diff --git a/test/e2e/regression/api_test.go b/test/e2e/regression/api_test.go
index b8ae95972..411201f70 100644
--- a/test/e2e/regression/api_test.go
+++ b/test/e2e/regression/api_test.go
@@ -14,8 +14,8 @@ import (
 
 	"github.com/raystack/frontier/pkg/server/consts"
 
-	"github.com/raystack/frontier/core/invitation"
-
+	"github.com/raystack/frontier/core/authenticate"
+	testusers "github.com/raystack/frontier/core/authenticate/test_users"
 	"github.com/raystack/frontier/pkg/webhook"
 
 	"github.com/raystack/frontier/core/organization"
@@ -30,14 +30,13 @@ import (
 
 	"github.com/raystack/frontier/core/preference"
 
+	"connectrpc.com/connect"
+
 	"github.com/raystack/frontier/config"
 	"github.com/raystack/frontier/pkg/logger"
 	frontierv1beta1 "github.com/raystack/frontier/proto/v1beta1"
 	"github.com/raystack/frontier/test/e2e/testbench"
 	"github.com/stretchr/testify/suite"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/metadata"
-	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/structpb"
 )
 
@@ -51,7 +50,8 @@ const (
 
 type APIRegressionTestSuite struct {
 	suite.Suite
-	testBench *testbench.TestBench
+	testBench   *testbench.TestBench
+	adminCookie string
 }
 
 func (s *APIRegressionTestSuite) SetupSuite() {
@@ -63,6 +63,8 @@ func (s *APIRegressionTestSuite) SetupSuite() {
 	s.Require().NoError(err)
 	grpcPort, err := testbench.GetFreePort()
 	s.Require().NoError(err)
+	connectPort, err := testbench.GetFreePort()
+	s.Require().NoError(err)
 
 	appConfig := &config.Frontier{
 		Log: logger.Config{
@@ -70,15 +72,28 @@ func (s *APIRegressionTestSuite) SetupSuite() {
 			AuditEvents: "db",
 		},
 		App: server.Config{
-			Host: "localhost",
-			Port: apiPort,
+			Host:    "localhost",
+			Port:    apiPort,
+			Connect: server.ConnectConfig{Port: connectPort},
 			GRPC: server.GRPCConfig{
 				Port:           grpcPort,
 				MaxRecvMsgSize: 2 << 10,
 				MaxSendMsgSize: 2 << 10,
 			},
-			IdentityProxyHeader: testbench.IdentityHeader,
 			ResourcesConfigPath: path.Join(testDataPath, "resource"),
+			Authentication: authenticate.Config{
+				Session: authenticate.SessionConfig{
+					HashSecretKey:  "hash-secret-should-be-32-chars--",
+					BlockSecretKey: "hash-secret-should-be-32-chars--",
+					Validity:       time.Hour,
+				},
+				MailOTP: authenticate.MailOTPConfig{
+					Subject:  "{{.Otp}}",
+					Body:     "{{.Otp}}",
+					Validity: 10 * time.Minute,
+				},
+				TestUsers: testusers.Config{Enabled: true, Domain: "raystack.org", OTP: testbench.TestOTP},
+			},
 		},
 	}
 
@@ -87,10 +102,14 @@ func (s *APIRegressionTestSuite) SetupSuite() {
 
 	ctx := context.Background()
 
-	s.Require().NoError(testbench.BootstrapUsers(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapOrganizations(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapProject(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapGroup(ctx, s.testBench.Client, testbench.OrgAdminEmail))
+	adminCookie, err := testbench.AuthenticateUser(ctx, s.testBench.Client, testbench.OrgAdminEmail)
+	s.Require().NoError(err)
+	s.adminCookie = adminCookie
+
+	s.Require().NoError(testbench.BootstrapUsers(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapOrganizations(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapProject(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapGroup(ctx, s.testBench.Client, adminCookie))
 }
 
 func (s *APIRegressionTestSuite) TearDownSuite() {
@@ -99,12 +118,10 @@ func (s *APIRegressionTestSuite) TearDownSuite() {
 }
 
 func (s *APIRegressionTestSuite) TestOrganizationAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	s.Run("1. a user should successfully create a new org and become its admin", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org acme 1",
 				Name:  "org-acme-1",
@@ -114,25 +131,25 @@ func (s *APIRegressionTestSuite) TestOrganizationAPI() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		orgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id: createOrgResp.GetOrganization().GetId(),
-		})
+		orgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(orgUsersResp.GetUsers()))
-		s.Assert().Equal(testbench.OrgAdminEmail, orgUsersResp.GetUsers()[0].GetEmail())
+		s.Assert().Equal(1, len(orgUsersResp.Msg.GetUsers()))
+		s.Assert().Equal(testbench.OrgAdminEmail, orgUsersResp.Msg.GetUsers()[0].GetEmail())
 
-		orgCreatedPolicies, err := s.testBench.Client.ListPolicies(ctxOrgAdminAuth, &frontierv1beta1.ListPoliciesRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		orgCreatedPolicies, err := s.testBench.Client.ListPolicies(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListPoliciesRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(orgCreatedPolicies.GetPolicies()))
-		s.Assert().True(!orgCreatedPolicies.GetPolicies()[0].GetCreatedAt().AsTime().IsZero())
+		s.Assert().Equal(1, len(orgCreatedPolicies.Msg.GetPolicies()))
+		s.Assert().True(!orgCreatedPolicies.Msg.GetPolicies()[0].GetCreatedAt().AsTime().IsZero())
 	})
 	s.Run("2. user attached to an org as member should have no basic permission other than membership", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org acme 2",
 				Name:  "org-acme-2",
@@ -142,273 +159,271 @@ func (s *APIRegressionTestSuite) TestOrganizationAPI() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		userResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		userResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "acme 2 member",
 			Email: "acme-member@raystack.org",
 			Name:  "acme_2_member",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
-			Id:      createOrgResp.GetOrganization().GetId(),
-			UserIds: []string{userResp.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
+			Id:      createOrgResp.Msg.GetOrganization().GetId(),
+			UserIds: []string{userResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
-		orgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id: createOrgResp.GetOrganization().GetId(),
-		})
+		orgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Contains(utils.Map(orgUsersResp.GetUsers(), func(u *frontierv1beta1.User) string {
+		s.Assert().Contains(utils.Map(orgUsersResp.Msg.GetUsers(), func(u *frontierv1beta1.User) string {
 			return u.GetId()
-		}), userResp.GetUser().GetId())
+		}), userResp.Msg.GetUser().GetId())
 	})
 	s.Run("3. deleting an org should delete all of its internal relations/projects/groups/resources", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org acme 3",
 				Name:  "org-acme-3",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createUserResponse, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		createUserResponse, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "acme 3 member 1",
 			Email: "acme-member-1@raystack.org",
 			Name:  "acme_3_member_1",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
 		// attach user to org
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
-			Id:      createOrgResp.GetOrganization().GetId(),
-			UserIds: []string{createUserResponse.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
+			Id:      createOrgResp.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUserResponse.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
-		createProjResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		createProjResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "org-3-proj-1",
-				OrgId: createOrgResp.GetOrganization().GetId(),
+				OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createResourceResp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectResourceRequest{
-			ProjectId: createProjResp.GetProject().GetId(),
+		createResourceResp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectResourceRequest{
+			ProjectId: createProjResp.Msg.GetProject().GetId(),
 			Body: &frontierv1beta1.ResourceRequestBody{
 				Name:      "res-1",
 				Namespace: computeOrderNamespace,
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createResourceResp)
 
 		// check users
-		listUsersBeforeDelete, err := s.testBench.Client.ListUsers(ctxOrgAdminAuth, &frontierv1beta1.ListUsersRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		listUsersBeforeDelete, err := s.testBench.Client.ListUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListUsersRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Contains(utils.Map(listUsersBeforeDelete.GetUsers(), func(u *frontierv1beta1.User) string {
+		s.Assert().Contains(utils.Map(listUsersBeforeDelete.Msg.GetUsers(), func(u *frontierv1beta1.User) string {
 			return u.GetId()
-		}), createUserResponse.GetUser().GetId())
+		}), createUserResponse.Msg.GetUser().GetId())
 
 		// delete org and all its items
-		_, err = s.testBench.Client.DeleteOrganization(ctxOrgAdminAuth, &frontierv1beta1.DeleteOrganizationRequest{
-			Id: createOrgResp.GetOrganization().GetId(),
-		})
+		_, err = s.testBench.Client.DeleteOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.DeleteOrganizationRequest{
+			Id: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 
 		// check org
-		_, err = s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
-			Id: createOrgResp.GetOrganization().GetId(),
-		})
+		_, err = s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
+			Id: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NotNil(err)
 
 		// check project
-		_, err = s.testBench.Client.GetProject(ctxOrgAdminAuth, &frontierv1beta1.GetProjectRequest{
-			Id: createProjResp.GetProject().GetId(),
-		})
+		_, err = s.testBench.Client.GetProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetProjectRequest{
+			Id: createProjResp.Msg.GetProject().GetId(),
+		}))
 		s.Assert().NotNil(err)
 
 		// check resource
-		_, err = s.testBench.Client.GetProjectResource(ctxOrgAdminAuth, &frontierv1beta1.GetProjectResourceRequest{
-			Id: createResourceResp.GetResource().GetId(),
-		})
+		_, err = s.testBench.Client.GetProjectResource(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetProjectResourceRequest{
+			Id: createResourceResp.Msg.GetResource().GetId(),
+		}))
 		s.Assert().NotNil(err)
 
 		// check user relations
-		listUsersAfterDelete, err := s.testBench.Client.ListUsers(ctxOrgAdminAuth, &frontierv1beta1.ListUsersRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		listUsersAfterDelete, err := s.testBench.Client.ListUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListUsersRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(0, len(listUsersAfterDelete.GetUsers()))
+		s.Assert().Equal(0, len(listUsersAfterDelete.Msg.GetUsers()))
 	})
 	s.Run("4. removing a user from org should remove its access to all org resources", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org acme 4",
 				Name:  "org-acme-4",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createUserResponse, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		createUserResponse, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "acme 4 member 1",
 			Email: "acme-4-member-1@raystack.org",
 			Name:  "acme_4_member_1",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
 		// attach user to org
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
-			Id:      createOrgResp.GetOrganization().GetId(),
-			UserIds: []string{createUserResponse.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
+			Id:      createOrgResp.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUserResponse.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
 		// check users
-		listUsersBeforeDelete, err := s.testBench.Client.ListUsers(ctxOrgAdminAuth, &frontierv1beta1.ListUsersRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		listUsersBeforeDelete, err := s.testBench.Client.ListUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListUsersRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Contains(utils.Map(listUsersBeforeDelete.GetUsers(), func(u *frontierv1beta1.User) string {
+		s.Assert().Contains(utils.Map(listUsersBeforeDelete.Msg.GetUsers(), func(u *frontierv1beta1.User) string {
 			return u.GetId()
-		}), createUserResponse.GetUser().GetId())
+		}), createUserResponse.Msg.GetUser().GetId())
 
 		// remove user from org
-		_, err = s.testBench.Client.RemoveOrganizationUser(ctxOrgAdminAuth, &frontierv1beta1.RemoveOrganizationUserRequest{
-			Id:     createOrgResp.GetOrganization().GetId(),
-			UserId: createUserResponse.GetUser().GetId(),
-		})
+		_, err = s.testBench.Client.RemoveOrganizationUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RemoveOrganizationUserRequest{
+			Id:     createOrgResp.Msg.GetOrganization().GetId(),
+			UserId: createUserResponse.Msg.GetUser().GetId(),
+		}))
 		s.Assert().NoError(err)
 
 		// check users
-		listUsersAfterDelete, err := s.testBench.Client.ListUsers(ctxOrgAdminAuth, &frontierv1beta1.ListUsersRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		listUsersAfterDelete, err := s.testBench.Client.ListUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListUsersRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().NotContains(utils.Map(listUsersAfterDelete.GetUsers(), func(u *frontierv1beta1.User) string {
+		s.Assert().NotContains(utils.Map(listUsersAfterDelete.Msg.GetUsers(), func(u *frontierv1beta1.User) string {
 			return u.GetId()
-		}), createUserResponse.GetUser().GetId())
+		}), createUserResponse.Msg.GetUser().GetId())
 	})
 	s.Run("5. a user should successfully create a new org and list it even if it's disabled", func() {
 		// enable disable_org_on_create preference
-		disabledOrgs, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, &frontierv1beta1.CreatePreferencesRequest{
+		disabledOrgs, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePreferencesRequest{
 			Preferences: []*frontierv1beta1.PreferenceRequestBody{
 				{
 					Name:  preference.PlatformDisableOrgsOnCreate,
 					Value: "true",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(disabledOrgs)
 
-		ctxOrgUserAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: "normaluser@acme.org",
-		}))
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgUserAuth, &frontierv1beta1.CreateOrganizationRequest{
+		normalUserCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, "normaluser@raystack.org")
+		s.Require().NoError(err)
+		ctxOrgUserAuth := testbench.ContextWithAuth(context.Background(), normalUserCookie)
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org acme 5",
 				Name:  "org-acme-5",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(organization.Disabled.String(), createOrgResp.GetOrganization().GetState())
+		s.Assert().Equal(organization.Disabled.String(), createOrgResp.Msg.GetOrganization().GetState())
 
 		// should not list org if it's disabled by default
-		userEnabledOrgs, err := s.testBench.Client.ListOrganizationsByCurrentUser(ctxOrgUserAuth, &frontierv1beta1.ListOrganizationsByCurrentUserRequest{})
+		userEnabledOrgs, err := s.testBench.Client.ListOrganizationsByCurrentUser(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationsByCurrentUserRequest{}))
 		s.Assert().NoError(err)
-		s.Assert().False(slices.Contains(utils.Map(userEnabledOrgs.GetOrganizations(), func(o *frontierv1beta1.Organization) string {
+		s.Assert().False(slices.Contains(utils.Map(userEnabledOrgs.Msg.GetOrganizations(), func(o *frontierv1beta1.Organization) string {
 			return o.GetName()
-		}), createOrgResp.GetOrganization().GetName()))
+		}), createOrgResp.Msg.GetOrganization().GetName()))
 
 		// should list org even if it's disabled
-		userDisabledOrgs, err := s.testBench.Client.ListOrganizationsByCurrentUser(ctxOrgUserAuth, &frontierv1beta1.ListOrganizationsByCurrentUserRequest{
+		userDisabledOrgs, err := s.testBench.Client.ListOrganizationsByCurrentUser(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationsByCurrentUserRequest{
 			State: organization.Disabled.String(),
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(slices.Contains(utils.Map(userDisabledOrgs.GetOrganizations(), func(o *frontierv1beta1.Organization) string {
+		s.Assert().True(slices.Contains(utils.Map(userDisabledOrgs.Msg.GetOrganizations(), func(o *frontierv1beta1.Organization) string {
 			return o.GetName()
-		}), createOrgResp.GetOrganization().GetName()))
+		}), createOrgResp.Msg.GetOrganization().GetName()))
 
 		// reset disable_org_on_create preference
-		_, err = s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, &frontierv1beta1.CreatePreferencesRequest{
+		_, err = s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePreferencesRequest{
 			Preferences: []*frontierv1beta1.PreferenceRequestBody{
 				{
 					Name:  preference.PlatformDisableOrgsOnCreate,
 					Value: "false",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 	})
 	s.Run("6. a user should successfully list organization users via it's filter", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org acme 1-6",
 				Name:  "org-acme-1-6",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createUser1Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUser1Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Email: "user-for-org-1-6-p1@raystack.org",
 				Name:  "user-for-org-1-6-p1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createUser1Resp)
 
 		// add user to org
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
-			Id:      createOrgResp.GetOrganization().GetId(),
-			UserIds: []string{createUser1Resp.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
+			Id:      createOrgResp.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUser1Resp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
-		orgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id: createOrgResp.GetOrganization().GetId(),
-		})
+		orgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(2, len(orgUsersResp.GetUsers()))
-		emails := utils.Map(orgUsersResp.GetUsers(), func(u *frontierv1beta1.User) string {
+		s.Assert().Equal(2, len(orgUsersResp.Msg.GetUsers()))
+		emails := utils.Map(orgUsersResp.Msg.GetUsers(), func(u *frontierv1beta1.User) string {
 			return u.GetEmail()
 		})
-		s.Assert().Contains(emails, createUser1Resp.GetUser().GetEmail())
+		s.Assert().Contains(emails, createUser1Resp.Msg.GetUser().GetEmail())
 		s.Assert().Contains(emails, testbench.OrgAdminEmail)
 
 		// list only owner
-		orgUsersRespOwner, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id:          createOrgResp.GetOrganization().GetId(),
+		orgUsersRespOwner, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id:          createOrgResp.Msg.GetOrganization().GetId(),
 			RoleFilters: []string{schema.RoleOrganizationOwner},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(orgUsersRespOwner.GetUsers()))
-		s.Assert().Equal(testbench.OrgAdminEmail, orgUsersRespOwner.GetUsers()[0].GetEmail())
+		s.Assert().Equal(1, len(orgUsersRespOwner.Msg.GetUsers()))
+		s.Assert().Equal(testbench.OrgAdminEmail, orgUsersRespOwner.Msg.GetUsers()[0].GetEmail())
 	})
 }
 
 func (s *APIRegressionTestSuite) TestProjectAPI() {
 	var newProject *frontierv1beta1.Project
 
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	// get my org
-	res, err := s.testBench.Client.ListOrganizations(context.Background(), &frontierv1beta1.ListOrganizationsRequest{})
+	res, err := s.testBench.Client.ListOrganizations(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationsRequest{}))
 	s.Require().NoError(err)
-	s.Require().Greater(len(res.GetOrganizations()), 0)
-	myOrg := res.GetOrganizations()[0]
+	s.Require().Greater(len(res.Msg.GetOrganizations()), 0)
+	myOrg := res.Msg.GetOrganizations()[0]
 
 	s.Run("1. org admin create a new project successfully", func() {
-		_, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		_, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "new-project",
 				OrgId: myOrg.GetId(),
@@ -418,351 +433,349 @@ func (s *APIRegressionTestSuite) TestProjectAPI() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 	})
 
 	s.Run("2. org admin create a new project with empty name should return invalid argument", func() {
-		_, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		_, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "",
 				OrgId: myOrg.GetId(),
 			},
-		})
-		s.Assert().Equal(codes.InvalidArgument, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 
 	s.Run("3. org admin create a new project with wrong org id should return not found", func() {
-		_, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		_, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "new-project",
 				OrgId: "not-uuid",
 			},
-		})
-		s.Assert().Equal(codes.NotFound, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeNotFound, connect.CodeOf(err))
 	})
 
 	s.Run("4. org admin create a new project with same name and org-id should conflict", func() {
-		res, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		res, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "new-project-duplicate",
 				OrgId: myOrg.GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		newProject = res.GetProject()
+		newProject = res.Msg.GetProject()
 		s.Assert().NotNil(newProject)
 
-		_, err = s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		_, err = s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "new-project-duplicate",
 				OrgId: myOrg.GetId(),
 			},
-		})
-		s.Assert().Equal(codes.AlreadyExists, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeAlreadyExists, connect.CodeOf(err))
 	})
 
 	s.Run("5. org admin update a new project with empty body should return invalid argument", func() {
-		_, err := s.testBench.Client.UpdateProject(ctxOrgAdminAuth, &frontierv1beta1.UpdateProjectRequest{
+		_, err := s.testBench.Client.UpdateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateProjectRequest{
 			Id:   newProject.GetId(),
 			Body: nil,
-		})
-		s.Assert().Equal(codes.InvalidArgument, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 
 	s.Run("6. org admin update a new project with using project name instead of id should work", func() {
-		_, err := s.testBench.Client.UpdateProject(ctxOrgAdminAuth, &frontierv1beta1.UpdateProjectRequest{
+		_, err := s.testBench.Client.UpdateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateProjectRequest{
 			Id: "new-project",
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "new-project",
 				OrgId: myOrg.GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 	})
 	s.Run("7. list all projects attached/filtered to an org", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-project-1",
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		_, err = s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "org-project-1-p1",
-				OrgId: existingOrg.GetOrganization().GetId(),
+				OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		_, err = s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "org-project-1-p2",
-				OrgId: existingOrg.GetOrganization().GetId(),
+				OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		listResp, err := s.testBench.Client.ListOrganizationProjects(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationProjectsRequest{
-			Id:              existingOrg.GetOrganization().GetId(),
+		listResp, err := s.testBench.Client.ListOrganizationProjects(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationProjectsRequest{
+			Id:              existingOrg.Msg.GetOrganization().GetId(),
 			WithMemberCount: true,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(2, len(listResp.GetProjects()))
+		s.Assert().Equal(2, len(listResp.Msg.GetProjects()))
 		// should not list members in inherited roles
-		s.Assert().Equal(int32(1), listResp.GetProjects()[0].GetMembersCount())
+		s.Assert().Equal(int32(1), listResp.Msg.GetProjects()[0].GetMembersCount())
 	})
 	s.Run("8. list all users who have access to a project", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-project-1",
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createProjectP1Response, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		createProjectP1Response, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "org-project-2-p1",
-				OrgId: existingOrg.GetOrganization().GetId(),
+				OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createProjectP2Response, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		createProjectP2Response, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "org-project-2-p2",
-				OrgId: existingOrg.GetOrganization().GetId(),
+				OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// default
-		listProjUsersRespBeforeAccess, err := s.testBench.Client.ListProjectUsers(ctxOrgAdminAuth, &frontierv1beta1.ListProjectUsersRequest{
+		listProjUsersRespBeforeAccess, err := s.testBench.Client.ListProjectUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListProjectUsersRequest{
 			Id: "org-project-2-p1",
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(listProjUsersRespBeforeAccess.GetUsers())) // only who created it
+		s.Assert().Equal(1, len(listProjUsersRespBeforeAccess.Msg.GetUsers())) // only who created it
 
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Email: "user-for-org-project-2-p1@raystack.org",
 				Name:  "user-for-org-project-2-p1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createUserResp)
-		createUserRespAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: createUserResp.GetUser().GetEmail(),
-		}))
+		createdUserCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, createUserResp.Msg.GetUser().GetEmail())
+		s.Require().NoError(err)
+		createUserRespAuth := testbench.ContextWithAuth(context.Background(), createdUserCookie)
 
 		// add user to project
-		_, err = s.testBench.Client.CreatePolicyForProject(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyForProjectRequest{
-			ProjectId: createProjectP1Response.GetProject().GetId(),
+		_, err = s.testBench.Client.CreatePolicyForProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyForProjectRequest{
+			ProjectId: createProjectP1Response.Msg.GetProject().GetId(),
 			Body: &frontierv1beta1.CreatePolicyForProjectBody{
 				RoleId:    schema.RoleProjectViewer,
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.GetUser().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		listProjUsersResp, err := s.testBench.Client.ListProjectUsers(ctxOrgAdminAuth, &frontierv1beta1.ListProjectUsersRequest{
+		listProjUsersResp, err := s.testBench.Client.ListProjectUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListProjectUsersRequest{
 			Id: "org-project-2-p1",
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(2, len(listProjUsersResp.GetUsers()))
+		s.Assert().Equal(2, len(listProjUsersResp.Msg.GetUsers()))
 
-		listProjCurrentUsersResp, err := s.testBench.Client.ListProjectsByCurrentUser(ctxOrgAdminAuth, &frontierv1beta1.ListProjectsByCurrentUserRequest{})
+		listProjCurrentUsersResp, err := s.testBench.Client.ListProjectsByCurrentUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListProjectsByCurrentUserRequest{}))
 		s.Assert().NoError(err)
-		s.Assert().True(slices.ContainsFunc[[]*frontierv1beta1.Project](listProjCurrentUsersResp.GetProjects(), func(p *frontierv1beta1.Project) bool {
+		s.Assert().True(slices.ContainsFunc[[]*frontierv1beta1.Project](listProjCurrentUsersResp.Msg.GetProjects(), func(p *frontierv1beta1.Project) bool {
 			return p.GetName() == "org-project-2-p1"
 		}))
-		s.Assert().True(slices.ContainsFunc[[]*frontierv1beta1.Project](listProjCurrentUsersResp.GetProjects(), func(p *frontierv1beta1.Project) bool {
+		s.Assert().True(slices.ContainsFunc[[]*frontierv1beta1.Project](listProjCurrentUsersResp.Msg.GetProjects(), func(p *frontierv1beta1.Project) bool {
 			return p.GetName() == "org-project-2-p2"
 		}))
 
 		// viewer should only have get permission
-		listProjCurrentUsersResp, err = s.testBench.Client.ListProjectsByCurrentUser(createUserRespAuth, &frontierv1beta1.ListProjectsByCurrentUserRequest{
+		listProjCurrentUsersResp, err = s.testBench.Client.ListProjectsByCurrentUser(createUserRespAuth, connect.NewRequest(&frontierv1beta1.ListProjectsByCurrentUserRequest{
 			WithPermissions: []string{
 				"update",
 				"get",
 				"delete",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(slices.ContainsFunc[[]*frontierv1beta1.Project](listProjCurrentUsersResp.GetProjects(), func(p *frontierv1beta1.Project) bool {
+		s.Assert().True(slices.ContainsFunc[[]*frontierv1beta1.Project](listProjCurrentUsersResp.Msg.GetProjects(), func(p *frontierv1beta1.Project) bool {
 			return p.GetName() == "org-project-2-p1"
 		}))
-		s.Assert().Len(listProjCurrentUsersResp.GetAccessPairs(), 1)
+		s.Assert().Len(listProjCurrentUsersResp.Msg.GetAccessPairs(), 1)
 
 		// check permission for viewer
-		checkResourcePermissionResp, err := s.testBench.Client.CheckResourcePermission(createUserRespAuth, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjectP1Response.GetProject().GetId()),
+		checkResourcePermissionResp, err := s.testBench.Client.CheckResourcePermission(createUserRespAuth, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjectP1Response.Msg.GetProject().GetId()),
 			Permission: schema.GetPermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkResourcePermissionResp.GetStatus())
-		checkResourcePermissionResp, err = s.testBench.Client.CheckResourcePermission(createUserRespAuth, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjectP1Response.GetProject().GetId()),
+		s.Assert().True(checkResourcePermissionResp.Msg.GetStatus())
+		checkResourcePermissionResp, err = s.testBench.Client.CheckResourcePermission(createUserRespAuth, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjectP1Response.Msg.GetProject().GetId()),
 			Permission: schema.UpdatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkResourcePermissionResp.GetStatus())
+		s.Assert().False(checkResourcePermissionResp.Msg.GetStatus())
 
 		// create a group and add user to it
-		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, &frontierv1beta1.CreateGroupRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
+		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "org-project-2-group",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createGroupResp)
 
 		// create another user
-		createUser2Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUser2Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Email: "user-for-org-project-2-p2@raystack.org",
 				Name:  "user-for-org-project-2-p2",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createUser2Resp)
 
-		ctxForUser2 := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: createUser2Resp.GetUser().GetEmail(),
-		}))
+		user2Cookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, createUser2Resp.Msg.GetUser().GetEmail())
+		s.Require().NoError(err)
+		ctxForUser2 := testbench.ContextWithAuth(context.Background(), user2Cookie)
 
 		// add user to group
-		_, err = s.testBench.Client.AddGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.AddGroupUsersRequest{
-			Id:      createGroupResp.GetGroup().GetId(),
-			OrgId:   existingOrg.GetOrganization().GetId(),
-			UserIds: []string{createUser2Resp.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddGroupUsersRequest{
+			Id:      createGroupResp.Msg.GetGroup().GetId(),
+			OrgId:   existingOrg.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUser2Resp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
 		// list group users
-		listUser2GroupUsersResp, err := s.testBench.Client.ListCurrentUserGroups(ctxForUser2, &frontierv1beta1.ListCurrentUserGroupsRequest{
+		listUser2GroupUsersResp, err := s.testBench.Client.ListCurrentUserGroups(ctxForUser2, connect.NewRequest(&frontierv1beta1.ListCurrentUserGroupsRequest{
 			WithMemberCount: true,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(listUser2GroupUsersResp.GetGroups()))
-		s.Assert().Equal(int32(2), listUser2GroupUsersResp.GetGroups()[0].GetMembersCount())
+		s.Assert().Equal(1, len(listUser2GroupUsersResp.Msg.GetGroups()))
+		s.Assert().Equal(int32(2), listUser2GroupUsersResp.Msg.GetGroups()[0].GetMembersCount())
 
 		// add group to project by creating a policy
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    schema.RoleProjectViewer,
-				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjectP2Response.GetProject().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.GroupPrincipal, createGroupResp.GetGroup().GetId()),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjectP2Response.Msg.GetProject().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.GroupPrincipal, createGroupResp.Msg.GetGroup().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check if the user 2 has access to view project 2
-		checkStatus, err := s.testBench.Client.CheckResourcePermission(ctxForUser2, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjectP2Response.GetProject().GetId()),
+		checkStatus, err := s.testBench.Client.CheckResourcePermission(ctxForUser2, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjectP2Response.Msg.GetProject().GetId()),
 			Permission: schema.GetPermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkStatus.GetStatus())
+		s.Assert().True(checkStatus.Msg.GetStatus())
 
 		// listing users of the project will not list the group members
-		listProjUsersResp2, err := s.testBench.Client.ListProjectUsers(ctxOrgAdminAuth, &frontierv1beta1.ListProjectUsersRequest{
+		listProjUsersResp2, err := s.testBench.Client.ListProjectUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListProjectUsersRequest{
 			Id: "org-project-2-p2",
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(listProjUsersResp2.GetUsers()))
+		s.Assert().Equal(1, len(listProjUsersResp2.Msg.GetUsers()))
 
 		// listing project groups
-		listProjectGroupsResp, err := s.testBench.Client.ListProjectGroups(ctxOrgAdminAuth, &frontierv1beta1.ListProjectGroupsRequest{
+		listProjectGroupsResp, err := s.testBench.Client.ListProjectGroups(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListProjectGroupsRequest{
 			Id: "org-project-2-p2",
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(listProjectGroupsResp.GetGroups()))
+		s.Assert().Equal(1, len(listProjectGroupsResp.Msg.GetGroups()))
 
