
+      - in: query
+        name: count
+        required: true
+        schema:
+          type: number
+          format: integer
+          description: number of rows to retrieve in each page set
+      - in: query
+        name: days
+        required: false
+        schema:
+          type: number
+          format: integer
+          description: number of days back to retrieve, must be ge 1 and le 30
+      - in: query
+        name: start
+        required: false
+        schema:
+          type: string
+          format: date-time
+          description: start date to retrieve
+      - in: query
+        name: end
+        required: false
+        schema:
+          type: string
+          format: date-time
+          description: end date to retrieve
+      - in: query
+        name: answered
+        required: false
+        schema:
+          type: string
+          enum:
+            - true
+            - false
+          description: retrieve only answered calls
+      - in: query
+        name: direction
+        required: false
+        schema:
+          type: string
+          enum:
+            - inbound
+            - outbound
+    get:
+      summary: retrieve recent calls for an account
+      operationId: listRecentCalls
+      responses:
+        200:
+          description: retrieve recent call records for a specified account
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  total:
+                    type: number
+                    format: integer
+                    description: total number of records in that database that match the filter criteria
+                  batch:
+                    type: number
+                    format: integer
+                    description: total number of records returned in this page set
+                  page:
+                    type: number
+                    format: integer
+                    description: page number that was requested, and is being returned
+                  data:
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          service_provider_sid:
+                            type: string
+                            format: uuid
+                          account_sid:
+                            type: string
+                            format: uuid
+                          call_sid:
+                            type: string
+                            format: uuid
+                          from:
+                            type: string
+                          to: 
+                            type: string
+                          answered:
+                            type: boolean
+                          sip_call_id:
+                            type: string
+                          sip_status:
+                            type: number
+                            format: integer
+                          duration:
+                            type: number
+                            format: integer
+                          attempted_at:
+                            type: number
+                            format: integer
+                          answered_at:
+                            type: number
+                            format: integer
+                          terminated_at:
+                            type: number
+                            format: integer
+                          termination_reason:
+                            type: string
+                          host:
+                            type: string
+                          remote_host:
+                            type: string
+                          direction:
+                            type: string
+                            enum:
+                              - inbound
+                              - outbound
+                          trunk:
+                            type: string
+                        required:
+                          - account_sid
+                          - call_sid
+                          - attempted_at
+                          - terminated_at
+                          - answered
+                          - direction
+                          - from 
+                          - to
+                          - sip_status
+                          - duration
+        404:
+          description: account not found
+  /ServiceProviders/{ServiceProviderSid}/RecentCalls/{CallId}:
+    parameters:
+      - name: ServiceProviderSid
+        in: path
+        required: true
+        schema:
+          type: string
+          format: uuid
+      - name: CallId
+        in: path
+        required: true
+        schema:
+          type: string
+    get:
+      summary: retrieve sip trace detail for a call
+      operationId: getRecentCallTrace
+      responses:
+        200:
+          description: retrieve sip trace data
+          content:
+            application/json:
+              schema:
+                type: object
+        404:
+          description: service provider or call not found
  /Accounts/{AccountSid}/RecentCalls/{CallId}/pcap:
    parameters:
      - name: AccountSid
@@ -2688,6 +3140,116 @@ paths:
                type: object
        404:
          description: account or call not found
+  /ServiceProviders/{ServiceProviderSid}/Alerts:
+    parameters:
+      - name: ServiceProviderSid
+        in: path
+        required: true
+        schema:
+          type: string
+          format: uuid
+      - in: query
+        name: page
+        required: true
+        schema:
+          type: number
+          format: integer
+          description: page number of data to retrieve
+      - in: query
+        name: count
+        required: true
+        schema:
+          type: number
+          format: integer
+          description: number of rows to retrieve in each page set
+      - in: query
+        name: days
+        required: false
+        schema:
+          type: number
+          format: integer
+          description: number of days back to retrieve, must be ge 1 and le 30
+      - in: query
+        name: start
+        required: false
+        schema:
+          type: string
+          format: date-time
+          description: start date to retrieve
+      - in: query
+        name: end
+        required: false
+        schema:
+          type: string
+          format: date-time
+          description: end date to retrieve
+      - in: query
+        name: alert_type
+        required: false
+        schema:
+          type: string
+          enum:
+            - webhook-failure
+            - webhook-connection-failure
+            - webhook-auth-failure
+            - no-tts
+            - no-stt
+            - tts-failure
+            - stt-failure
+            - no-carrier
+            - call-limit
+            - device-limit
+            - api-limit
+    get:
+      summary: retrieve alerts for a service provider
+      operationId: listAlerts
+      responses:
+        200:
+          description: retrieve alerts for a specified account
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  total:
+                    type: number
+                    format: integer
+                    description: total number of records in that database that match the filter criteria
+                  batch:
+                    type: number
+                    format: integer
+                    description: total number of records returned in this page set
+                  page:
+                    type: number
+                    format: integer
+                    description: page number that was requested, and is being returned
+                  data:
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          time:
+                            type: string
+                            format: date-time
+                          service_provider_sid:
+                            type: string
+                            format: uuid
+                          account_sid:
+                            type: string
+                            format: uuid
+                          alert_type:
+                            type: string
+                          message:
+                            type: string
+                          detail:
+                            type: string
+                        required:
+                          - time
+                          - account_sid
+                          - alert_type
+                          - message
+        404:
+          description: service provider not found
  /Accounts/{AccountSid}/Alerts:
    parameters:
      - name: AccountSid
@@ -2820,6 +3382,9 @@ paths:
                messaging_hook:
                  $ref: '#/components/schemas/Webhook'
                  description: application webhook to handle inbound SMS/MMS messages
+                app_json:
+                   type: string
+                   description: Voice Application Json, call_hook will not be invoked if app_json is provided
                speech_synthesis_vendor:
                  type: string
                speech_synthesis_voice:
@@ -2982,6 +3547,10 @@ paths:
                  type: string
                  description: The calling party number
                  example: "16172375089"
+                fromHost:
+                  type: string
+                  description: The hostname to put in the SIP From header of the INVITE
+                  example: "blf.finotel.com"
                timeout:
                  type: integer
                  description: the number of seconds to wait for call to be answered.  Defaults to 60.
@@ -3135,6 +3704,20 @@ paths:
                      type: string
                    headers:
                      type: object
+                record: 
+                  type: object
+                  properties:
+                    action:
+                      type: string
+                      enum:
+                      - startCallRecording
+                      - stopCallRecording
+                      - pauseCallRecording
+                      - resumeCallRecording
+                    recordingID:
+                      type: string 
+                    siprecServerURL:
+                      type: string
      responses:
        200:
          description: Accepted
@@ -3679,6 +4262,8 @@ components:
          type: boolean
        stt_tested_ok:
          type: boolean
+        riva_server_uri:
+          type: string
    SpeechCredentialUpdate:
      properties:
        use_for_tts:
@@ -4069,6 +4654,12 @@ components:
          type: string
        register_password:
          type: string
+        register_from_user:
+          type: string
+        register_from_domain:
+          type: string
+        register_public_ip_in_contact:
+          type: boolean
        tech_prefix:
          type: string
        inbound_auth_username:
@@ -4083,6 +4674,15 @@ components:
        - requires_static_ip
        - e164_leading_plus
        - requires_register
+    Limits:
+      type: object
+      properties:
+        category:
+          type: string
+          enum:
+            - voice_call_session
+            - api_limit
+            - devices

 security:
  - bearerAuth: []
--- a/lib/utils/speech-utils.js
+++ b/lib/utils/speech-utils.js
@@ -2,9 +2,38 @@ const ttsGoogle = require('@google-cloud/text-to-speech');
 const sttGoogle = require('@google-cloud/speech').v1p1beta1;
 const Polly = require('aws-sdk/clients/polly');
 const AWS = require('aws-sdk');
+const { Deepgram } = require('@deepgram/sdk');
+const sdk = require('microsoft-cognitiveservices-speech-sdk');
+const { SpeechClient } = require('@soniox/soniox-node');
 const bent = require('bent');
 const fs = require('fs');

+
+const testSonioxStt = async(logger, credentials) => {
+  const api_key = credentials;
+  const soniox = new SpeechClient(api_key);
+
+  return new Promise(async(resolve, reject) => {
+    try {
+      const result = await soniox.transcribeFileShort('data/test_audio.wav');
+      if (result.words.length > 0) resolve(result);
+      else reject(new Error('no transcript returned'));
+    } catch (error) {
+      logger.info({error}, 'failed to get soniox transcript');
+      reject(error);
+    }
+  });
+};
+
+const testNuanceTts = async(logger, getTtsVoices, credentials) => {
+  const voices = await getTtsVoices({vendor: 'nuance', credentials});
+  return voices;
+};
+const testNuanceStt = async(logger, credentials) => {
+  //TODO
+  return true;
+};
+
 const testGoogleTts = async(logger, credentials) => {
  const client = new ttsGoogle.TextToSpeechClient({credentials});
  await client.listVoices();
@@ -32,6 +61,65 @@ const testGoogleStt = async(logger, credentials) => {
  }
 };

+const testDeepgramStt = async(logger, credentials) => {
+  const {api_key} = credentials;
+  const deepgram = new Deepgram(api_key);
+
+  const mimetype = 'audio/wav';
+  const source = {
+    buffer: fs.readFileSync(`${__dirname}/../../data/test_audio.wav`),
+    mimetype: mimetype
+  };
+
+  return new Promise((resolve, reject) => {
+    // Send the audio to Deepgram and get the response
+    deepgram.transcription
+      .preRecorded(source, {punctuate: true})
+      .then((response) => {
+        //logger.debug({response}, 'got transcript');
+        if (response?.results?.channels[0]?.alternatives?.length > 0) resolve(response);
+        else reject(new Error('no transcript returned'));
+        return;
+      })
+      .catch((err) => {
+        logger.info({err}, 'failed to get deepgram transcript');
+        reject(err);
+      });
+  });
+};
+
+const testMicrosoftStt = async(logger, credentials) => {
+  const {api_key, region} = credentials;
+
+  const speechConfig = sdk.SpeechConfig.fromSubscription(api_key, region);
+  const audioConfig = sdk.AudioConfig.fromWavFileInput(fs.readFileSync(`${__dirname}/../../data/test_audio.wav`));
+  speechConfig.speechRecognitionLanguage = 'en-US';
+  const speechRecognizer = new sdk.SpeechRecognizer(speechConfig, audioConfig);
+
+  return new Promise((resolve, reject) => {
+    speechRecognizer.recognizeOnceAsync((result) => {
+      switch (result.reason) {
+        case sdk.ResultReason.RecognizedSpeech:
+          resolve();
+          break;
+        case sdk.ResultReason.NoMatch:
+          reject('Speech could not be recognized.');
+          break;
+        case sdk.ResultReason.Canceled:
+          const cancellation = sdk.CancellationDetails.fromResult(result);
+          logger.info(`CANCELED: Reason=${cancellation.reason}`);
+          if (cancellation.reason == sdk.CancellationReason.Error) {
+            logger.info(`CANCELED: ErrorCode=${cancellation.ErrorCode}`);
+            logger.info(`CANCELED: ErrorDetails=${cancellation.errorDetails}`);
+          }
+          reject(cancellation.reason);
+          break;
+      }
+      speechRecognizer.close();
+    });
+  });
+};
+
 const testAwsTts = (logger, credentials) => {
  const polly = new Polly(credentials);
  return new Promise((resolve, reject) => {
@@ -54,8 +142,27 @@ const testAwsStt = (logger, credentials) => {
 };

 const testMicrosoftTts = async(logger, credentials) => {
-  const {api_key, region} = credentials;
+  const {
+    api_key,
+    region,
+    // eslint-disable-next-line no-unused-vars
+    use_custom_tts,
+    // eslint-disable-next-line no-unused-vars
+    custom_tts_endpoint,
+    // eslint-disable-next-line no-unused-vars
+    use_custom_stt,
+    // eslint-disable-next-line no-unused-vars
+    custom_stt_endpoint
+  } = credentials;

+  logger.info({
+    api_key,
+    region,
+    use_custom_tts,
+    custom_tts_endpoint,
+    use_custom_stt,
+    custom_stt_endpoint
+  }, 'testing microsoft tts');
  if (!api_key) throw new Error('testMicrosoftTts: credentials are missing api_key');
  if (!region) throw new Error('testMicrosoftTts: credentials are missing region');
  try {
@@ -70,11 +177,6 @@ const testMicrosoftTts = async(logger, credentials) => {
  }
 };

-const testMicrosoftStt = async(logger, credentials) => {
-  //TODO
-  return true;
-};
-
 const testWellSaidTts = async(logger, credentials) => {
  const {api_key} = credentials;
  try {
@@ -94,6 +196,35 @@ const testWellSaidTts = async(logger, credentials) => {
  }
 };

+const testIbmTts = async(logger, getTtsVoices, credentials) => {
+  const {tts_api_key, tts_region} = credentials;
+  const voices = await getTtsVoices({vendor: 'ibm', credentials: {api_key: tts_api_key, region: tts_region}});
+  return voices;
+};
+
+const testIbmStt = async(logger, credentials) => {
+  const {stt_api_key, stt_region} = credentials;
+  const SpeechToTextV1 = require('ibm-watson/speech-to-text/v1');
+  const { IamAuthenticator } = require('ibm-watson/auth');
+  const speechToText = new SpeechToTextV1({
+    authenticator: new IamAuthenticator({
+      apikey: stt_api_key
+    }),
+    serviceUrl: `https://api.${stt_region}.speech-to-text.watson.cloud.ibm.com`
+  });
+  return new Promise((resolve, reject) => {
+    speechToText.listModels()
+      .then((speechModels) => {
+        logger.debug({speechModels}, 'got IBM speech models');
+        return resolve();
+      })
+      .catch((err) => {
+        logger.info({err}, 'failed to get speech models');
+        reject(err);
+      });
+  });
+};
+
 const testWellSaidStt = async(logger, credentials) => {
  //TODO
  return true;
@@ -108,4 +239,10 @@ module.exports = {
  testMicrosoftTts,
  testMicrosoftStt,
  testWellSaidStt,
+  testNuanceTts,
+  testNuanceStt,
+  testDeepgramStt,
+  testIbmTts,
+  testIbmStt,
+  testSonioxStt
 };
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,12 +1,12 @@
 {
  "name": "jambonz-api-server",
-  "version": "v0.7.5",
+  "version": "v0.8.1",
  "description": "",
  "main": "app.js",
  "scripts": {
    "start": "node app.js",
-    "test": "NODE_ENV=test APPLY_JAMBONZ_DB_LIMITS=1 JWT_SECRET=foobarbazzle JAMBONES_MYSQL_HOST=127.0.0.1 JAMBONES_MYSQL_PORT=3360 JAMBONES_MYSQL_USER=jambones_test JAMBONES_MYSQL_PASSWORD=jambones_test JAMBONES_MYSQL_DATABASE=jambones_test JAMBONES_REDIS_HOST=localhost JAMBONES_REDIS_PORT=16379 JAMBONES_TIME_SERIES_HOST=127.0.0.1 JAMBONES_LOGLEVEL=error JAMBONES_CREATE_CALL_URL=http://localhost/v1/createCall node test/ ",
-    "integration-test": "NODE_ENV=test JAMBONES_TIME_SERIES_HOST=127.0.0.1 AWS_REGION='us-east-1' JAMBONES_CURRENCY=USD JWT_SECRET=foobarbazzle JAMBONES_MYSQL_HOST=127.0.0.1 JAMBONES_MYSQL_PORT=3360 JAMBONES_MYSQL_USER=jambones_test JAMBONES_MYSQL_PASSWORD=jambones_test JAMBONES_MYSQL_DATABASE=jambones_test JAMBONES_REDIS_HOST=localhost JAMBONES_REDIS_PORT=16379 JAMBONES_LOGLEVEL=debug JAMBONES_CREATE_CALL_URL=http://localhost/v1/createCall node test/serve-integration.js",
+    "test": "NODE_ENV=test APPLY_JAMBONZ_DB_LIMITS=1 JWT_SECRET=foobarbazzle JAMBONES_MYSQL_HOST=127.0.0.1 JAMBONES_MYSQL_PORT=3360 JAMBONES_MYSQL_USER=jambones_test JAMBONES_MYSQL_PASSWORD=jambones_test JAMBONES_MYSQL_DATABASE=jambones_test JAMBONES_REDIS_HOST=localhost JAMBONES_REDIS_PORT=16379 JAMBONES_TIME_SERIES_HOST=127.0.0.1 JAMBONES_LOGLEVEL=error JAMBONES_CREATE_CALL_URL=http://localhost/v1/createCall K8S=true K8S_FEATURE_SERVER_SERVICE_NAME=127.0.0.1 K8S_FEATURE_SERVER_SERVICE_PORT=3100 node test/ ",
+    "integration-test": "NODE_ENV=test JAMBONES_AUTH_USE_JWT=1 JAMBONES_TIME_SERIES_HOST=127.0.0.1 AWS_REGION='us-east-1' JAMBONES_CURRENCY=USD JWT_SECRET=foobarbazzle JAMBONES_MYSQL_HOST=127.0.0.1 JAMBONES_MYSQL_PORT=3360 JAMBONES_MYSQL_USER=jambones_test JAMBONES_MYSQL_PASSWORD=jambones_test JAMBONES_MYSQL_DATABASE=jambones_test JAMBONES_REDIS_HOST=localhost JAMBONES_REDIS_PORT=16379 JAMBONES_LOGLEVEL=debug JAMBONES_CREATE_CALL_URL=http://localhost/v1/createCall node test/serve-integration.js",
    "upgrade-db": "node ./db/upgrade-jambonz-db.js",
    "coverage": "./node_modules/.bin/nyc --reporter html --report-dir ./coverage npm run test",
    "jslint": "eslint app.js lib",
@@ -18,42 +18,44 @@
    "url": "https://github.com/jambonz/jambonz-api-server.git"
  },
  "dependencies": {
-    "@google-cloud/speech": "^4.10.0",
-    "@google-cloud/text-to-speech": "^3.4.0",
-    "@jambonz/db-helpers": "^0.6.16",
-    "@jambonz/realtimedb-helpers": "^0.4.24",
-    "@jambonz/time-series": "^0.1.6",
+    "@deepgram/sdk": "^1.10.2",
+    "@google-cloud/speech": "^5.1.0",
+    "@google-cloud/text-to-speech": "^4.0.3",
+    "@jambonz/db-helpers": "^0.7.3",
+    "@jambonz/realtimedb-helpers": "^0.6.0",
+    "@jambonz/time-series": "^0.2.5",
+    "@jambonz/verb-specifications": "^0.0.3",
+    "@soniox/soniox-node": "^1.1.0",
    "argon2-ffi": "^2.0.0",
-    "aws-sdk": "^2.1073.0",
+    "aws-sdk": "^2.1302.0",
    "bent": "^7.3.12",
    "cors": "^2.8.5",
-    "debug": "^4.3.3",
-    "express": "^4.17.2",
-    "express-rate-limit": "^6.3.0",
+    "debug": "^4.3.4",
+    "express": "^4.18.1",
+    "express-rate-limit": "^6.4.0",
    "form-data": "^2.5.1",
-    "form-urlencoded": "^6.0.5",
-    "helmet": "^5.0.2",
-    "jsonwebtoken": "^8.5.1",
+    "helmet": "^5.1.0",
+    "ibm-watson": "^7.1.2",
+    "jsonwebtoken": "^9.0.0",
    "mailgun.js": "^3.7.3",
-    "microsoft-cognitiveservices-speech-sdk": "^1.19.0",
+    "microsoft-cognitiveservices-speech-sdk": "^1.24.1",
    "mysql2": "^2.3.3",
-    "passport": "^0.5.2",
+    "passport": "^0.6.0",
    "passport-http-bearer": "^1.0.1",
    "pino": "^5.17.0",
-    "request-debug": "^0.2.0",
    "short-uuid": "^4.1.0",
-    "stripe": "^8.196.0",
-    "swagger-ui-express": "^4.3.0",
+    "stripe": "^8.222.0",
+    "swagger-ui-express": "^4.4.0",
    "uuid": "^8.3.2",
    "yamljs": "^0.3.0"
  },
  "devDependencies": {
-    "eslint": "^7.17.0",
+    "eslint": "^7.32.0",
    "eslint-plugin-promise": "^4.2.1",
    "husky": "7.0.4",
    "nyc": "^15.1.0",
    "request": "^2.88.2",
    "request-promise-native": "^1.0.9",
-    "tape": "^5.2.2"
+    "tape": "^5.5.3"
  }
 }
--- a/test/accounts.js
+++ b/test/accounts.js
@@ -188,6 +188,60 @@ test('account tests', async(t) => {
    });
    t.ok(result.statusCode === 204, 'successfully assigned phone number to account');

+    /* query all limits for an account */
+    result = await request.get(`/Accounts/${sid}/Limits`, {
+      auth: authAdmin,
+      json: true,
+    });
+    t.ok(result.length === 0, 'successfully queried account limits when there is none configured');
+    
+    /* add a new limit for a account */
+    result = await request.post(`/Accounts/${sid}/Limits`, {
+      auth: authAdmin,
+      json: true,
+      resolveWithFullResponse: true,
+      body: {
+        category: 'voice_call_session',
+        quantity: 200
+      }
+    });
+    t.ok(result.statusCode === 201, 'successfully added a call session limit to an account');
+    
+    /* update an existing limit for a account */
+    result = await request.post(`/Accounts/${sid}/Limits`, {
+      auth: authAdmin,
+      json: true,
+      resolveWithFullResponse: true,
+      body: {
+        category: 'voice_call_session',
+        quantity: 205
+      }
+    });
+    t.ok(result.statusCode === 201, 'successfully updated a call session limit to an account');
+
+    /* query all limits for an account */
+    result = await request.get(`/Accounts/${sid}/Limits`, {
+      auth: authAdmin,
+      json: true,
+    });
+    //console.log(result);
+    t.ok(result.length === 1 && result[0].quantity === 205, 'successfully queried account limits');
+
+    /* query all limits for an account by category*/
+    result = await request.get(`/Accounts/${sid}/Limits?category=voice_call_session`, {
+      auth: authAdmin,
+      json: true,
+    });
+    // console.log(result);
+    t.ok(result.length === 1  && result[0].quantity === 205, 'successfully queried account limits by category');
+
+    /* delete call session limits for a service provider */
+    result = await request.delete(`/Accounts/${sid}/Limits?category=voice_call_session`, {
+      auth: authAdmin,
+      resolveWithFullResponse: true
+    });
+    t.ok(result.statusCode === 204, 'successfully deleted a call session limit for an account');
+
    /* delete account */
    result = await request.delete(`/Accounts/${sid}`, {
      auth: authAdmin,
--- a/test/applications.js
+++ b/test/applications.js
@@ -23,6 +23,37 @@ test('application tests', async(t) => {
    const service_provider_sid = await createServiceProvider(request);
    const phone_number_sid = await createPhoneNumber(request, voip_carrier_sid);
    const account_sid = await createAccount(request, service_provider_sid);
+
+    /* add an invalid application app_json */
+    result = await request.post('/Applications', {
+      resolveWithFullResponse: true,
+      simple: false,
+      auth: authAdmin,
+      json: true,
+      body: {
+        name: 'daveh',
+        account_sid,
+        call_hook: {
+          url: 'http://example.com'
+        },
+        call_status_hook: {
+          url: 'http://example.com/status',
+          method: 'POST'
+        },
+        messaging_hook: {
+          url: 'http://example.com/sms'
+        },
+        app_json : '[\
+            {\
+              "verb": "play",\
+              "timeoutSecs": 10,\
+              "seekOffset": 8000,\
+              "actionHook": "/play/action"\
+          }\
+        ]'
+      }
+    });
+    t.ok(result.statusCode === 400, 'Cant create application with invalid app_josn');
    