 		// check how many of these projects user is explicitly added
-		listCurrentUserProjectsNonInheritedResp, err := s.testBench.Client.ListProjectsByCurrentUser(ctxForUser2, &frontierv1beta1.ListProjectsByCurrentUserRequest{
+		listCurrentUserProjectsNonInheritedResp, err := s.testBench.Client.ListProjectsByCurrentUser(ctxForUser2, connect.NewRequest(&frontierv1beta1.ListProjectsByCurrentUserRequest{
 			NonInherited:    true,
 			WithMemberCount: true,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(listCurrentUserProjectsNonInheritedResp.GetProjects()))
-		s.Assert().Equal(int32(1), listCurrentUserProjectsNonInheritedResp.GetProjects()[0].GetMembersCount())
+		s.Assert().Equal(1, len(listCurrentUserProjectsNonInheritedResp.Msg.GetProjects()))
+		s.Assert().Equal(int32(1), listCurrentUserProjectsNonInheritedResp.Msg.GetProjects()[0].GetMembersCount())
 	})
 }
 
 func (s *APIRegressionTestSuite) TestGroupAPI() {
 	var newGroup *frontierv1beta1.Group
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	// get my org
-	res, err := s.testBench.Client.ListOrganizations(context.Background(), &frontierv1beta1.ListOrganizationsRequest{})
+	res, err := s.testBench.Client.ListOrganizations(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationsRequest{}))
 	s.Require().NoError(err)
-	s.Require().Greater(len(res.GetOrganizations()), 0)
-	myOrg := res.GetOrganizations()[0]
+	s.Require().Greater(len(res.Msg.GetOrganizations()), 0)
+	myOrg := res.Msg.GetOrganizations()[0]
 
 	s.Run("1. org admin create a new team with empty auth email should return unauthenticated error", func() {
-		_, err := s.testBench.Client.CreateGroup(context.Background(), &frontierv1beta1.CreateGroupRequest{
+		_, err := s.testBench.Client.CreateGroup(context.Background(), connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
 			OrgId: myOrg.GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "group-basic-1",
 			},
-		})
-		s.Assert().Equal(codes.Unauthenticated, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeUnauthenticated, connect.CodeOf(err))
 	})
 	s.Run("2. org admin create a new team with empty name should return invalid argument", func() {
-		_, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, &frontierv1beta1.CreateGroupRequest{
+		_, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
 			OrgId: myOrg.GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "",
 			},
-		})
-		s.Assert().Equal(codes.InvalidArgument, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 	s.Run("3. org admin create a new team with wrong org id should return not found", func() {
-		_, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, &frontierv1beta1.CreateGroupRequest{
+		_, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
 			OrgId: "not-uuid",
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "new-group",
 			},
-		})
-		s.Assert().Equal(codes.NotFound, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeNotFound, connect.CodeOf(err))
 	})
 	s.Run("4. org admin create a new team with same name and org-id should conflict", func() {
-		res, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, &frontierv1beta1.CreateGroupRequest{
+		res, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
 			OrgId: myOrg.GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "new-group",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		newGroup = res.GetGroup()
+		newGroup = res.Msg.GetGroup()
 		s.Assert().NotNil(newGroup)
 
-		_, err = s.testBench.Client.CreateGroup(ctxOrgAdminAuth, &frontierv1beta1.CreateGroupRequest{
+		_, err = s.testBench.Client.CreateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
 			OrgId: myOrg.GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "new-group",
 			},
-		})
-		s.Assert().Equal(codes.AlreadyExists, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeAlreadyExists, connect.CodeOf(err))
 	})
 	s.Run("5. group admin update a new team with empty body should return invalid argument", func() {
-		_, err := s.testBench.Client.UpdateGroup(ctxOrgAdminAuth, &frontierv1beta1.UpdateGroupRequest{
+		_, err := s.testBench.Client.UpdateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateGroupRequest{
 			Id:   newGroup.GetId(),
 			Body: nil,
-		})
-		s.Assert().Equal(codes.InvalidArgument, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 	s.Run("6. group admin update a new team with empty group id should return invalid arg", func() {
-		_, err := s.testBench.Client.UpdateGroup(ctxOrgAdminAuth, &frontierv1beta1.UpdateGroupRequest{
+		_, err := s.testBench.Client.UpdateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateGroupRequest{
 			Id:    "",
 			OrgId: myOrg.GetId(),
 			Body:  &frontierv1beta1.GroupRequestBody{},
-		})
-		s.Assert().Equal(codes.InvalidArgument, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 	s.Run("7. group admin update a new team without group id should fail", func() {
-		_, err := s.testBench.Client.UpdateGroup(ctxOrgAdminAuth, &frontierv1beta1.UpdateGroupRequest{
+		_, err := s.testBench.Client.UpdateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateGroupRequest{
 			OrgId: myOrg.GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "org1-group1",
@@ -772,259 +785,257 @@ func (s *APIRegressionTestSuite) TestGroupAPI() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().Error(err)
-		s.Assert().Equal(codes.InvalidArgument, status.Convert(err).Code())
+		s.Assert().Equal(connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 	s.Run("8. create a group and add new member to it successfully", func() {
-		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, &frontierv1beta1.CreateGroupRequest{
+		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
 			OrgId: myOrg.GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "group-8",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().NotNil(createGroupResp.GetGroup())
+		s.Assert().NotNil(createGroupResp.Msg.GetGroup())
 
-		listGroupUsers, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.ListGroupUsersRequest{
-			Id:    createGroupResp.GetGroup().GetId(),
-			OrgId: createGroupResp.GetGroup().GetOrgId(),
-		})
+		listGroupUsers, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListGroupUsersRequest{
+			Id:    createGroupResp.Msg.GetGroup().GetId(),
+			OrgId: createGroupResp.Msg.GetGroup().GetOrgId(),
+		}))
 		s.Assert().NoError(err)
 		// only admin as member
-		s.Assert().Len(listGroupUsers.GetUsers(), 1)
+		s.Assert().Len(listGroupUsers.Msg.GetUsers(), 1)
 
 		// add a user
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Email: "user-for-group@raystack.org",
 				Name:  "user-for-group",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createUserResp)
-		addMemberResp, err := s.testBench.Client.AddGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.AddGroupUsersRequest{
-			Id:      createGroupResp.GetGroup().GetId(),
-			OrgId:   createGroupResp.GetGroup().GetOrgId(),
-			UserIds: []string{createUserResp.GetUser().GetId()},
-		})
+		addMemberResp, err := s.testBench.Client.AddGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddGroupUsersRequest{
+			Id:      createGroupResp.Msg.GetGroup().GetId(),
+			OrgId:   createGroupResp.Msg.GetGroup().GetOrgId(),
+			UserIds: []string{createUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(addMemberResp)
 
-		listGroupUsersAfterUser, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.ListGroupUsersRequest{
-			Id:    createGroupResp.GetGroup().GetId(),
-			OrgId: createGroupResp.GetGroup().GetOrgId(),
-		})
+		listGroupUsersAfterUser, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListGroupUsersRequest{
+			Id:    createGroupResp.Msg.GetGroup().GetId(),
+			OrgId: createGroupResp.Msg.GetGroup().GetOrgId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Len(listGroupUsersAfterUser.GetUsers(), 2)
+		s.Assert().Len(listGroupUsersAfterUser.Msg.GetUsers(), 2)
 
-		listOrganizationGroupResp, err := s.testBench.Client.ListOrganizationGroups(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationGroupsRequest{
-			OrgId:       createGroupResp.GetGroup().GetOrgId(),
+		listOrganizationGroupResp, err := s.testBench.Client.ListOrganizationGroups(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationGroupsRequest{
+			OrgId:       createGroupResp.Msg.GetGroup().GetOrgId(),
 			WithMembers: true,
-			GroupIds:    []string{createGroupResp.GetGroup().GetId()},
-		})
+			GroupIds:    []string{createGroupResp.Msg.GetGroup().GetId()},
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(listOrganizationGroupResp.GetGroups()[0].GetId(), createGroupResp.GetGroup().GetId())
-		s.Assert().Len(listOrganizationGroupResp.GetGroups()[0].GetUsers(), 2)
+		s.Assert().Equal(listOrganizationGroupResp.Msg.GetGroups()[0].GetId(), createGroupResp.Msg.GetGroup().GetId())
+		s.Assert().Len(listOrganizationGroupResp.Msg.GetGroups()[0].GetUsers(), 2)
 	})
 	s.Run("9. listing group members shouldn't list users who inherited the access of that group", func() {
 		// add a basic user
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Email: "user-for-group-9@raystack.org",
 				Name:  "user-for-group-9",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createUserResp)
 
 		// add basic user to org
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
 			Id:      myOrg.GetId(),
-			UserIds: []string{createUserResp.GetUser().GetId()},
-		})
+			UserIds: []string{createUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
 		// give it access to create group
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    schema.RoleOrganizationManager,
 				Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, myOrg.GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.GetUser().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// add an owner user
-		createOwnerUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createOwnerUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Email: "user-for-group-9-owner@raystack.org",
 				Name:  "user-for-group-9-owner",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createOwnerUserResp)
 
 		// add owner user to org
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
 			Id:      myOrg.GetId(),
-			UserIds: []string{createOwnerUserResp.GetUser().GetId()},
-		})
+			UserIds: []string{createOwnerUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
 		// give it access to create everything
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    schema.RoleOrganizationOwner,
 				Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, myOrg.GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createOwnerUserResp.GetUser().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createOwnerUserResp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		ctxOrgUserAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: createUserResp.GetUser().GetEmail(),
-		}))
+		orgUserCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, createUserResp.Msg.GetUser().GetEmail())
+		s.Require().NoError(err)
+		ctxOrgUserAuth := testbench.ContextWithAuth(context.Background(), orgUserCookie)
 
-		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgUserAuth, &frontierv1beta1.CreateGroupRequest{
+		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
 			OrgId: myOrg.GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "group-9",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().NotNil(createGroupResp.GetGroup())
+		s.Assert().NotNil(createGroupResp.Msg.GetGroup())
 
-		listGroupUsers, err := s.testBench.Client.ListGroupUsers(ctxOrgUserAuth, &frontierv1beta1.ListGroupUsersRequest{
-			Id:    createGroupResp.GetGroup().GetId(),
-			OrgId: createGroupResp.GetGroup().GetOrgId(),
-		})
+		listGroupUsers, err := s.testBench.Client.ListGroupUsers(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.ListGroupUsersRequest{
+			Id:    createGroupResp.Msg.GetGroup().GetId(),
+			OrgId: createGroupResp.Msg.GetGroup().GetOrgId(),
+		}))
 		s.Assert().NoError(err)
 		// only basic user as member
-		s.Assert().Len(listGroupUsers.GetUsers(), 1)
+		s.Assert().Len(listGroupUsers.Msg.GetUsers(), 1)
 	})
 	s.Run("10. add and remove users from group to it successfully", func() {
-		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, &frontierv1beta1.CreateGroupRequest{
+		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
 			OrgId: myOrg.GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "group-10",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().NotNil(createGroupResp.GetGroup())
+		s.Assert().NotNil(createGroupResp.Msg.GetGroup())
 
-		listGroupUsers, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.ListGroupUsersRequest{
-			Id:    createGroupResp.GetGroup().GetId(),
-			OrgId: createGroupResp.GetGroup().GetOrgId(),
-		})
+		listGroupUsers, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListGroupUsersRequest{
+			Id:    createGroupResp.Msg.GetGroup().GetId(),
+			OrgId: createGroupResp.Msg.GetGroup().GetOrgId(),
+		}))
 		s.Assert().NoError(err)
 		// only admin as member
-		s.Assert().Len(listGroupUsers.GetUsers(), 1)
+		s.Assert().Len(listGroupUsers.Msg.GetUsers(), 1)
 
 		// add a user
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Email: "user-for-group-10@raystack.org",
 				Name:  "user-for-group-10",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createUserResp)
-		addMemberResp, err := s.testBench.Client.AddGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.AddGroupUsersRequest{
-			Id:      createGroupResp.GetGroup().GetId(),
-			OrgId:   createGroupResp.GetGroup().GetOrgId(),
-			UserIds: []string{createUserResp.GetUser().GetId()},
-		})
+		addMemberResp, err := s.testBench.Client.AddGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddGroupUsersRequest{
+			Id:      createGroupResp.Msg.GetGroup().GetId(),
+			OrgId:   createGroupResp.Msg.GetGroup().GetOrgId(),
+			UserIds: []string{createUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(addMemberResp)
 
-		listGroupUsersAfterUser, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.ListGroupUsersRequest{
-			Id:    createGroupResp.GetGroup().GetId(),
-			OrgId: createGroupResp.GetGroup().GetOrgId(),
-		})
+		listGroupUsersAfterUser, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListGroupUsersRequest{
+			Id:    createGroupResp.Msg.GetGroup().GetId(),
+			OrgId: createGroupResp.Msg.GetGroup().GetOrgId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Len(listGroupUsersAfterUser.GetUsers(), 2)
+		s.Assert().Len(listGroupUsersAfterUser.Msg.GetUsers(), 2)
 
 		// remove user from group
-		removeMemberResp, err := s.testBench.Client.RemoveGroupUser(ctxOrgAdminAuth, &frontierv1beta1.RemoveGroupUserRequest{
-			Id:     createGroupResp.GetGroup().GetId(),
-			OrgId:  createGroupResp.GetGroup().GetOrgId(),
-			UserId: createUserResp.GetUser().GetId(),
-		})
+		removeMemberResp, err := s.testBench.Client.RemoveGroupUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RemoveGroupUserRequest{
+			Id:     createGroupResp.Msg.GetGroup().GetId(),
+			OrgId:  createGroupResp.Msg.GetGroup().GetOrgId(),
+			UserId: createUserResp.Msg.GetUser().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(removeMemberResp)
 
 		// check if the user is still part of group
-		listGroupUsersAfterRemove, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.ListGroupUsersRequest{
-			Id:    createGroupResp.GetGroup().GetId(),
-			OrgId: createGroupResp.GetGroup().GetOrgId(),
-		})
+		listGroupUsersAfterRemove, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListGroupUsersRequest{
+			Id:    createGroupResp.Msg.GetGroup().GetId(),
+			OrgId: createGroupResp.Msg.GetGroup().GetOrgId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Len(listGroupUsersAfterRemove.GetUsers(), 1)
+		s.Assert().Len(listGroupUsersAfterRemove.Msg.GetUsers(), 1)
 	})
 	s.Run("11. deleting group should remove access to it for users", func() {
-		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, &frontierv1beta1.CreateGroupRequest{
+		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
 			OrgId: myOrg.GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "group-11",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().NotNil(createGroupResp.GetGroup())
+		s.Assert().NotNil(createGroupResp.Msg.GetGroup())
 
 		// add a user
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Email: "user-for-group-11@raystack.org",
 				Name:  "user-for-group-11",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createUserResp)
-		addMemberResp, err := s.testBench.Client.AddGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.AddGroupUsersRequest{
-			Id:      createGroupResp.GetGroup().GetId(),
-			OrgId:   createGroupResp.GetGroup().GetOrgId(),
-			UserIds: []string{createUserResp.GetUser().GetId()},
-		})
+		addMemberResp, err := s.testBench.Client.AddGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddGroupUsersRequest{
+			Id:      createGroupResp.Msg.GetGroup().GetId(),
+			OrgId:   createGroupResp.Msg.GetGroup().GetOrgId(),
+			UserIds: []string{createUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(addMemberResp)
 
 		// check if the new user has access to group
-		checkUserStatus, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.GroupNamespace, createGroupResp.GetGroup().GetId()),
+		checkUserStatus, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.GroupNamespace, createGroupResp.Msg.GetGroup().GetId()),
 			Permission: schema.GetPermission,
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkUserStatus.GetStatus())
+		s.Assert().True(checkUserStatus.Msg.GetStatus())
 
 		// delete group
-		_, err = s.testBench.Client.DeleteGroup(ctxOrgAdminAuth, &frontierv1beta1.DeleteGroupRequest{
-			Id:    createGroupResp.GetGroup().GetId(),
-			OrgId: createGroupResp.GetGroup().GetOrgId(),
-		})
+		_, err = s.testBench.Client.DeleteGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.DeleteGroupRequest{
+			Id:    createGroupResp.Msg.GetGroup().GetId(),
+			OrgId: createGroupResp.Msg.GetGroup().GetOrgId(),
+		}))
 		s.Assert().NoError(err)
 
 		// check if the new user still has access to group
-		checkUserStatus, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.GroupNamespace, createGroupResp.GetGroup().GetId()),
+		checkUserStatus, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.GroupNamespace, createGroupResp.Msg.GetGroup().GetId()),
 			Permission: schema.GetPermission,
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkUserStatus.GetStatus())
+		s.Assert().False(checkUserStatus.Msg.GetStatus())
 	})
 }
 
 func (s *APIRegressionTestSuite) TestUserAPI() {
 	var newUser *frontierv1beta1.User
 
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	s.Run("1. org admin create a new user with empty auth email should return unauthenticated error", func() {
-		_, err := s.testBench.Client.CreateUser(context.Background(), &frontierv1beta1.CreateUserRequest{
+		_, err := s.testBench.Client.CreateUser(context.Background(), connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user a",
 				Email: "new-user-a@raystack.org",
@@ -1035,12 +1046,12 @@ func (s *APIRegressionTestSuite) TestUserAPI() {
 					},
 				},
 			},
-		})
-		s.Assert().Equal(codes.Unauthenticated, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeUnauthenticated, connect.CodeOf(err))
 	})
 
 	s.Run("2. org admin create a new user with unparsable metadata should return invalid argument error", func() {
-		_, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		_, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user a",
 				Email: "new-user-a@raystack.org",
@@ -1051,12 +1062,12 @@ func (s *APIRegressionTestSuite) TestUserAPI() {
 					},
 				},
 			},
-		})
-		s.Assert().Equal(codes.InvalidArgument, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 
 	s.Run("3. org admin create a new user with empty email should return invalid argument error", func() {
-		_, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		_, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user a",
 				Email: "",
@@ -1067,12 +1078,12 @@ func (s *APIRegressionTestSuite) TestUserAPI() {
 					},
 				},
 			},
-		})
-		s.Assert().Equal(codes.InvalidArgument, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 
 	s.Run("4. org admin create a new user with same email should return conflict error", func() {
-		res, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		res, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user a",
 				Email: "new-user-a@raystack.org",
@@ -1083,11 +1094,11 @@ func (s *APIRegressionTestSuite) TestUserAPI() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		newUser = res.GetUser()
+		newUser = res.Msg.GetUser()
 
-		_, err = s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		_, err = s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user a",
 				Email: "new-user-a@raystack.org",
@@ -1098,13 +1109,13 @@ func (s *APIRegressionTestSuite) TestUserAPI() {
 					},
 				},
 			},
-		})
-		s.Assert().Equal(codes.AlreadyExists, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeAlreadyExists, connect.CodeOf(err))
 	})
 
 	s.Run("5. org admin update user with conflicted detail should not update the email and return nil error", func() {
 		ExpectedEmail := "new-user-a@raystack.org"
-		res, err := s.testBench.Client.UpdateUser(ctxOrgAdminAuth, &frontierv1beta1.UpdateUserRequest{
+		res, err := s.testBench.Client.UpdateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateUserRequest{
 			Id: newUser.GetId(),
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user a",
@@ -1116,17 +1127,17 @@ func (s *APIRegressionTestSuite) TestUserAPI() {
 					},
 				},
 			},
-		})
-		s.Assert().Equal(ExpectedEmail, res.GetUser().GetEmail())
+		}))
+		s.Assert().Equal(ExpectedEmail, res.Msg.GetUser().GetEmail())
 		s.Assert().NoError(err)
 	})
 
-	ctxCurrentUser := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: newUser.GetEmail(),
-	}))
+	currentUserCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, newUser.GetEmail())
+	s.Require().NoError(err)
+	ctxCurrentUser := testbench.ContextWithAuth(context.Background(), currentUserCookie)
 
 	s.Run("6. update current user with empty email should return invalid argument error", func() {
-		_, err := s.testBench.Client.UpdateCurrentUser(ctxCurrentUser, &frontierv1beta1.UpdateCurrentUserRequest{
+		_, err := s.testBench.Client.UpdateCurrentUser(ctxCurrentUser, connect.NewRequest(&frontierv1beta1.UpdateCurrentUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user a",
 				Email: "",
@@ -1137,11 +1148,11 @@ func (s *APIRegressionTestSuite) TestUserAPI() {
 					},
 				},
 			},
-		})
-		s.Assert().Equal(codes.InvalidArgument, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 	s.Run("7. update current user with different email in header and body should return invalid argument error", func() {
-		_, err := s.testBench.Client.UpdateCurrentUser(ctxCurrentUser, &frontierv1beta1.UpdateCurrentUserRequest{
+		_, err := s.testBench.Client.UpdateCurrentUser(ctxCurrentUser, connect.NewRequest(&frontierv1beta1.UpdateCurrentUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user a",
 				Email: "admin1-group1-org1@raystack.org",
@@ -1152,604 +1163,600 @@ func (s *APIRegressionTestSuite) TestUserAPI() {
 					},
 				},
 			},
-		})
-		s.Assert().Equal(codes.InvalidArgument, status.Convert(err).Code())
+		}))
+		s.Assert().Equal(connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 	s.Run("8. deleting a user should detach it from its respective relations", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-2",
-		})
+		}))
 		s.Assert().NoError(err)
-		createOrgGroupRequest, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, &frontierv1beta1.CreateGroupRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
+		createOrgGroupRequest, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "org-2-group-1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		existingGroup := createOrgGroupRequest.GetGroup()
+		existingGroup := createOrgGroupRequest.Msg.GetGroup()
 
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user for org 1",
 				Email: "user-1-for-org-1@raystack.org",
 				Name:  "user_1_for_org_1_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
-			Id:      existingOrg.GetOrganization().GetId(),
-			UserIds: []string{createUserResp.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
+			Id:      existingOrg.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
-		_, err = s.testBench.Client.AddGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.AddGroupUsersRequest{
+		_, err = s.testBench.Client.AddGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddGroupUsersRequest{
 			Id:      existingGroup.GetId(),
 			OrgId:   existingGroup.GetOrgId(),
-			UserIds: []string{createUserResp.GetUser().GetId()},
-		})
+			UserIds: []string{createUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
-		orgUsersRespAfterRelation, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id:               existingOrg.GetOrganization().GetId(),
+		orgUsersRespAfterRelation, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id:               existingOrg.Msg.GetOrganization().GetId(),
 			PermissionFilter: organization.MemberRole,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(orgUsersRespAfterRelation.GetUsers())) // one self one admin
-		groupUsersResp, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.ListGroupUsersRequest{
+		s.Assert().Equal(1, len(orgUsersRespAfterRelation.Msg.GetUsers())) // one self one admin
+		groupUsersResp, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListGroupUsersRequest{
 			Id:    existingGroup.GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		var userPartOfGroup bool
-		for _, rel := range groupUsersResp.GetUsers() {
-			if createUserResp.GetUser().GetId() == rel.GetId() {
+		for _, rel := range groupUsersResp.Msg.GetUsers() {
+			if createUserResp.Msg.GetUser().GetId() == rel.GetId() {
 				userPartOfGroup = true
 				break
 			}
 		}
 		s.Assert().True(userPartOfGroup)
 
-		listUserGroups, err := s.testBench.Client.ListUserGroups(ctxOrgAdminAuth, &frontierv1beta1.ListUserGroupsRequest{
-			Id:    createUserResp.GetUser().GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		listUserGroups, err := s.testBench.Client.ListUserGroups(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListUserGroupsRequest{
+			Id:    createUserResp.Msg.GetUser().GetId(),
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(listUserGroups.GetGroups()))
+		s.Assert().Equal(1, len(listUserGroups.Msg.GetGroups()))
 
 		// delete user
-		_, err = s.testBench.Client.DeleteUser(ctxOrgAdminAuth, &frontierv1beta1.DeleteUserRequest{
-			Id: createUserResp.GetUser().GetId(),
-		})
+		_, err = s.testBench.Client.DeleteUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.DeleteUserRequest{
+			Id: createUserResp.Msg.GetUser().GetId(),
+		}))
 		s.Assert().NoError(err)
 
 		// check its existence
-		getUserResp, err := s.testBench.Client.GetUser(ctxOrgAdminAuth, &frontierv1beta1.GetUserRequest{
-			Id: createUserResp.GetUser().GetId(),
-		})
+		getUserResp, err := s.testBench.Client.GetUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetUserRequest{
+			Id: createUserResp.Msg.GetUser().GetId(),
+		}))
 		s.Assert().NotNil(err)
 		s.Assert().Nil(getUserResp)
 
 		// check its relations with org
-		orgUsersRespAfterDeletion, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id: existingOrg.GetOrganization().GetId(),
-		})
+		orgUsersRespAfterDeletion, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(orgUsersRespAfterDeletion.GetUsers())) // only admin
+		s.Assert().Equal(1, len(orgUsersRespAfterDeletion.Msg.GetUsers())) // only admin
 
 		// check its relations with group
-		groupUsersRespAfterDeletion, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.ListGroupUsersRequest{
+		groupUsersRespAfterDeletion, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListGroupUsersRequest{
 			Id:    existingGroup.GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		for _, rel := range groupUsersRespAfterDeletion.GetUsers() {
-			s.Assert().NotEqual(createUserResp.GetUser().GetId(), rel.GetId())
+		for _, rel := range groupUsersRespAfterDeletion.Msg.GetUsers() {
+			s.Assert().NotEqual(createUserResp.Msg.GetUser().GetId(), rel.GetId())
 		}
 	})
 	s.Run("9. disabling a user should return not found in list/get api", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-user-1",
-		})
+		}))
 		s.Assert().NoError(err)
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user for org 1",
 				Email: "user-2-for-org-1@raystack.org",
 				Name:  "user_2_for_org_1_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
-			Id:      existingOrg.GetOrganization().GetId(),
-			UserIds: []string{createUserResp.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
+			Id:      existingOrg.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
-		orgUsersRespAfterRelation, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id:               existingOrg.GetOrganization().GetId(),
+		orgUsersRespAfterRelation, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id:               existingOrg.Msg.GetOrganization().GetId(),
 			PermissionFilter: organization.MemberRole,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(orgUsersRespAfterRelation.GetUsers()))
+		s.Assert().Equal(1, len(orgUsersRespAfterRelation.Msg.GetUsers()))
 
 		// disable user
-		_, err = s.testBench.Client.DisableUser(ctxOrgAdminAuth, &frontierv1beta1.DisableUserRequest{
-			Id: createUserResp.GetUser().GetId(),
-		})
+		_, err = s.testBench.Client.DisableUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.DisableUserRequest{
+			Id: createUserResp.Msg.GetUser().GetId(),
+		}))
 		s.Assert().NoError(err)
 
 		// check its existence
-		getUserResp, err := s.testBench.Client.GetUser(ctxOrgAdminAuth, &frontierv1beta1.GetUserRequest{
-			Id: createUserResp.GetUser().GetId(),
-		})
+		getUserResp, err := s.testBench.Client.GetUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetUserRequest{
+			Id: createUserResp.Msg.GetUser().GetId(),
+		}))
 		s.Assert().NotNil(err)
 		s.Assert().Nil(getUserResp)
 
 		// check its relations with org
-		orgUsersRespAfterDisable, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id: existingOrg.GetOrganization().GetId(),
-		})
+		orgUsersRespAfterDisable, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(orgUsersRespAfterDisable.GetUsers()))
+		s.Assert().Equal(1, len(orgUsersRespAfterDisable.Msg.GetUsers()))
 
 		// enable user
-		_, err = s.testBench.Client.EnableUser(ctxOrgAdminAuth, &frontierv1beta1.EnableUserRequest{
-			Id: createUserResp.GetUser().GetId(),
-		})
+		_, err = s.testBench.Client.EnableUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.EnableUserRequest{
+			Id: createUserResp.Msg.GetUser().GetId(),
+		}))
 		s.Assert().NoError(err)
 
 		// check its existence
-		getUserAfterEnableResp, err := s.testBench.Client.GetUser(ctxOrgAdminAuth, &frontierv1beta1.GetUserRequest{
-			Id: createUserResp.GetUser().GetId(),
-		})
+		getUserAfterEnableResp, err := s.testBench.Client.GetUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetUserRequest{
+			Id: createUserResp.Msg.GetUser().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getUserAfterEnableResp)
 
 		// check its relations with org
-		orgUsersRespAfterEnable, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id: existingOrg.GetOrganization().GetId(),
-		})
+		orgUsersRespAfterEnable, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(2, len(orgUsersRespAfterEnable.GetUsers()))
+		s.Assert().Equal(2, len(orgUsersRespAfterEnable.Msg.GetUsers()))
 	})
 	s.Run("10. correctly filter users using list api in an org", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-user-2",
-		})
+		}))
 		s.Assert().NoError(err)
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user for org 2",
 				Email: "user-1-for-org-2@raystack.org",
 				Name:  "user_1_for_org_2_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		listExistingUsers, err := s.testBench.Client.ListUsers(ctxCurrentUser, &frontierv1beta1.ListUsersRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		listExistingUsers, err := s.testBench.Client.ListUsers(ctxCurrentUser, connect.NewRequest(&frontierv1beta1.ListUsersRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(listExistingUsers.GetUsers()))
+		s.Assert().Equal(1, len(listExistingUsers.Msg.GetUsers()))
 
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
-			Id:      existingOrg.GetOrganization().GetId(),
-			UserIds: []string{createUserResp.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
+			Id:      existingOrg.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
-		listNewUsers, err := s.testBench.Client.ListUsers(ctxCurrentUser, &frontierv1beta1.ListUsersRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		listNewUsers, err := s.testBench.Client.ListUsers(ctxCurrentUser, connect.NewRequest(&frontierv1beta1.ListUsersRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(2, len(listNewUsers.GetUsers()))
+		s.Assert().Equal(2, len(listNewUsers.Msg.GetUsers()))
 	})
 	s.Run("11. correctly filter users using list api with user keyword", func() {
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user",
 				Email: "user-1-random-1@raystack.org",
 				Name:  "user_1_random_1_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		listExistingUsers, err := s.testBench.Client.ListUsers(ctxCurrentUser, &frontierv1beta1.ListUsersRequest{
-			Keyword: createUserResp.GetUser().GetEmail(),
-		})
+		listExistingUsers, err := s.testBench.Client.ListUsers(ctxCurrentUser, connect.NewRequest(&frontierv1beta1.ListUsersRequest{
+			Keyword: createUserResp.Msg.GetUser().GetEmail(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(listExistingUsers.GetUsers()))
+		s.Assert().Equal(1, len(listExistingUsers.Msg.GetUsers()))
 	})
 }
 
 func (s *APIRegressionTestSuite) TestRelationAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	s.Run("1. creating a new relation between org and user should give access to the org", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-relation-1",
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user 1",
 				Email: "new-user-for-rel-1@raystack.org",
 				Name:  "new_user_for_rel_1_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		orgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id: existingOrg.GetOrganization().GetId(),
-		})
+		orgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(orgUsersResp.GetUsers()))
+		s.Assert().Equal(1, len(orgUsersResp.Msg.GetUsers()))
 