    /* add an application */
    result = await request.post('/Applications', {
@@ -41,7 +72,16 @@ test('application tests', async(t) => {
        },
        messaging_hook: {
          url: 'http://example.com/sms'
-        }
+        },
+        app_json : '[\
+            {\
+              "verb": "play",\
+              "url": "https://example.com/example.mp3",\
+              "timeoutSecs": 10,\
+              "seekOffset": 8000,\
+              "actionHook": "/play/action"\
+          }\
+        ]'
      }
    });
    t.ok(result.statusCode === 201, 'successfully created application');
@@ -60,8 +100,11 @@ test('application tests', async(t) => {
      auth: authAdmin,
      json: true,
    });
-    t.ok(result[0].name === 'daveh' , 'successfully retrieved application by sid');
-    t.ok(result[0].messaging_hook.url === 'http://example.com/sms' , 'successfully retrieved messaging_hook from application');
+    t.ok(result.name === 'daveh' , 'successfully retrieved application by sid');
+    t.ok(result.messaging_hook.url === 'http://example.com/sms' , 'successfully retrieved messaging_hook from application');
+    let app_json = JSON.parse(result.app_json);
+    t.ok(app_json[0].verb === 'play', 'successfully retrieved app_json from application')
+

    /* update applications */
    result = await request.put(`/Applications/${sid}`, {
@@ -74,7 +117,15 @@ test('application tests', async(t) => {
        },
        messaging_hook: {
          url: 'http://example2.com/mms'
-        }
+        },
+        app_json : '[\
+          {\
+            "verb": "hangup",\
+            "headers": {\
+              "X-Reason" : "maximum call duration exceeded"\
+            }\
+          }\
+        ]'
      }
    });
    t.ok(result.statusCode === 204, 'successfully updated application');
@@ -84,7 +135,58 @@ test('application tests', async(t) => {
      auth: authAdmin,
      json: true,
    });
-    t.ok(result[0].messaging_hook.url === 'http://example2.com/mms' , 'successfully updated messaging_hook');
+    t.ok(result.messaging_hook.url === 'http://example2.com/mms' , 'successfully updated messaging_hook');
+    app_json = JSON.parse(result.app_json);
+    t.ok(app_json[0].verb === 'hangup', 'successfully updated app_json from application')
+
+    /* remove applications app_json*/
+    result = await request.put(`/Applications/${sid}`, {
+      auth: authAdmin,
+      json: true,
+      resolveWithFullResponse: true,
+      body: {
+        call_hook: {
+          url: 'http://example2.com'
+        },
+        messaging_hook: {
+          url: 'http://example2.com/mms'
+        },
+        app_json : null
+      }
+    });
+    t.ok(result.statusCode === 204, 'successfully updated application');
+
+    /* validate messaging hook was updated */
+    result = await request.get(`/Applications/${sid}`, {
+      auth: authAdmin,
+      json: true,
+    });
+    t.ok(result.app_json == undefined, 'successfully removed app_json from application')
+
+    /* Update invalid applications app_json*/
+    result = await request.put(`/Applications/${sid}`, {
+      auth: authAdmin,
+      json: true,
+      resolveWithFullResponse: true,
+      simple: false,
+      body: {
+        call_hook: {
+          url: 'http://example2.com'
+        },
+        messaging_hook: {
+          url: 'http://example2.com/mms'
+        },
+        app_json : '[\
+          {\
+            "verb": "play",\
+            "timeoutSecs": 10,\
+            "seekOffset": 8000,\
+            "actionHook": "/play/action"\
+        }\
+      ]'
+      }
+    });
+    t.ok(result.statusCode === 400, 'Cant update invalid application app_json');
    
    /* assign phone number to application */
    result = await request.put(`/PhoneNumbers/${phone_number_sid}`, {
--- a/test/auth.js
+++ b/test/auth.js
@@ -318,7 +318,7 @@ test('authentication tests', async(t) => {
      json: true
    });
    //console.log(`result: ${JSON.stringify(result)}`);
-    t.ok(result.length === 1, 'using account token A1 we are able to retrieve application A1');
+    t.ok(result.name === "A1-app", 'using account token A1 we are able to retrieve application A1');

    /* cannot see app under another account using account token */
    result = await request.get(`/Applications/${appA2}`, {
--- a/test/call-test.js
+++ b/test/call-test.js
@@ -0,0 +1,86 @@
+const test = require('tape');
+const jwt = require('jsonwebtoken');
+const request = require('request-promise-native').defaults({
+  baseUrl: 'http://127.0.0.1:3000/v1'
+});
+const consoleLogger = { debug: console.log, info: console.log, error: console.error }
+const {
+  createServiceProvider,
+  createAccount,
+  createGoogleSpeechCredentials,
+  getLastRequestFromFeatureServer
+} = require('./utils');
+
+test('Create Call Success With Synthesizer in Payload', async (t) => {
+  // GIVEN
+  const app = require('../app');
+  let result;
+  const service_provider_sid = await createServiceProvider(request, 'account_has_synthesizer');
+  const account_sid = await createAccount(request, service_provider_sid, 'account_has_synthesizer');
+  const token = jwt.sign({
+    account_sid,
+    scope: "account",
+    permissions: ["PROVISION_USERS", "PROVISION_SERVICES", "VIEW_ONLY"]
+  }, process.env.JWT_SECRET, { expiresIn: '1h' });
+  const authUser = { bearer: token };
+  const speech_sid = await createGoogleSpeechCredentials(request, account_sid, null, authUser, true, true)
+
+  // WHEN
+  result = await request.post(`/Accounts/${account_sid}/Calls`, {
+    resolveWithFullResponse: true,
+    auth: authUser,
+    json: true,
+    body: {
+      call_hook: "https://public-apps.jambonz.us/hello-world",
+      call_status_hook: "https://public-apps.jambonz.us/call-status",
+      from: "15083778299",
+      to: {
+        type: "phone",
+        number: "15089084809"
+      },
+      speech_synthesis_vendor: "google",
+      speech_synthesis_language: "en-US",
+      speech_synthesis_voice: "en-US-Standard-C",
+      speech_recognizer_vendor: "google",
+      speech_recognizer_language: "en-US"
+    }
+  });
+  // THEN
+  t.ok(result.statusCode === 201, 'successfully created Call without Synthesizer && application_sid');
+  const fs_request = await getLastRequestFromFeatureServer('15083778299_createCall');
+  const obj = JSON.parse(fs_request);
+  t.ok(obj.body.speech_synthesis_vendor == 'google', 'speech synthesizer successfully added')
+  t.ok(obj.body.speech_recognizer_vendor == 'google', 'speech recognizer successfully added')
+});
+
+test('Create Call Success Without Synthesizer in Payload', async (t) => {
+  // GIVEN
+  const app = require('../app');
+  let result;
+  const service_provider_sid = await createServiceProvider(request, 'account2_has_synthesizer');
+  const account_sid = await createAccount(request, service_provider_sid, 'account2_has_synthesizer');
+  const token = jwt.sign({
+    account_sid,
+    scope: "account",
+    permissions: ["PROVISION_USERS", "PROVISION_SERVICES", "VIEW_ONLY"]
+  }, process.env.JWT_SECRET, { expiresIn: '1h' });
+  const authUser = { bearer: token };
+  const speech_sid = await createGoogleSpeechCredentials(request, account_sid, null, authUser, true, true)
+
+  // WHEN
+  result = await request.post(`/Accounts/${account_sid}/Calls`, {
+    resolveWithFullResponse: true,
+    auth: authUser,
+    json: true,
+    body: {
+      call_hook: "https://public-apps.jambonz.us/hello-world",
+      call_status_hook: "https://public-apps.jambonz.us/call-status",
+      from: "15083778299",
+      to: {
+        type: "phone",
+        number: "15089084809"
+      }
+    }
+  }).then(data => { t.ok(false, 'Create Call should not be success') })
+    .catch(error => { t.ok(error.response.statusCode === 400, 'Call failed for no synthesizer') });
+});
--- a/test/docker-compose-testbed.yaml
+++ b/test/docker-compose-testbed.yaml
@@ -46,7 +46,6 @@ services:
  