-		_, err = s.testBench.Client.CreateRelation(ctxOrgAdminAuth, &frontierv1beta1.CreateRelationRequest{Body: &frontierv1beta1.RelationRequestBody{
-			Object:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
-			Subject:  schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.GetUser().GetId()),
+		_, err = s.testBench.Client.CreateRelation(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateRelationRequest{Body: &frontierv1beta1.RelationRequestBody{
+			Object:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
+			Subject:  schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.Msg.GetUser().GetId()),
 			Relation: organization.AdminRelation,
-		}})
+		}}))
 		s.Assert().NoError(err)
 
-		ctxOrgUserAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: createUserResp.GetUser().GetEmail(),
-		}))
-		checkPermission, err := s.testBench.Client.CheckResourcePermission(ctxOrgUserAuth, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
+		relUserCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, createUserResp.Msg.GetUser().GetEmail())
+		s.Require().NoError(err)
+		ctxOrgUserAuth := testbench.ContextWithAuth(context.Background(), relUserCookie)
+		checkPermission, err := s.testBench.Client.CheckResourcePermission(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
 			Permission: schema.DeletePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(true, checkPermission.GetStatus())
+		s.Assert().Equal(true, checkPermission.Msg.GetStatus())
 	})
 	s.Run("2. creating a relation between org and user with editor role should provide view & edit permission in that org", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-relation-2",
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user 2",
 				Email: "new-user-for-rel-2@raystack.org",
 				Name:  "new_user_for_rel_2_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.Client.CreateRelation(ctxOrgAdminAuth, &frontierv1beta1.CreateRelationRequest{Body: &frontierv1beta1.RelationRequestBody{
-			Object:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
-			Subject:  schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.GetUser().GetId()),
+		_, err = s.testBench.Client.CreateRelation(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateRelationRequest{Body: &frontierv1beta1.RelationRequestBody{
+			Object:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
+			Subject:  schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.Msg.GetUser().GetId()),
 			Relation: organization.AdminRelation,
-		}})
+		}}))
 		s.Assert().NoError(err)
 
-		ctxOrgUserAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: createUserResp.GetUser().GetEmail(),
-		}))
-		checkViewPermResp, err := s.testBench.Client.CheckResourcePermission(ctxOrgUserAuth, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
+		relUser2Cookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, createUserResp.Msg.GetUser().GetEmail())
+		s.Require().NoError(err)
+		ctxOrgUserAuth := testbench.ContextWithAuth(context.Background(), relUser2Cookie)
+		checkViewPermResp, err := s.testBench.Client.CheckResourcePermission(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
 			Permission: schema.GetPermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(true, checkViewPermResp.GetStatus())
+		s.Assert().Equal(true, checkViewPermResp.Msg.GetStatus())
 
-		checkEditPermResp, err := s.testBench.Client.CheckResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckResourcePermissionRequest{
-			ObjectId:        existingOrg.GetOrganization().GetId(),
+		checkEditPermResp, err := s.testBench.Client.CheckResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			ObjectId:        existingOrg.Msg.GetOrganization().GetId(),
 			ObjectNamespace: schema.OrganizationNamespace,
 			Permission:      schema.UpdatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(true, checkEditPermResp.GetStatus())
+		s.Assert().Equal(true, checkEditPermResp.Msg.GetStatus())
 	})
 	s.Run("3. deleting a relation between user and org should remove user access from that org", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-relation-3",
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user 3",
 				Email: "new-user-for-rel-3@raystack.org",
 				Name:  "new_user_for_rel_3_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.Client.CreateRelation(ctxOrgAdminAuth, &frontierv1beta1.CreateRelationRequest{Body: &frontierv1beta1.RelationRequestBody{
-			Object:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
-			Subject:  schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.GetUser().GetId()),
+		_, err = s.testBench.Client.CreateRelation(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateRelationRequest{Body: &frontierv1beta1.RelationRequestBody{
+			Object:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
+			Subject:  schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.Msg.GetUser().GetId()),
 			Relation: schema.OwnerRelationName,
-		}})
+		}}))
 		s.Assert().NoError(err)
 
-		ctxOrgUserAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: createUserResp.GetUser().GetEmail(),
-		}))
-		checkBeforeDeletePermission, err := s.testBench.Client.CheckResourcePermission(ctxOrgUserAuth, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
+		relUser3Cookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, createUserResp.Msg.GetUser().GetEmail())
+		s.Require().NoError(err)
+		ctxOrgUserAuth := testbench.ContextWithAuth(context.Background(), relUser3Cookie)
+		checkBeforeDeletePermission, err := s.testBench.Client.CheckResourcePermission(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
 			Permission: schema.DeletePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(true, checkBeforeDeletePermission.GetStatus())
+		s.Assert().Equal(true, checkBeforeDeletePermission.Msg.GetStatus())
 
-		_, err = s.testBench.Client.DeleteRelation(ctxOrgAdminAuth, &frontierv1beta1.DeleteRelationRequest{
-			Object:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
-			Subject:  schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.GetUser().GetId()),
+		_, err = s.testBench.Client.DeleteRelation(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.DeleteRelationRequest{
+			Object:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
+			Subject:  schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.Msg.GetUser().GetId()),
 			Relation: schema.OwnerRelationName,
-		})
+		}))
 		s.Assert().NoError(err)
 
-		checkAfterDeletePermission, err := s.testBench.Client.CheckResourcePermission(ctxOrgUserAuth, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
+		checkAfterDeletePermission, err := s.testBench.Client.CheckResourcePermission(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
 			Permission: schema.DeletePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(false, checkAfterDeletePermission.GetStatus())
+		s.Assert().Equal(false, checkAfterDeletePermission.Msg.GetStatus())
 	})
 }
 
 func (s *APIRegressionTestSuite) TestResourceAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	s.Run("1. creating a resource under a project/org successfully", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org 1",
 				Name:  "org-resource-1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		userResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		userResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "member 1",
 			Email: "user-org-1-resource-1@raystack.org",
 			Name:  "user_org_1_resource_1",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
 		// attach user to org
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
-			Id:      createOrgResp.GetOrganization().GetId(),
-			UserIds: []string{userResp.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
+			Id:      createOrgResp.Msg.GetOrganization().GetId(),
+			UserIds: []string{userResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
-		createProjResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		createProjResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "org-1-proj-1",
-				OrgId: createOrgResp.GetOrganization().GetId(),
+				OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createResourceResp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectResourceRequest{
-			ProjectId: createProjResp.GetProject().GetId(),
+		createResourceResp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectResourceRequest{
+			ProjectId: createProjResp.Msg.GetProject().GetId(),
 			Body: &frontierv1beta1.ResourceRequestBody{
 				Name:      "res-1",
 				Namespace: computeOrderNamespace,
-				Principal: userResp.GetUser().GetId(),
+				Principal: userResp.Msg.GetUser().GetId(),
 				Metadata:  &structpb.Struct{},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createResourceResp)
-		createResourceResp2, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectResourceRequest{
-			ProjectId: createProjResp.GetProject().GetId(),
+		createResourceResp2, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectResourceRequest{
+			ProjectId: createProjResp.Msg.GetProject().GetId(),
 			Body: &frontierv1beta1.ResourceRequestBody{
 				Name:      "res-2",
 				Namespace: computeDiskNamespace,
-				Principal: userResp.GetUser().GetId(),
+				Principal: userResp.Msg.GetUser().GetId(),
 				Metadata:  &structpb.Struct{},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createResourceResp2)
 
-		listResourcesResp, err := s.testBench.Client.ListProjectResources(ctxOrgAdminAuth, &frontierv1beta1.ListProjectResourcesRequest{
-			ProjectId: createProjResp.GetProject().GetId(),
-		})
+		listResourcesResp, err := s.testBench.Client.ListProjectResources(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListProjectResourcesRequest{
+			ProjectId: createProjResp.Msg.GetProject().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal("res-1", listResourcesResp.GetResources()[0].GetName())
+		s.Assert().Equal("res-1", listResourcesResp.Msg.GetResources()[0].GetName())
 
 		// filter user by namespace
-		listAllResourcesResp, err := s.testBench.AdminClient.ListResources(ctxOrgAdminAuth, &frontierv1beta1.ListResourcesRequest{
-			ProjectId: createProjResp.GetProject().GetId(),
+		listAllResourcesResp, err := s.testBench.AdminClient.ListResources(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListResourcesRequest{
+			ProjectId: createProjResp.Msg.GetProject().GetId(),
 			Namespace: computeDiskNamespace,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Len(listAllResourcesResp.GetResources(), 1)
-		s.Assert().Equal("res-2", listAllResourcesResp.GetResources()[0].GetName())
+		s.Assert().Len(listAllResourcesResp.Msg.GetResources(), 1)
+		s.Assert().Equal("res-2", listAllResourcesResp.Msg.GetResources()[0].GetName())
 	})
 	s.Run("2. permissions assigned over resources should enforce correctly", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org 2",
 				Name:  "org-resource-2",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		user1Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		user1Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "member 1",
 			Email: "user-org-2-resource-1@raystack.org",
 			Name:  "user_org_2_resource_1",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
-		user2Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		user2Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "member 2",
 			Email: "user-org-2-resource-2@raystack.org",
 			Name:  "user_org_2_resource_2",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
 		// attach user to org
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
-			Id:      createOrgResp.GetOrganization().GetId(),
-			UserIds: []string{user1Resp.GetUser().GetId(), user2Resp.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
+			Id:      createOrgResp.Msg.GetOrganization().GetId(),
+			UserIds: []string{user1Resp.Msg.GetUser().GetId(), user2Resp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
-		createProjResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		createProjResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "org-2-proj-1",
-				OrgId: createOrgResp.GetOrganization().GetId(),
+				OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createResource1Resp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectResourceRequest{
-			ProjectId: createProjResp.GetProject().GetId(),
+		createResource1Resp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectResourceRequest{
+			ProjectId: createProjResp.Msg.GetProject().GetId(),
 			Body: &frontierv1beta1.ResourceRequestBody{
 				Name:      "res-1",
 				Namespace: computeOrderNamespace,
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createResource1Resp)
 
-		createResource2Resp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectResourceRequest{
-			ProjectId: createProjResp.GetProject().GetId(),
+		createResource2Resp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectResourceRequest{
+			ProjectId: createProjResp.Msg.GetProject().GetId(),
 			Body: &frontierv1beta1.ResourceRequestBody{
 				Name:      "res-2",
 				Namespace: computeOrderNamespace,
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createResource2Resp)
 
 		// assign user 1 resource manager and user 2 viewer
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    computeManagerRoleName,
-				Resource:  schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource1Resp.GetResource().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
+				Resource:  schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource1Resp.Msg.GetResource().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    computeViewerRoleName,
-				Resource:  schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource1Resp.GetResource().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.GetUser().GetId()),
+				Resource:  schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource1Resp.Msg.GetResource().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// user 1 should have access to delete resource 1
-		deletePermResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource1Resp.GetResource().GetId()),
+		deletePermResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource1Resp.Msg.GetResource().GetId()),
 			Permission: schema.DeletePermission,
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(deletePermResp.GetStatus())
+		s.Assert().True(deletePermResp.Msg.GetStatus())
 
 		// user 2 shouldn't have access to delete resource 1
-		deletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource1Resp.GetResource().GetId()),
+		deletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource1Resp.Msg.GetResource().GetId()),
 			Permission: schema.DeletePermission,
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(deletePermResp.GetStatus())
+		s.Assert().False(deletePermResp.Msg.GetStatus())
 
 		// none of the users should have access to delete resource 2
-		deletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource2Resp.GetResource().GetId()),
+		deletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource2Resp.Msg.GetResource().GetId()),
 			Permission: schema.DeletePermission,
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(deletePermResp.GetStatus())
-		deletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource2Resp.GetResource().GetId()),
+		s.Assert().False(deletePermResp.Msg.GetStatus())
+		deletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource2Resp.Msg.GetResource().GetId()),
 			Permission: schema.DeletePermission,
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(deletePermResp.GetStatus())
+		s.Assert().False(deletePermResp.Msg.GetStatus())
 
 		// same thing should happen if the role is assigned at project level
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    computeManagerRoleName,
-				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.GetProject().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.Msg.GetProject().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    computeViewerRoleName,
-				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.GetProject().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.GetUser().GetId()),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.Msg.GetProject().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// user 1 should have access to delete resource 2
-		deletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource2Resp.GetResource().GetId()),
+		deletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource2Resp.Msg.GetResource().GetId()),
 			Permission: schema.DeletePermission,
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(deletePermResp.GetStatus())
+		s.Assert().True(deletePermResp.Msg.GetStatus())
 
 		// user 2 shouldn't have access to delete resource 2
-		deletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource2Resp.GetResource().GetId()),
+		deletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(computeOrderNamespace, createResource2Resp.Msg.GetResource().GetId()),
 			Permission: schema.DeletePermission,
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(deletePermResp.GetStatus())
+		s.Assert().False(deletePermResp.Msg.GetStatus())
 	})
 	s.Run("3. run time permissions and roles assigned over resources should enforce correctly", func() {
 		// create org
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org 3",
 				Name:  "org-resource-3",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// create users
-		user1Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		user1Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "member 1",
 			Email: "user-org-3-resource-1@raystack.org",
 			Name:  "user_org_3_resource_1",
-		}})
+		}}))
 		s.Assert().NoError(err)
-		user2Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		user2Resp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "member 2",
 			Email: "user-org-3-resource-2@raystack.org",
 			Name:  "user_org_3_resource_2",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
 		// create a project within org
-		createProjResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		createProjResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "org-3-proj-1",
-				OrgId: createOrgResp.GetOrganization().GetId(),
+				OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// create permission for a resource type
 		resourceNamespace := "compute/network"
-		createdPermissions, err := s.testBench.AdminClient.CreatePermission(ctxOrgAdminAuth, &frontierv1beta1.CreatePermissionRequest{
+		createdPermissions, err := s.testBench.AdminClient.CreatePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePermissionRequest{
 			Bodies: []*frontierv1beta1.PermissionRequestBody{
 				{
 					Key: "compute.network.create",
@@ -1758,12 +1765,12 @@ func (s *APIRegressionTestSuite) TestResourceAPI() {
 					Key: "compute.network.delete",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Len(createdPermissions.GetPermissions(), 2)
+		s.Assert().Len(createdPermissions.Msg.GetPermissions(), 2)
 
 		// create a role at project level without resource access
-		projectViewerRoleResp, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, &frontierv1beta1.CreateRoleRequest{
+		projectViewerRoleResp, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateRoleRequest{
 			Body: &frontierv1beta1.RoleRequestBody{
 				Name: "project_viewer_custom",
 				Permissions: []string{
@@ -1771,12 +1778,12 @@ func (s *APIRegressionTestSuite) TestResourceAPI() {
 					"app_project_resourcelist",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(projectViewerRoleResp)
 
 		// create a role at project level with resource create access
-		projectManagerRoleResp, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, &frontierv1beta1.CreateRoleRequest{
+		projectManagerRoleResp, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateRoleRequest{
 			Body: &frontierv1beta1.RoleRequestBody{
 				Name: "project_manager_custom",
 				Permissions: []string{
@@ -1785,12 +1792,12 @@ func (s *APIRegressionTestSuite) TestResourceAPI() {
 					"compute.network.create",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(projectManagerRoleResp)
 
 		// create a role at project level with resource delete access
-		projectOwnerRoleResp, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, &frontierv1beta1.CreateRoleRequest{
+		projectOwnerRoleResp, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateRoleRequest{
 			Body: &frontierv1beta1.RoleRequestBody{
 				Name: "project_owner_custom",
 				Permissions: []string{
@@ -1800,240 +1807,236 @@ func (s *APIRegressionTestSuite) TestResourceAPI() {
 					"compute.network.delete",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(projectOwnerRoleResp)
 
 		// create a resource under the project
-		createResource1Resp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectResourceRequest{
-			ProjectId: createProjResp.GetProject().GetId(),
+		createResource1Resp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectResourceRequest{
+			ProjectId: createProjResp.Msg.GetProject().GetId(),
 			Body: &frontierv1beta1.ResourceRequestBody{
 				Name:      "res-1",
 				Namespace: resourceNamespace,
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createResource1Resp)
 
 		// assign project viewer role to user
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
-				RoleId:    projectViewerRoleResp.GetRole().GetId(),
-				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.GetProject().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
+				RoleId:    projectViewerRoleResp.Msg.GetRole().GetId(),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.Msg.GetProject().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// by default no user should have access to it
-		checkCreatePermResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.GetResource().GetId()),
+		checkCreatePermResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.Msg.GetResource().GetId()),
 			Permission: "compute.network.create",
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkCreatePermResp.GetStatus())
-		checkCreatePermOnProjectResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.GetProject().GetId()),
+		s.Assert().False(checkCreatePermResp.Msg.GetStatus())
+		checkCreatePermOnProjectResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.Msg.GetProject().GetId()),
 			Permission: "compute.network.create",
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkCreatePermOnProjectResp.GetStatus())
+		s.Assert().False(checkCreatePermOnProjectResp.Msg.GetStatus())
 
 		// assign project manager to the user
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
-				RoleId:    projectManagerRoleResp.GetRole().GetId(),
-				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.GetProject().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
+				RoleId:    projectManagerRoleResp.Msg.GetRole().GetId(),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.Msg.GetProject().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// user now should have access to create but not delete
-		checkCreatePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.GetProject().GetId()),
+		checkCreatePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.Msg.GetProject().GetId()),
 			Permission: "compute.network.create",
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkCreatePermResp.GetStatus())
-		checkDeletePermResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.GetResource().GetId()),
+		s.Assert().True(checkCreatePermResp.Msg.GetStatus())
+		checkDeletePermResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.Msg.GetResource().GetId()),
 			Permission: "compute.network.delete",
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkDeletePermResp.GetStatus())
+		s.Assert().False(checkDeletePermResp.Msg.GetStatus())
 
 		// make user project owner
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
-				RoleId:    projectOwnerRoleResp.GetRole().GetId(),
-				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.GetProject().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
+				RoleId:    projectOwnerRoleResp.Msg.GetRole().GetId(),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.Msg.GetProject().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// should have access to delete as well
-		checkDeletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.GetResource().GetId()),
+		checkDeletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.Msg.GetResource().GetId()),
 			Permission: "compute.network.delete",
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkDeletePermResp.GetStatus())
+		s.Assert().True(checkDeletePermResp.Msg.GetStatus())
 
 		// any other user shouldn't have access to it
-		checkCreatePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.GetResource().GetId()),
+		checkCreatePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.Msg.GetResource().GetId()),
 			Permission: "compute.network.create",
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkCreatePermResp.GetStatus())
+		s.Assert().False(checkCreatePermResp.Msg.GetStatus())
 
 		// remove permissions from owner role
-		projectOwnerUpdatedRoleResp, err := s.testBench.AdminClient.UpdateRole(ctxOrgAdminAuth, &frontierv1beta1.UpdateRoleRequest{
-			Id: projectOwnerRoleResp.GetRole().GetId(),
+		projectOwnerUpdatedRoleResp, err := s.testBench.AdminClient.UpdateRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateRoleRequest{
+			Id: projectOwnerRoleResp.Msg.GetRole().GetId(),
 			Body: &frontierv1beta1.RoleRequestBody{
-				Name: projectOwnerRoleResp.GetRole().GetName(),
+				Name: projectOwnerRoleResp.Msg.GetRole().GetName(),
 				Permissions: []string{
 					"app_project_get",
 					"app_project_resourcelist",
 				},
-				Metadata: projectOwnerRoleResp.GetRole().GetMetadata(),
-				Title:    projectOwnerRoleResp.GetRole().GetTitle(),
-				Scopes:   projectOwnerRoleResp.GetRole().GetScopes(),
+				Metadata: projectOwnerRoleResp.Msg.GetRole().GetMetadata(),
+				Title:    projectOwnerRoleResp.Msg.GetRole().GetTitle(),
+				Scopes:   projectOwnerRoleResp.Msg.GetRole().GetScopes(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(projectOwnerUpdatedRoleResp)
 
 		// user should not have access to delete anymore
-		checkDeletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.GetResource().GetId()),
+		checkDeletePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.Msg.GetResource().GetId()),
 			Permission: "compute.network.delete",
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user1Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkDeletePermResp.GetStatus())
+		s.Assert().False(checkDeletePermResp.Msg.GetStatus())
 
 		// assigning updated owner role to user 2 should not give access to delete
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
-				RoleId:    projectOwnerUpdatedRoleResp.GetRole().GetId(),
-				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.GetProject().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.GetUser().GetId()),
+				RoleId:    projectOwnerUpdatedRoleResp.Msg.GetRole().GetId(),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, createProjResp.Msg.GetProject().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		checkCreatePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.GetResource().GetId()),
+		checkCreatePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.Msg.GetResource().GetId()),
 			Permission: "compute.network.create",
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkCreatePermResp.GetStatus())
+		s.Assert().False(checkCreatePermResp.Msg.GetStatus())
 
 		// if a user is owner of an org doesn't mean it will get access to other resources
-		ctxOrgUser2Auth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: user2Resp.GetUser().GetEmail(),
-		}))
-		createUser2OrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgUser2Auth, &frontierv1beta1.CreateOrganizationRequest{
+		user2AuthCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, user2Resp.Msg.GetUser().GetEmail())
+		s.Require().NoError(err)
+		ctxOrgUser2Auth := testbench.ContextWithAuth(context.Background(), user2AuthCookie)
+		createUser2OrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgUser2Auth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org 3",
 				Name:  "org-user-2-resource-3",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().NotEmpty(createUser2OrgResp.GetOrganization())
+		s.Assert().NotEmpty(createUser2OrgResp.Msg.GetOrganization())
 
 		// should not have access to create
-		checkCreatePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, &frontierv1beta1.CheckFederatedResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.GetResource().GetId()),
+		checkCreatePermResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(resourceNamespace, createResource1Resp.Msg.GetResource().GetId()),
 			Permission: "compute.network.create",
-			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.GetUser().GetId()),
-		})
+			Subject:    schema.JoinNamespaceAndResourceID(schema.UserPrincipal, user2Resp.Msg.GetUser().GetId()),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkCreatePermResp.GetStatus())
+		s.Assert().False(checkCreatePermResp.Msg.GetStatus())
 	})
 }
 
 func (s *APIRegressionTestSuite) TestPolicyAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	s.Run("1. adding an org member via policy should work successfully", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org 1",
 				Name:  "org-policy-1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		userResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		userResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "member 1",
 			Email: "user-org-policy-1@raystack.org",
 			Name:  "user_org_policy_1",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
 		// attach user to org
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    schema.RoleOrganizationViewer,
-				Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, createOrgResp.GetOrganization().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, userResp.GetUser().GetId()),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, createOrgResp.Msg.GetOrganization().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, userResp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		listOrgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationUsersRequest{
-			Id: createOrgResp.GetOrganization().GetId(),
-		})
+		listOrgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
+			Id: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Contains(utils.Map(listOrgUsersResp.GetUsers(), func(u *frontierv1beta1.User) string {
+		s.Assert().Contains(utils.Map(listOrgUsersResp.Msg.GetUsers(), func(u *frontierv1beta1.User) string {
 			return u.GetEmail()
-		}), userResp.GetUser().GetEmail())
+		}), userResp.Msg.GetUser().GetEmail())
 	})
 }
 
 func (s *APIRegressionTestSuite) TestInvitationAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	// enable invite user with roles
-	_, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, &frontierv1beta1.CreatePreferencesRequest{
+	_, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePreferencesRequest{
 		Preferences: []*frontierv1beta1.PreferenceRequestBody{
 			{
 				Name:  preference.PlatformInviteWithRoles,
 				Value: "true",
 			},
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 
 	s.Run("1. a user should successfully create a new invitation in org and accept it", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-invitation-1",
-		})
+		}))
 		s.Assert().NoError(err)
-		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, &frontierv1beta1.CreateGroupRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
+		createGroupResp, err := s.testBench.Client.CreateGroup(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			Body: &frontierv1beta1.GroupRequestBody{
 				Name: "new-group",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createRoleResp, err := s.testBench.Client.CreateOrganizationRole(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRoleRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
+		createRoleResp, err := s.testBench.Client.CreateOrganizationRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRoleRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			Body: &frontierv1beta1.RoleRequestBody{
 				Title: "invitation role 1",
 				Name:  "invitation_role_1",
@@ -2042,290 +2045,288 @@ func (s *APIRegressionTestSuite) TestInvitationAPI() {
 					"app.organization.grouplist",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createRoleResp)
-		s.Assert().Equal("invitation role 1", createRoleResp.GetRole().GetTitle())
+		s.Assert().Equal("invitation role 1", createRoleResp.Msg.GetRole().GetTitle())
 
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user 1",
 				Email: "new-user-for-invite-1@raystack.org",
 				Name:  "new_user_for_invite_1_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check if the user already has permission in group
-		ctxCurrentUserAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: "new-user-for-invite-1@raystack.org",
-		}))
-		checkResp, err := s.testBench.Client.CheckResourcePermission(ctxCurrentUserAuth, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
+		inviteUserCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, "new-user-for-invite-1@raystack.org")
+		s.Require().NoError(err)
+		ctxCurrentUserAuth := testbench.ContextWithAuth(context.Background(), inviteUserCookie)
+		checkResp, err := s.testBench.Client.CheckResourcePermission(ctxCurrentUserAuth, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
 			Permission: schema.GroupCreatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkResp.GetStatus())
+		s.Assert().False(checkResp.Msg.GetStatus())
 
-		createInviteResp, err := s.testBench.Client.CreateOrganizationInvitation(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationInvitationRequest{
-			OrgId:    existingOrg.GetOrganization().GetId(),
-			UserIds:  []string{createUserResp.GetUser().GetEmail()},
-			GroupIds: []string{createGroupResp.GetGroup().GetId()},
-			RoleIds:  []string{createRoleResp.GetRole().GetId()},
-		})
+		createInviteResp, err := s.testBench.Client.CreateOrganizationInvitation(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationInvitationRequest{
+			OrgId:    existingOrg.Msg.GetOrganization().GetId(),
+			UserIds:  []string{createUserResp.Msg.GetUser().GetEmail()},
+			GroupIds: []string{createGroupResp.Msg.GetGroup().GetId()},
+			RoleIds:  []string{createRoleResp.Msg.GetRole().GetId()},
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createInviteResp)
 
-		createdInvite := createInviteResp.GetInvitations()[0]
-		getInviteResp, err := s.testBench.Client.GetOrganizationInvitation(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationInvitationRequest{
+		createdInvite := createInviteResp.Msg.GetInvitations()[0]
+		getInviteResp, err := s.testBench.Client.GetOrganizationInvitation(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationInvitationRequest{
 			Id:    createdInvite.GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getInviteResp)
 		s.Assert().False(createdInvite.GetExpiresAt().AsTime().IsZero())
-		s.Assert().Equal(createdInvite.GetId(), getInviteResp.GetInvitation().GetId())
+		s.Assert().Equal(createdInvite.GetId(), getInviteResp.Msg.GetInvitation().GetId())
 
-		listInviteByOrgResp, err := s.testBench.Client.ListOrganizationInvitations(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationInvitationsRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		listInviteByOrgResp, err := s.testBench.Client.ListOrganizationInvitations(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationInvitationsRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getInviteResp)
-		s.Assert().Equal(createdInvite.GetId(), listInviteByOrgResp.GetInvitations()[0].GetId())
+		s.Assert().Equal(createdInvite.GetId(), listInviteByOrgResp.Msg.GetInvitations()[0].GetId())
 
-		listInviteByUserResp, err := s.testBench.Client.ListOrganizationInvitations(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationInvitationsRequest{
-			UserId: createUserResp.GetUser().GetEmail(),
-			OrgId:  existingOrg.GetOrganization().GetId(),
-		})
+		listInviteByUserResp, err := s.testBench.Client.ListOrganizationInvitations(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationInvitationsRequest{
+			UserId: createUserResp.Msg.GetUser().GetEmail(),
+			OrgId:  existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getInviteResp)
-		s.Assert().Equal(createdInvite.GetId(), listInviteByUserResp.GetInvitations()[0].GetId())
+		s.Assert().Equal(createdInvite.GetId(), listInviteByUserResp.Msg.GetInvitations()[0].GetId())
 
 		// user should not be part of the org before accept
-		userOrgsBeforeAcceptResp, err := s.testBench.Client.ListOrganizationsByUser(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationsByUserRequest{
-			Id: createUserResp.GetUser().GetId(),
-		})
+		userOrgsBeforeAcceptResp, err := s.testBench.Client.ListOrganizationsByUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationsByUserRequest{
+			Id: createUserResp.Msg.GetUser().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(0, len(userOrgsBeforeAcceptResp.GetOrganizations()))
-		listGroupUsersBeforeAccept, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.ListGroupUsersRequest{
-			Id:    createGroupResp.GetGroup().GetId(),
-			OrgId: createGroupResp.GetGroup().GetOrgId(),
-		})
+		s.Assert().Equal(0, len(userOrgsBeforeAcceptResp.Msg.GetOrganizations()))
+		listGroupUsersBeforeAccept, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListGroupUsersRequest{
+			Id:    createGroupResp.Msg.GetGroup().GetId(),
+			OrgId: createGroupResp.Msg.GetGroup().GetOrgId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Len(listGroupUsersBeforeAccept.GetUsers(), 1)
+		s.Assert().Len(listGroupUsersBeforeAccept.Msg.GetUsers(), 1)
 
 		// accept invite should add user to org and delete it
-		ctxOrgUserAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: createUserResp.GetUser().GetEmail(),
-		}))
-		_, err = s.testBench.Client.AcceptOrganizationInvitation(ctxOrgUserAuth, &frontierv1beta1.AcceptOrganizationInvitationRequest{
+		invitedUserCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, createUserResp.Msg.GetUser().GetEmail())
+		s.Require().NoError(err)
+		ctxOrgUserAuth := testbench.ContextWithAuth(context.Background(), invitedUserCookie)
+		_, err = s.testBench.Client.AcceptOrganizationInvitation(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.AcceptOrganizationInvitationRequest{
 			Id:    createdInvite.GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 
 		// user should be part of the org
-		userOrgsAfterAcceptResp, err := s.testBench.Client.ListOrganizationsByUser(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationsByUserRequest{
-			Id: createUserResp.GetUser().GetId(),
-		})
+		userOrgsAfterAcceptResp, err := s.testBench.Client.ListOrganizationsByUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationsByUserRequest{
+			Id: createUserResp.Msg.GetUser().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(userOrgsAfterAcceptResp.GetOrganizations()))
+		s.Assert().Equal(1, len(userOrgsAfterAcceptResp.Msg.GetOrganizations()))
 
 		// invitation should be deleted
-		_, err = s.testBench.Client.GetOrganizationInvitation(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationInvitationRequest{
+		_, err = s.testBench.Client.GetOrganizationInvitation(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationInvitationRequest{
 			Id:    createdInvite.GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().Error(err)
 
 		// should be part of group
-		listGroupUsersAfterAccept, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, &frontierv1beta1.ListGroupUsersRequest{
-			Id:    createGroupResp.GetGroup().GetId(),
-			OrgId: createGroupResp.GetGroup().GetOrgId(),
-		})
+		listGroupUsersAfterAccept, err := s.testBench.Client.ListGroupUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListGroupUsersRequest{
+			Id:    createGroupResp.Msg.GetGroup().GetId(),
+			OrgId: createGroupResp.Msg.GetGroup().GetOrgId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Len(listGroupUsersAfterAccept.GetUsers(), 2)
+		s.Assert().Len(listGroupUsersAfterAccept.Msg.GetUsers(), 2)
 
 		// user should have role permissions
-		checkAfterAcceptResp, err := s.testBench.Client.CheckResourcePermission(ctxCurrentUserAuth, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
+		checkAfterAcceptResp, err := s.testBench.Client.CheckResourcePermission(ctxCurrentUserAuth, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
 			Permission: schema.GroupCreatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkAfterAcceptResp.GetStatus())
+		s.Assert().True(checkAfterAcceptResp.Msg.GetStatus())
 	})
 	s.Run("2. users already part of an org shouldn't be invited again", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-invitation-2",
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user 1",
 				Email: "new-user-for-invite-2@raystack.org",
 				Name:  "new_user_for_invite_2_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// attach user to org
-		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, &frontierv1beta1.AddOrganizationUsersRequest{
-			Id:      existingOrg.GetOrganization().GetId(),
-			UserIds: []string{createUserResp.GetUser().GetId()},
-		})
+		_, err = s.testBench.Client.AddOrganizationUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
+			Id:      existingOrg.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.Client.CreateOrganizationInvitation(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationInvitationRequest{
-			OrgId:   existingOrg.GetOrganization().GetId(),
-			UserIds: []string{createUserResp.GetUser().GetEmail()},
-		})
+		_, err = s.testBench.Client.CreateOrganizationInvitation(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationInvitationRequest{
+			OrgId:   existingOrg.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUserResp.Msg.GetUser().GetEmail()},
+		}))
 		s.Assert().Error(err)
-		s.Assert().ErrorContains(err, invitation.ErrAlreadyMember.Error())
+		s.Assert().Equal(connect.CodeAlreadyExists, connect.CodeOf(err))
 	})
 	s.Run("3. org owner should have access to invite users", func() {
-		userResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		_, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "owner 1",
 			Email: "user-org-invitation-3@raystack.org",
 			Name:  "user_org_invitation_3",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
-		ctxOrgUserAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: userResp.GetUser().GetEmail(),
-		}))
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgUserAuth, &frontierv1beta1.CreateOrganizationRequest{
+		orgOwnerCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, "user-org-invitation-3@raystack.org")
+		s.Require().NoError(err)
+		ctxOrgUserAuth := testbench.ContextWithAuth(context.Background(), orgOwnerCookie)
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org 3",
 				Name:  "org-invitation-3",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		randomUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		randomUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "member 1",
 			Email: "user-org-invitation-3_1@raystack.org",
 			Name:  "user_org_invitation_3_1",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
-		createInviteResp, err := s.testBench.Client.CreateOrganizationInvitation(ctxOrgUserAuth, &frontierv1beta1.CreateOrganizationInvitationRequest{
-			OrgId:   createOrgResp.GetOrganization().GetId(),
-			UserIds: []string{randomUserResp.GetUser().GetEmail()},
-		})
+		createInviteResp, err := s.testBench.Client.CreateOrganizationInvitation(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationInvitationRequest{
+			OrgId:   createOrgResp.Msg.GetOrganization().GetId(),
+			UserIds: []string{randomUserResp.Msg.GetUser().GetEmail()},
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createInviteResp)
 	})
 	s.Run("4. org admin should have access to invite users", func() {
-		userResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		userResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "owner 1",
 			Email: "user-org-invitation-4@raystack.org",
 			Name:  "user_org_invitation_4",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org 4",
 				Name:  "org-invitation-4",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		randomUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
+		randomUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{Body: &frontierv1beta1.UserRequestBody{
 			Title: "member 1",
 			Email: "user-org-invitation-4_1@raystack.org",
 			Name:  "user_org_invitation_4_1",
-		}})
+		}}))
 		s.Assert().NoError(err)
 
 		// make user owner
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    schema.RoleOrganizationOwner,
-				Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, createOrgResp.GetOrganization().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, userResp.GetUser().GetId()),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, createOrgResp.Msg.GetOrganization().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, userResp.Msg.GetUser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		ctxOrgUserAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: userResp.GetUser().GetEmail(),
+		inviterCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, userResp.Msg.GetUser().GetEmail())
+		s.Require().NoError(err)
+		ctxOrgUserAuth := testbench.ContextWithAuth(context.Background(), inviterCookie)
+		createInviteResp, err := s.testBench.Client.CreateOrganizationInvitation(ctxOrgUserAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationInvitationRequest{
+			OrgId:   createOrgResp.Msg.GetOrganization().GetId(),
+			UserIds: []string{randomUserResp.Msg.GetUser().GetEmail()},
 		}))
-		createInviteResp, err := s.testBench.Client.CreateOrganizationInvitation(ctxOrgUserAuth, &frontierv1beta1.CreateOrganizationInvitationRequest{
-			OrgId:   createOrgResp.GetOrganization().GetId(),
-			UserIds: []string{randomUserResp.GetUser().GetEmail()},
-		})
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createInviteResp)
 	})
 	s.Run("5. inviting same user again shouldn't create multiple invitations", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org 5",
 				Name:  "org-invitation-5",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user 5",
 				Email: "new-user-for-invite-5@raystack.org",
 				Name:  "new_user_for_invite_5_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createInviteResp, err := s.testBench.Client.CreateOrganizationInvitation(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationInvitationRequest{
-			OrgId:   createOrgResp.GetOrganization().GetId(),
-			UserIds: []string{createUserResp.GetUser().GetEmail()},
-		})
+		createInviteResp, err := s.testBench.Client.CreateOrganizationInvitation(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationInvitationRequest{
+			OrgId:   createOrgResp.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUserResp.Msg.GetUser().GetEmail()},
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createInviteResp)
 
 		// invite same user again
-		createInviteRespAgain, err := s.testBench.Client.CreateOrganizationInvitation(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationInvitationRequest{
-			OrgId:   createOrgResp.GetOrganization().GetId(),
-			UserIds: []string{createUserResp.GetUser().GetEmail()},
-		})
+		createInviteRespAgain, err := s.testBench.Client.CreateOrganizationInvitation(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationInvitationRequest{
+			OrgId:   createOrgResp.Msg.GetOrganization().GetId(),
+			UserIds: []string{createUserResp.Msg.GetUser().GetEmail()},
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createInviteRespAgain)
-		s.Assert().Equal(createInviteResp.GetInvitations()[0].GetId(), createInviteRespAgain.GetInvitations()[0].GetId())
+		s.Assert().Equal(createInviteResp.Msg.GetInvitations()[0].GetId(), createInviteRespAgain.Msg.GetInvitations()[0].GetId())
 
 		// should be only one invitation
-		listInviteByOrgResp, err := s.testBench.Client.ListOrganizationInvitations(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationInvitationsRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		listInviteByOrgResp, err := s.testBench.Client.ListOrganizationInvitations(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationInvitationsRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listInviteByOrgResp)
-		s.Assert().Equal(1, len(listInviteByOrgResp.GetInvitations()))
+		s.Assert().Equal(1, len(listInviteByOrgResp.Msg.GetInvitations()))
 	})
 
 	// disable invite user with roles back
-	_, err = s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, &frontierv1beta1.CreatePreferencesRequest{
+	_, err = s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePreferencesRequest{
 		Preferences: []*frontierv1beta1.PreferenceRequestBody{
 			{
 				Name:  preference.PlatformInviteWithRoles,
 				Value: "false",
 			},
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 }
 
 func (s *APIRegressionTestSuite) TestRolesAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	s.Run("1. list all platform roles successfully", func() {
-		platformRoles, err := s.testBench.Client.ListRoles(ctxOrgAdminAuth, &frontierv1beta1.ListRolesRequest{})
+		platformRoles, err := s.testBench.Client.ListRoles(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListRolesRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(platformRoles)
-		s.Assert().True(len(platformRoles.GetRoles()) > 0)
+		s.Assert().True(len(platformRoles.Msg.GetRoles()) > 0)
 	})
 	s.Run("1. creating/updating platform role successfully", func() {
-		createRole, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, &frontierv1beta1.CreateRoleRequest{
+		createRole, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateRoleRequest{
 			Body: &frontierv1beta1.RoleRequestBody{
 				Title: "new role 1",
 				Name:  "new_role_1",
@@ -2333,14 +2334,14 @@ func (s *APIRegressionTestSuite) TestRolesAPI() {
 					"app.organization.groupcreate",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createRole)
-		s.Assert().Equal("new role 1", createRole.GetRole().GetTitle())
+		s.Assert().Equal("new role 1", createRole.Msg.GetRole().GetTitle())
 
 		// try updating it with different title
-		updateRole, err := s.testBench.AdminClient.UpdateRole(ctxOrgAdminAuth, &frontierv1beta1.UpdateRoleRequest{
-			Id: createRole.GetRole().GetId(),
+		updateRole, err := s.testBench.AdminClient.UpdateRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateRoleRequest{
+			Id: createRole.Msg.GetRole().GetId(),
 			Body: &frontierv1beta1.RoleRequestBody{
 				Title: "new role 1 updated",
 				Name:  "new_role_1",
@@ -2351,181 +2352,177 @@ func (s *APIRegressionTestSuite) TestRolesAPI() {
 					"app.organization.groupcreate",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(updateRole)
-		s.Assert().Equal("new role 1 updated", updateRole.GetRole().GetTitle())
+		s.Assert().Equal("new role 1 updated", updateRole.Msg.GetRole().GetTitle())
 	})
 }
 
 func (s *APIRegressionTestSuite) TestPreferencesAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	s.Run("1. list all preference traits successfully", func() {
-		prefTraitResp, err := s.testBench.Client.DescribePreferences(ctxOrgAdminAuth, &frontierv1beta1.DescribePreferencesRequest{})
+		prefTraitResp, err := s.testBench.Client.DescribePreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.DescribePreferencesRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(prefTraitResp)
-		s.Assert().True(len(prefTraitResp.GetTraits()) > 0)
+		s.Assert().True(len(prefTraitResp.Msg.GetTraits()) > 0)
 	})
 	s.Run("2. create and fetch organization preference successfully", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-preferences-1",
-		})
+		}))
 		s.Assert().NoError(err)
-		createPrefResp, err := s.testBench.Client.CreateOrganizationPreferences(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationPreferencesRequest{
-			Id: existingOrg.GetOrganization().GetId(),
+		createPrefResp, err := s.testBench.Client.CreateOrganizationPreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationPreferencesRequest{
+			Id: existingOrg.Msg.GetOrganization().GetId(),
 			Bodies: []*frontierv1beta1.PreferenceRequestBody{
 				{
 					Name:  preference.OrganizationSocialLogin,
 					Value: "true",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createPrefResp)
-		s.Assert().True(len(createPrefResp.GetPreferences()) > 0)
+		s.Assert().True(len(createPrefResp.Msg.GetPreferences()) > 0)
 
-		getPrefResp, err := s.testBench.Client.ListOrganizationPreferences(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationPreferencesRequest{
-			Id: existingOrg.GetOrganization().GetId(),
-		})
+		getPrefResp, err := s.testBench.Client.ListOrganizationPreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationPreferencesRequest{
+			Id: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getPrefResp)
-		s.Assert().Equal("true", getPrefResp.GetPreferences()[0].GetValue())
+		s.Assert().Equal("true", getPrefResp.Msg.GetPreferences()[0].GetValue())
 
 		// try updating it with different value
-		createPref2Resp, err := s.testBench.Client.CreateOrganizationPreferences(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationPreferencesRequest{
-			Id: existingOrg.GetOrganization().GetId(),
+		createPref2Resp, err := s.testBench.Client.CreateOrganizationPreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationPreferencesRequest{
+			Id: existingOrg.Msg.GetOrganization().GetId(),
 			Bodies: []*frontierv1beta1.PreferenceRequestBody{
 				{
 					Name:  preference.OrganizationSocialLogin,
 					Value: "false",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(len(createPref2Resp.GetPreferences()) > 0)
+		s.Assert().True(len(createPref2Resp.Msg.GetPreferences()) > 0)
 
-		getPref2Resp, err := s.testBench.Client.ListOrganizationPreferences(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationPreferencesRequest{
-			Id: existingOrg.GetOrganization().GetId(),
-		})
+		getPref2Resp, err := s.testBench.Client.ListOrganizationPreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationPreferencesRequest{
+			Id: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal("false", getPref2Resp.GetPreferences()[0].GetValue())
+		s.Assert().Equal("false", getPref2Resp.Msg.GetPreferences()[0].GetValue())
 	})
 	s.Run("3. create and fetch platform preference successfully", func() {
-		createPrefResp, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, &frontierv1beta1.CreatePreferencesRequest{
+		createPrefResp, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePreferencesRequest{
 			Preferences: []*frontierv1beta1.PreferenceRequestBody{
 				{
 					Name:  preference.PlatformDisableOrgsOnCreate,
 					Value: "false",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createPrefResp)
-		s.Assert().True(len(createPrefResp.GetPreference()) > 0)
+		s.Assert().True(len(createPrefResp.Msg.GetPreference()) > 0)
 
 		// try updating it with different value
-		createPref2Resp, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, &frontierv1beta1.CreatePreferencesRequest{
+		createPref2Resp, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePreferencesRequest{
 			Preferences: []*frontierv1beta1.PreferenceRequestBody{
 				{
 					Name:  preference.PlatformDisableOrgsOnCreate,
 					Value: "true",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(len(createPref2Resp.GetPreference()) > 0)
+		s.Assert().True(len(createPref2Resp.Msg.GetPreference()) > 0)
 
-		getPref2Resp, err := s.testBench.AdminClient.ListPreferences(ctxOrgAdminAuth, &frontierv1beta1.ListPreferencesRequest{})
+		getPref2Resp, err := s.testBench.AdminClient.ListPreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListPreferencesRequest{}))
 		s.Assert().NoError(err)
 		//nolint:protogetter
-		s.Assert().Equal("true", utils.Filter(getPref2Resp.GetPreferences(), func(p *frontierv1beta1.Preference) bool {
+		s.Assert().Equal("true", utils.Filter(getPref2Resp.Msg.GetPreferences(), func(p *frontierv1beta1.Preference) bool {
 			return p.GetName() == preference.PlatformDisableOrgsOnCreate
 		})[0].GetValue())
 	})
 	s.Run("4. PlatformDisableOrgsOnCreate if set to true should disable all orgs when created", func() {
-		createPrefResp, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, &frontierv1beta1.CreatePreferencesRequest{
+		createPrefResp, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePreferencesRequest{
 			Preferences: []*frontierv1beta1.PreferenceRequestBody{
 				{
 					Name:  preference.PlatformDisableOrgsOnCreate,
 					Value: "true",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createPrefResp)
-		s.Assert().True(len(createPrefResp.GetPreference()) > 0)
+		s.Assert().True(len(createPrefResp.Msg.GetPreference()) > 0)
 
 		// create a new org
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org 2",
 				Name:  "org-preferences-2",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createOrgResp)
-		s.Assert().Equal(organization.Disabled.String(), createOrgResp.GetOrganization().GetState())
+		s.Assert().Equal(organization.Disabled.String(), createOrgResp.Msg.GetOrganization().GetState())
 
 		// reset it back to false
-		updatePrefResp, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, &frontierv1beta1.CreatePreferencesRequest{
+		updatePrefResp, err := s.testBench.AdminClient.CreatePreferences(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePreferencesRequest{
 			Preferences: []*frontierv1beta1.PreferenceRequestBody{
 				{
 					Name:  preference.PlatformDisableOrgsOnCreate,
 					Value: "false",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(updatePrefResp)
 	})
 }
 
 func (s *APIRegressionTestSuite) TestOrganizationDomainsAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	s.Run("1. create and fetch organization domains successfully", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org 1",
 				Name:  "org-domains-1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createOrgResp)
 
-		createDomainResp, err := s.testBench.Client.CreateOrganizationDomain(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationDomainRequest{
-			OrgId:  createOrgResp.GetOrganization().GetId(),
+		createDomainResp, err := s.testBench.Client.CreateOrganizationDomain(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationDomainRequest{
+			OrgId:  createOrgResp.Msg.GetOrganization().GetId(),
 			Domain: "org-domains-1.raystack.io",
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createDomainResp)
 
-		listDomainResp, err := s.testBench.Client.ListOrganizationDomains(ctxOrgAdminAuth, &frontierv1beta1.ListOrganizationDomainsRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		listDomainResp, err := s.testBench.Client.ListOrganizationDomains(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListOrganizationDomainsRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listDomainResp)
-		s.Assert().Equal("org-domains-1.raystack.io", listDomainResp.GetDomains()[0].GetName())
+		s.Assert().Equal("org-domains-1.raystack.io", listDomainResp.Msg.GetDomains()[0].GetName())
 
-		getDomainResp, err := s.testBench.Client.GetOrganizationDomain(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationDomainRequest{
-			Id:    createDomainResp.GetDomain().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		getDomainResp, err := s.testBench.Client.GetOrganizationDomain(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationDomainRequest{
+			Id:    createDomainResp.Msg.GetDomain().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getDomainResp)
 	})
 }
 
 func (s *APIRegressionTestSuite) TestWebhookAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-		consts.RequestIDHeader:   "test-request-id",
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithHeaders(context.Background(), map[string]string{
+		"Cookie":               s.adminCookie,
+		consts.RequestIDHeader: "test-request-id",
+	})
 	s.Run("1. create and list webhooks successfully", func() {
-		createWebhookResp, err := s.testBench.AdminClient.CreateWebhook(ctxOrgAdminAuth, &frontierv1beta1.CreateWebhookRequest{
+		createWebhookResp, err := s.testBench.AdminClient.CreateWebhook(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateWebhookRequest{
 			Body: &frontierv1beta1.WebhookRequestBody{
 				Description:      "webhook 1",
 				Url:              "https://webhook-1.raystack.io",
@@ -2534,17 +2531,17 @@ func (s *APIRegressionTestSuite) TestWebhookAPI() {
 					"Authorization": "Bearer token",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createWebhookResp)
-		s.Assert().NotNil(createWebhookResp.GetWebhook().GetSecrets())
+		s.Assert().NotNil(createWebhookResp.Msg.GetWebhook().GetSecrets())
 
-		listWebhookResp, err := s.testBench.AdminClient.ListWebhooks(ctxOrgAdminAuth, &frontierv1beta1.ListWebhooksRequest{})
+		listWebhookResp, err := s.testBench.AdminClient.ListWebhooks(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListWebhooksRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listWebhookResp)
-		s.Assert().Equal("webhook 1", listWebhookResp.GetWebhooks()[0].GetDescription())
-		s.Assert().Equal("https://webhook-1.raystack.io", listWebhookResp.GetWebhooks()[0].GetUrl())
-		s.Assert().Nil(listWebhookResp.GetWebhooks()[0].GetSecrets())
+		s.Assert().Equal("webhook 1", listWebhookResp.Msg.GetWebhooks()[0].GetDescription())
+		s.Assert().Equal("https://webhook-1.raystack.io", listWebhookResp.Msg.GetWebhooks()[0].GetUrl())
+		s.Assert().Nil(listWebhookResp.Msg.GetWebhooks()[0].GetSecrets())
 	})
 	s.Run("2. registering a webhook should start receiving events", func() {
 		var rawBody []byte
@@ -2569,7 +2566,7 @@ func (s *APIRegressionTestSuite) TestWebhookAPI() {
 		}))
 		defer server.Close()
 
-		createWebhookResp, err := s.testBench.AdminClient.CreateWebhook(ctxOrgAdminAuth, &frontierv1beta1.CreateWebhookRequest{
+		createWebhookResp, err := s.testBench.AdminClient.CreateWebhook(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateWebhookRequest{
 			Body: &frontierv1beta1.WebhookRequestBody{
 				Description:      "webhook 2",
 				Url:              server.URL,
@@ -2578,17 +2575,17 @@ func (s *APIRegressionTestSuite) TestWebhookAPI() {
 					"Authorization": "Bearer test",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createWebhookResp)
 
 		// create a new org
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org webhook 1",
 				Name:  "org-webhook-1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createOrgResp)
 
@@ -2605,7 +2602,7 @@ func (s *APIRegressionTestSuite) TestWebhookAPI() {
 		signatureHash := strings.Split(signatureHeader, "=")
 		s.Assert().Len(signatureHash, 2)
 
-		parsedEvent, err := webhook.ParseAndValidateEvent(rawBody, createWebhookResp.GetWebhook().GetSecrets()[0].GetValue(), signatureHash[1])
+		parsedEvent, err := webhook.ParseAndValidateEvent(rawBody, createWebhookResp.Msg.GetWebhook().GetSecrets()[0].GetValue(), signatureHash[1])
 		s.Assert().NoError(err)
 		s.Assert().NotNil(parsedEvent)
 	})
diff --git a/test/e2e/regression/authentication_test.go b/test/e2e/regression/authentication_test.go
index 97552acb5..1d24d17fe 100644
--- a/test/e2e/regression/authentication_test.go
+++ b/test/e2e/regression/authentication_test.go
@@ -12,13 +12,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/raystack/frontier/pkg/server/consts"
+	"connectrpc.com/connect"
 
 	"github.com/raystack/frontier/core/authenticate/strategy"
 	"github.com/raystack/frontier/pkg/mailer"
 	"github.com/raystack/frontier/pkg/server"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/metadata"
 
 	"github.com/golang/protobuf/jsonpb"
 
@@ -51,6 +49,8 @@ func (s *AuthenticationRegressionTestSuite) SetupSuite() {
 	s.Require().NoError(err)
 	grpcPort, err := testbench.GetFreePort()
 	s.Require().NoError(err)
+	connectPort, err := testbench.GetFreePort()
+	s.Require().NoError(err)
 	s.apiPort = apiPort
 	callbackPort, err := testbench.GetFreePort()
 	s.Require().NoError(err)
@@ -81,6 +81,9 @@ func (s *AuthenticationRegressionTestSuite) SetupSuite() {
 		App: server.Config{
 			Host: "localhost",
 			Port: apiPort,
+			Connect: server.ConnectConfig{
+				Port: connectPort,
+			},
 			GRPC: server.GRPCConfig{
 				Port:           grpcPort,
 				MaxRecvMsgSize: 2 << 10,
@@ -139,23 +142,23 @@ func (s *AuthenticationRegressionTestSuite) TearDownSuite() {
 func (s *AuthenticationRegressionTestSuite) TestUserSession() {
 	ctx := context.Background()
 	s.Run("1. return authenticate strategies of oidc", func() {
-		authStrategyResp, err := s.testBench.Client.ListAuthStrategies(ctx, &frontierv1beta1.ListAuthStrategiesRequest{})
+		authStrategyResp, err := s.testBench.Client.ListAuthStrategies(ctx, connect.NewRequest(&frontierv1beta1.ListAuthStrategiesRequest{}))
 		s.Assert().NoError(err)
-		s.Assert().Equal("mock", authStrategyResp.GetStrategies()[0].GetName())
+		s.Assert().Equal("mock", authStrategyResp.Msg.GetStrategies()[0].GetName())
 	})
 	s.Run("2. authenticate a user successfully using oidc and create a session via cookies", func() {
 		// start registration flow
-		authResp, err := s.testBench.Client.Authenticate(ctx, &frontierv1beta1.AuthenticateRequest{
+		authResp, err := s.testBench.Client.Authenticate(ctx, connect.NewRequest(&frontierv1beta1.AuthenticateRequest{
 			StrategyName:    "mock",
 			RedirectOnstart: false,
 			ReturnTo:        "",
 			Email:           mockoidc.DefaultUser().Email,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().NotNil(authResp.GetEndpoint())
+		s.Assert().NotNil(authResp.Msg.GetEndpoint())
 
 		// mock oidc code
-		parsedEndpoint, err := url.Parse(authResp.GetEndpoint())
+		parsedEndpoint, err := url.Parse(authResp.Msg.GetEndpoint())
 		s.Assert().NoError(err)
 		mockAuth0Code := "012345"
 		s.mockOIDCServer.QueueCode(mockAuth0Code)
@@ -182,7 +185,7 @@ func (s *AuthenticationRegressionTestSuite) TestUserSession() {
 		}()
 
 		// start session in oidc server
-		endpointRes, err := http.Get(authResp.GetEndpoint())
+		endpointRes, err := http.Get(authResp.Msg.GetEndpoint())
 		s.Assert().NoError(err)
 		s.Assert().Equal(http.StatusOK, endpointRes.StatusCode)
 
@@ -208,14 +211,14 @@ func (s *AuthenticationRegressionTestSuite) TestUserSession() {
 	var mailOTPCtx context.Context
 	s.Run("3. authenticate a user successfully using mailotp", func() {
 		// start registration flow
-		authResp, err := s.testBench.Client.Authenticate(ctx, &frontierv1beta1.AuthenticateRequest{
+		authResp, err := s.testBench.Client.Authenticate(ctx, connect.NewRequest(&frontierv1beta1.AuthenticateRequest{
 			StrategyName:    strategy.MailOTPAuthMethod,
 			RedirectOnstart: false,
 			ReturnTo:        "",
 			Email:           mockoidc.DefaultUser().Email,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().NotNil(authResp.GetState())
+		s.Assert().NotNil(authResp.Msg.GetState())
 
 		// check if mail is sent
 		messages := s.smtpServer.Messages()
@@ -232,86 +235,85 @@ func (s *AuthenticationRegressionTestSuite) TestUserSession() {
 		s.Assert().NotEmpty(emailOTP)
 
 		// verify incorrect otp
-		// extract grpc headers
-		md := metadata.MD{}
-		_, err = s.testBench.Client.AuthCallback(ctx, &frontierv1beta1.AuthCallbackRequest{
+		// For the error case - we don't get response headers on error with connect
+		_, err = s.testBench.Client.AuthCallback(ctx, connect.NewRequest(&frontierv1beta1.AuthCallbackRequest{
 			StrategyName: strategy.MailOTPAuthMethod,
 			Code:         "123456",
-			State:        authResp.GetState(),
-		}, grpc.Header(&md))
+			State:        authResp.Msg.GetState(),
+		}))
 		s.Assert().Error(err)
-		s.Assert().Empty(md[consts.SessionIDGatewayKey])
 
 		// verify correct otp
-		// extract grpc headers
-		md = metadata.MD{}
-		_, err = s.testBench.Client.AuthCallback(ctx, &frontierv1beta1.AuthCallbackRequest{
+		// For the success case - get headers from connect response
+		authCallbackResp, err := s.testBench.Client.AuthCallback(ctx, connect.NewRequest(&frontierv1beta1.AuthCallbackRequest{
 			StrategyName: strategy.MailOTPAuthMethod,
 			Code:         emailOTP,
-			State:        authResp.GetState(),
-		}, grpc.Header(&md))
+			State:        authResp.Msg.GetState(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().NotEmpty(md[consts.SessionIDGatewayKey])
+		setCookie := authCallbackResp.Header().Get("Set-Cookie")
+		s.Assert().NotEmpty(setCookie)
+		cookie := strings.SplitN(setCookie, ";", 2)[0]
 
-		// get user profile by authenticating user via session
-		ctxWithSession := metadata.NewOutgoingContext(ctx, md)
-		getUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithSession, &frontierv1beta1.GetCurrentUserRequest{})
+		// Create context with session cookie for subsequent calls
+		ctxWithSession := testbench.ContextWithAuth(ctx, cookie)
+		getUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithSession, connect.NewRequest(&frontierv1beta1.GetCurrentUserRequest{}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(mockoidc.DefaultUser().Email, getUserResp.GetUser().GetEmail())
+		s.Assert().Equal(mockoidc.DefaultUser().Email, getUserResp.Msg.GetUser().GetEmail())
 		mailOTPCtx = ctxWithSession
 	})
 	s.Run("4. authenticate a service user successfully using jwt", func() {
 		// create organization via session
-		createOrgResp, err := s.testBench.Client.CreateOrganization(mailOTPCtx, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(mailOTPCtx, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-svuser-1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createOrgResp)
 
 		// create service user and it's opaque token to authenticate using it
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(mailOTPCtx, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(mailOTPCtx, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
-		createServiceUserTokenResp, err := s.testBench.Client.CreateServiceUserToken(mailOTPCtx, &frontierv1beta1.CreateServiceUserTokenRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserTokenResp, err := s.testBench.Client.CreateServiceUserToken(mailOTPCtx, connect.NewRequest(&frontierv1beta1.CreateServiceUserTokenRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserTokenResp)
-		svUserToken := createServiceUserTokenResp.GetToken()
+		svUserToken := createServiceUserTokenResp.Msg.GetToken()
 		svKeyToken := fmt.Sprintf("%s:%s", svUserToken.GetId(),
 			svUserToken.GetToken())
 		svKeyToken = base64.StdEncoding.EncodeToString([]byte(svKeyToken))
 