  db:
    image: postgres:11-alpine
-    restart: always
    environment:
      POSTGRES_PASSWORD: homerSeven
      POSTGRES_USER: root
@@ -127,6 +126,11 @@ services:
    depends_on:
      db:
        condition: service_healthy
-          
-      
-      
+  
+  feature-server-test-scaffold:
+    image: jambonz/feature-server-test-scaffold:latest
+    ports:
+      - "3100:3000/tcp"
+    networks:
+      jambonz-api:
+        ipv4_address: 172.58.0.9
--- a/test/feature-server-test-scaffold/Dockerfile
+++ b/test/feature-server-test-scaffold/Dockerfile
@@ -0,0 +1,23 @@
+FROM --platform=linux/amd64 node:18.6.0-alpine as base
+
+RUN apk --update --no-cache add --virtual .builds-deps build-base python3
+
+WORKDIR /opt/app/
+
+FROM base as build
+
+COPY package.json package-lock.json ./
+
+RUN npm ci
+
+COPY . .
+
+FROM base
+
+COPY --from=build /opt/app /opt/app/
+
+ARG NODE_ENV
+
+ENV NODE_ENV $NODE_ENV
+
+CMD [ "node", "app.js" ]
--- a/test/feature-server-test-scaffold/app.js
+++ b/test/feature-server-test-scaffold/app.js
@@ -0,0 +1,72 @@
+const assert = require('assert');
+const fs = require('fs');
+const express = require('express');
+const app = express();
+const listenPort = process.env.HTTP_PORT || 3000;
+const { v4: uuidv4 } = require('uuid');
+let hook_mapping = new Map();
+
+app.listen(listenPort, () => {
+  console.log(`sample jambones app server listening on ${listenPort}`);
+});
+
+app.use(express.urlencoded({ extended: true }));
+app.use(express.json());
+
+/*
+ * CreateCall
+ */
+
+app.all('/v1/createCall', (req, res) => {
+  console.log(req.body, 'POST /v1/createCall');
+  const key = req.body.from + '_createCall'
+  addRequestToMap(key, req, hook_mapping);
+  res.status(201).json({
+    sid: uuidv4(),
+    callId: uuidv4()
+  });
+});
+
+// Fetch Requests
+app.get('/requests/:key', (req, res) => {
+  let key = req.params.key;
+  if (hook_mapping.has(key)) {
+    return res.json(hook_mapping.get(key));
+  } else {
+    return res.sendStatus(404);
+  }
+
+})
+
+app.get('/lastRequest/:key', (req, res) => {
+  let key = req.params.key;
+  if (hook_mapping.has(key)) {
+    let requests = hook_mapping.get(key);
+    return res.json(requests[requests.length - 1]);
+  } else {
+    return res.sendStatus(404);
+  }
+})
+
+/*
+ * private function
+ */
+
+function addRequestToMap(key, req, map) {
+  let headers = new Map()
+  for(let i = 0; i < req.rawHeaders.length; i++) {
+    if (i % 2 === 0) {
+      headers.set(req.rawHeaders[i], req.rawHeaders[i + 1])
+    }
+  }
+  let request = {
+    'url': req.url,
+    'headers': Object.fromEntries(headers),
+    'body': req.body
+  }
+  if (map.has(key)) {
+    map.get(key).push(request);
+  } else {
+    map.set(key, [request]);
+  }
+}
--- a/test/feature-server-test-scaffold/package-lock.json
+++ b/test/feature-server-test-scaffold/package-lock.json
@@ -0,0 +1,890 @@
+{
+  "name": "webhook",
+  "version": "1.0.0",
+  "lockfileVersion": 2,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "webhook",
+      "version": "1.0.0",
+      "license": "MIT",
+      "dependencies": {
+        "express": "^4.17.3",
+        "uuid": "^8.3.2"
+      }
+    },
+    "node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/array-flatten": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI="
+    },
+    "node_modules/body-parser": {
+      "version": "1.19.2",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.2.tgz",
+      "integrity": "sha512-SAAwOxgoCKMGs9uUAUFHygfLAyaniaoun6I8mFY9pRAJL9+Kec34aU+oIjDhTycub1jozEfEwx1W1IuOYxVSFw==",
+      "dependencies": {
+        "bytes": "3.1.2",
+        "content-type": "~1.0.4",
+        "debug": "2.6.9",
+        "depd": "~1.1.2",
+        "http-errors": "1.8.1",
+        "iconv-lite": "0.4.24",
+        "on-finished": "~2.3.0",
+        "qs": "6.9.7",
+        "raw-body": "2.4.3",
+        "type-is": "~1.6.18"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/content-disposition": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+      "dependencies": {
+        "safe-buffer": "5.2.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/content-type": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
+      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie": {
+      "version": "0.4.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.2.tgz",
+      "integrity": "sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie-signature": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
+      "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
+    },
+    "node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/depd": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
+      "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/destroy": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
+      "integrity": "sha512-3NdhDuEXnfun/z7x9GOElY49LoqVHoGScmOKwmxhsS8N5Y+Z8KyPPDnaSzqWgYt/ji4mqwfTS34Htrk0zPIXVg=="
+    },
+    "node_modules/ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
+    },
+    "node_modules/encodeurl": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+      "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k=",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
+    },
+    "node_modules/etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/express": {
+      "version": "4.17.3",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.17.3.tgz",
+      "integrity": "sha512-yuSQpz5I+Ch7gFrPCk4/c+dIBKlQUxtgwqzph132bsT6qhuzss6I8cLJQz7B3rFblzd6wtcI0ZbGltH/C4LjUg==",
+      "dependencies": {
+        "accepts": "~1.3.8",
+        "array-flatten": "1.1.1",
+        "body-parser": "1.19.2",
+        "content-disposition": "0.5.4",
+        "content-type": "~1.0.4",
+        "cookie": "0.4.2",
+        "cookie-signature": "1.0.6",
+        "debug": "2.6.9",
+        "depd": "~1.1.2",
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "finalhandler": "~1.1.2",
+        "fresh": "0.5.2",
+        "merge-descriptors": "1.0.1",
+        "methods": "~1.1.2",
+        "on-finished": "~2.3.0",
+        "parseurl": "~1.3.3",
+        "path-to-regexp": "0.1.7",
+        "proxy-addr": "~2.0.7",
+        "qs": "6.9.7",
+        "range-parser": "~1.2.1",
+        "safe-buffer": "5.2.1",
+        "send": "0.17.2",
+        "serve-static": "1.14.2",
+        "setprototypeof": "1.2.0",
+        "statuses": "~1.5.0",
+        "type-is": "~1.6.18",
+        "utils-merge": "1.0.1",
+        "vary": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.10.0"
+      }
+    },
+    "node_modules/finalhandler": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz",
+      "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==",
+      "dependencies": {
+        "debug": "2.6.9",
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "on-finished": "~2.3.0",
+        "parseurl": "~1.3.3",
+        "statuses": "~1.5.0",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/forwarded": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/http-errors": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.1.tgz",
+      "integrity": "sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==",
+      "dependencies": {
+        "depd": "~1.1.2",
+        "inherits": "2.0.4",
+        "setprototypeof": "1.2.0",
+        "statuses": ">= 1.5.0 < 2",
+        "toidentifier": "1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
+    },
+    "node_modules/ipaddr.js": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/merge-descriptors": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
+      "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
+    },
+    "node_modules/methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4=",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
+    },
+    "node_modules/negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/on-finished": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+      "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/path-to-regexp": {
+      "version": "0.1.7",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
+      "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
+    },
+    "node_modules/proxy-addr": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+      "dependencies": {
+        "forwarded": "0.2.0",
+        "ipaddr.js": "1.9.1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/qs": {
+      "version": "6.9.7",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.9.7.tgz",
+      "integrity": "sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==",
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/raw-body": {
+      "version": "2.4.3",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.3.tgz",
+      "integrity": "sha512-UlTNLIcu0uzb4D2f4WltY6cVjLi+/jEN4lgEUj3E04tpMDpUlkBo/eSn6zou9hum2VMNpCCUone0O0WeJim07g==",
+      "dependencies": {
+        "bytes": "3.1.2",
+        "http-errors": "1.8.1",
+        "iconv-lite": "0.4.24",
+        "unpipe": "1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ]
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+    },
+    "node_modules/send": {
+      "version": "0.17.2",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.17.2.tgz",
+      "integrity": "sha512-UJYB6wFSJE3G00nEivR5rgWp8c2xXvJ3OPWPhmuteU0IKj8nKbG3DrjiOmLwpnHGYWAVwA69zmTm++YG0Hmwww==",
+      "dependencies": {
+        "debug": "2.6.9",
+        "depd": "~1.1.2",
+        "destroy": "~1.0.4",
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "fresh": "0.5.2",
+        "http-errors": "1.8.1",
+        "mime": "1.6.0",
+        "ms": "2.1.3",
+        "on-finished": "~2.3.0",
+        "range-parser": "~1.2.1",
+        "statuses": "~1.5.0"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/send/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+    },
+    "node_modules/serve-static": {
+      "version": "1.14.2",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.2.tgz",
+      "integrity": "sha512-+TMNA9AFxUEGuC0z2mevogSnn9MXKb4fa7ngeRMJaaGv8vTwnIEkKi+QGvPt33HSnf8pRS+WGM0EbMtCJLKMBQ==",
+      "dependencies": {
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "parseurl": "~1.3.3",
+        "send": "0.17.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
+    },
+    "node_modules/statuses": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
+      "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
+    "node_modules/type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "dependencies": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/uuid": {
+      "version": "8.3.2",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
+      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
+      "bin": {
+        "uuid": "dist/bin/uuid"
+      }
+    },
+    "node_modules/vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    }
+  },
+  "dependencies": {
+    "accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "requires": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      }
+    },
+    "array-flatten": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI="
+    },
+    "body-parser": {
+      "version": "1.19.2",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.2.tgz",
+      "integrity": "sha512-SAAwOxgoCKMGs9uUAUFHygfLAyaniaoun6I8mFY9pRAJL9+Kec34aU+oIjDhTycub1jozEfEwx1W1IuOYxVSFw==",
+      "requires": {
+        "bytes": "3.1.2",
+        "content-type": "~1.0.4",