-		ctxWithSVSecret := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithSVSecret := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Basic " + svKeyToken,
-		}))
+		})
 
 		// verify sv user token works
-		getCurrentUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithSVSecret, &frontierv1beta1.GetCurrentUserRequest{})
+		getCurrentUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithSVSecret, connect.NewRequest(&frontierv1beta1.GetCurrentUserRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getCurrentUserResp)
 
 		// generate jwt token using sv user authenticator
-		jwtTokenResp, err := s.testBench.Client.AuthToken(ctxWithSVSecret, &frontierv1beta1.AuthTokenRequest{
+		jwtTokenResp, err := s.testBench.Client.AuthToken(ctxWithSVSecret, connect.NewRequest(&frontierv1beta1.AuthTokenRequest{
 			GrantType:    "client_credentials",
 			ClientId:     svUserToken.GetId(),
 			ClientSecret: svUserToken.GetToken(),
 			Assertion:    "",
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(jwtTokenResp)
 
 		// verify if the jwt token works
-		ctxWithJWT := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			consts.UserTokenGatewayKey: jwtTokenResp.GetAccessToken(),
-		}))
-		getCurrentUserResp, err = s.testBench.Client.GetCurrentUser(ctxWithJWT, &frontierv1beta1.GetCurrentUserRequest{})
+		ctxWithJWT := testbench.ContextWithHeaders(context.Background(), map[string]string{
+			"Authorization": "Bearer " + jwtTokenResp.Msg.GetAccessToken(),
+		})
+		getCurrentUserResp, err = s.testBench.Client.GetCurrentUser(ctxWithJWT, connect.NewRequest(&frontierv1beta1.GetCurrentUserRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getCurrentUserResp)
 	})
diff --git a/test/e2e/regression/billing_test.go b/test/e2e/regression/billing_test.go
index 43e1e3812..158eb74e7 100644
--- a/test/e2e/regression/billing_test.go
+++ b/test/e2e/regression/billing_test.go
@@ -16,12 +16,14 @@ import (
 
 	"github.com/google/uuid"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/raystack/frontier/billing"
+	"github.com/raystack/frontier/core/authenticate"
+	testusers "github.com/raystack/frontier/core/authenticate/test_users"
 	"github.com/raystack/frontier/pkg/server"
 	frontierv1beta1 "github.com/raystack/frontier/proto/v1beta1"
-	"google.golang.org/grpc/metadata"
 
 	"github.com/raystack/frontier/config"
 	"github.com/raystack/frontier/pkg/logger"
@@ -31,7 +33,8 @@ import (
 
 type BillingRegressionTestSuite struct {
 	suite.Suite
-	testBench *testbench.TestBench
+	testBench   *testbench.TestBench
+	adminCookie string
 }
 
 func (s *BillingRegressionTestSuite) SetupSuite() {
@@ -43,6 +46,8 @@ func (s *BillingRegressionTestSuite) SetupSuite() {
 	s.Require().NoError(err)
 	grpcPort, err := testbench.GetFreePort()
 	s.Require().NoError(err)
+	connectPort, err := testbench.GetFreePort()
+	s.Require().NoError(err)
 
 	appConfig := &config.Frontier{
 		Log: logger.Config{
@@ -50,15 +55,28 @@ func (s *BillingRegressionTestSuite) SetupSuite() {
 			AuditEvents: "db",
 		},
 		App: server.Config{
-			Host: "localhost",
-			Port: apiPort,
+			Host:    "localhost",
+			Port:    apiPort,
+			Connect: server.ConnectConfig{Port: connectPort},
 			GRPC: server.GRPCConfig{
 				Port:           grpcPort,
 				MaxRecvMsgSize: 2 << 10,
 				MaxSendMsgSize: 2 << 10,
 			},
-			IdentityProxyHeader: testbench.IdentityHeader,
 			ResourcesConfigPath: path.Join(testDataPath, "resource"),
+			Authentication: authenticate.Config{
+				Session: authenticate.SessionConfig{
+					HashSecretKey:  "hash-secret-should-be-32-chars--",
+					BlockSecretKey: "hash-secret-should-be-32-chars--",
+					Validity:       time.Hour,
+				},
+				MailOTP: authenticate.MailOTPConfig{
+					Subject:  "{{.Otp}}",
+					Body:     "{{.Otp}}",
+					Validity: 10 * time.Minute,
+				},
+				TestUsers: testusers.Config{Enabled: true, Domain: "raystack.org", OTP: testbench.TestOTP},
+			},
 		},
 		Billing: billing.Config{
 			StripeKey:       "sk_test_mock",
@@ -79,10 +97,14 @@ func (s *BillingRegressionTestSuite) SetupSuite() {
 
 	ctx := context.Background()
 
-	s.Require().NoError(testbench.BootstrapUsers(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapOrganizations(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapProject(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapGroup(ctx, s.testBench.Client, testbench.OrgAdminEmail))
+	adminCookie, err := testbench.AuthenticateUser(ctx, s.testBench.Client, testbench.OrgAdminEmail)
+	s.Require().NoError(err)
+	s.adminCookie = adminCookie
+
+	s.Require().NoError(testbench.BootstrapUsers(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapOrganizations(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapProject(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapGroup(ctx, s.testBench.Client, adminCookie))
 }
 
 func (s *BillingRegressionTestSuite) TearDownSuite() {
@@ -91,33 +113,31 @@ func (s *BillingRegressionTestSuite) TearDownSuite() {
 }
 
 func (s *BillingRegressionTestSuite) TestBillingCustomerAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	s.Run("1. creating multiple active billing account shouldn't be allowed", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name:  "org-billing-customer-1",
 				Title: "Org Billing Customer 1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// creating an org should have already created one billing account
 		var billingAccounts []*frontierv1beta1.BillingAccount
 		s.Assert().Eventually(func() bool {
 			// wait for billing account to be created
-			listCustomersResp, err := s.testBench.Client.ListBillingAccounts(ctxOrgAdminAuth, &frontierv1beta1.ListBillingAccountsRequest{
-				OrgId: createOrgResp.GetOrganization().GetId(),
-			})
+			listCustomersResp, err := s.testBench.Client.ListBillingAccounts(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListBillingAccountsRequest{
+				OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			}))
 			s.Assert().NoError(err)
-			billingAccounts = listCustomersResp.GetBillingAccounts()
+			billingAccounts = listCustomersResp.Msg.GetBillingAccounts()
 			return len(billingAccounts) > 0
 		}, 2*time.Second, time.Millisecond*20)
 
 		// creating another billing account shouldn't be allowed
-		_, err = s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingAccountRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
+		_, err = s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingAccountRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 			Body: &frontierv1beta1.BillingAccountRequestBody{
 				Email:    "test@example.com",
 				Currency: "usd",
@@ -129,21 +149,21 @@ func (s *BillingRegressionTestSuite) TestBillingCustomerAPI() {
 					State: "CA",
 				},
 			},
-		})
+		}))
 		s.Assert().ErrorContains(err, "active account already exists")
 	})
 	s.Run("2. create and fetch billing customers successfully", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name:  "org-billing-customer-2",
 				Title: "Org Billing Customer 2",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.GetOrganization().GetId())
+		s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.Msg.GetOrganization().GetId())
 
-		createCustomerResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingAccountRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
+		createCustomerResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingAccountRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 			Body: &frontierv1beta1.BillingAccountRequestBody{
 				Email:    "test@example.com",
 				Currency: "usd",
@@ -155,33 +175,33 @@ func (s *BillingRegressionTestSuite) TestBillingCustomerAPI() {
 					State: "CA",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createCustomerResp)
 
-		getCustomerResp, err := s.testBench.Client.GetBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.GetBillingAccountRequest{
-			OrgId:  createOrgResp.GetOrganization().GetId(),
-			Id:     createCustomerResp.GetBillingAccount().GetId(),
+		getCustomerResp, err := s.testBench.Client.GetBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingAccountRequest{
+			OrgId:  createOrgResp.Msg.GetOrganization().GetId(),
+			Id:     createCustomerResp.Msg.GetBillingAccount().GetId(),
 			Expand: []string{"organization"},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getCustomerResp)
-		s.Assert().Equal(createCustomerResp.GetBillingAccount().GetId(), getCustomerResp.GetBillingAccount().GetId())
-		s.Assert().Equal(createCustomerResp.GetBillingAccount().GetEmail(), getCustomerResp.GetBillingAccount().GetEmail())
-		s.Assert().Equal(createOrgResp.GetOrganization().GetId(), getCustomerResp.GetBillingAccount().GetOrganization().GetId())
+		s.Assert().Equal(createCustomerResp.Msg.GetBillingAccount().GetId(), getCustomerResp.Msg.GetBillingAccount().GetId())
+		s.Assert().Equal(createCustomerResp.Msg.GetBillingAccount().GetEmail(), getCustomerResp.Msg.GetBillingAccount().GetEmail())
+		s.Assert().Equal(createOrgResp.Msg.GetOrganization().GetId(), getCustomerResp.Msg.GetBillingAccount().GetOrganization().GetId())
 	})
 	s.Run("3. update billing customer successfully", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name:  "org-billing-customer-3",
 				Title: "Org Billing Customer 3",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.GetOrganization().GetId())
+		s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.Msg.GetOrganization().GetId())
 
-		createCustomerResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingAccountRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
+		createCustomerResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingAccountRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 			Body: &frontierv1beta1.BillingAccountRequestBody{
 				Email:    "test@example2.com",
 				Currency: "usd",
@@ -190,14 +210,14 @@ func (s *BillingRegressionTestSuite) TestBillingCustomerAPI() {
 					State: "CA",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createCustomerResp)
 
 		// update customer
-		updateCustomerResp, err := s.testBench.Client.UpdateBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.UpdateBillingAccountRequest{
-			Id:    createCustomerResp.GetBillingAccount().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
+		updateCustomerResp, err := s.testBench.Client.UpdateBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateBillingAccountRequest{
+			Id:    createCustomerResp.Msg.GetBillingAccount().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 			Body: &frontierv1beta1.BillingAccountRequestBody{
 				Email:    "test@example2.com",
 				Currency: "usd",
@@ -209,25 +229,25 @@ func (s *BillingRegressionTestSuite) TestBillingCustomerAPI() {
 					State: "CA",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(updateCustomerResp)
-		s.Assert().Equal("1234567890", updateCustomerResp.GetBillingAccount().GetPhone())
-		s.Assert().Equal("123 Main St", updateCustomerResp.GetBillingAccount().GetAddress().GetLine1())
-		s.Assert().Equal("San Francisco", updateCustomerResp.GetBillingAccount().GetAddress().GetCity())
+		s.Assert().Equal("1234567890", updateCustomerResp.Msg.GetBillingAccount().GetPhone())
+		s.Assert().Equal("123 Main St", updateCustomerResp.Msg.GetBillingAccount().GetAddress().GetLine1())
+		s.Assert().Equal("San Francisco", updateCustomerResp.Msg.GetBillingAccount().GetAddress().GetCity())
 	})
 	s.Run("4. create and fetch billing customers successfully with tax data", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name:  "org-billing-customer-4",
 				Title: "Org Billing Customer 4",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.GetOrganization().GetId())
+		s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.Msg.GetOrganization().GetId())
 
-		createCustomerResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingAccountRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
+		createCustomerResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingAccountRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 			Body: &frontierv1beta1.BillingAccountRequestBody{
 				Email:    "test@example.com",
 				Currency: "usd",
@@ -245,70 +265,68 @@ func (s *BillingRegressionTestSuite) TestBillingCustomerAPI() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createCustomerResp)
 
-		getCustomerResp, err := s.testBench.Client.GetBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.GetBillingAccountRequest{
-			OrgId:  createOrgResp.GetOrganization().GetId(),
-			Id:     createCustomerResp.GetBillingAccount().GetId(),
+		getCustomerResp, err := s.testBench.Client.GetBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingAccountRequest{
+			OrgId:  createOrgResp.Msg.GetOrganization().GetId(),
+			Id:     createCustomerResp.Msg.GetBillingAccount().GetId(),
 			Expand: []string{"organization"},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getCustomerResp)
-		s.Assert().Equal(createCustomerResp.GetBillingAccount().GetId(), getCustomerResp.GetBillingAccount().GetId())
-		s.Assert().Equal(createCustomerResp.GetBillingAccount().GetEmail(), getCustomerResp.GetBillingAccount().GetEmail())
-		s.Assert().Equal(createOrgResp.GetOrganization().GetId(), getCustomerResp.GetBillingAccount().GetOrganization().GetId())
-		s.Assert().Equal(1, len(getCustomerResp.GetBillingAccount().GetTaxData()))
-		s.Assert().Equal("us_ein", getCustomerResp.GetBillingAccount().GetTaxData()[0].GetType())
-		s.Assert().Equal("1234567890", getCustomerResp.GetBillingAccount().GetTaxData()[0].GetId())
+		s.Assert().Equal(createCustomerResp.Msg.GetBillingAccount().GetId(), getCustomerResp.Msg.GetBillingAccount().GetId())
+		s.Assert().Equal(createCustomerResp.Msg.GetBillingAccount().GetEmail(), getCustomerResp.Msg.GetBillingAccount().GetEmail())
+		s.Assert().Equal(createOrgResp.Msg.GetOrganization().GetId(), getCustomerResp.Msg.GetBillingAccount().GetOrganization().GetId())
+		s.Assert().Equal(1, len(getCustomerResp.Msg.GetBillingAccount().GetTaxData()))
+		s.Assert().Equal("us_ein", getCustomerResp.Msg.GetBillingAccount().GetTaxData()[0].GetType())
+		s.Assert().Equal("1234567890", getCustomerResp.Msg.GetBillingAccount().GetTaxData()[0].GetId())
 	})
 	s.Run("5. onboarding credits should be auto credited in org billing account", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name:  "org-billing-customer-5",
 				Title: "Org Billing Customer 5",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.GetOrganization().GetId())
+		s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.Msg.GetOrganization().GetId())
 
 		var customerID string
 		s.Assert().Eventually(func() bool {
-			listCustomerAccountResp, err := s.testBench.Client.ListBillingAccounts(ctxOrgAdminAuth, &frontierv1beta1.ListBillingAccountsRequest{
-				OrgId: createOrgResp.GetOrganization().GetId(),
-			})
+			listCustomerAccountResp, err := s.testBench.Client.ListBillingAccounts(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListBillingAccountsRequest{
+				OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			}))
 			s.Assert().NoError(err)
 			s.Assert().NotNil(listCustomerAccountResp)
-			if len(listCustomerAccountResp.GetBillingAccounts()) > 0 {
-				customerID = listCustomerAccountResp.GetBillingAccounts()[0].GetId()
+			if len(listCustomerAccountResp.Msg.GetBillingAccounts()) > 0 {
+				customerID = listCustomerAccountResp.Msg.GetBillingAccounts()[0].GetId()
 				return true
 			}
 			return false
 		}, time.Second*2, time.Millisecond*50)
 
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
 			Id:    customerID,
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getBalanceResp)
-		s.Assert().Equal(int64(200), getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(int64(200), getBalanceResp.Msg.GetBalance().GetAmount())
 	})
 }
 
 func (s *BillingRegressionTestSuite) TestPlansAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	s.Run("1. fetch existing plans successfully", func() {
-		listPlansResp, err := s.testBench.Client.ListPlans(ctxOrgAdminAuth, &frontierv1beta1.ListPlansRequest{})
+		listPlansResp, err := s.testBench.Client.ListPlans(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListPlansRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listPlansResp)
-		s.Assert().NotEmpty(listPlansResp.GetPlans())
+		s.Assert().NotEmpty(listPlansResp.Msg.GetPlans())
 	})
 	s.Run("2. create a plan successfully", func() {
-		createPlanResp, err := s.testBench.Client.CreatePlan(ctxOrgAdminAuth, &frontierv1beta1.CreatePlanRequest{
+		createPlanResp, err := s.testBench.Client.CreatePlan(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePlanRequest{
 			Body: &frontierv1beta1.PlanRequestBody{
 				Name:        "test-plan-2",
 				Title:       "Test Plan 2",
@@ -329,27 +347,25 @@ func (s *BillingRegressionTestSuite) TestPlansAPI() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createPlanResp)
-		s.Assert().NotNil(createPlanResp.GetPlan().GetProducts())
+		s.Assert().NotNil(createPlanResp.Msg.GetPlan().GetProducts())
 
-		getPlanResp, err := s.testBench.Client.GetPlan(ctxOrgAdminAuth, &frontierv1beta1.GetPlanRequest{
-			Id: createPlanResp.GetPlan().GetId(),
-		})
+		getPlanResp, err := s.testBench.Client.GetPlan(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetPlanRequest{
+			Id: createPlanResp.Msg.GetPlan().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getPlanResp)
-		s.Assert().Equal(createPlanResp.GetPlan().GetId(), getPlanResp.GetPlan().GetId())
-		s.Assert().Equal(createPlanResp.GetPlan().GetProducts(), getPlanResp.GetPlan().GetProducts())
+		s.Assert().Equal(createPlanResp.Msg.GetPlan().GetId(), getPlanResp.Msg.GetPlan().GetId())
+		s.Assert().Equal(createPlanResp.Msg.GetPlan().GetProducts(), getPlanResp.Msg.GetPlan().GetProducts())
 	})
 }
 
 func (s *BillingRegressionTestSuite) TestProductsAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	s.Run("1. create a credit buying product successfully", func() {
-		createProductResp, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, &frontierv1beta1.CreateProductRequest{
+		createProductResp, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProductRequest{
 			Body: &frontierv1beta1.ProductRequestBody{
 				Name:        "test-product",
 				Title:       "Test Product",
@@ -372,24 +388,24 @@ func (s *BillingRegressionTestSuite) TestProductsAPI() {
 					MinQuantity:  2,
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createProductResp)
-		s.Assert().NotNil(createProductResp.GetProduct().GetPrices())
+		s.Assert().NotNil(createProductResp.Msg.GetProduct().GetPrices())
 
-		getProductResp, err := s.testBench.Client.GetProduct(ctxOrgAdminAuth, &frontierv1beta1.GetProductRequest{
-			Id: createProductResp.GetProduct().GetId(),
-		})
+		getProductResp, err := s.testBench.Client.GetProduct(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetProductRequest{
+			Id: createProductResp.Msg.GetProduct().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getProductResp)
-		s.Assert().Equal(createProductResp.GetProduct().GetId(), getProductResp.GetProduct().GetId())
-		s.Assert().Equal(createProductResp.GetProduct().GetPrices(), getProductResp.GetProduct().GetPrices())
-		s.Assert().Equal(createProductResp.GetProduct().GetFeatures(), getProductResp.GetProduct().GetFeatures())
-		s.Assert().Len(getProductResp.GetProduct().GetFeatures(), 1)
-		s.Assert().Equal(int64(2), getProductResp.GetProduct().GetBehaviorConfig().GetMinQuantity())
+		s.Assert().Equal(createProductResp.Msg.GetProduct().GetId(), getProductResp.Msg.GetProduct().GetId())
+		s.Assert().Equal(createProductResp.Msg.GetProduct().GetPrices(), getProductResp.Msg.GetProduct().GetPrices())
+		s.Assert().Equal(createProductResp.Msg.GetProduct().GetFeatures(), getProductResp.Msg.GetProduct().GetFeatures())
+		s.Assert().Len(getProductResp.Msg.GetProduct().GetFeatures(), 1)
+		s.Assert().Equal(int64(2), getProductResp.Msg.GetProduct().GetBehaviorConfig().GetMinQuantity())
 	})
 	s.Run("2. Update a product successfully", func() {
-		createProductResp, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, &frontierv1beta1.CreateProductRequest{
+		createProductResp, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProductRequest{
 			Body: &frontierv1beta1.ProductRequestBody{
 				Name:        "test-product-2",
 				Title:       "Test Product-2",
@@ -411,14 +427,14 @@ func (s *BillingRegressionTestSuite) TestProductsAPI() {
 					CreditAmount: 400,
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createProductResp)
-		s.Assert().NotNil(createProductResp.GetProduct().GetPrices())
+		s.Assert().NotNil(createProductResp.Msg.GetProduct().GetPrices())
 
 		// add additional feature and remove existing feature
-		updateProductResp, err := s.testBench.Client.UpdateProduct(ctxOrgAdminAuth, &frontierv1beta1.UpdateProductRequest{
-			Id: createProductResp.GetProduct().GetId(),
+		updateProductResp, err := s.testBench.Client.UpdateProduct(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateProductRequest{
+			Id: createProductResp.Msg.GetProduct().GetId(),
 			Body: &frontierv1beta1.ProductRequestBody{
 				Name:        "test-product-2",
 				Title:       "Test Product-2",
@@ -434,18 +450,18 @@ func (s *BillingRegressionTestSuite) TestProductsAPI() {
 					MaxQuantity:  20,
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(updateProductResp)
-		s.Assert().Equal(updateProductResp.GetProduct().GetId(), createProductResp.GetProduct().GetId())
-		s.Assert().Equal(updateProductResp.GetProduct().GetPrices(), createProductResp.GetProduct().GetPrices())
-		s.Assert().Equal(1, len(updateProductResp.GetProduct().GetFeatures()))
-		s.Assert().Equal("test-feature-2", updateProductResp.GetProduct().GetFeatures()[0].GetName())
-		s.Assert().Equal(int64(400), updateProductResp.GetProduct().GetBehaviorConfig().GetCreditAmount())
-		s.Assert().Equal(int64(20), updateProductResp.GetProduct().GetBehaviorConfig().GetMaxQuantity())
+		s.Assert().Equal(updateProductResp.Msg.GetProduct().GetId(), createProductResp.Msg.GetProduct().GetId())
+		s.Assert().Equal(updateProductResp.Msg.GetProduct().GetPrices(), createProductResp.Msg.GetProduct().GetPrices())
+		s.Assert().Equal(1, len(updateProductResp.Msg.GetProduct().GetFeatures()))
+		s.Assert().Equal("test-feature-2", updateProductResp.Msg.GetProduct().GetFeatures()[0].GetName())
+		s.Assert().Equal(int64(400), updateProductResp.Msg.GetProduct().GetBehaviorConfig().GetCreditAmount())
+		s.Assert().Equal(int64(20), updateProductResp.Msg.GetProduct().GetBehaviorConfig().GetMaxQuantity())
 	})
 	s.Run("create a feature in existing product successfully", func() {
-		createProductResp, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, &frontierv1beta1.CreateProductRequest{
+		createProductResp, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProductRequest{
 			Body: &frontierv1beta1.ProductRequestBody{
 				Name:        "test-product-3",
 				Title:       "Test Product-3",
@@ -467,47 +483,45 @@ func (s *BillingRegressionTestSuite) TestProductsAPI() {
 					CreditAmount: 400,
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createProductResp)
-		s.Assert().NotNil(createProductResp.GetProduct().GetPrices())
+		s.Assert().NotNil(createProductResp.Msg.GetProduct().GetPrices())
 
 		// add additional feature
-		createFeatureResp, err := s.testBench.Client.CreateFeature(ctxOrgAdminAuth, &frontierv1beta1.CreateFeatureRequest{
+		createFeatureResp, err := s.testBench.Client.CreateFeature(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateFeatureRequest{
 			Body: &frontierv1beta1.FeatureRequestBody{
 				Name:       "test-feature-3",
 				Title:      "Test Feature-3",
-				ProductIds: []string{createProductResp.GetProduct().GetId()},
+				ProductIds: []string{createProductResp.Msg.GetProduct().GetId()},
 				Metadata: Must(structpb.NewStruct(map[string]interface{}{
 					"key": "value",
 				})),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createFeatureResp)
-		s.Assert().Equal("test-feature-3", createFeatureResp.GetFeature().GetName())
-		s.Assert().Equal("Test Feature-3", createFeatureResp.GetFeature().GetTitle())
-		s.Assert().Equal(1, len(createFeatureResp.GetFeature().GetProductIds()))
+		s.Assert().Equal("test-feature-3", createFeatureResp.Msg.GetFeature().GetName())
+		s.Assert().Equal("Test Feature-3", createFeatureResp.Msg.GetFeature().GetTitle())
+		s.Assert().Equal(1, len(createFeatureResp.Msg.GetFeature().GetProductIds()))
 	})
 }
 
 func (s *BillingRegressionTestSuite) TestCheckoutAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	// create dummy org
-	createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+	createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 		Body: &frontierv1beta1.OrganizationRequestBody{
 			Name: "org-checkout-1",
 		},
-	})
+	}))
 	s.Assert().NoError(err)
-	s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.GetOrganization().GetId())
+	s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.Msg.GetOrganization().GetId())
 
 	// create dummy billing customer
-	createBillingResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingAccountRequest{
-		OrgId: createOrgResp.GetOrganization().GetId(),
+	createBillingResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingAccountRequest{
+		OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 		Body: &frontierv1beta1.BillingAccountRequestBody{
 			Email:    "test@frontier-example.com",
 			Currency: "usd",
@@ -519,11 +533,11 @@ func (s *BillingRegressionTestSuite) TestCheckoutAPI() {
 				State: "CA",
 			},
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 
 	s.Run("1. checkout the credit product to buy some credits", func() {
-		createProductResp, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, &frontierv1beta1.CreateProductRequest{
+		createProductResp, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProductRequest{
 			Body: &frontierv1beta1.ProductRequestBody{
 				Name:        "store-credits",
 				Title:       "Store Credits",
@@ -540,57 +554,57 @@ func (s *BillingRegressionTestSuite) TestCheckoutAPI() {
 					CreditAmount: 400,
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createProductResp)
 
-		checkoutResp, err := s.testBench.Client.CreateCheckout(ctxOrgAdminAuth, &frontierv1beta1.CreateCheckoutRequest{
-			OrgId:      createOrgResp.GetOrganization().GetId(),
-			BillingId:  createBillingResp.GetBillingAccount().GetId(),
+		checkoutResp, err := s.testBench.Client.CreateCheckout(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateCheckoutRequest{
+			OrgId:      createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId:  createBillingResp.Msg.GetBillingAccount().GetId(),
 			SuccessUrl: "https://example.com/success?checkout_id={{.CheckoutID}}",
 			CancelUrl:  "https://example.com/cancel",
 			ProductBody: &frontierv1beta1.CheckoutProductBody{
-				Product: createProductResp.GetProduct().GetId(),
+				Product: createProductResp.Msg.GetProduct().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(checkoutResp)
-		s.Assert().NotEmpty(checkoutResp.GetCheckoutSession().GetCheckoutUrl())
-		s.Assert().Equal("https://example.com/success?checkout_id="+checkoutResp.GetCheckoutSession().GetId(), checkoutResp.GetCheckoutSession().GetSuccessUrl())
-		s.Assert().Equal("https://example.com/cancel", checkoutResp.GetCheckoutSession().GetCancelUrl())
+		s.Assert().NotEmpty(checkoutResp.Msg.GetCheckoutSession().GetCheckoutUrl())
+		s.Assert().Equal("https://example.com/success?checkout_id="+checkoutResp.Msg.GetCheckoutSession().GetId(), checkoutResp.Msg.GetCheckoutSession().GetSuccessUrl())
+		s.Assert().Equal("https://example.com/cancel", checkoutResp.Msg.GetCheckoutSession().GetCancelUrl())
 
-		listCheckout, err := s.testBench.Client.ListCheckouts(ctxOrgAdminAuth, &frontierv1beta1.ListCheckoutsRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
-		})
+		listCheckout, err := s.testBench.Client.ListCheckouts(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListCheckoutsRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listCheckout)
 		// we can't really pay the checkout session in test so automatic credit update won't happen
 	})
 	s.Run("2. checkout the subscription for a plan", func() {
-		checkoutResp, err := s.testBench.Client.CreateCheckout(ctxOrgAdminAuth, &frontierv1beta1.CreateCheckoutRequest{
-			OrgId:      createOrgResp.GetOrganization().GetId(),
-			BillingId:  createBillingResp.GetBillingAccount().GetId(),
+		checkoutResp, err := s.testBench.Client.CreateCheckout(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateCheckoutRequest{
+			OrgId:      createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId:  createBillingResp.Msg.GetBillingAccount().GetId(),
 			SuccessUrl: "https://example.com/success",
 			CancelUrl:  "https://example.com/cancel",
 			SubscriptionBody: &frontierv1beta1.CheckoutSubscriptionBody{
 				Plan: "enterprise_yearly",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(checkoutResp)
-		s.Assert().NotEmpty(checkoutResp.GetCheckoutSession().GetCheckoutUrl())
+		s.Assert().NotEmpty(checkoutResp.Msg.GetCheckoutSession().GetCheckoutUrl())
 
-		listCheckout, err := s.testBench.Client.ListCheckouts(ctxOrgAdminAuth, &frontierv1beta1.ListCheckoutsRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
-		})
+		listCheckout, err := s.testBench.Client.ListCheckouts(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListCheckoutsRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listCheckout)
 		// we can't really pay the checkout session in test so automatic credit update won't happen
 	})
 	s.Run("3. delegate checkout the credits product", func() {
-		createProduct, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, &frontierv1beta1.CreateProductRequest{
+		createProduct, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProductRequest{
 			Body: &frontierv1beta1.ProductRequestBody{
 				Name:        "store-credits-checkout-1",
 				Behavior:    "credits",
@@ -600,56 +614,54 @@ func (s *BillingRegressionTestSuite) TestCheckoutAPI() {
 					CreditAmount: 400,
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		delegateCheckoutResp, err := s.testBench.AdminClient.DelegatedCheckout(ctxOrgAdminAuth, &frontierv1beta1.DelegatedCheckoutRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		delegateCheckoutResp, err := s.testBench.AdminClient.DelegatedCheckout(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.DelegatedCheckoutRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			ProductBody: &frontierv1beta1.CheckoutProductBody{
-				Product:  createProduct.GetProduct().GetId(),
+				Product:  createProduct.Msg.GetProduct().GetId(),
 				Quantity: 2,
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(delegateCheckoutResp)
-		s.Assert().NotEmpty(delegateCheckoutResp.GetProduct())
+		s.Assert().NotEmpty(delegateCheckoutResp.Msg.GetProduct())
 
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(int64(800), getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(int64(800), getBalanceResp.Msg.GetBalance().GetAmount())
 	})
 }
 
 func (s *BillingRegressionTestSuite) TestUsageAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	// create dummy org
-	createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+	createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 		Body: &frontierv1beta1.OrganizationRequestBody{
 			Name: "org-usage-1",
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 
-	creteProjectResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+	creteProjectResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 		Body: &frontierv1beta1.ProjectRequestBody{
 			Name:  "project-usage-1",
 			Title: "Project Usage 1",
-			OrgId: createOrgResp.GetOrganization().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 		},
-	})
+	}))
 	s.Assert().NoError(err)
-	s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.GetOrganization().GetId())
+	s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.Msg.GetOrganization().GetId())
 
 	// create dummy billing customer
-	createBillingResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingAccountRequest{
-		OrgId: createOrgResp.GetOrganization().GetId(),
+	createBillingResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingAccountRequest{
+		OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 		Body: &frontierv1beta1.BillingAccountRequestBody{
 			Email:    "test@frontier-example.com",
 			Currency: "usd",
@@ -661,11 +673,11 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 				State: "CA",
 			},
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 
 	// create a product with credit behavior
-	createProductResp, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, &frontierv1beta1.CreateProductRequest{
+	createProductResp, err := s.testBench.Client.CreateProduct(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProductRequest{
 		Body: &frontierv1beta1.ProductRequestBody{
 			Name:        "store-credits-usage",
 			Title:       "Store Credits",
@@ -682,14 +694,14 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 				CreditAmount: 400,
 			},
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 	testUserID := uuid.New().String()
 
 	s.Run("1. report usage to an account having no credits", func() {
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          uuid.New().String(),
@@ -702,13 +714,13 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().Error(err)
 		s.Assert().ErrorContains(err, "insufficient credits")
 
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          uuid.New().String(),
@@ -721,30 +733,30 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().Error(err)
 	})
 	s.Run("2. report usage to an account having some credits", func() {
-		_, err = s.testBench.AdminClient.DelegatedCheckout(ctxOrgAdminAuth, &frontierv1beta1.DelegatedCheckoutRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.DelegatedCheckout(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.DelegatedCheckoutRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			ProductBody: &frontierv1beta1.CheckoutProductBody{
-				Product: createProductResp.GetProduct().GetId(),
+				Product: createProductResp.Msg.GetProduct().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check balance
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		beforeBalance := getBalanceResp.GetBalance().GetAmount()
+		beforeBalance := getBalanceResp.Msg.GetBalance().GetAmount()
 
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          uuid.New().String(),
@@ -757,30 +769,30 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check balance
-		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(beforeBalance-20, getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(beforeBalance-20, getBalanceResp.Msg.GetBalance().GetAmount())
 	})
 	s.Run("3. revert partial reported usage to an account", func() {
 		// check balance
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		beforeBalance := getBalanceResp.GetBalance().GetAmount()
+		beforeBalance := getBalanceResp.Msg.GetBalance().GetAmount()
 
 		usageID := uuid.New().String()
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          usageID,
@@ -793,38 +805,38 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			UsageId:   usageID,
 			Amount:    10,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check balance
-		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(beforeBalance-10, getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(beforeBalance-10, getBalanceResp.Msg.GetBalance().GetAmount())
 	})
 	s.Run("4. revert full reported usage to an account", func() {
 		// check balance
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		beforeBalance := getBalanceResp.GetBalance().GetAmount()
+		beforeBalance := getBalanceResp.Msg.GetBalance().GetAmount()
 
 		usageID := uuid.New().String()
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          usageID,
@@ -837,30 +849,30 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			UsageId:   usageID,
 			Amount:    20,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check balance
-		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(beforeBalance, getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(beforeBalance, getBalanceResp.Msg.GetBalance().GetAmount())
 	})
 	s.Run("5. revert more than full reported usage to an account should fail", func() {
 		usageID := uuid.New().String()
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          usageID,
@@ -873,30 +885,30 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			UsageId:   usageID,
 			Amount:    30,
-		})
+		}))
 		s.Assert().ErrorContains(err, usage.ErrRevertAmountExceeds.Error())
 	})
 	s.Run("6. revert reported usage multiple times should pass", func() {
 		// check balance
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		beforeBalance := getBalanceResp.GetBalance().GetAmount()
+		beforeBalance := getBalanceResp.Msg.GetBalance().GetAmount()
 
 		usageID := uuid.New().String()
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          usageID,
@@ -909,46 +921,46 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			UsageId:   usageID,
 			Amount:    5,
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			UsageId:   usageID,
 			Amount:    8,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check balance
-		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(beforeBalance-7, getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(beforeBalance-7, getBalanceResp.Msg.GetBalance().GetAmount())
 	})
 	s.Run("7. revert reported usage multiple times more than original amount should fail", func() {
 		// check balance
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		beforeBalance := getBalanceResp.GetBalance().GetAmount()
+		beforeBalance := getBalanceResp.Msg.GetBalance().GetAmount()
 
 		usageID := uuid.New().String()
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          usageID,
@@ -961,46 +973,46 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			UsageId:   usageID,
 			Amount:    15,
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			UsageId:   usageID,
 			Amount:    8,
-		})
+		}))
 		s.Assert().Error(err)
 
 		// check balance
-		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(beforeBalance-5, getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(beforeBalance-5, getBalanceResp.Msg.GetBalance().GetAmount())
 	})
 	s.Run("8. reverting a revert usage should fail", func() {
 		// check balance
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		beforeBalance := getBalanceResp.GetBalance().GetAmount()
+		beforeBalance := getBalanceResp.Msg.GetBalance().GetAmount()
 
 		usageID := uuid.New().String()
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          usageID,
@@ -1013,52 +1025,53 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			UsageId:   usageID,
 			Amount:    10,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check balance
-		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(beforeBalance-10, getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(beforeBalance-10, getBalanceResp.Msg.GetBalance().GetAmount())
 
-		listTransactions, err := s.testBench.Client.ListBillingTransactions(ctxOrgAdminAuth, &frontierv1beta1.ListBillingTransactionsRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
-		})
+		listTransactions, err := s.testBench.Client.ListBillingTransactions(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListBillingTransactionsRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		lastRevertID := listTransactions.GetTransactions()[0].GetId()
+		lastRevertID := listTransactions.Msg.GetTransactions()[0].GetId()
 
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			UsageId:   lastRevertID,
 			Amount:    10,
-		})
+		}))
 		s.Assert().ErrorContains(err, usage.ErrExistingRevertedUsage.Error())
 	})
 	s.Run("9. revert full reported usage to an account using project id", func() {
 		// check balance
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		beforeBalance := getBalanceResp.GetBalance().GetAmount()
+		beforeBalance := getBalanceResp.Msg.GetBalance().GetAmount()
 
 		usageID := uuid.New().String()
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			ProjectId: creteProjectResp.GetProject().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			ProjectId: creteProjectResp.Msg.GetProject().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          usageID,
@@ -1071,45 +1084,47 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			ProjectId: creteProjectResp.GetProject().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			ProjectId: creteProjectResp.Msg.GetProject().GetId(),
 			UsageId:   usageID,
 			Amount:    5,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check balance
-		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(beforeBalance, getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(beforeBalance, getBalanceResp.Msg.GetBalance().GetAmount())
 	})
 	s.Run("10. allow customer overdraft if set", func() {
 		// check balance
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		beforeBalance := getBalanceResp.GetBalance().GetAmount()
+		beforeBalance := getBalanceResp.Msg.GetBalance().GetAmount()
 
 		// set limit to -20
-		_, err = s.testBench.AdminClient.UpdateBillingAccountLimits(ctxOrgAdminAuth, &frontierv1beta1.UpdateBillingAccountLimitsRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			Id:        createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.UpdateBillingAccountLimits(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateBillingAccountLimitsRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			Id:        createBillingResp.Msg.GetBillingAccount().GetId(),
 			CreditMin: -20,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		usageID := uuid.New().String()
 		// go overdraft
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			ProjectId: creteProjectResp.GetProject().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			ProjectId: creteProjectResp.Msg.GetProject().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          usageID,
@@ -1122,20 +1137,21 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check balance
-		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(int64(-10), getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(int64(-10), getBalanceResp.Msg.GetBalance().GetAmount())
 
 		// can't go over overdraft
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			ProjectId: creteProjectResp.GetProject().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			ProjectId: creteProjectResp.Msg.GetProject().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          uuid.NewString(),
@@ -1148,42 +1164,43 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().ErrorContains(err, credit.ErrInsufficientCredits.Error())
 
 		// revert usage
-		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.RevertBillingUsageRequest{
-			ProjectId: creteProjectResp.GetProject().GetId(),
+		_, err = s.testBench.AdminClient.RevertBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RevertBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			ProjectId: creteProjectResp.Msg.GetProject().GetId(),
 			UsageId:   usageID,
 			Amount:    beforeBalance + 10,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// reset limit
-		_, err = s.testBench.AdminClient.UpdateBillingAccountLimits(ctxOrgAdminAuth, &frontierv1beta1.UpdateBillingAccountLimitsRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			Id:        createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.UpdateBillingAccountLimits(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateBillingAccountLimitsRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			Id:        createBillingResp.Msg.GetBillingAccount().GetId(),
 			CreditMin: 0,
-		})
+		}))
 		s.Assert().NoError(err)
 	})
 	s.Run("11. check for concurrent transactions", func() {
 		// check initial balance
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		beforeBalance := getBalanceResp.GetBalance().GetAmount()
+		beforeBalance := getBalanceResp.Msg.GetBalance().GetAmount()
 
 		// Create multiple concurrent usage requests
 		numRequests := 20
 		errChan := make(chan error, numRequests)
 		for i := 0; i < numRequests; i++ {
 			go func() {
-				_, err := s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-					OrgId:     createOrgResp.GetOrganization().GetId(),
-					BillingId: createBillingResp.GetBillingAccount().GetId(),
+				_, err := s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+					OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+					BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 					Usages: []*frontierv1beta1.Usage{
 						{
 							Id:     uuid.New().String(),
@@ -1192,7 +1209,7 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 							UserId: testUserID,
 						},
 					},
-				})
+				}))
 				errChan <- err
 			}()
 		}
@@ -1209,44 +1226,42 @@ func (s *BillingRegressionTestSuite) TestUsageAPI() {
 		}
 
 		// Verify final balance
-		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
 
 		// Verify the balance was deducted exactly by successful transactions amount
 		expectedBalance := beforeBalance - int64(successCount*2)
-		s.Assert().Equal(expectedBalance, getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(expectedBalance, getBalanceResp.Msg.GetBalance().GetAmount())
 	})
 }
 
 func (s *BillingRegressionTestSuite) TestInvoiceAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	// create dummy org
-	createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+	createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 		Body: &frontierv1beta1.OrganizationRequestBody{
 			Name: "org-invoice-1",
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 
-	creteProjectResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+	creteProjectResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 		Body: &frontierv1beta1.ProjectRequestBody{
 			Name:  "project-invoice-1",
 			Title: "Project Usage 1",
-			OrgId: createOrgResp.GetOrganization().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 		},
-	})
+	}))
 	s.Assert().NoError(err)
-	s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.GetOrganization().GetId())
+	s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.Msg.GetOrganization().GetId())
 
 	// create dummy billing customer
-	createBillingResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingAccountRequest{
-		OrgId: createOrgResp.GetOrganization().GetId(),
+	createBillingResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingAccountRequest{
+		OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 		Body: &frontierv1beta1.BillingAccountRequestBody{
 			Email:    "test@frontier-example.com",
 			Currency: "usd",
@@ -1258,32 +1273,33 @@ func (s *BillingRegressionTestSuite) TestInvoiceAPI() {
 				State: "CA",
 			},
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 
 	// set limit for overdraft
-	_, err = s.testBench.AdminClient.UpdateBillingAccountDetails(ctxOrgAdminAuth, &frontierv1beta1.UpdateBillingAccountDetailsRequest{
-		OrgId:     createOrgResp.GetOrganization().GetId(),
-		Id:        createBillingResp.GetBillingAccount().GetId(),
+	_, err = s.testBench.AdminClient.UpdateBillingAccountDetails(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateBillingAccountDetailsRequest{
+		OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+		Id:        createBillingResp.Msg.GetBillingAccount().GetId(),
 		CreditMin: -500,
 		DueInDays: 0,
-	})
+	}))
 	s.Assert().NoError(err)
 
 	testUserID := uuid.New().String()
 	s.Run("1. generate invoice for overdraft credits on demand", func() {
 		// check balance
-		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err := s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		beforeBalance := getBalanceResp.GetBalance().GetAmount()
+		beforeBalance := getBalanceResp.Msg.GetBalance().GetAmount()
 		s.Assert().Equal(int64(0), beforeBalance)
 
 		// go overdraft
-		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingUsageRequest{
-			ProjectId: creteProjectResp.GetProject().GetId(),
+		_, err = s.testBench.Client.CreateBillingUsage(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingUsageRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			ProjectId: creteProjectResp.Msg.GetProject().GetId(),
 			Usages: []*frontierv1beta1.Usage{
 				{
 					Id:          uuid.New().String(),
@@ -1306,30 +1322,30 @@ func (s *BillingRegressionTestSuite) TestInvoiceAPI() {
 					})),
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check balance after overdraft
-		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, &frontierv1beta1.GetBillingBalanceRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-			Id:    createBillingResp.GetBillingAccount().GetId(),
-		})
+		getBalanceResp, err = s.testBench.Client.GetBillingBalance(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetBillingBalanceRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+			Id:    createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(int64(-80), getBalanceResp.GetBalance().GetAmount())
+		s.Assert().Equal(int64(-80), getBalanceResp.Msg.GetBalance().GetAmount())
 
 		// trigger invoice generation
-		_, err = s.testBench.AdminClient.GenerateInvoices(ctxOrgAdminAuth, &frontierv1beta1.GenerateInvoicesRequest{})
+		_, err = s.testBench.AdminClient.GenerateInvoices(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GenerateInvoicesRequest{}))
 		s.Assert().NoError(err)
 
 		// check created invoices for the customer
-		listInvoicesResp, err := s.testBench.Client.ListInvoices(ctxOrgAdminAuth, &frontierv1beta1.ListInvoicesRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
-		})
-		s.Assert().NoError(err)
-		s.Assert().Len(listInvoicesResp.GetInvoices(), 1)
-		inv := listInvoicesResp.GetInvoices()[0]
-		s.Assert().Equal(createBillingResp.GetBillingAccount().GetId(), inv.GetCustomerId())
+		listInvoicesResp, err := s.testBench.Client.ListInvoices(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListInvoicesRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
+		}))
+		s.Assert().NoError(err)
+		s.Assert().Len(listInvoicesResp.Msg.GetInvoices(), 1)
+		inv := listInvoicesResp.Msg.GetInvoices()[0]
+		s.Assert().Equal(createBillingResp.Msg.GetBillingAccount().GetId(), inv.GetCustomerId())
 		s.Assert().Equal("usd", inv.GetCurrency())
 		// can't assert amount as it's calculated based on usage and plan
 		// can't test re-triggering as stripe mock doesn't return current line items
@@ -1337,29 +1353,27 @@ func (s *BillingRegressionTestSuite) TestInvoiceAPI() {
 }
 
 func (s *BillingRegressionTestSuite) TestCheckFeatureEntitlementAPI() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	// create dummy org
-	createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+	createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 		Body: &frontierv1beta1.OrganizationRequestBody{
 			Name: "org-entitlement-1",
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 
 	// create dummy project
-	createProjResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+	_, err = s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 		Body: &frontierv1beta1.ProjectRequestBody{
 			Name:  "project-entitlement-1",
-			OrgId: createOrgResp.GetOrganization().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 		},
-	})
+	}))
 	s.Assert().NoError(err)
-	s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.GetOrganization().GetId())
+	s.disableExistingBillingAccounts(ctxOrgAdminAuth, createOrgResp.Msg.GetOrganization().GetId())
 
-	createPlanResp, err := s.testBench.Client.CreatePlan(ctxOrgAdminAuth, &frontierv1beta1.CreatePlanRequest{
+	createPlanResp, err := s.testBench.Client.CreatePlan(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePlanRequest{
 		Body: &frontierv1beta1.PlanRequestBody{
 			Name:        "test-plan-entitlement-1",
 			Title:       "Test Plan 1",
@@ -1385,12 +1399,12 @@ func (s *BillingRegressionTestSuite) TestCheckFeatureEntitlementAPI() {
 				},
 			},
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 
 	// create dummy billing customer
-	createBillingResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.CreateBillingAccountRequest{
-		OrgId: createOrgResp.GetOrganization().GetId(),
+	createBillingResp, err := s.testBench.Client.CreateBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateBillingAccountRequest{
+		OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 		Body: &frontierv1beta1.BillingAccountRequestBody{
 			Email:    "test@frontier-example.com",
 			Currency: "usd",
@@ -1402,58 +1416,59 @@ func (s *BillingRegressionTestSuite) TestCheckFeatureEntitlementAPI() {
 				State: "CA",
 			},
 		},
-	})
+	}))
 	s.Assert().NoError(err)
 
 	s.Run("1. should return a org is not entitled to feature if not subscribed", func() {
-		status, err := s.testBench.Client.CheckFeatureEntitlement(ctxOrgAdminAuth, &frontierv1beta1.CheckFeatureEntitlementRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		status, err := s.testBench.Client.CheckFeatureEntitlement(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFeatureEntitlementRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			Feature:   "test-feature-entitlement-1",
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(status.GetStatus())
+		s.Assert().False(status.Msg.GetStatus())
 	})
 	s.Run("2. should return the org is entitled to feature correctly", func() {
-		_, err = s.testBench.AdminClient.DelegatedCheckout(ctxOrgAdminAuth, &frontierv1beta1.DelegatedCheckoutRequest{
-			OrgId:     createOrgResp.GetOrganization().GetId(),
-			BillingId: createBillingResp.GetBillingAccount().GetId(),
+		_, err = s.testBench.AdminClient.DelegatedCheckout(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.DelegatedCheckoutRequest{
+			OrgId:     createOrgResp.Msg.GetOrganization().GetId(),
+			BillingId: createBillingResp.Msg.GetBillingAccount().GetId(),
 			SubscriptionBody: &frontierv1beta1.CheckoutSubscriptionBody{
-				Plan: createPlanResp.GetPlan().GetId(),
+				Plan: createPlanResp.Msg.GetPlan().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		status, err := s.testBench.Client.CheckFeatureEntitlement(ctxOrgAdminAuth, &frontierv1beta1.CheckFeatureEntitlementRequest{
-			OrgId:   createOrgResp.GetOrganization().GetId(),
+		status, err := s.testBench.Client.CheckFeatureEntitlement(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFeatureEntitlementRequest{
+			OrgId:   createOrgResp.Msg.GetOrganization().GetId(),
 			Feature: "test-feature-entitlement-1",
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(status.GetStatus())
+		s.Assert().True(status.Msg.GetStatus())
 
-		// should infer org and billing account automatically
-		status, err = s.testBench.Client.CheckFeatureEntitlement(ctxOrgAdminAuth, &frontierv1beta1.CheckFeatureEntitlementRequest{
-			ProjectId: createProjResp.GetProject().GetId(),
-			Feature:   "test-feature-entitlement-1",
-		})
+		// should also work with org_id directly
+		status, err = s.testBench.Client.CheckFeatureEntitlement(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CheckFeatureEntitlementRequest{
+			OrgId:   createOrgResp.Msg.GetOrganization().GetId(),
+			Feature: "test-feature-entitlement-1",
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(status.GetStatus())
+		s.Assert().True(status.Msg.GetStatus())
 	})
 }
 
 func (s *BillingRegressionTestSuite) TestBillingWebhookCallbackAPI() {
-	ctxStripeHeader := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+	ctxStripeHeader := testbench.ContextWithHeaders(context.Background(), map[string]string{
 		"Stripe-Signature": "invalid-signature",
-	}))
+	})
 	s.Run("1. shouldn fail to accept a webhook with invalid signatures", func() {
 		stripeEvent := stripe.Event{}
 		eventBytes, err := json.Marshal(stripeEvent)
 		s.Assert().NoError(err)
-		_, err = s.testBench.Client.BillingWebhookCallback(ctxStripeHeader, &frontierv1beta1.BillingWebhookCallbackRequest{
+		_, err = s.testBench.Client.BillingWebhookCallback(ctxStripeHeader, connect.NewRequest(&frontierv1beta1.BillingWebhookCallbackRequest{
 			Provider: "stripe",
 			Body:     eventBytes,
-		})
-		s.Assert().ErrorContains(err, "webhook has invalid Stripe-Signature header")
+		}))
+		s.Assert().Error(err)
+		s.Assert().Equal(connect.CodeInternal, connect.CodeOf(err))
 	})
 }
 
@@ -1474,20 +1489,20 @@ func (s *BillingRegressionTestSuite) disableExistingBillingAccounts(ctxOrgAdminA
 	var billingAccounts []*frontierv1beta1.BillingAccount
 	// wait for billing account to be created
 	s.Assert().Eventually(func() bool {
-		listCustomersResp, err := s.testBench.Client.ListBillingAccounts(ctxOrgAdminAuth, &frontierv1beta1.ListBillingAccountsRequest{
+		listCustomersResp, err := s.testBench.Client.ListBillingAccounts(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListBillingAccountsRequest{
 			OrgId: orgID,
-		})
+		}))
 		s.Assert().NoError(err)
-		billingAccounts = listCustomersResp.GetBillingAccounts()
+		billingAccounts = listCustomersResp.Msg.GetBillingAccounts()
 		return len(billingAccounts) > 0
 	}, 2*time.Second, time.Millisecond*20)
 
 	// disable existing billing account
 	for _, billingAccount := range billingAccounts {
-		_, err := s.testBench.Client.DisableBillingAccount(ctxOrgAdminAuth, &frontierv1beta1.DisableBillingAccountRequest{
+		_, err := s.testBench.Client.DisableBillingAccount(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.DisableBillingAccountRequest{
 			OrgId: orgID,
 			Id:    billingAccount.GetId(),
-		})
+		}))
 		s.Assert().NoError(err)
 	}
 }
diff --git a/test/e2e/regression/onboarding_test.go b/test/e2e/regression/onboarding_test.go
index da5046145..a43f14e89 100644
--- a/test/e2e/regression/onboarding_test.go
+++ b/test/e2e/regression/onboarding_test.go
@@ -5,23 +5,27 @@ import (
 	"os"
 	"path"
 	"testing"
+	"time"
 
+	"github.com/raystack/frontier/core/authenticate"
+	testusers "github.com/raystack/frontier/core/authenticate/test_users"
 	"github.com/raystack/frontier/pkg/server"
 
 	"github.com/raystack/frontier/internal/bootstrap/schema"
 
+	"connectrpc.com/connect"
 	"github.com/raystack/frontier/config"
 	"github.com/raystack/frontier/pkg/logger"
 	frontierv1beta1 "github.com/raystack/frontier/proto/v1beta1"
 	"github.com/raystack/frontier/test/e2e/testbench"
 	"github.com/stretchr/testify/suite"
-	"google.golang.org/grpc/metadata"
 	"google.golang.org/protobuf/types/known/structpb"
 )
 
 type OnboardingRegressionTestSuite struct {
 	suite.Suite
-	testBench *testbench.TestBench
+	testBench   *testbench.TestBench
+	adminCookie string
 }
 
 func (s *OnboardingRegressionTestSuite) SetupSuite() {
@@ -33,21 +37,36 @@ func (s *OnboardingRegressionTestSuite) SetupSuite() {
 	s.Require().NoError(err)
 	grpcPort, err := testbench.GetFreePort()
 	s.Require().NoError(err)
+	connectPort, err := testbench.GetFreePort()
+	s.Require().NoError(err)
 
 	appConfig := &config.Frontier{
 		Log: logger.Config{
 			Level: "error",
 		},
 		App: server.Config{
-			Host: "localhost",
-			Port: apiPort,
+			Host:    "localhost",
+			Port:    apiPort,
+			Connect: server.ConnectConfig{Port: connectPort},
 			GRPC: server.GRPCConfig{
 				Port:           grpcPort,
 				MaxRecvMsgSize: 2 << 10,
 				MaxSendMsgSize: 2 << 10,
 			},
-			IdentityProxyHeader: testbench.IdentityHeader,
 			ResourcesConfigPath: path.Join(testDataPath, "resource"),
+			Authentication: authenticate.Config{
+				Session: authenticate.SessionConfig{
+					HashSecretKey:  "hash-secret-should-be-32-chars--",
+					BlockSecretKey: "hash-secret-should-be-32-chars--",
+					Validity:       time.Hour,
+				},
+				MailOTP: authenticate.MailOTPConfig{
+					Subject:  "{{.Otp}}",
+					Body:     "{{.Otp}}",
+					Validity: 10 * time.Minute,
+				},
+				TestUsers: testusers.Config{Enabled: true, Domain: "raystack.org", OTP: testbench.TestOTP},
+			},
 		},
 	}
 
@@ -55,10 +74,15 @@ func (s *OnboardingRegressionTestSuite) SetupSuite() {
 	s.Require().NoError(err)
 
 	ctx := context.Background()
-	s.Require().NoError(testbench.BootstrapUsers(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapOrganizations(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapProject(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapGroup(ctx, s.testBench.Client, testbench.OrgAdminEmail))
+
+	adminCookie, err := testbench.AuthenticateUser(ctx, s.testBench.Client, testbench.OrgAdminEmail)
+	s.Require().NoError(err)
+	s.adminCookie = adminCookie
+
+	s.Require().NoError(testbench.BootstrapUsers(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapOrganizations(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapProject(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapGroup(ctx, s.testBench.Client, adminCookie))
 }
 
 func (s *OnboardingRegressionTestSuite) TearDownSuite() {
@@ -67,20 +91,17 @@ func (s *OnboardingRegressionTestSuite) TearDownSuite() {
 }
 
 func (s *OnboardingRegressionTestSuite) TestOnboardOrganizationWithUser() {
-	ctx := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctx := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	var orgID = ""
 	var projectID = ""
 	var adminID = ""
 	var newUserID = ""
-	var newUserEmail = ""
 	var resourceID = ""
 	var roleToLookFor = "app_project_owner"
 	var roleID = ""
 	s.Run("1. a user should successfully create a new org and become its admin", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctx, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctx, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Title: "org acme 1",
 				Name:  "org-acme-1",
@@ -90,20 +111,20 @@ func (s *OnboardingRegressionTestSuite) TestOnboardOrganizationWithUser() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		orgID = createOrgResp.GetOrganization().GetId()
+		orgID = createOrgResp.Msg.GetOrganization().GetId()
 
-		orgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctx, &frontierv1beta1.ListOrganizationUsersRequest{
+		orgUsersResp, err := s.testBench.Client.ListOrganizationUsers(ctx, connect.NewRequest(&frontierv1beta1.ListOrganizationUsersRequest{
 			Id: orgID,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(1, len(orgUsersResp.GetUsers()))
-		s.Assert().Equal(testbench.OrgAdminEmail, orgUsersResp.GetUsers()[0].GetEmail())
-		adminID = orgUsersResp.GetUsers()[0].GetId()
+		s.Assert().Equal(1, len(orgUsersResp.Msg.GetUsers()))
+		s.Assert().Equal(testbench.OrgAdminEmail, orgUsersResp.Msg.GetUsers()[0].GetEmail())
+		adminID = orgUsersResp.Msg.GetUsers()[0].GetId()
 	})
 	s.Run("2. org admin should be able to create a new project", func() {
-		projResponse, err := s.testBench.Client.CreateProject(ctx, &frontierv1beta1.CreateProjectRequest{
+		projResponse, err := s.testBench.Client.CreateProject(ctx, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "new-project",
 				OrgId: orgID,
@@ -113,211 +134,202 @@ func (s *OnboardingRegressionTestSuite) TestOnboardOrganizationWithUser() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		projectID = projResponse.GetProject().GetId()
+		projectID = projResponse.Msg.GetProject().GetId()
 	})
 	s.Run("3. org admin should be able to create a new resource inside project", func() {
-		createResourceResp, err := s.testBench.Client.CreateProjectResource(ctx, &frontierv1beta1.CreateProjectResourceRequest{
+		createResourceResp, err := s.testBench.Client.CreateProjectResource(ctx, connect.NewRequest(&frontierv1beta1.CreateProjectResourceRequest{
 			ProjectId: projectID,
 			Body: &frontierv1beta1.ResourceRequestBody{
 				Name:      "res-1",
 				Namespace: computeOrderNamespace,
 				Principal: adminID,
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createResourceResp)
-		resourceID = createResourceResp.GetResource().GetId()
+		resourceID = createResourceResp.Msg.GetResource().GetId()
 	})
 	s.Run("4. org admin should have access to the resource created", func() {
-		createResourceResp, err := s.testBench.Client.CheckResourcePermission(ctx, &frontierv1beta1.CheckResourcePermissionRequest{
+		createResourceResp, err := s.testBench.Client.CheckResourcePermission(ctx, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
 			ObjectId:        resourceID,
 			ObjectNamespace: computeOrderNamespace,
 			Permission:      schema.UpdatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createResourceResp)
-		s.Assert().True(createResourceResp.GetStatus())
+		s.Assert().True(createResourceResp.Msg.GetStatus())
 	})
 	s.Run("5. list all predefined roles/permissions successfully", func() {
-		listRolesResp, err := s.testBench.Client.ListRoles(ctx, &frontierv1beta1.ListRolesRequest{})
+		listRolesResp, err := s.testBench.Client.ListRoles(ctx, connect.NewRequest(&frontierv1beta1.ListRolesRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listRolesResp)
-		s.Assert().Len(listRolesResp.GetRoles(), 13)
-		for _, r := range listRolesResp.GetRoles() {
+		s.Assert().Len(listRolesResp.Msg.GetRoles(), 13)
+		for _, r := range listRolesResp.Msg.GetRoles() {
 			if r.GetName() == roleToLookFor {
 				roleID = r.GetId()
 			}
 		}
 