+        "debug": "2.6.9",
+        "depd": "~1.1.2",
+        "http-errors": "1.8.1",
+        "iconv-lite": "0.4.24",
+        "on-finished": "~2.3.0",
+        "qs": "6.9.7",
+        "raw-body": "2.4.3",
+        "type-is": "~1.6.18"
+      }
+    },
+    "bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg=="
+    },
+    "content-disposition": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+      "requires": {
+        "safe-buffer": "5.2.1"
+      }
+    },
+    "content-type": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
+      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
+    },
+    "cookie": {
+      "version": "0.4.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.2.tgz",
+      "integrity": "sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA=="
+    },
+    "cookie-signature": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
+      "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
+    },
+    "debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "requires": {
+        "ms": "2.0.0"
+      }
+    },
+    "depd": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
+      "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ=="
+    },
+    "destroy": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
+      "integrity": "sha512-3NdhDuEXnfun/z7x9GOElY49LoqVHoGScmOKwmxhsS8N5Y+Z8KyPPDnaSzqWgYt/ji4mqwfTS34Htrk0zPIXVg=="
+    },
+    "ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
+    },
+    "encodeurl": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+      "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k="
+    },
+    "escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
+    },
+    "etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg=="
+    },
+    "express": {
+      "version": "4.17.3",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.17.3.tgz",
+      "integrity": "sha512-yuSQpz5I+Ch7gFrPCk4/c+dIBKlQUxtgwqzph132bsT6qhuzss6I8cLJQz7B3rFblzd6wtcI0ZbGltH/C4LjUg==",
+      "requires": {
+        "accepts": "~1.3.8",
+        "array-flatten": "1.1.1",
+        "body-parser": "1.19.2",
+        "content-disposition": "0.5.4",
+        "content-type": "~1.0.4",
+        "cookie": "0.4.2",
+        "cookie-signature": "1.0.6",
+        "debug": "2.6.9",
+        "depd": "~1.1.2",
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "finalhandler": "~1.1.2",
+        "fresh": "0.5.2",
+        "merge-descriptors": "1.0.1",
+        "methods": "~1.1.2",
+        "on-finished": "~2.3.0",
+        "parseurl": "~1.3.3",
+        "path-to-regexp": "0.1.7",
+        "proxy-addr": "~2.0.7",
+        "qs": "6.9.7",
+        "range-parser": "~1.2.1",
+        "safe-buffer": "5.2.1",
+        "send": "0.17.2",
+        "serve-static": "1.14.2",
+        "setprototypeof": "1.2.0",
+        "statuses": "~1.5.0",
+        "type-is": "~1.6.18",
+        "utils-merge": "1.0.1",
+        "vary": "~1.1.2"
+      }
+    },
+    "finalhandler": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz",
+      "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==",
+      "requires": {
+        "debug": "2.6.9",
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "on-finished": "~2.3.0",
+        "parseurl": "~1.3.3",
+        "statuses": "~1.5.0",
+        "unpipe": "~1.0.0"
+      }
+    },
+    "forwarded": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow=="
+    },
+    "fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q=="
+    },
+    "http-errors": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.1.tgz",
+      "integrity": "sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==",
+      "requires": {
+        "depd": "~1.1.2",
+        "inherits": "2.0.4",
+        "setprototypeof": "1.2.0",
+        "statuses": ">= 1.5.0 < 2",
+        "toidentifier": "1.0.1"
+      }
+    },
+    "iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "requires": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      }
+    },
+    "inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
+    },
+    "ipaddr.js": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g=="
+    },
+    "media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ=="
+    },
+    "merge-descriptors": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
+      "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
+    },
+    "methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4="
+    },
+    "mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg=="
+    },
+    "mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg=="
+    },
+    "mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "requires": {
+        "mime-db": "1.52.0"
+      }
+    },
+    "ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
+    },
+    "negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="
+    },
+    "on-finished": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+      "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
+      "requires": {
+        "ee-first": "1.1.1"
+      }
+    },
+    "parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="
+    },
+    "path-to-regexp": {
+      "version": "0.1.7",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
+      "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
+    },
+    "proxy-addr": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+      "requires": {
+        "forwarded": "0.2.0",
+        "ipaddr.js": "1.9.1"
+      }
+    },
+    "qs": {
+      "version": "6.9.7",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.9.7.tgz",
+      "integrity": "sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw=="
+    },
+    "range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
+    },
+    "raw-body": {
+      "version": "2.4.3",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.3.tgz",
+      "integrity": "sha512-UlTNLIcu0uzb4D2f4WltY6cVjLi+/jEN4lgEUj3E04tpMDpUlkBo/eSn6zou9hum2VMNpCCUone0O0WeJim07g==",
+      "requires": {
+        "bytes": "3.1.2",
+        "http-errors": "1.8.1",
+        "iconv-lite": "0.4.24",
+        "unpipe": "1.0.0"
+      }
+    },
+    "safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
+    },
+    "safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+    },
+    "send": {
+      "version": "0.17.2",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.17.2.tgz",
+      "integrity": "sha512-UJYB6wFSJE3G00nEivR5rgWp8c2xXvJ3OPWPhmuteU0IKj8nKbG3DrjiOmLwpnHGYWAVwA69zmTm++YG0Hmwww==",
+      "requires": {
+        "debug": "2.6.9",
+        "depd": "~1.1.2",
+        "destroy": "~1.0.4",
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "fresh": "0.5.2",
+        "http-errors": "1.8.1",
+        "mime": "1.6.0",
+        "ms": "2.1.3",
+        "on-finished": "~2.3.0",
+        "range-parser": "~1.2.1",
+        "statuses": "~1.5.0"
+      },
+      "dependencies": {
+        "ms": {
+          "version": "2.1.3",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+          "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+        }
+      }
+    },
+    "serve-static": {
+      "version": "1.14.2",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.2.tgz",
+      "integrity": "sha512-+TMNA9AFxUEGuC0z2mevogSnn9MXKb4fa7ngeRMJaaGv8vTwnIEkKi+QGvPt33HSnf8pRS+WGM0EbMtCJLKMBQ==",
+      "requires": {
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "parseurl": "~1.3.3",
+        "send": "0.17.2"
+      }
+    },
+    "setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
+    },
+    "statuses": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
+      "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow="
+    },
+    "toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA=="
+    },
+    "type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "requires": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      }
+    },
+    "unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw="
+    },
+    "utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
+    },
+    "uuid": {
+      "version": "8.3.2",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
+      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
+    },
+    "vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
+    }
+  }
+}
--- a/test/feature-server-test-scaffold/package.json
+++ b/test/feature-server-test-scaffold/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "webhook",
+  "version": "1.0.0",
+  "description": "simple webhook app for test purposes",
+  "main": "app.js",
+  "scripts": {
+    "start": "node app"
+  },
+  "author": "Dave Horton",
+  "license": "MIT",
+  "dependencies": {
+    "express": "^4.17.3",
+    "uuid": "^8.3.2"
+  }
+}
--- a/test/index.js
+++ b/test/index.js
@@ -12,6 +12,9 @@ require('./sbcs');
 require('./ms-teams');
 require('./speech-credentials');
 require('./recent-calls');
+require('./users');
 require('./webapp_tests');
-//require('./homer');
+// require('./homer');
+require('./call-test');
+require('./password-settings');
 require('./docker_stop');
--- a/test/password-settings.js
+++ b/test/password-settings.js
@@ -0,0 +1,71 @@
+const test = require('tape') ;
+const ADMIN_TOKEN = '38700987-c7a4-4685-a5bb-af378f9734de';
+const authAdmin = {bearer: ADMIN_TOKEN};
+const request = require('request-promise-native').defaults({
+  baseUrl: 'http://127.0.0.1:3000/v1'
+});
+
+
+process.on('unhandledRejection', (reason, p) => {
+  console.log('Unhandled Rejection at: Promise', p, 'reason:', reason);
+});
+
+test('password settings tests', async(t) => {
+
+  /* Check Default Password Settings */
+  result = await request.get('/PasswordSettings', {
+    auth: authAdmin,
+    json: true,
+  });
+  t.ok(result.min_password_length == 8 && 
+    !result.require_digit &&
+    !result.require_special_character, "default password settings is correct!")
+
+  /* Post New Password settings*/
+
+  result = await request.post('/PasswordSettings', {
+    auth: authAdmin,
+    json: true,
+    resolveWithFullResponse: true,
+    body: {
+      min_password_length: 15,
+      require_digit: 1,
+      require_special_character: 1
+    }
+  });
+
+  t.ok(result.statusCode === 201, 'successfully added a password settings');
+
+  /* Check Password Settings*/
+  result = await request.get('/PasswordSettings', {
+    auth: authAdmin,
+    json: true,
+  });
+
+  t.ok(result.min_password_length === 15 && 
+    result.require_digit === 1 &&
+    result.require_special_character === 1, 'successfully queried password settings');
+
+  /* Update Password settings*/
+  result = await request.post('/PasswordSettings', {
+    auth: authAdmin,
+    json: true,
+    resolveWithFullResponse: true,
+    body: {
+      min_password_length: 10,
+      require_special_character: 0
+    }
+  });
+
+  t.ok(result.statusCode === 201, 'successfully updated a password settings');
+
+  /* Check Password Settings After update*/
+  result = await request.get('/PasswordSettings', {
+    auth: authAdmin,
+    json: true,
+  });
+
+  t.ok(result.min_password_length === 10 && 
+    result.require_digit === 1 &&
+    result.require_special_character === 0, 'successfully queried password settings after updated');
+});
--- a/test/recent-calls.js
+++ b/test/recent-calls.js
@@ -24,17 +24,26 @@ test('recent calls tests', async(t) => {
    const account_sid = await createAccount(request, service_provider_sid);

    const token = jwt.sign({
-      account_sid
+      account_sid,
+      scope: "account",
+      permissions: ["PROVISION_USERS", "PROVISION_SERVICES", "VIEW_ONLY"]
    }, process.env.JWT_SECRET, { expiresIn: '1h' });
    const authUser = {bearer: token};

+    const tokenSP = jwt.sign({
+      service_provider_sid,
+      scope: "account",
+      permissions: ["PROVISION_USERS", "PROVISION_SERVICES", "VIEW_ONLY"]
+    }, process.env.JWT_SECRET, { expiresIn: '1h' });
+    const authUserSP = {bearer: token};
+
    /* write sample cdr data */
    const points = 500;
    const data = [];
    const start = new Date(Date.now() - (30 * 24 * 60 * 60 * 1000));
    const now = new Date();
    const increment = (now.getTime() - start.getTime()) / points;
-    for (let i =0 ; i < 500; i++) {
+    for (let i =0 ; i < 5; i++) {
      const attempted_at = new Date(start.getTime() + (i * increment));
      const failed = 0 === i % 5;
      data.push({
@@ -51,7 +60,8 @@ test('recent calls tests', async(t) => {
        termination_reason: 'caller hungup',
        host: "192.168.1.100",
        remote_host: '3.55.24.34',
-        account_sid: account_sid,
+        account_sid,
+        service_provider_sid,
        direction: 0 === i % 2 ? 'inbound' : 'outbound',
        trunk:  0 === i % 2 ? 'twilio' : 'user'
      });
@@ -60,11 +70,21 @@ test('recent calls tests', async(t) => {
    await writeCdrs(data);
    t.pass('seeded cdr data');
        
-    /* query last 7 days */
+    /* query last 7 days by account */
    result = await request.get(`/Accounts/${account_sid}/RecentCalls?page=1&count=25`, {
      auth: authUser,
      json: true,
    });
+    t.ok(result.data.length === 5, 'retrieved 5 recent calls by account');
+    //console.log({data: result.data}, 'Account recent calls');
+
+    /* query last 7 days by service provider */
+    result = await request.get(`/ServiceProviders/${service_provider_sid}/RecentCalls?page=1&count=25`, {
+      auth: authAdmin,
+      json: true,
+    });
+    t.ok(result.data.length === 5, 'retrieved 5 recent calls by service provider');
+    //console.log({data: result.data}, 'SP recent calls');

    /* pull sip traces and pcap from homer */
    /*
--- a/test/service-providers.js
+++ b/test/service-providers.js
@@ -79,13 +79,14 @@ test('service provider tests', async(t) => {
      }
    });
    //console.log(`result: ${JSON.stringify(result)}`);
-    t.ok(result.statusCode === 422, 'cannot add two service providers with the same name');
+    t.ok(result.statusCode === 422, 'cannot add two service providers with the same root domain');
    
    /* query all service providers */
    result = await request.get('/ServiceProviders', {
      auth: authAdmin,
      json: true,
    });
+    //console.log(JSON.stringify(result));
    t.ok(result.length === 2 , 'successfully queried all service providers');

    /* query one service providers */
@@ -106,6 +107,33 @@ test('service provider tests', async(t) => {
    });
    t.ok(result.statusCode === 204, 'successfully updated service provider');

+    /* add an api key for a service provider */
+    result = await request.post(`/ApiKeys`, {
+      auth: authAdmin,
+      json: true,
+      resolveWithFullResponse: true,
+      body: {
+        service_provider_sid: sid
+      }
+    });
+    t.ok(result.statusCode === 201, 'successfully added an api_key for a service provider');
+    const apiKeySid = result.body.sid;
+
+    /* query all api keys for a service provider */
+    result = await request.get(`/ServiceProviders/${sid}/ApiKeys`, {
+      auth: authAdmin,
+      json: true,
+    });
+    t.ok(result.length === 1 , 'successfully queried all service provider keys');
+    
+    /* delete an api key */
+    result = await request.delete(`/ApiKeys/${apiKeySid}`, {
+      auth: authAdmin,
+      json: true,
+      resolveWithFullResponse: true,
+    });
+    t.ok(result.statusCode === 204, 'successfully deleted an api_key for a service provider');
+    
    /* add a predefined carrier for a service provider */
    result = await request.post(`/ServiceProviders/${sid}/PredefinedCarriers/7d509a18-bbff-4c5d-b21e-b99bf8f8c49a`, {
      auth: authAdmin,
@@ -113,9 +141,35 @@ test('service provider tests', async(t) => {
      resolveWithFullResponse: true,
    });
    t.ok(result.statusCode === 201, 'successfully added predefined carrier to service provider');
-
    await deleteObjectBySid(request, '/VoipCarriers', result.body.sid);

+    /* add a limit for a service provider */
+    result = await request.post(`/ServiceProviders/${sid}/Limits`, {
+      auth: authAdmin,
+      json: true,
+      resolveWithFullResponse: true,
+      body: {
+        category: 'voice_call_session',
+        quantity: 1000
+      }
+    });
+    t.ok(result.statusCode === 201, 'successfully added a call session limit to service provider');
+
+    /* query all limits for a service provider */
+    result = await request.get(`/ServiceProviders/${sid}/Limits`, {
+      auth: authAdmin,
+      json: true,
+    });
+    //console.log(result);
+    t.ok(result.length === 1 , 'successfully queried all limits');
+
+    /* delete call session limits for a service provider */
+    result = await request.delete(`/ServiceProviders/${sid}/Limits?category=voice_call_session`, {
+      auth: authAdmin,
+      resolveWithFullResponse: true
+    });
+    t.ok(result.statusCode === 204, 'successfully deleted a call session limit for a service provider');
+
    /* delete service providers */
    result = await request.delete(`/ServiceProviders/${sid}`, {
      auth: authAdmin,
--- a/test/speech-credentials.js
+++ b/test/speech-credentials.js
@@ -30,7 +30,9 @@ test('speech credentials tests', async(t) => {
      json: true,
      body: {
        vendor: 'google',
-        service_key: jsonKey
+        service_key: jsonKey,
+        use_for_tts: true,
+        use_for_stt: true
      }
    });
    t.ok(result.statusCode === 201, 'successfully added a speech credential to service provider');
@@ -50,7 +52,9 @@ test('speech credentials tests', async(t) => {
    await deleteObjectBySid(request, `/ServiceProviders/${service_provider_sid}/SpeechCredentials`, speech_credential_sid);

    const token = jwt.sign({
-      account_sid
+      account_sid,
+      scope: 'account',
+      permissions: ["PROVISION_USERS", "PROVISION_SERVICES", "VIEW_ONLY"]
    }, process.env.JWT_SECRET, { expiresIn: '1h' });
    const authUser = {bearer: token};