-		listPermissionsResp, err := s.testBench.Client.ListPermissions(ctx, &frontierv1beta1.ListPermissionsRequest{})
+		listPermissionsResp, err := s.testBench.Client.ListPermissions(ctx, connect.NewRequest(&frontierv1beta1.ListPermissionsRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listPermissionsResp)
-		s.Assert().Len(listPermissionsResp.GetPermissions(), 33)
+		s.Assert().Len(listPermissionsResp.Msg.GetPermissions(), 33)
 	})
 	s.Run("6. creating role with bad body should fail", func() {
-		_, err := s.testBench.Client.CreateOrganizationRole(ctx, &frontierv1beta1.CreateOrganizationRoleRequest{
-			OrgId: orgID,
-			Body: &frontierv1beta1.RoleRequestBody{
-				Name:        "should-fail-without-permission",
-				Permissions: nil,
-			},
-		})
-		s.Assert().Error(err)
-
-		_, err = s.testBench.Client.CreateOrganizationRole(ctx, &frontierv1beta1.CreateOrganizationRoleRequest{
+		_, err := s.testBench.Client.CreateOrganizationRole(ctx, connect.NewRequest(&frontierv1beta1.CreateOrganizationRoleRequest{
 			OrgId: orgID,
 			Body: &frontierv1beta1.RoleRequestBody{
 				Name:        "should-fail",
 				Permissions: []string{"unknown-permission"},
 			},
-		})
+		}))
 		s.Assert().Error(err)
 	})
 	s.Run("7. list all custom roles successfully", func() {
-		createRoleResp, err := s.testBench.Client.CreateOrganizationRole(ctx, &frontierv1beta1.CreateOrganizationRoleRequest{
+		createRoleResp, err := s.testBench.Client.CreateOrganizationRole(ctx, connect.NewRequest(&frontierv1beta1.CreateOrganizationRoleRequest{
 			OrgId: orgID,
 			Body: &frontierv1beta1.RoleRequestBody{
 				Name:        "something_owner",
 				Permissions: []string{"app_organization_get"},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createRoleResp)
 
-		listRolesResp, err := s.testBench.Client.ListOrganizationRoles(ctx, &frontierv1beta1.ListOrganizationRolesRequest{
+		listRolesResp, err := s.testBench.Client.ListOrganizationRoles(ctx, connect.NewRequest(&frontierv1beta1.ListOrganizationRolesRequest{
 			OrgId: orgID,
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listRolesResp)
-		s.Assert().Len(listRolesResp.GetRoles(), 1)
+		s.Assert().Len(listRolesResp.Msg.GetRoles(), 1)
 	})
 	s.Run("8. create a new user and create a policy to make it a project manager", func() {
-		createUserResp, err := s.testBench.Client.CreateUser(ctx, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctx, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user for org 1",
 				Email: "user-1-for-org-1@raystack.org",
 				Name:  "user_1_for_org_1_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createUserResp)
-		newUserID = createUserResp.GetUser().GetId()
-		newUserEmail = createUserResp.GetUser().GetEmail()
+		newUserID = createUserResp.Msg.GetUser().GetId()
 
 		// make user member of the org
-		_, err = s.testBench.Client.AddOrganizationUsers(ctx, &frontierv1beta1.AddOrganizationUsersRequest{
+		_, err = s.testBench.Client.AddOrganizationUsers(ctx, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
 			Id:      orgID,
 			UserIds: []string{newUserID},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// assign new user as project admin
-		createPolicyResp, err := s.testBench.Client.CreatePolicy(ctx, &frontierv1beta1.CreatePolicyRequest{Body: &frontierv1beta1.PolicyRequestBody{
+		createPolicyResp, err := s.testBench.Client.CreatePolicy(ctx, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{Body: &frontierv1beta1.PolicyRequestBody{
 			RoleId:    roleID,
 			Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, projectID),
 			Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, newUserID),
-		}})
+		}}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createPolicyResp)
 	})
 	s.Run("9. new user should have access to that project it is managing and all of its resources", func() {
-		userCtx := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: newUserEmail,
-		}))
+		newUserCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, "user-1-for-org-1@raystack.org")
+		s.Require().NoError(err)
+		userCtx := testbench.ContextWithAuth(context.Background(), newUserCookie)
 
-		checkUpdateProjectResp, err := s.testBench.Client.CheckResourcePermission(userCtx, &frontierv1beta1.CheckResourcePermissionRequest{
+		checkUpdateProjectResp, err := s.testBench.Client.CheckResourcePermission(userCtx, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
 			ObjectId:        projectID,
 			ObjectNamespace: schema.ProjectNamespace,
 			Permission:      schema.UpdatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(checkUpdateProjectResp)
-		s.Assert().True(checkUpdateProjectResp.GetStatus())
+		s.Assert().True(checkUpdateProjectResp.Msg.GetStatus())
 
 		// resources under the project
-		checkUpdateResourceResp, err := s.testBench.Client.CheckResourcePermission(userCtx, &frontierv1beta1.CheckResourcePermissionRequest{
+		checkUpdateResourceResp, err := s.testBench.Client.CheckResourcePermission(userCtx, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
 			ObjectId:        resourceID,
 			ObjectNamespace: computeOrderNamespace,
 			Permission:      schema.UpdatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(checkUpdateResourceResp)
-		s.Assert().True(checkUpdateResourceResp.GetStatus())
+		s.Assert().True(checkUpdateResourceResp.Msg.GetStatus())
 	})
 	s.Run("10. new user should not have access to update the parent organization it is part of", func() {
-		userCtx := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: newUserEmail,
-		}))
-		checkUpdateOrgResp, err := s.testBench.Client.CheckResourcePermission(userCtx, &frontierv1beta1.CheckResourcePermissionRequest{
+		newUserCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, "user-1-for-org-1@raystack.org")
+		s.Require().NoError(err)
+		userCtx := testbench.ContextWithAuth(context.Background(), newUserCookie)
+
+		checkUpdateOrgResp, err := s.testBench.Client.CheckResourcePermission(userCtx, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
 			ObjectId:        orgID,
 			ObjectNamespace: schema.OrganizationNamespace,
 			Permission:      schema.UpdatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(checkUpdateOrgResp)
-		s.Assert().False(checkUpdateOrgResp.GetStatus())
+		s.Assert().False(checkUpdateOrgResp.Msg.GetStatus())
 	})
 	s.Run("11. a role assigned at org level for a resource should have access across projects", func() {
-		createUserResp, err := s.testBench.Client.CreateUser(ctx, &frontierv1beta1.CreateUserRequest{
+		createUserResp, err := s.testBench.Client.CreateUser(ctx, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: &frontierv1beta1.UserRequestBody{
 				Title: "new user for org 1",
 				Email: "user-2-for-org-1@raystack.org",
 				Name:  "user_2_for_org_1_raystack_io",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createUserResp)
 
 		// make user member of the org
-		_, err = s.testBench.Client.AddOrganizationUsers(ctx, &frontierv1beta1.AddOrganizationUsersRequest{
+		_, err = s.testBench.Client.AddOrganizationUsers(ctx, connect.NewRequest(&frontierv1beta1.AddOrganizationUsersRequest{
 			Id:      orgID,
-			UserIds: []string{createUserResp.GetUser().GetId()},
-		})
+			UserIds: []string{createUserResp.Msg.GetUser().GetId()},
+		}))
 		s.Assert().NoError(err)
 
 		resourceViewerRole := ""
-		listRolesResp, err := s.testBench.Client.ListRoles(ctx, &frontierv1beta1.ListRolesRequest{})
+		listRolesResp, err := s.testBench.Client.ListRoles(ctx, connect.NewRequest(&frontierv1beta1.ListRolesRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listRolesResp)
-		for _, r := range listRolesResp.GetRoles() {
+		for _, r := range listRolesResp.Msg.GetRoles() {
 			if r.GetName() == computeViewerRoleName {
 				resourceViewerRole = r.GetId()
 			}
 		}
 
 		// assign new user resource role across org
-		createPolicyResp, err := s.testBench.Client.CreatePolicy(ctx, &frontierv1beta1.CreatePolicyRequest{Body: &frontierv1beta1.PolicyRequestBody{
+		createPolicyResp, err := s.testBench.Client.CreatePolicy(ctx, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{Body: &frontierv1beta1.PolicyRequestBody{
 			RoleId:    resourceViewerRole,
 			Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, orgID),
-			Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.GetUser().GetId()),
-		}})
+			Principal: schema.JoinNamespaceAndResourceID(schema.UserPrincipal, createUserResp.Msg.GetUser().GetId()),
+		}}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createPolicyResp)
 
 		// items under the org > project > resources
-		userCtx := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: createUserResp.GetUser().GetEmail(),
-		}))
+		newUserCookie, err := testbench.AuthenticateUser(context.Background(), s.testBench.Client, createUserResp.Msg.GetUser().GetEmail())
+		s.Require().NoError(err)
+		userCtx := testbench.ContextWithAuth(context.Background(), newUserCookie)
 
-		checkGetResourceResp, err := s.testBench.Client.CheckResourcePermission(userCtx, &frontierv1beta1.CheckResourcePermissionRequest{
+		checkGetResourceResp, err := s.testBench.Client.CheckResourcePermission(userCtx, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
 			ObjectId:        resourceID,
 			ObjectNamespace: computeOrderNamespace,
 			Permission:      schema.GetPermission,
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(checkGetResourceResp)
-		s.Assert().True(checkGetResourceResp.GetStatus())
+		s.Assert().True(checkGetResourceResp.Msg.GetStatus())
 
-		checkUpdateResourceResp, err := s.testBench.Client.CheckResourcePermission(userCtx, &frontierv1beta1.CheckResourcePermissionRequest{
+		checkUpdateResourceResp, err := s.testBench.Client.CheckResourcePermission(userCtx, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
 			ObjectId:        resourceID,
 			ObjectNamespace: computeOrderNamespace,
 			Permission:      schema.UpdatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(checkUpdateResourceResp)
-		s.Assert().False(checkUpdateResourceResp.GetStatus())
+		s.Assert().False(checkUpdateResourceResp.Msg.GetStatus())
 	})
 }
 
diff --git a/test/e2e/regression/passthrough_header_test.go b/test/e2e/regression/passthrough_header_test.go
deleted file mode 100644
index 6d355ff34..000000000
--- a/test/e2e/regression/passthrough_header_test.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package e2e_test
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"os"
-	"path"
-	"testing"
-
-	"github.com/raystack/frontier/core/authenticate"
-	"github.com/raystack/frontier/pkg/server"
-	frontierv1beta1 "github.com/raystack/frontier/proto/v1beta1"
-	"google.golang.org/grpc/metadata"
-
-	"github.com/raystack/frontier/config"
-	"github.com/raystack/frontier/pkg/logger"
-	"github.com/raystack/frontier/test/e2e/testbench"
-	"github.com/stretchr/testify/suite"
-)
-
-type PassthroughEmailRegressionTestSuite struct {
-	suite.Suite
-	testBench *testbench.TestBench
-	apiPort   int
-}
-
-func (s *PassthroughEmailRegressionTestSuite) SetupSuite() {
-	wd, err := os.Getwd()
-	s.Require().Nil(err)
-	testDataPath := path.Join("file://", wd, fixturesDir)
-
-	apiPort, err := testbench.GetFreePort()
-	s.Require().NoError(err)
-	grpcPort, err := testbench.GetFreePort()
-	s.Require().NoError(err)
-	s.apiPort = apiPort
-
-	appConfig := &config.Frontier{
-		Log: logger.Config{
-			Level: "error",
-		},
-		App: server.Config{
-			Host: "localhost",
-			Port: apiPort,
-			GRPC: server.GRPCConfig{
-				Port:           grpcPort,
-				MaxRecvMsgSize: 2 << 10,
-				MaxSendMsgSize: 2 << 10,
-			},
-			ResourcesConfigPath: path.Join(testDataPath, "resource"),
-			Authentication: authenticate.Config{
-				Session: authenticate.SessionConfig{
-					HashSecretKey:  "hash-secret-should-be-32-chars--",
-					BlockSecretKey: "hash-secret-should-be-32-chars--",
-				},
-				Token: authenticate.TokenConfig{
-					RSAPath: "testdata/jwks.json",
-					Issuer:  "frontier",
-				},
-			},
-		},
-	}
-
-	s.testBench, err = testbench.Init(appConfig)
-	s.Require().NoError(err)
-}
-
-func (s *PassthroughEmailRegressionTestSuite) TearDownSuite() {
-	err := s.testBench.Close()
-	s.Require().NoError(err)
-}
-
-func (s *PassthroughEmailRegressionTestSuite) TestWithoutHeader() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
-	s.Run("1. passing no context header should fail", func() {
-		ctx := context.Background()
-		_, err := s.testBench.Client.GetCurrentUser(ctx, &frontierv1beta1.GetCurrentUserRequest{})
-		s.Assert().Error(err)
-	})
-	s.Run("2. passing context with header should fail if not configured", func() {
-		_, err := s.testBench.Client.GetCurrentUser(ctxOrgAdminAuth, &frontierv1beta1.GetCurrentUserRequest{})
-		s.Assert().Error(err)
-	})
-	s.Run("3. passing context with header should fail if not configured", func() {
-		profileRequest, err := http.NewRequest(http.MethodGet, fmt.Sprintf("http://localhost:%d/v1beta1/users/self", s.apiPort), nil)
-		s.Assert().NoError(err)
-		profileRequest.Header.Set(testbench.IdentityHeader, testbench.OrgAdminEmail)
-
-		currentUserResp, err := http.DefaultClient.Do(profileRequest)
-		s.Assert().NoError(err)
-		s.Assert().Equal(http.StatusUnauthorized, currentUserResp.StatusCode)
-	})
-}
-
-func TestEndToEndPassthroughEmailRegressionTestSuite(t *testing.T) {
-	suite.Run(t, new(PassthroughEmailRegressionTestSuite))
-}
diff --git a/test/e2e/regression/service_registration_test.go b/test/e2e/regression/service_registration_test.go
index 0d3a45bf2..999f1e69f 100644
--- a/test/e2e/regression/service_registration_test.go
+++ b/test/e2e/regression/service_registration_test.go
@@ -5,11 +5,14 @@ import (
 	"os"
 	"path"
 	"testing"
+	"time"
 
+	"github.com/raystack/frontier/core/authenticate"
+	testusers "github.com/raystack/frontier/core/authenticate/test_users"
 	"github.com/raystack/frontier/pkg/server"
 
+	"connectrpc.com/connect"
 	frontierv1beta1 "github.com/raystack/frontier/proto/v1beta1"
-	"google.golang.org/grpc/metadata"
 	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/raystack/frontier/config"
@@ -20,7 +23,8 @@ import (
 
 type ServiceRegistrationRegressionTestSuite struct {
 	suite.Suite
-	testBench *testbench.TestBench
+	testBench   *testbench.TestBench
+	adminCookie string
 }
 
 func (s *ServiceRegistrationRegressionTestSuite) SetupSuite() {
@@ -32,21 +36,36 @@ func (s *ServiceRegistrationRegressionTestSuite) SetupSuite() {
 	s.Require().NoError(err)
 	grpcPort, err := testbench.GetFreePort()
 	s.Require().NoError(err)
+	connectPort, err := testbench.GetFreePort()
+	s.Require().NoError(err)
 
 	appConfig := &config.Frontier{
 		Log: logger.Config{
 			Level: "error",
 		},
 		App: server.Config{
-			Host: "localhost",
-			Port: apiPort,
+			Host:    "localhost",
+			Port:    apiPort,
+			Connect: server.ConnectConfig{Port: connectPort},
 			GRPC: server.GRPCConfig{
 				Port:           grpcPort,
 				MaxRecvMsgSize: 2 << 10,
 				MaxSendMsgSize: 2 << 10,
 			},
-			IdentityProxyHeader: testbench.IdentityHeader,
 			ResourcesConfigPath: path.Join(testDataPath, "resource"),
+			Authentication: authenticate.Config{
+				Session: authenticate.SessionConfig{
+					HashSecretKey:  "hash-secret-should-be-32-chars--",
+					BlockSecretKey: "hash-secret-should-be-32-chars--",
+					Validity:       time.Hour,
+				},
+				MailOTP: authenticate.MailOTPConfig{
+					Subject:  "{{.Otp}}",
+					Body:     "{{.Otp}}",
+					Validity: 10 * time.Minute,
+				},
+				TestUsers: testusers.Config{Enabled: true, Domain: "raystack.org", OTP: testbench.TestOTP},
+			},
 		},
 	}
 
@@ -54,10 +73,15 @@ func (s *ServiceRegistrationRegressionTestSuite) SetupSuite() {
 	s.Require().NoError(err)
 
 	ctx := context.Background()
-	s.Require().NoError(testbench.BootstrapUsers(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapOrganizations(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapProject(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapGroup(ctx, s.testBench.Client, testbench.OrgAdminEmail))
+
+	adminCookie, err := testbench.AuthenticateUser(ctx, s.testBench.Client, testbench.OrgAdminEmail)
+	s.Require().NoError(err)
+	s.adminCookie = adminCookie
+
+	s.Require().NoError(testbench.BootstrapUsers(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapOrganizations(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapProject(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapGroup(ctx, s.testBench.Client, adminCookie))
 }
 
 func (s *ServiceRegistrationRegressionTestSuite) TearDownSuite() {
@@ -66,12 +90,10 @@ func (s *ServiceRegistrationRegressionTestSuite) TearDownSuite() {
 }
 
 func (s *ServiceRegistrationRegressionTestSuite) TestServiceRegistration() {
-	ctx := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctx := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 
 	s.Run("1. register a new service with custom permissions", func() {
-		createPermResp, err := s.testBench.AdminClient.CreatePermission(ctx, &frontierv1beta1.CreatePermissionRequest{
+		createPermResp, err := s.testBench.AdminClient.CreatePermission(ctx, connect.NewRequest(&frontierv1beta1.CreatePermissionRequest{
 			Bodies: []*frontierv1beta1.PermissionRequestBody{
 				{
 					Name:      "get",
@@ -93,22 +115,22 @@ func (s *ServiceRegistrationRegressionTestSuite) TestServiceRegistration() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(3, len(createPermResp.GetPermissions()))
+		s.Assert().Equal(3, len(createPermResp.Msg.GetPermissions()))
 
-		listPermResp, err := s.testBench.Client.ListPermissions(ctx, &frontierv1beta1.ListPermissionsRequest{})
+		listPermResp, err := s.testBench.Client.ListPermissions(ctx, connect.NewRequest(&frontierv1beta1.ListPermissionsRequest{}))
 		s.Assert().NoError(err)
-		s.Assert().NotNil(listPermResp.GetPermissions())
+		s.Assert().NotNil(listPermResp.Msg.GetPermissions())
 		// check if list contains newly created permissions
-		for _, perm := range createPermResp.GetPermissions() {
-			s.Assert().Contains(listPermResp.GetPermissions(), perm)
+		for _, perm := range createPermResp.Msg.GetPermissions() {
+			s.Assert().Contains(listPermResp.Msg.GetPermissions(), perm)
 		}
 		// length of list should be greater than number of permissions created
-		s.Assert().GreaterOrEqual(len(listPermResp.GetPermissions()), len(createPermResp.GetPermissions()))
+		s.Assert().GreaterOrEqual(len(listPermResp.Msg.GetPermissions()), len(createPermResp.Msg.GetPermissions()))
 	})
 	s.Run("2. registering a new service should not remove existing permissions", func() {
-		createPermResp, err := s.testBench.AdminClient.CreatePermission(ctx, &frontierv1beta1.CreatePermissionRequest{
+		createPermResp, err := s.testBench.AdminClient.CreatePermission(ctx, connect.NewRequest(&frontierv1beta1.CreatePermissionRequest{
 			Bodies: []*frontierv1beta1.PermissionRequestBody{
 				{
 					Name:      "update",
@@ -125,21 +147,21 @@ func (s *ServiceRegistrationRegressionTestSuite) TestServiceRegistration() {
 					},
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Equal(2, len(createPermResp.GetPermissions()))
+		s.Assert().Equal(2, len(createPermResp.Msg.GetPermissions()))
 
-		listPermResp, err := s.testBench.Client.ListPermissions(ctx, &frontierv1beta1.ListPermissionsRequest{})
+		listPermResp, err := s.testBench.Client.ListPermissions(ctx, connect.NewRequest(&frontierv1beta1.ListPermissionsRequest{}))
 		s.Assert().NoError(err)
-		s.Assert().NotNil(listPermResp.GetPermissions())
+		s.Assert().NotNil(listPermResp.Msg.GetPermissions())
 		// check if list contains newly created permissions
-		for _, perm := range createPermResp.GetPermissions() {
-			s.Assert().Contains(listPermResp.GetPermissions(), perm)
+		for _, perm := range createPermResp.Msg.GetPermissions() {
+			s.Assert().Contains(listPermResp.Msg.GetPermissions(), perm)
 		}
 		// list should contain permissions created in previous step
 		var lastPermCount int
 		for _, perm := range []string{"get", "update", "delete"} {
-			for _, listPerm := range listPermResp.GetPermissions() {
+			for _, listPerm := range listPermResp.Msg.GetPermissions() {
 				if listPerm.GetName() == perm && listPerm.GetNamespace() == "database/instance" {
 					lastPermCount++
 				}
diff --git a/test/e2e/regression/serviceusers_test.go b/test/e2e/regression/serviceusers_test.go
index f66ccf3a0..161d44525 100644
--- a/test/e2e/regression/serviceusers_test.go
+++ b/test/e2e/regression/serviceusers_test.go
@@ -12,6 +12,7 @@ import (
 	"testing"
 	"time"
 
+	"connectrpc.com/connect"
 	"github.com/lestrrat-go/jwx/v2/jwt"
 
 	"github.com/lestrrat-go/jwx/v2/jwk"
@@ -19,9 +20,9 @@ import (
 	"github.com/raystack/frontier/pkg/server/consts"
 	"github.com/raystack/frontier/pkg/utils"
 	frontierv1beta1 "github.com/raystack/frontier/proto/v1beta1"
-	"google.golang.org/grpc/metadata"
 
 	"github.com/raystack/frontier/core/authenticate"
+	testusers "github.com/raystack/frontier/core/authenticate/test_users"
 	"github.com/raystack/frontier/pkg/server"
 
 	"github.com/raystack/frontier/config"
@@ -32,8 +33,9 @@ import (
 
 type ServiceUsersRegressionTestSuite struct {
 	suite.Suite
-	testBench *testbench.TestBench
-	apiPort   int
+	testBench   *testbench.TestBench
+	apiPort     int
+	adminCookie string
 }
 
 func (s *ServiceUsersRegressionTestSuite) SetupSuite() {
@@ -45,6 +47,8 @@ func (s *ServiceUsersRegressionTestSuite) SetupSuite() {
 	s.Require().NoError(err)
 	grpcPort, err := testbench.GetFreePort()
 	s.Require().NoError(err)
+	connectPort, err := testbench.GetFreePort()
+	s.Require().NoError(err)
 	s.apiPort = apiPort
 
 	appConfig := &config.Frontier{
@@ -52,24 +56,31 @@ func (s *ServiceUsersRegressionTestSuite) SetupSuite() {
 			Level: "error",
 		},
 		App: server.Config{
-			Host: "localhost",
-			Port: apiPort,
+			Host:    "localhost",
+			Connect: server.ConnectConfig{Port: connectPort},
+			Port:    apiPort,
 			GRPC: server.GRPCConfig{
 				Port:           grpcPort,
 				MaxRecvMsgSize: 2 << 10,
 				MaxSendMsgSize: 2 << 10,
 			},
-			IdentityProxyHeader: testbench.IdentityHeader,
 			ResourcesConfigPath: path.Join(testDataPath, "resource"),
 			Authentication: authenticate.Config{
 				Session: authenticate.SessionConfig{
 					HashSecretKey:  "hash-secret-should-be-32-chars--",
 					BlockSecretKey: "hash-secret-should-be-32-chars--",
+					Validity:       time.Hour,
 				},
 				Token: authenticate.TokenConfig{
 					RSAPath: "testdata/jwks.json",
 					Issuer:  "frontier",
 				},
+				MailOTP: authenticate.MailOTPConfig{
+					Subject:  "{{.Otp}}",
+					Body:     "{{.Otp}}",
+					Validity: 10 * time.Minute,
+				},
+				TestUsers: testusers.Config{Enabled: true, Domain: "raystack.org", OTP: testbench.TestOTP},
 			},
 		},
 	}
@@ -78,10 +89,15 @@ func (s *ServiceUsersRegressionTestSuite) SetupSuite() {
 	s.Require().NoError(err)
 
 	ctx := context.Background()
-	s.Require().NoError(testbench.BootstrapUsers(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapOrganizations(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapProject(ctx, s.testBench.Client, testbench.OrgAdminEmail))
-	s.Require().NoError(testbench.BootstrapGroup(ctx, s.testBench.Client, testbench.OrgAdminEmail))
+
+	adminCookie, err := testbench.AuthenticateUser(ctx, s.testBench.Client, testbench.OrgAdminEmail)
+	s.Require().NoError(err)
+	s.adminCookie = adminCookie
+
+	s.Require().NoError(testbench.BootstrapUsers(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapOrganizations(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapProject(ctx, s.testBench.Client, adminCookie))
+	s.Require().NoError(testbench.BootstrapGroup(ctx, s.testBench.Client, adminCookie))
 }
 
 func (s *ServiceUsersRegressionTestSuite) TearDownSuite() {
@@ -90,9 +106,7 @@ func (s *ServiceUsersRegressionTestSuite) TearDownSuite() {
 }
 
 func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithKey() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	/*
 		{
 		  "alg": "HS256",
@@ -111,24 +125,24 @@ func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithKey() {
 	var svUserKey *frontierv1beta1.KeyCredential
 	var svKeyToken []byte
 	s.Run("1. create a service user in an org and generate a key", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-sv-user-1",
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
-		createServiceUserJWKResp, err := s.testBench.Client.CreateServiceUserJWK(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserJWKRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		createServiceUserJWKResp, err := s.testBench.Client.CreateServiceUserJWK(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserJWKRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserJWKResp)
-		svUserKey = createServiceUserJWKResp.GetKey()
+		svUserKey = createServiceUserJWKResp.Msg.GetKey()
 
 		// generate a token out of key
 		rsaKey, err := jwk.ParseKey([]byte(svUserKey.GetPrivateKey()), jwk.WithPEM(true))
@@ -142,30 +156,30 @@ func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithKey() {
 		s.Assert().NotNil(svKeyToken)
 	})
 	s.Run("2. fetch current profile and ensure request is authenticated using service user key", func() {
-		ctxWithKey := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithKey := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Bearer " + string(svKeyToken),
-		}))
+		})
 
-		getCurrentUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithKey, &frontierv1beta1.GetCurrentUserRequest{})
+		getCurrentUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithKey, connect.NewRequest(&frontierv1beta1.GetCurrentUserRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getCurrentUserResp)
-		s.Assert().Equal(svUserKey.GetPrincipalId(), getCurrentUserResp.GetServiceuser().GetId())
+		s.Assert().Equal(svUserKey.GetPrincipalId(), getCurrentUserResp.Msg.GetServiceuser().GetId())
 	})
 	s.Run("3. ensure request is authenticated using service user key with user-token header", func() {
-		ctxWithKey := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithKey := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			consts.UserTokenRequestKey: string(svKeyToken),
-		}))
+		})
 
-		getCurrentUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithKey, &frontierv1beta1.GetCurrentUserRequest{})
+		getCurrentUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithKey, connect.NewRequest(&frontierv1beta1.GetCurrentUserRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getCurrentUserResp)
-		s.Assert().Equal(svUserKey.GetPrincipalId(), getCurrentUserResp.GetServiceuser().GetId())
+		s.Assert().Equal(svUserKey.GetPrincipalId(), getCurrentUserResp.Msg.GetServiceuser().GetId())
 	})
 	s.Run("4. passing invalid type of jwt should fail", func() {
-		ctx := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctx := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			consts.UserTokenRequestKey: sampleHMACJwt,
-		}))
-		_, err := s.testBench.Client.GetCurrentUser(ctx, &frontierv1beta1.GetCurrentUserRequest{})
+		})
+		_, err := s.testBench.Client.GetCurrentUser(ctx, connect.NewRequest(&frontierv1beta1.GetCurrentUserRequest{}))
 		s.Assert().Error(err)
 	})
 	s.Run("5. fetch current profile and pass additional headers via rest", func() {
@@ -179,110 +193,108 @@ func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithKey() {
 		s.Assert().NotNil(currentUserResp.Body)
 	})
 	s.Run("6. service user should be able to create an organization with full permission", func() {
-		_, err := s.testBench.Client.CreateOrganization(context.Background(), &frontierv1beta1.CreateOrganizationRequest{
+		_, err := s.testBench.Client.CreateOrganization(context.Background(), connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-su-test-1",
 			},
-		})
+		}))
 		s.Assert().Error(err)
 
-		ctxWithKey := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithKey := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Bearer " + string(svKeyToken),
-		}))
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxWithKey, &frontierv1beta1.CreateOrganizationRequest{
+		})
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxWithKey, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-su-test-1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createOrgResp)
 
-		checkPermResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey, &frontierv1beta1.CheckResourcePermissionRequest{
-			ObjectId:        createOrgResp.GetOrganization().GetId(),
+		checkPermResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			ObjectId:        createOrgResp.Msg.GetOrganization().GetId(),
 			ObjectNamespace: "organization",
 			Permission:      schema.UpdatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkPermResp.GetStatus())
+		s.Assert().True(checkPermResp.Msg.GetStatus())
 	})
 	s.Run("7. service user should be allowed to assign role", func() {
-		ctxWithKey := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithKey := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Bearer " + string(svKeyToken),
-		}))
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxWithKey, &frontierv1beta1.GetOrganizationRequest{
-			Id: "org-sv-user-1",
 		})
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxWithKey, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
+			Id: "org-sv-user-1",
+		}))
 		s.Assert().NoError(err)
 
 		// by default, it should not have any permission
-		checkPermResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID("organization", existingOrg.GetOrganization().GetId()),
+		checkPermResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID("organization", existingOrg.Msg.GetOrganization().GetId()),
 			Permission: schema.UpdatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkPermResp.GetStatus())
+		s.Assert().False(checkPermResp.Msg.GetStatus())
 