@@ -61,7 +65,9 @@ test('speech credentials tests', async(t) => {
      json: true,
      body: {
        vendor: 'google',
-        service_key: jsonKey
+        service_key: jsonKey,
+        use_for_tts: true,
+        use_for_stt: true
      }
    });
    t.ok(result.statusCode === 201, 'successfully added speech credential');
@@ -110,20 +116,20 @@ test('speech credentials tests', async(t) => {
    });
    t.ok(result.statusCode === 204, 'successfully deleted speech credential');

-    /* add a credential for microsoft */
-    if (process.env.MICROSOFT_API_KEY && process.env.MICROSOFT_REGION) {
+    /* add / test a credential for google */
+    if (process.env.GCP_JSON_KEY) {
      result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
        resolveWithFullResponse: true,
        auth: authUser,
        json: true,
        body: {
-          vendor: 'microsoft',
+          vendor: 'google',
          use_for_tts: true,
-          api_key: process.env.MICROSOFT_API_KEY,
-          region: process.env.MICROSOFT_REGION
+          use_for_stt: true,
+          service_key: process.env.GCP_JSON_KEY
        }
      });
-      t.ok(result.statusCode === 201, 'successfully added speech credential');
+      t.ok(result.statusCode === 201, 'successfully added speech credential for google');
      const ms_sid = result.body.sid;

      /* test the speech credential */
@@ -132,7 +138,37 @@ test('speech credentials tests', async(t) => {
        auth: authUser,
        json: true,   
      });
-      console.log(JSON.stringify(result));
+      //console.log(JSON.stringify(result));
+      t.ok(result.statusCode === 200 && result.body.tts.status === 'ok', 'successfully tested speech credential for google tts');
+      t.ok(result.statusCode === 200 && result.body.stt.status === 'ok', 'successfully tested speech credential for google stt');
+    }
+
+    /* add / test a credential for microsoft */
+    if (process.env.MICROSOFT_API_KEY && process.env.MICROSOFT_REGION) {
+      result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
+        resolveWithFullResponse: true,
+        auth: authUser,
+        json: true,
+        body: {
+          vendor: 'microsoft',
+          use_for_tts: true,
+          use_for_stt: true,
+          api_key: process.env.MICROSOFT_API_KEY,
+          region: process.env.MICROSOFT_REGION
+        }
+      });
+      t.ok(result.statusCode === 201, 'successfully added speech credential for microsoft');
+      const ms_sid = result.body.sid;
+
+      /* test the speech credential */
+      result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}/test`, {
+        resolveWithFullResponse: true,
+        auth: authUser,
+        json: true,   
+      });
+      //console.log(JSON.stringify(result));
+      t.ok(result.statusCode === 200 && result.body.tts.status === 'ok', 'successfully tested speech credential for microsoft tts');
+      t.ok(result.statusCode === 200 && result.body.stt.status === 'ok', 'successfully tested speech credential for microsoft stt');
    }

    /* add a credential for wellsaid */
@@ -156,7 +192,8 @@ test('speech credentials tests', async(t) => {
        auth: authUser,
        json: true,   
      });
-      console.log(JSON.stringify(result));
+      //console.log(JSON.stringify(result));
+      t.ok(result.statusCode === 200 && result.body.tts.status === 'ok', 'successfully tested speech credential for wellsaid');

      /* delete the credential */
      result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}`, {
@@ -166,6 +203,166 @@ test('speech credentials tests', async(t) => {
      t.ok(result.statusCode === 204, 'successfully deleted speech credential');
    }

+    /* add a credential for deepgram */
+    if (process.env.DEEPGRAM_API_KEY) {
+      result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
+        resolveWithFullResponse: true,
+        auth: authUser,
+        json: true,
+        body: {
+          vendor: 'deepgram',
+          use_for_stt: true,
+          api_key: process.env.DEEPGRAM_API_KEY
+        }
+      });
+      t.ok(result.statusCode === 201, 'successfully added speech credential for deepgram');
+      const ms_sid = result.body.sid;
+
+      /* test the speech credential */
+      result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}/test`, {
+        resolveWithFullResponse: true,
+        auth: authUser,
+        json: true,   
+      });
+      //console.log(JSON.stringify(result));
+      t.ok(result.statusCode === 200 && result.body.stt.status === 'ok', 'successfully tested speech credential for deepgram');
+
+      /* delete the credential */
+      result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}`, {
+        auth: authUser,
+        resolveWithFullResponse: true,
+      });
+      t.ok(result.statusCode === 204, 'successfully deleted speech credential');
+    }
+    /* add a credential for ibm tts */
+    if (process.env.IBM_TTS_API_KEY && process.env.IBM_TTS_REGION) {
+      result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
+        resolveWithFullResponse: true,
+        auth: authUser,
+        json: true,
+        body: {
+          vendor: 'ibm',
+          use_for_tts: true,
+          tts_api_key: process.env.IBM_TTS_API_KEY,
+          tts_region: process.env.IBM_TTS_REGION
+        }
+      });
+      t.ok(result.statusCode === 201, 'successfully added speech credential for ibm');
+      const ms_sid = result.body.sid;
+
+      /* test the speech credential */
+      result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}/test`, {
+        resolveWithFullResponse: true,
+        auth: authUser,
+        json: true,   
+      });
+      //console.log(JSON.stringify(result));
+      t.ok(result.statusCode === 200 && result.body.tts.status === 'ok', 'successfully tested speech credential for ibm tts');
+
+      /* delete the credential */
+      result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}`, {
+        auth: authUser,
+        resolveWithFullResponse: true,
+      });
+      t.ok(result.statusCode === 204, 'successfully deleted speech credential');
+    }
+
+    /* add a credential for ibm stt */
+    if (process.env.IBM_STT_API_KEY && process.env.IBM_STT_REGION) {
+      result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
+        resolveWithFullResponse: true,
+        auth: authUser,
+        json: true,
+        body: {
+          vendor: 'ibm',
+          use_for_stt: true,
+          stt_api_key: process.env.IBM_STT_API_KEY,
+          stt_region: process.env.IBM_STT_REGION
+        }
+      });
+      t.ok(result.statusCode === 201, 'successfully added speech credential for ibm');
+      const ms_sid = result.body.sid;
+
+      /* test the speech credential */
+      result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}/test`, {
+        resolveWithFullResponse: true,
+        auth: authUser,
+        json: true,   
+      });
+      //console.log(JSON.stringify(result));
+      t.ok(result.statusCode === 200 && result.body.stt.status === 'ok', 'successfully tested speech credential for ibm stt');
+
+      /* delete the credential */
+      result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}`, {
+        auth: authUser,
+        resolveWithFullResponse: true,
+      });
+      t.ok(result.statusCode === 204, 'successfully deleted speech credential');
+    }
+
+    /* add a credential for Siniox */
+    if (process.env.SONIOX_API_KEY) {
+      result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
+        resolveWithFullResponse: true,
+        auth: authUser,
+        json: true,
+        body: {
+          vendor: 'soniox',
+          use_for_stt: true,
+          api_key: process.env.SONIOX_API_KEY
+        }
+      });
+      t.ok(result.statusCode === 201, 'successfully added speech credential for soniox');
+      const ms_sid = result.body.sid;
+
+      /* test the speech credential */
+      result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}/test`, {
+        resolveWithFullResponse: true,
+        auth: authUser,
+        json: true,   
+      });
+      console.log(JSON.stringify(result));
+      t.ok(result.statusCode === 200 && result.body.stt.status === 'ok', 'successfully tested speech credential for soniox');
+
+      /* delete the credential */
+      result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}`, {
+        auth: authUser,
+        resolveWithFullResponse: true,
+      });
+      t.ok(result.statusCode === 204, 'successfully deleted speech credential');
+    }
+
+    /* add a credential for nvidia */
+    result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
+      resolveWithFullResponse: true,
+      auth: authUser,
+      json: true,
+      body: {
+        vendor: 'nvidia',
+        use_for_stt: true,
+        use_for_tts: true,
+        riva_server_uri: "192.168.1.2:5060"
+      }
+    });
+    t.ok(result.statusCode === 201, 'successfully added speech credential for nvidia');
+    const ms_sid = result.body.sid;
+
+    /* test the speech credential */
+    result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}/test`, {
+      resolveWithFullResponse: true,
+      auth: authUser,
+      json: true,   
+    });
+    // TODO Nvidia test.
+    t.ok(result.statusCode === 200 && result.body.stt.status === 'not tested', 'successfully tested speech credential for nvida stt');
+
+    /* delete the credential */
+    result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}`, {
+      auth: authUser,
+      resolveWithFullResponse: true,
+    });
+    t.ok(result.statusCode === 204, 'successfully deleted speech credential');
+
    await deleteObjectBySid(request, '/Accounts', account_sid);
    await deleteObjectBySid(request, '/ServiceProviders', service_provider_sid);
    //t.end();
--- a/test/users.js
+++ b/test/users.js
@@ -0,0 +1,220 @@
+const test = require('tape') ;
+const jwt = require('jsonwebtoken');
+const request = require('request-promise-native').defaults({
+  baseUrl: 'http://127.0.0.1:3000/v1'
+});
+const exec = require('child_process').exec ;
+const {generateHashedPassword} = require('../lib/utils/password-utils');
+
+
+process.on('unhandledRejection', (reason, p) => {
+  console.log('Unhandled Rejection at: Promise', p, 'reason:', reason);
+});
+
+test('add an admin user', (t) => {
+  exec(`${__dirname}/../db/reset_admin_password.js`, (err, stdout, stderr) => {
+    console.log(stderr);
+    console.log(stdout);
+    if (err) return t.end(err);
+    t.pass('successfully added admin user');
+    t.end();
+  });
+});
+
+test('user tests', async(t) => {
+  const app = require('../app');
+  const password = await generateHashedPassword('abcd1234-');
+  try {
+    let result;
+
+    /* login as admin to get a jwt */
+    result = await request.post('/login', {
+      resolveWithFullResponse: true,
+      json: true,
+      body: {
+        username: 'admin',
+        password: 'admin',  
+      }
+    });
+    t.ok(result.statusCode === 200 && result.body.token, 'successfully logged in as admin');
+    const authAdmin = {bearer: result.body.token};
+    const decodedJwt = jwt.verify(result.body.token, process.env.JWT_SECRET);
+
+    /* add admin user */
+    result = await request.post(`/Users`, {
+      resolveWithFullResponse: true,
+      json: true,
+      auth: authAdmin,
+      body: {
+        name: 'admin2',
+        email: 'admin2@jambonz.com',
+        is_active: true,
+        force_change: true,
+        initial_password: password,
+      }
+    });
+    t.ok(result.statusCode === 201 && result.body.user_sid, 'admin user created');
+    const admin_user_sid = result.body.user_sid;
+
+    /* add a service provider */
+    result = await request.post('/ServiceProviders', {
+      resolveWithFullResponse: true,
+      auth: authAdmin,
+      json: true,
+      body: {
+        name: 'sp',
+      }
+    });
+    t.ok(result.statusCode === 201, 'successfully created service provider');
+    const sp_sid = result.body.sid;
+
+    /* add service_provider user */
+    result = await request.post(`/Users`, {
+      resolveWithFullResponse: true,
+      json: true,
+      auth: authAdmin,
+      body: {
+        name: 'service_provider',
+        email: 'sp@jambonz.com',
+        is_active: true,
+        force_change: true,
+        initial_password: password,
+        service_provider_sid: sp_sid,
+      }
+    });
+    t.ok(result.statusCode === 201 && result.body.user_sid, 'service_provider scope user created');
+    const sp_user_sid = result.body.sid;
+
+    /* add an account */
+    result = await request.post('/Accounts', {
+      resolveWithFullResponse: true,
+      auth: authAdmin,
+      json: true,
+      body: {
+        name: 'sample_account',
+        service_provider_sid: sp_sid,
+        registration_hook: {
+          url: 'http://example.com/reg',
+          method: 'get'
+        },
+        webhook_secret: 'foobar'
+      }
+    });
+    t.ok(result.statusCode === 201, 'successfully created account');
+    const account_sid = result.body.sid;
+
+    /* add account user */
+    result = await request.post(`/Users`, {
+      resolveWithFullResponse: true,
+      json: true,
+      auth: authAdmin,
+      body: {
+        name: 'account',
+        email: 'account@jambonz.com',
+        is_active: true,
+        force_change: true,
+        initial_password: password,
+        service_provider_sid: sp_sid,
+        account_sid: account_sid
+      }
+    });
+    t.ok(result.statusCode === 201 && result.body.user_sid, 'account scope user created');
+    const account_user_sid = result.body.sid;
+
+    /* retrieve list of users */
+    result = await request.get(`/Users`, {
+      resolveWithFullResponse: true,
+      json: true,
+      auth: authAdmin,
+    });
+    t.ok(result.statusCode === 200 && result.body.length, 'successfully user list');
+  
+    /* delete account user */
+    result = await request.delete(`/Users/${account_user_sid}`, {
+      resolveWithFullResponse: true,
+      json: true,
+      auth: authAdmin,
+    });
+    t.ok(result.statusCode === 204, 'account scope user deleted');
+
+    /* delete sp user */
+    result = await request.delete(`/Users/${sp_user_sid}`, {
+      resolveWithFullResponse: true,
+      json: true,
+      auth: authAdmin,
+    });
+    t.ok(result.statusCode === 204, 'account scope user deleted');
+
+    /* delete admin user */
+    result = await request.delete(`/Users/${admin_user_sid}`, {
+      resolveWithFullResponse: true,
+      json: true,
+      auth: authAdmin,
+    });
+    t.ok(result.statusCode === 204, 'account scope user deleted');
+
+    // /* self delete as admin user */
+    // result = await request.delete(`/Users/${decodedJwt.user_sid}`, {
+    //   resolveWithFullResponse: true,
+    //   json: true,
+    //   auth: authAdmin,
+    // });
+    // t.ok(result.statusCode === 500 && result.error.msg === 'cannot delete this admin user - there are no other active admin users');
+
+    /* add another service_provider user */
+    result = await request.post(`/Users`, {
+      resolveWithFullResponse: true,
+      json: true,
+      auth: authAdmin,
+      body: {
+        name: 'service_provider1',
+        email: 'sp1@jambonz.com',
+        is_active: true,
+        force_change: false,
+        initial_password: password,
+        service_provider_sid: sp_sid,
+      }
+    });
+    t.ok(result.statusCode === 201 && result.body.user_sid, 'service_provider scope user created');
+
+    /* logout as sp to get a jwt */
+    result = await request.post('/logout', {
+      resolveWithFullResponse: true,
+      auth: authAdmin,
+      json: true,
+    });
+    t.ok(result.statusCode === 204, 'successfully logged out');
+
+    // /* login as sp user to get a jwt */
+    // result = await request.post('/login', {
+    //   resolveWithFullResponse: true,
+    //   json: true,
+    //   body: {
+    //     username: 'service_provider1',
+    //     password: 'abcd1234-',  
+    //   }
+    // });
+    // t.ok(result.statusCode === 200 && result.body.token, 'successfully logged in as sp');
+    // const authSPUser = {bearer: result.body.token};
+
+    // result = await request.post(`/Users`, {
+    //   resolveWithFullResponse: true,
+    //   json: true,
+    //   auth: authSPUser,
+    //   body: {
+    //     name: 'sp2',
+    //     email: 'sp2@jambonz.com',
+    //     is_active: true,
+    //     force_change: false,
+    //     initial_password: password,
+    //   }
+    // });
+    // t.ok(result.statusCode === 403, 'sp user cannot create admin users');
+
+  } catch (err) {
+      console.error(err);
+      t.end(err);
+    }
+  });
+  
+  
--- a/test/utils.js
+++ b/test/utils.js
@@ -1,4 +1,8 @@
 const { v4: uuid } = require('uuid');
+const fs = require('fs');
+const request_fs_mock = require('request-promise-native').defaults({
+  baseUrl: 'http://127.0.0.1:3100'
+});

 const ADMIN_TOKEN = '38700987-c7a4-4685-a5bb-af378f9734de';
 const authAdmin = {bearer: ADMIN_TOKEN};
@@ -87,6 +91,42 @@ async function deleteObjectBySid(request, path, sid) {
  return result;
 }

+async function createGoogleSpeechCredentials(request, account_sid, service_provider_sid,token, use_tts, use_stt) {
+  const jsonKey = fs.readFileSync(`${__dirname}/data/test.json`, {encoding: 'utf8'});
+  if(account_sid) {
+    const result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
+      auth: token ? token : authAdmin,
+      json: true,
+      body: {
+        vendor: 'google',
+        service_key: jsonKey,
+        use_for_tts: use_tts,
+        use_for_stt: use_stt
+      }
+    });
+    return result.sid;
+  } else if(service_provider_sid) {
+    const result = await request.post(`/ServiceProviders/${service_provider_sid}/SpeechCredentials`, {
+      auth: token ? token : authAdmin,
+      json: true,
+      body: {
+        vendor: 'google',
+        service_key: jsonKey,
+        use_for_tts: use_tts,
+        use_for_stt: use_stt
+      }
+    });
+    return result.sid;
+  }
+  
+  
+}
+
+async function getLastRequestFromFeatureServer(key) {
+  const result = await request_fs_mock.get(`/lastRequest/${key}`);
+  return result;
+}
+
 module.exports = {
  createServiceProvider,
  createVoipCarrier,
@@ -94,5 +134,7 @@ module.exports = {
  createAccount,
  createApplication,
  createApiKey,
-  deleteObjectBySid
+  deleteObjectBySid,
+  createGoogleSpeechCredentials,
+  getLastRequestFromFeatureServer
 };
--- a/test/voip-carriers.js
+++ b/test/voip-carriers.js
@@ -54,7 +54,9 @@ test('voip carrier tests', async(t) => {
        requires_register: true,
        register_username: 'foo',
        register_sip_realm: 'bar',
-        register_password: 'baz'
+        register_password: 'baz',
+        register_from_user: 'fromme',
+        register_from_domain: 'fromdomain'
      }
    });
    t.ok(result.statusCode === 204, 'successfully updated voip carrier');
Author	SHA1	Message	Date
Quan HL	4e59bcb9fa	fix: update custom stt/tss url	2023-03-05 06:33:25 +07:00
Dave Horton	07421d830e	change property names for custom speech	2023-03-02 15:28:25 -05:00
Dave Horton	5c687aebdd	add support for custom speech api	2023-03-02 14:04:03 -05:00
EgleH	cc384995ea	add support for soniox speech (#120 ) Co-authored-by: eglehelms <e.helms@cognigy.com>	2023-02-26 11:31:39 -05:00
Dave Horton	d4506fb8fa	bump version	2023-02-24 10:05:14 -05:00
Dave Horton	042a2c37dc	update dockerfile	2023-02-23 08:21:30 -05:00
EgleH	6da1903dee	Update node to node:18.14.0-alpine3.16 (#117 )	2023-02-21 07:54:26 -05:00
dependabot[bot]	10009d903e	Bump undici from 5.11.0 to 5.19.1 (#115 ) Bumps [undici](https://github.com/nodejs/undici) from 5.11.0 to 5.19.1. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v5.11.0...v5.19.1) --- updated-dependencies: - dependency-name: undici dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-16 17:33:12 -05:00
Snyk bot	69a72c5e43	fix: upgrade aws-sdk from 2.1238.0 to 2.1302.0 (#110 ) Snyk has created this PR to upgrade aws-sdk from 2.1238.0 to 2.1302.0. See this package in npm: https://www.npmjs.com/package/aws-sdk See this project in Snyk: https://app.snyk.io/org/davehorton/project/b7e09765-19b2-4aa5-90ba-10432e250041?utm_source=github&utm_medium=referral&page=upgrade-pr	2023-02-16 13:31:57 -05:00
Dave Horton	f7f3881d70	update to @jambonz/verb-specifications (#109 )	2023-02-15 10:15:06 -05:00
Hoan Luu Huu	4d48c6946c	feat: start using verb-specifications (#107 ) * feat: start using verb-specifications * fix: verb specification v2 * fix vulnerabilities --------- Co-authored-by: Quan HL <quanluuhoang8@gmail.com> Co-authored-by: Dave Horton <daveh@beachdognet.com>	2023-02-14 17:24:19 -05:00
Snyk bot	5b48fc8a07	fix: Dockerfile to reduce vulnerabilities (#106 ) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314623 - https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314624 - https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314624 - https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314641 - https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314643	2023-02-12 22:50:13 -05:00
Hoan Luu Huu	f46be95551	feat: nvidia speech credential (#105 ) * feat: nvidia speech credential * fix: riva_server_uri * fix: riva_server_uri --------- Co-authored-by: Quan HL <quanluuhoang8@gmail.com>	2023-02-10 08:31:49 -05:00
EgleH	d4f2be3dc1	Add check for users to delete function (#104 ) * add check for users to delete function * fix typo * fix active admin check --------- Co-authored-by: eglehelms <e.helms@cognigy.com>	2023-02-08 07:16:29 -05:00
Dave Horton	a46c24b3aa	change applications.app_json to TEXT as it could hold large strings	2023-02-03 16:34:11 -05:00
AFelix53	f5c833720a	feat: added twilio gateways (#99 )	2023-01-30 10:16:27 -05:00
EgleH	4d2cc15de4	Bug/speech creds get all with no sp sid (#102 ) * backwards compatibility * fetch account and sp speech remove duplicates * fix retrieval of SP credentials associated to an account level user * update gh actions --------- Co-authored-by: eglehelms <e.helms@cognigy.com> Co-authored-by: Dave Horton <daveh@beachdognet.com>	2023-01-30 10:06:16 -05:00
Hoan Luu Huu	019599741a	feat: add app_json to applications endpoint (#100 ) * added phone_numbers.app_json column * modify prev commit to put app_json on applications table * feat: add app_json to applications endpoint --------- Co-authored-by: Dave Horton <daveh@beachdognet.com> Co-authored-by: Quan HL <quanluuhoang8@gmail.com>	2023-01-28 10:02:04 -05:00
EgleH	f2c2623b28	Speech should always be attached to an SP (#98 ) * user will always be attached to SP, thus always provide SP sid * add another fallback for service_provider_sid * fix the email and username check in user creation that was crashing the server * not allow same names for shared and account carriers Co-authored-by: eglehelms <e.helms@cognigy.com>	2023-01-26 07:53:29 -05:00
EgleH	6c494786c8	add check to not allow the same password to be user as new (#97 ) Co-authored-by: eglehelms <e.helms@cognigy.com>	2023-01-23 07:59:33 -05:00
EgleH	80ee1d06d7	Return scoped carriers and speech creds in /SP GET call (#96 ) * return scoped carriers and speech creds in /SP GET call * apply review comments Co-authored-by: eglehelms <e.helms@cognigy.com>	2023-01-19 10:53:37 -05:00
EgleH	274377960e	Allow falsy values for force_change and Is_active in PUT user call (#95 ) * allow falsy values * apply review comments Co-authored-by: eglehelms <e.helms@cognigy.com>	2023-01-19 10:39:57 -05:00
Charles Chance	02bba9d981	Update Simwood gateways (#92 )	2023-01-12 07:48:47 -05:00
Dave Horton	642a6615a0	additional db upgrade statements for 0.8	2023-01-10 10:28:46 -05:00
Dave Horton	b0f317b545	final fix for proper alter table	2023-01-09 15:53:10 -05:00
Dave Horton	43d991ef1c	fix error in db update statement	2023-01-09 15:41:24 -05:00
Dave Horton	5ab1ad9056	fixes to update db script for 0.8.0	2023-01-09 14:51:54 -05:00
Dave Horton	37062fa720	gh: run tests on PR	2023-01-09 10:13:08 -05:00
Dave Horton	e42634d726	error case: creating user with duplicate email, return json with msg for toast	2022-12-26 13:19:24 -06:00
Dave Horton	5a9e22df5e	add PUT for Account level Carrier	2022-12-26 11:14:41 -06:00
Dave Horton	e75eae4e24	Bugfix/fix permissions (#89 ) * protect service provider data retrieval so only admin users and appropriate service provider users can access * allow accounts to access ServiceProvider API but filter response data so they dont see other accounts or data they should not	2022-12-25 14:52:57 -06:00
Snyk bot	2000e7de90	fix: package.json & package-lock.json to reduce vulnerabilities (#88 ) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026	2022-12-22 12:01:04 -06:00
Dave Horton	317a094b3e	return account name and sp name in getUsers (#87 )	2022-12-19 15:05:35 -05:00
Dave Horton	86953b9524	encode account name and sp name as part of jwt (#86 )	2022-12-19 08:50:23 -05:00
Dave Horton	c6fd24bc13	restore service_provider_limits.category enum and same for account	2022-12-14 19:50:20 -05:00
Dave Horton	21a81c224f	switch to jwt auth	2022-12-12 21:06:11 -05:00
Dave Horton	59445d62cc	upgrade script needs to create permissions table	2022-12-12 21:03:30 -05:00
Dave Horton	4a78c5c1fc	allow numbers of up to 132 chars in phone_number table	2022-12-12 13:12:54 -05:00
Dave Horton	89f25d7eda	save instance_id as part of ibm stt credential	2022-12-10 09:20:44 -05:00
Dave Horton	49491fe1c4	update qs	2022-12-10 09:16:00 -05:00
dependabot[bot]	add9f2cb99	Bump express from 4.17.1 to 4.17.3 in /test/feature-server-test-scaffold (#84 ) Bumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.17.3. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](https://github.com/expressjs/express/compare/4.17.1...4.17.3) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-10 09:13:46 -05:00
EgleH	dd2176bf89	feature/user-api-calls (#80 ) * initial changes for jwt auth * return permissions as an array of string * basic GET, POST, DELETE user api calls * add permission checks * hide hashed_password * cleanup * add check if admin user is active * return account and serviceProvider sid un user object * add more values to user PUT * logout user after self delete, fix scope assignment * add admin scope user tests * fix test case and align jwt and api key data model in req.user * fixes for ibm speech * add limits license_count and voice_call_minutes * update limits enum again * rebase to main * allow predefined carriers and speech credentials for Account user * reverse the hasAccountPermissions changes * SpeechCredentials permissions * fix /Users/me api non-saas jambonz Co-authored-by: Dave Horton <daveh@beachdognet.com> Co-authored-by: eglehelms <e.helms@cognigy.com>	2022-12-10 09:12:05 -05:00
Dave Horton	fadbe116c2	update limits enum again	2022-11-26 12:55:00 -05:00
Dave Horton	02e3358c8f	add limits license_count and voice_call_minutes	2022-11-25 11:01:43 -05:00
Dave Horton	7bb78a9a2a	fixes for ibm speech	2022-11-25 10:55:57 -05:00
Dave Horton	5e070324ae	add support for ibm speech credentials, and test for ibm tts (#82 ) * add support for ibm speech credentials, and test for ibm tts * add stt testing for ibm watson	2022-11-21 21:16:26 -05:00
Guilherme Rauen	5be286d3db	update node image to the latest and most secure (#81 ) Co-authored-by: Guilherme Rauen <g.rauen@cognigy.com>	2022-11-11 11:23:38 -05:00
Dave Horton	0fc8500361	added testing of microsoft stt credential	2022-11-10 17:54:40 -05:00
Dave Horton	ee5e25bb8d	add support for deepgram STT	2022-11-10 14:34:04 -05:00
Dave Horton	1b67d5f89d	Feature/add users api (#77 ) * initial changes for jwt auth * return permissions as an array of string * Add JWT expiration environment variable (#74) * allow fromHost in createCall REST API * add JWT_EXPIRES_IN=<mins> env variable, 60 mins by default * add jwt expiration in register.js and signin.js * fix tests - add permissions and scope to encoded obj in jwt Co-authored-by: Dave Horton <daveh@beachdognet.com> Co-authored-by: eglehelms <e.helms@cognigy.com> * return only the jwt-token in the api response * update swagger.yaml * add /users api * apply review comments * add users test case * added User model * bugfix: admin user should be able to create a carrier for a service provider Co-authored-by: EgleH <egle.helms@gmail.com> Co-authored-by: eglehelms <e.helms@cognigy.com>	2022-11-07 13:47:18 -05:00
Dave Horton	46eee0cc60	initial changes to support nuance speech (#78 ) * initial changes to support nuance speech * fixes from testing	2022-10-31 09:59:36 -04:00
Dave Horton	8d303390b7	jwt contains {scope, permissions, user_sid, account_sid, service_provider_sid}, force_change now in the body of /login response	2022-10-27 10:50:17 -04:00
Dave Horton	35214a04dc	Feature/jwt auth (#75 ) * initial changes for jwt auth * return permissions as an array of string * Add JWT expiration environment variable (#74) * allow fromHost in createCall REST API * add JWT_EXPIRES_IN=<mins> env variable, 60 mins by default * add jwt expiration in register.js and signin.js * fix tests - add permissions and scope to encoded obj in jwt Co-authored-by: Dave Horton <daveh@beachdognet.com> Co-authored-by: eglehelms <e.helms@cognigy.com> * return only the jwt-token in the api response Co-authored-by: EgleH <egle.helms@gmail.com> Co-authored-by: eglehelms <e.helms@cognigy.com>	2022-10-27 07:39:11 -04:00
Dave Horton	110c4ed0d8	allow fromHost in createCall REST API	2022-10-25 13:22:30 -04:00
Dave Horton	7890de8c8f	update deps	2022-10-23 15:22:36 -04:00
Dave Horton	b65dc7080c	Dh password settings (#72 ) * update package-lock.json * Feat: password settings for account (#65) * feat: password settings for account * feat: password settings for account * fix: review comments * fix: review comments * fix: review comments * return empty json * fix: after review Co-authored-by: xquanluu <110280845+xquanluu@users.noreply.github.com>	2022-10-23 14:11:00 -04:00
Markus Frindt	9d0be0f8e1	[snyk] Fix vulnerabilities (#70 ) Co-authored-by: Markus Frindt <m.frindt@cognigy.com>	2022-10-20 21:34:07 -04:00
Dave Horton	81cae89387	actual fix for column name	2022-10-10 14:14:57 +01:00
Dave Horton	0811002c05	update time-series	2022-10-10 09:17:34 +01:00
Dave Horton	b465e0b8cf	bugfix: wrong name of column in db upgrade script	2022-10-10 08:57:21 +01:00
Dave Horton	08edae376e	bugfix: db upgrade for v0.7.7	2022-10-09 09:18:08 +01:00
Dave Horton	b7a38c843a	bugfix: new column +register_from_domain is varchar not varbinary	2022-10-07 09:42:10 +01:00
Dave Horton	36a1d4bef1	update model for new columns on voip_carriers	2022-10-06 11:08:59 +01:00
Dave Horton	e067fc2cf4	add fields to db for outbound register customization (from user, from domain, whether to use public ip or sip realm in contact) (#67 )	2022-10-06 09:57:00 +01:00
Dave Horton	613b801ba9	add support for azure custom endpoints	2022-09-28 00:37:50 +01:00
Dave Horton	67aff2e2a9	add support for azure custom endpoints	2022-09-27 09:32:30 +01:00
Dave Horton	fe7f0900ce	bump version	2022-09-23 18:28:28 +02:00
Lê Hàn Minh Khang	b6e6f6dd94	Obscuring api key when called from webapp (#59 ) * obscuring api key when called from webapp * changes suggested and fix wellsaid apikey return * hope this works? * Apikey obscure unobscure Aws Apikey * handle edge case for short key strings Co-authored-by: kitajchuk <bk@kitajchuk.com>	2022-09-22 08:37:33 -07:00
Dave Horton	05c46c5f39	Feature/sp call limits (#63 ) * add api for setting/querying call limits by account and sp * update an account or sp limit if one exists rather than creating a new one	2022-09-20 22:55:28 +02:00
Dave Horton	052a19cfdc	Feature/sp call limits (#63 ) * add api for setting/querying call limits by account and sp * update an account or sp limit if one exists rather than creating a new one	2022-09-20 13:12:28 +02:00
Dave Horton	0a01755a21	update time-series and add trust proxy setting for rate limiting	2022-09-16 13:21:10 +02:00
Dave Horton	ace9e6a4fc	add api to retrieve RecentCalls and Alerts by SP (#62 )	2022-09-07 14:02:08 +02:00
xquanluu	2db8cb4d3a	feat: auto choose speech synthezier from account/service level for createCall (#60 ) * feat: auto choose speech synthezier from account/service level * wip: add integration test * fix: review comment * fix: review comment	2022-08-24 10:06:38 +02:00
xquanluu	42b29af0a1	feat: update time-series version 0.1.12 (#56 ) * feat: update time-series version 0.1.12 * update generated package-lock.json	2022-08-19 13:24:47 +02:00
Dave Horton	6ac2751b56	update time-series	2022-08-19 09:59:56 +02:00
Lê Hàn Minh Khang	c5b1b36f28	Fix application /:sid return (#54 ) * Fix application /:sid return * fix tests	2022-08-17 18:50:04 -04:00
Hans Krutzer	08163a31d0	Add missing fields to PhoneNumbers POST request Swagger spec (#53 )	2022-08-17 15:55:25 +02:00
Dave Horton	1898ba501d	upgrade should a FK to new column	2022-08-09 15:27:26 +02:00
Dave Horton	6f52202deb	bugfix: FK was wrong	2022-08-03 17:22:30 +01:00
Dave Horton	0ceb79b568	add siprec_hook_sid to accounts model	2022-08-03 14:56:07 +01:00
Dave Horton	1e396266a0	upgrade-jambonz-db.js now handles schema upgrades	2022-07-29 09:48:28 +01:00
Dave Horton	69f36f5a51	Feature/siprec server (#49 ) * upgrade schema to 0.7.6 if necessary * db upgrade * db upgrade	2022-07-28 16:17:39 +01:00
Dave Horton	f83cc25098	Dockerfile: update base image	2022-07-28 12:59:05 +01:00
Dave Horton	1473c30d7b	update passport	2022-07-07 16:15:54 +02:00
Dave Horton	6088b99acf	fix Dockerfile for db-create image	2022-07-07 16:10:18 +02:00
Guilherme Rauen	9aab716dc9	Snyk Security Issues (#46 ) * improve dockerfile and fix snyk security issues * enable build in arm64 machine Co-authored-by: Guilherme Rauen <g.rauen@cognigy.com>	2022-06-29 08:33:08 -04:00
Dave Horton	56b646b6db	Feature/siprec client (#45 ) * updateCall now supports record action to start, stop, pause, or resume siprec * update Dockerfile	2022-06-23 16:25:11 -04:00
Dave Horton	eeb23109dc	update to azure 1.22.0	2022-06-11 16:18:26 -04:00
Dave Horton	17d1be4605	update deps	2022-06-11 12:23:54 -04:00
Dave Horton	2324890b72	add ability to create service_provider level apikeys	2022-05-06 20:30:38 -04:00
Dave Horton	4097ca2125	bugfix: createCall accepts call_hook that is a ws(s) url	2022-05-02 08:21:03 -04:00
Dave Horton	9a126f396e	remove orphaned webhooks when deleting accounts and applications	2022-04-30 12:17:37 -04:00