 		// assign role
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    schema.RoleOrganizationManager,
-				Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
 				Principal: schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, svUserKey.GetPrincipalId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		checkPermAfterResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey, &frontierv1beta1.CheckResourcePermissionRequest{
-			ObjectId:        existingOrg.GetOrganization().GetId(),
+		checkPermAfterResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			ObjectId:        existingOrg.Msg.GetOrganization().GetId(),
 			ObjectNamespace: "organization",
 			Permission:      schema.UpdatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkPermAfterResp.GetStatus())
+		s.Assert().True(checkPermAfterResp.Msg.GetStatus())
 	})
 	s.Run("8. a service account should not have access to modify another service account", func() {
-		ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			testbench.IdentityHeader: testbench.OrgAdminEmail,
-		}))
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-sv-user-1",
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// create another service user
-		createServiceUser2Resp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		createServiceUser2Resp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUser2Resp)
-		createServiceUser2KeyResp, err := s.testBench.Client.CreateServiceUserJWK(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserJWKRequest{
-			Id:    createServiceUser2Resp.GetServiceuser().GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		createServiceUser2KeyResp, err := s.testBench.Client.CreateServiceUserJWK(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserJWKRequest{
+			Id:    createServiceUser2Resp.Msg.GetServiceuser().GetId(),
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUser2KeyResp)
 
 		// generate a token out of key
-		rsaKey, err := jwk.ParseKey([]byte(createServiceUser2KeyResp.GetKey().GetPrivateKey()), jwk.WithPEM(true))
+		rsaKey, err := jwk.ParseKey([]byte(createServiceUser2KeyResp.Msg.GetKey().GetPrivateKey()), jwk.WithPEM(true))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(rsaKey)
-		_ = rsaKey.Set(jwk.KeyIDKey, createServiceUser2KeyResp.GetKey().GetKid())
+		_ = rsaKey.Set(jwk.KeyIDKey, createServiceUser2KeyResp.Msg.GetKey().GetKid())
 
 		sv2KeyToken, err := utils.BuildToken(rsaKey, "custom", svUserKey.GetPrincipalId(),
 			time.Minute*5, nil)
 		s.Assert().NoError(err)
 		s.Assert().NotNil(sv2KeyToken)
-		ctxWithKey2 := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithKey2 := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Bearer " + string(sv2KeyToken),
-		}))
+		})
 
 		// by default it should not have any permission
-		checkPermAfterResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey2, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
+		checkPermAfterResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey2, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
 			Permission: schema.ServiceUserManagePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkPermAfterResp.GetStatus())
+		s.Assert().False(checkPermAfterResp.Msg.GetStatus())
 	})
 }
 
@@ -290,94 +302,92 @@ func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithSecret() {
 	var svUserSecret *frontierv1beta1.SecretCredential
 	var svKeySecret string
 	var existingOrgID string
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	s.Run("1. create a service user in an org and generate a secret", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-sv-user-1",
-		})
+		}))
 		s.Assert().NoError(err)
-		existingOrgID = existingOrg.GetOrganization().GetId()
+		existingOrgID = existingOrg.Msg.GetOrganization().GetId()
 
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
-		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserCredentialRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserCredentialRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserCredentialResp)
-		svUserSecret = createServiceUserCredentialResp.GetSecret()
+		svUserSecret = createServiceUserCredentialResp.Msg.GetSecret()
 		svKeySecret = fmt.Sprintf("%s:%s", svUserSecret.GetId(),
 			svUserSecret.GetSecret())
 		svKeySecret = base64.StdEncoding.EncodeToString([]byte(svKeySecret))
 
 		// list service user secrets
-		listServiceUserCredentialResp, err := s.testBench.Client.ListServiceUserCredentials(ctxOrgAdminAuth, &frontierv1beta1.ListServiceUserCredentialsRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		listServiceUserCredentialResp, err := s.testBench.Client.ListServiceUserCredentials(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListServiceUserCredentialsRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listServiceUserCredentialResp)
 	})
 	s.Run("2. fetch current profile and ensure request is authenticated using service user key", func() {
-		ctxWithSecret := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithSecret := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Basic " + svKeySecret,
-		}))
+		})
 
-		getCurrentUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithSecret, &frontierv1beta1.GetCurrentUserRequest{})
+		getCurrentUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithSecret, connect.NewRequest(&frontierv1beta1.GetCurrentUserRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getCurrentUserResp)
 	})
 	s.Run("3. passing invalid type of jwt should fail", func() {
-		ctx := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctx := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Basic randomsecret",
-		}))
-		_, err := s.testBench.Client.GetCurrentUser(ctx, &frontierv1beta1.GetCurrentUserRequest{})
+		})
+		_, err := s.testBench.Client.GetCurrentUser(ctx, connect.NewRequest(&frontierv1beta1.GetCurrentUserRequest{}))
 		s.Assert().Error(err)
 	})
 	s.Run("4. service user should support organization roles", func() {
 		testNamespace := "compute/machine"
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-sv-user-2",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		projectResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		projectResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "project-sv-user-1",
-				OrgId: createOrgResp.GetOrganization().GetId(),
+				OrgId: createOrgResp.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(projectResp)
 
 		// create a service account
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
-		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserCredentialRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserCredentialRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserCredentialResp)
-		ctxWithSecret := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-			"Authorization": "Basic " + base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", createServiceUserCredentialResp.GetSecret().GetId(),
-				createServiceUserCredentialResp.GetSecret().GetSecret()))),
-		}))
+		ctxWithSecret := testbench.ContextWithHeaders(context.Background(), map[string]string{
+			"Authorization": "Basic " + base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", createServiceUserCredentialResp.Msg.GetSecret().GetId(),
+				createServiceUserCredentialResp.Msg.GetSecret().GetSecret()))),
+		})
 
 		// create dummy permissions
-		_, err = s.testBench.AdminClient.CreatePermission(ctxOrgAdminAuth, &frontierv1beta1.CreatePermissionRequest{
+		_, err = s.testBench.AdminClient.CreatePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePermissionRequest{
 			Bodies: []*frontierv1beta1.PermissionRequestBody{
 				{
 					Key: "compute.machine.get",
@@ -389,11 +399,11 @@ func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithSecret() {
 					Key: "compute.machine.delete",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// create role without delete permission
-		createdRoleResponse, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, &frontierv1beta1.CreateRoleRequest{
+		createdRoleResponse, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateRoleRequest{
 			Body: &frontierv1beta1.RoleRequestBody{
 				Name: "compute_machine_manager",
 				Permissions: []string{
@@ -401,55 +411,55 @@ func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithSecret() {
 					"compute.machine.create",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// create compute machine resource
-		createResourceResp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectResourceRequest{
-			ProjectId: projectResp.GetProject().GetId(),
+		createResourceResp, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectResourceRequest{
+			ProjectId: projectResp.Msg.GetProject().GetId(),
 			Body: &frontierv1beta1.ResourceRequestBody{
 				Name:      "resource1",
 				Namespace: testNamespace,
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createResourceResp)
 
 		// by default, it should not have any permission
-		checkPermResp, err := s.testBench.Client.CheckResourcePermission(ctxWithSecret, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(testNamespace, createResourceResp.GetResource().GetId()),
+		checkPermResp, err := s.testBench.Client.CheckResourcePermission(ctxWithSecret, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(testNamespace, createResourceResp.Msg.GetResource().GetId()),
 			Permission: schema.GetPermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkPermResp.GetStatus())
+		s.Assert().False(checkPermResp.Msg.GetStatus())
 
 		// create policy binding
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
-				RoleId:    createdRoleResponse.GetRole().GetId(),
-				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, projectResp.GetProject().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.GetServiceuser().GetId()),
+				RoleId:    createdRoleResponse.Msg.GetRole().GetId(),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.ProjectNamespace, projectResp.Msg.GetProject().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.Msg.GetServiceuser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// it will have get permission but not delete
-		checkPermAfterResp, err := s.testBench.Client.CheckResourcePermission(ctxWithSecret, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(testNamespace, createResourceResp.GetResource().GetId()),
+		checkPermAfterResp, err := s.testBench.Client.CheckResourcePermission(ctxWithSecret, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(testNamespace, createResourceResp.Msg.GetResource().GetId()),
 			Permission: schema.GetPermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkPermAfterResp.GetStatus())
-		checkPermAfterRespWithDelete, err := s.testBench.Client.CheckResourcePermission(ctxWithSecret, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(testNamespace, createResourceResp.GetResource().GetId()),
+		s.Assert().True(checkPermAfterResp.Msg.GetStatus())
+		checkPermAfterRespWithDelete, err := s.testBench.Client.CheckResourcePermission(ctxWithSecret, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(testNamespace, createResourceResp.Msg.GetResource().GetId()),
 			Permission: schema.DeletePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkPermAfterRespWithDelete.GetStatus())
+		s.Assert().False(checkPermAfterRespWithDelete.Msg.GetStatus())
 
 		// update role in place to add delete permission
-		_, err = s.testBench.AdminClient.UpdateRole(ctxOrgAdminAuth, &frontierv1beta1.UpdateRoleRequest{
-			Id: createdRoleResponse.GetRole().GetId(),
+		_, err = s.testBench.AdminClient.UpdateRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateRoleRequest{
+			Id: createdRoleResponse.Msg.GetRole().GetId(),
 			Body: &frontierv1beta1.RoleRequestBody{
 				Name: "compute_machine_manager",
 				Permissions: []string{
@@ -458,20 +468,20 @@ func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithSecret() {
 					"compute.machine.delete",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// should have permission now
-		checkPermAfterDelete, err := s.testBench.Client.CheckResourcePermission(ctxWithSecret, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID(testNamespace, createResourceResp.GetResource().GetId()),
+		checkPermAfterDelete, err := s.testBench.Client.CheckResourcePermission(ctxWithSecret, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID(testNamespace, createResourceResp.Msg.GetResource().GetId()),
 			Permission: schema.DeletePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkPermAfterDelete.GetStatus())
+		s.Assert().True(checkPermAfterDelete.Msg.GetStatus())
 
 		// update role in place to remove delete permission again
-		_, err = s.testBench.AdminClient.UpdateRole(ctxOrgAdminAuth, &frontierv1beta1.UpdateRoleRequest{
-			Id: createdRoleResponse.GetRole().GetId(),
+		_, err = s.testBench.AdminClient.UpdateRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.UpdateRoleRequest{
+			Id: createdRoleResponse.Msg.GetRole().GetId(),
 			Body: &frontierv1beta1.RoleRequestBody{
 				Name: "compute_machine_manager",
 				Permissions: []string{
@@ -479,198 +489,198 @@ func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithSecret() {
 					"compute.machine.create",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// removing of permission should also reflect
-		checkPermAfterDeleteRemoved, err := s.testBench.Client.BatchCheckPermission(ctxWithSecret, &frontierv1beta1.BatchCheckPermissionRequest{
+		checkPermAfterDeleteRemoved, err := s.testBench.Client.BatchCheckPermission(ctxWithSecret, connect.NewRequest(&frontierv1beta1.BatchCheckPermissionRequest{
 			Bodies: []*frontierv1beta1.BatchCheckPermissionBody{
 				{
-					Resource:   schema.JoinNamespaceAndResourceID(testNamespace, createResourceResp.GetResource().GetId()),
+					Resource:   schema.JoinNamespaceAndResourceID(testNamespace, createResourceResp.Msg.GetResource().GetId()),
 					Permission: schema.DeletePermission,
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkPermAfterDeleteRemoved.GetPairs()[0].GetStatus())
+		s.Assert().False(checkPermAfterDeleteRemoved.Msg.GetPairs()[0].GetStatus())
 	})
 	s.Run("5. service user should be allowed to create resources for projects", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-svuser-1",
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createSVUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
+		createSVUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			Body: &frontierv1beta1.ServiceUserRequestBody{
 				Title: "org-svuser-1-sv-user-1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createSVUserResp)
 
-		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserCredentialRequest{
-			Id:    createSVUserResp.GetServiceuser().GetId(),
+		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserCredentialRequest{
+			Id:    createSVUserResp.Msg.GetServiceuser().GetId(),
 			Title: "org-svuser-1-sv-user-1-key-1",
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserCredentialResp)
 
-		createdSVKey := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", createServiceUserCredentialResp.GetSecret().GetId(),
-			createServiceUserCredentialResp.GetSecret().GetSecret())))
-		ctxWithKey := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		createdSVKey := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", createServiceUserCredentialResp.Msg.GetSecret().GetId(),
+			createServiceUserCredentialResp.Msg.GetSecret().GetSecret())))
+		ctxWithKey := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Basic " + createdSVKey,
-		}))
+		})
 
 		// by default, it should not have any permission
-		checkPermResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   schema.JoinNamespaceAndResourceID("organization", existingOrg.GetOrganization().GetId()),
+		checkPermResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   schema.JoinNamespaceAndResourceID("organization", existingOrg.Msg.GetOrganization().GetId()),
 			Permission: schema.ProjectCreatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkPermResp.GetStatus())
+		s.Assert().False(checkPermResp.Msg.GetStatus())
 
 		// assign role
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
 				RoleId:    "app_project_manager",
-				Resource:  schema.JoinNamespaceAndResourceID("organization", existingOrg.GetOrganization().GetId()),
-				Principal: schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createSVUserResp.GetServiceuser().GetId()),
+				Resource:  schema.JoinNamespaceAndResourceID("organization", existingOrg.Msg.GetOrganization().GetId()),
+				Principal: schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createSVUserResp.Msg.GetServiceuser().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		checkPermAfterResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey, &frontierv1beta1.CheckResourcePermissionRequest{
-			ObjectId:        existingOrg.GetOrganization().GetId(),
+		checkPermAfterResp, err := s.testBench.Client.CheckResourcePermission(ctxWithKey, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			ObjectId:        existingOrg.Msg.GetOrganization().GetId(),
 			ObjectNamespace: "organization",
 			Permission:      schema.ProjectCreatePermission,
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkPermAfterResp.GetStatus())
+		s.Assert().True(checkPermAfterResp.Msg.GetStatus())
 
 		// create a project
-		createProjectResp, err := s.testBench.Client.CreateProject(ctxWithKey, &frontierv1beta1.CreateProjectRequest{
+		createProjectResp, err := s.testBench.Client.CreateProject(ctxWithKey, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Title: "org-svuser-1-sv-user-1-project-1",
-				OrgId: existingOrg.GetOrganization().GetId(),
+				OrgId: existingOrg.Msg.GetOrganization().GetId(),
 				Name:  "proj1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createProjectResp)
 
 		// register a new service using custom permission
-		createServiceResp, err := s.testBench.AdminClient.CreatePermission(ctxOrgAdminAuth, &frontierv1beta1.CreatePermissionRequest{
+		createServiceResp, err := s.testBench.AdminClient.CreatePermission(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePermissionRequest{
 			Bodies: []*frontierv1beta1.PermissionRequestBody{
 				{
 					Key: "resource.workflow.run",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceResp)
 
 		// check if service user has permission to create workflow
-		checkPermAfterResp, err = s.testBench.Client.CheckResourcePermission(ctxWithKey, &frontierv1beta1.CheckResourcePermissionRequest{
-			Resource:   "project:" + createProjectResp.GetProject().GetId(),
+		checkPermAfterResp, err = s.testBench.Client.CheckResourcePermission(ctxWithKey, connect.NewRequest(&frontierv1beta1.CheckResourcePermissionRequest{
+			Resource:   "project:" + createProjectResp.Msg.GetProject().GetId(),
 			Permission: "resource_workflow_run",
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkPermAfterResp.GetStatus())
+		s.Assert().True(checkPermAfterResp.Msg.GetStatus())
 	})
 	s.Run("6. listing serviceuser secrets only list it for that service user", func() {
 		// first org
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-sv-user-6-1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
-		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserCredentialRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserCredentialRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserCredentialResp)
-		createServiceUserCredentialResp2, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserCredentialRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserCredentialResp2, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserCredentialRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserCredentialResp2)
 
 		// list service user secrets
-		listServiceUserCredentialResp, err := s.testBench.Client.ListServiceUserCredentials(ctxOrgAdminAuth, &frontierv1beta1.ListServiceUserCredentialsRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		listServiceUserCredentialResp, err := s.testBench.Client.ListServiceUserCredentials(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListServiceUserCredentialsRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Len(listServiceUserCredentialResp.GetSecrets(), 2)
+		s.Assert().Len(listServiceUserCredentialResp.Msg.GetSecrets(), 2)
 
 		// first org su key
-		createdOrg1SVKey := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", createServiceUserCredentialResp.GetSecret().GetId(),
-			createServiceUserCredentialResp.GetSecret().GetSecret())))
-		ctxOrg1SVUWithKey := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		createdOrg1SVKey := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", createServiceUserCredentialResp.Msg.GetSecret().GetId(),
+			createServiceUserCredentialResp.Msg.GetSecret().GetSecret())))
+		ctxOrg1SVUWithKey := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Basic " + createdOrg1SVKey,
-		}))
+		})
 
 		// second org
-		createOrg2Resp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrg2Resp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-sv-user-6-2",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createServiceUserRespOrg2, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: createOrg2Resp.GetOrganization().GetId(),
-		})
+		createServiceUserRespOrg2, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: createOrg2Resp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserRespOrg2)
 
-		createServiceUser2SecretResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserCredentialRequest{
-			Id:    createServiceUserRespOrg2.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUser2SecretResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserCredentialRequest{
+			Id:    createServiceUserRespOrg2.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUser2SecretResp)
 
 		// list service user secrets should only get 1
-		listServiceUser2SecretResp, err := s.testBench.Client.ListServiceUserCredentials(ctxOrgAdminAuth, &frontierv1beta1.ListServiceUserCredentialsRequest{
-			Id:    createServiceUserRespOrg2.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		listServiceUser2SecretResp, err := s.testBench.Client.ListServiceUserCredentials(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListServiceUserCredentialsRequest{
+			Id:    createServiceUserRespOrg2.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Len(listServiceUser2SecretResp.GetSecrets(), 1)
+		s.Assert().Len(listServiceUser2SecretResp.Msg.GetSecrets(), 1)
 
 		// org 1 should not list secrets for org 2
-		_, err = s.testBench.Client.ListServiceUserCredentials(ctxOrg1SVUWithKey, &frontierv1beta1.ListServiceUserCredentialsRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		_, err = s.testBench.Client.ListServiceUserCredentials(ctxOrg1SVUWithKey, connect.NewRequest(&frontierv1beta1.ListServiceUserCredentialsRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().Error(err)
 	})
 	s.Run("7. fetch auth token using service account user key", func() {
-		ctxWithSecret := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithSecret := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Basic " + svKeySecret,
-		}))
+		})
 
-		authTokenResp, err := s.testBench.Client.AuthToken(ctxWithSecret, &frontierv1beta1.AuthTokenRequest{
+		authTokenResp, err := s.testBench.Client.AuthToken(ctxWithSecret, connect.NewRequest(&frontierv1beta1.AuthTokenRequest{
 			GrantType: "client_credentials",
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(authTokenResp)
-		s.Assert().NotNil(authTokenResp.GetAccessToken())
-		s.Assert().NotNil(authTokenResp.GetTokenType())
-		insecureToken, err := jwt.ParseInsecure([]byte(authTokenResp.GetAccessToken()))
+		s.Assert().NotNil(authTokenResp.Msg.GetAccessToken())
+		s.Assert().NotNil(authTokenResp.Msg.GetTokenType())
+		insecureToken, err := jwt.ParseInsecure([]byte(authTokenResp.Msg.GetAccessToken()))
 		s.Assert().NoError(err)
 		orgIDs, ok := insecureToken.Get("org_ids")
 		s.Assert().True(ok)
@@ -679,378 +689,374 @@ func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithSecret() {
 }
 
 func (s *ServiceUsersRegressionTestSuite) TestServiceUserAsPlatformMember() {
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	s.Run("1. create a service user in an org and make it platform superuser", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-sv-user-pl-1",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
-		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserCredentialRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserCredentialRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserCredentialResp)
 
-		ctxWithKey := getSVUCtx(createServiceUserCredentialResp.GetSecret())
+		ctxWithKey := getSVUCtx(createServiceUserCredentialResp.Msg.GetSecret())
 
 		// before giving access, it should return error
-		_, err = s.testBench.AdminClient.ListRelations(ctxWithKey, &frontierv1beta1.ListRelationsRequest{})
+		_, err = s.testBench.AdminClient.ListRelations(ctxWithKey, connect.NewRequest(&frontierv1beta1.ListRelationsRequest{}))
 		s.Assert().Error(err)
 
 		// make service user platform admin
-		_, err = s.testBench.AdminClient.AddPlatformUser(ctxOrgAdminAuth, &frontierv1beta1.AddPlatformUserRequest{
-			ServiceuserId: createServiceUserResp.GetServiceuser().GetId(),
+		_, err = s.testBench.AdminClient.AddPlatformUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddPlatformUserRequest{
+			ServiceuserId: createServiceUserResp.Msg.GetServiceuser().GetId(),
 			Relation:      schema.AdminRelationName,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check if we have su permissions by listing relations
-		listRelationsResp, err := s.testBench.AdminClient.ListRelations(ctxWithKey, &frontierv1beta1.ListRelationsRequest{
-			Subject: schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.GetServiceuser().GetId()),
+		listRelationsResp, err := s.testBench.AdminClient.ListRelations(ctxWithKey, connect.NewRequest(&frontierv1beta1.ListRelationsRequest{
+			Subject: schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.Msg.GetServiceuser().GetId()),
 			Object:  schema.JoinNamespaceAndResourceID(schema.PlatformNamespace, schema.PlatformID),
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().Len(listRelationsResp.GetRelations(), 1)
+		s.Assert().Len(listRelationsResp.Msg.GetRelations(), 1)
 	})
 	s.Run("2. create a service user in an org and make it platform member", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-sv-user-pl-2",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
-		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserCredentialRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserCredentialRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserCredentialResp)
 
-		ctxWithKey := getSVUCtx(createServiceUserCredentialResp.GetSecret())
+		ctxWithKey := getSVUCtx(createServiceUserCredentialResp.Msg.GetSecret())
 
 		// make service user platform member
-		_, err = s.testBench.AdminClient.AddPlatformUser(ctxOrgAdminAuth, &frontierv1beta1.AddPlatformUserRequest{
-			ServiceuserId: createServiceUserResp.GetServiceuser().GetId(),
+		_, err = s.testBench.AdminClient.AddPlatformUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddPlatformUserRequest{
+			ServiceuserId: createServiceUserResp.Msg.GetServiceuser().GetId(),
 			Relation:      schema.MemberRelationName,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check if we have su permissions by checking federated resource permission
 
 		// this should be false as we are a member
 		checkResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth,
-			&frontierv1beta1.CheckFederatedResourcePermissionRequest{
-				Subject:    schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.GetServiceuser().GetId()),
+			connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+				Subject:    schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.Msg.GetServiceuser().GetId()),
 				Resource:   schema.JoinNamespaceAndResourceID(schema.PlatformNamespace, schema.PlatformID),
 				Permission: schema.PlatformSudoPermission,
-			})
+			}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkResp.GetStatus())
+		s.Assert().False(checkResp.Msg.GetStatus())
 
 		// should return true as we are a member
 		checkResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxWithKey,
-			&frontierv1beta1.CheckFederatedResourcePermissionRequest{
-				Subject:    schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.GetServiceuser().GetId()),
+			connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+				Subject:    schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.Msg.GetServiceuser().GetId()),
 				Resource:   schema.JoinNamespaceAndResourceID(schema.PlatformNamespace, schema.PlatformID),
 				Permission: schema.PlatformCheckPermission,
-			})
+			}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkResp.GetStatus())
+		s.Assert().True(checkResp.Msg.GetStatus())
 	})
 	s.Run("3. list users & service users of platform", func() {
 		// create a service user
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-sv-user-pl-3",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
 		// check if we have su permissions by listing users
-		listUsersBeforeResp, err := s.testBench.AdminClient.ListPlatformUsers(ctxOrgAdminAuth, &frontierv1beta1.ListPlatformUsersRequest{})
+		listUsersBeforeResp, err := s.testBench.AdminClient.ListPlatformUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListPlatformUsersRequest{}))
 		s.Assert().NoError(err)
-		s.Assert().False(utils.ContainsFunc(listUsersBeforeResp.GetServiceusers(), func(user *frontierv1beta1.ServiceUser) bool {
-			return user.GetId() == createServiceUserResp.GetServiceuser().GetId()
+		s.Assert().False(utils.ContainsFunc(listUsersBeforeResp.Msg.GetServiceusers(), func(user *frontierv1beta1.ServiceUser) bool {
+			return user.GetId() == createServiceUserResp.Msg.GetServiceuser().GetId()
 		}))
 
 		// make service user platform member
-		_, err = s.testBench.AdminClient.AddPlatformUser(ctxOrgAdminAuth, &frontierv1beta1.AddPlatformUserRequest{
-			ServiceuserId: createServiceUserResp.GetServiceuser().GetId(),
+		_, err = s.testBench.AdminClient.AddPlatformUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddPlatformUserRequest{
+			ServiceuserId: createServiceUserResp.Msg.GetServiceuser().GetId(),
 			Relation:      schema.MemberRelationName,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check if we have su permissions by listing users
-		listUsersResp, err := s.testBench.AdminClient.ListPlatformUsers(ctxOrgAdminAuth, &frontierv1beta1.ListPlatformUsersRequest{})
+		listUsersResp, err := s.testBench.AdminClient.ListPlatformUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListPlatformUsersRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listUsersResp)
-		s.Assert().Len(listUsersResp.GetUsers(), 1)
-		s.Assert().True(utils.ContainsFunc(listUsersResp.GetServiceusers(), func(user *frontierv1beta1.ServiceUser) bool {
-			return user.GetId() == createServiceUserResp.GetServiceuser().GetId()
+		s.Assert().Len(listUsersResp.Msg.GetUsers(), 1)
+		s.Assert().True(utils.ContainsFunc(listUsersResp.Msg.GetServiceusers(), func(user *frontierv1beta1.ServiceUser) bool {
+			return user.GetId() == createServiceUserResp.Msg.GetServiceuser().GetId()
 		}))
 	})
 	s.Run("4. remove a service user in an org which was platform member", func() {
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-sv-user-pl-4",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
-		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserCredentialRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserCredentialResp, err := s.testBench.Client.CreateServiceUserCredential(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserCredentialRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserCredentialResp)
 
-		ctxWithKey := getSVUCtx(createServiceUserCredentialResp.GetSecret())
+		ctxWithKey := getSVUCtx(createServiceUserCredentialResp.Msg.GetSecret())
 
 		// make service user platform member
-		_, err = s.testBench.AdminClient.AddPlatformUser(ctxOrgAdminAuth, &frontierv1beta1.AddPlatformUserRequest{
-			ServiceuserId: createServiceUserResp.GetServiceuser().GetId(),
+		_, err = s.testBench.AdminClient.AddPlatformUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddPlatformUserRequest{
+			ServiceuserId: createServiceUserResp.Msg.GetServiceuser().GetId(),
 			Relation:      schema.MemberRelationName,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check if we have su permissions by checking federated resource permission
 
 		// should return true as we are a member
 		checkResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxWithKey,
-			&frontierv1beta1.CheckFederatedResourcePermissionRequest{
-				Subject:    schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.GetServiceuser().GetId()),
+			connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+				Subject:    schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.Msg.GetServiceuser().GetId()),
 				Resource:   schema.JoinNamespaceAndResourceID(schema.PlatformNamespace, schema.PlatformID),
 				Permission: schema.PlatformCheckPermission,
-			})
+			}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkResp.GetStatus())
+		s.Assert().True(checkResp.Msg.GetStatus())
 
 		// remove service user from platform
-		removeResp, err := s.testBench.AdminClient.RemovePlatformUser(ctxOrgAdminAuth, &frontierv1beta1.RemovePlatformUserRequest{
-			ServiceuserId: createServiceUserResp.GetServiceuser().GetId(),
-		})
+		removeResp, err := s.testBench.AdminClient.RemovePlatformUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.RemovePlatformUserRequest{
+			ServiceuserId: createServiceUserResp.Msg.GetServiceuser().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(removeResp)
 
 		// should return false as we are no longer member
 		checkResp, err = s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth,
-			&frontierv1beta1.CheckFederatedResourcePermissionRequest{
-				Subject:    schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.GetServiceuser().GetId()),
+			connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+				Subject:    schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.Msg.GetServiceuser().GetId()),
 				Resource:   schema.JoinNamespaceAndResourceID(schema.PlatformNamespace, schema.PlatformID),
 				Permission: schema.PlatformCheckPermission,
-			})
+			}))
 		s.Assert().NoError(err)
-		s.Assert().False(checkResp.GetStatus())
+		s.Assert().False(checkResp.Msg.GetStatus())
 	})
 	s.Run("5. list super users & service users of platform in non admin APIs", func() {
 		// create a service user
-		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrgResp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-sv-user-pl-5",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: createOrgResp.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: createOrgResp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
 		// make service user platform su
-		_, err = s.testBench.AdminClient.AddPlatformUser(ctxOrgAdminAuth, &frontierv1beta1.AddPlatformUserRequest{
-			ServiceuserId: createServiceUserResp.GetServiceuser().GetId(),
+		_, err = s.testBench.AdminClient.AddPlatformUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.AddPlatformUserRequest{
+			ServiceuserId: createServiceUserResp.Msg.GetServiceuser().GetId(),
 			Relation:      schema.AdminRelationName,
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// create another org to verify su permissions
-		createOrg2Resp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, &frontierv1beta1.CreateOrganizationRequest{
+		createOrg2Resp, err := s.testBench.Client.CreateOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: &frontierv1beta1.OrganizationRequestBody{
 				Name: "org-sv-user-pl-5a",
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// check if su can delete another org
 		checkResp, err := s.testBench.AdminClient.CheckFederatedResourcePermission(ctxOrgAdminAuth,
-			&frontierv1beta1.CheckFederatedResourcePermissionRequest{
-				Subject:    schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.GetServiceuser().GetId()),
-				Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, createOrg2Resp.GetOrganization().GetId()),
+			connect.NewRequest(&frontierv1beta1.CheckFederatedResourcePermissionRequest{
+				Subject:    schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, createServiceUserResp.Msg.GetServiceuser().GetId()),
+				Resource:   schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, createOrg2Resp.Msg.GetOrganization().GetId()),
 				Permission: schema.DeletePermission,
-			})
+			}))
 		s.Assert().NoError(err)
-		s.Assert().True(checkResp.GetStatus())
+		s.Assert().True(checkResp.Msg.GetStatus())
 
 		// check if we have su permissions by listing platform users
-		listUsersResp, err := s.testBench.AdminClient.ListPlatformUsers(ctxOrgAdminAuth, &frontierv1beta1.ListPlatformUsersRequest{})
+		listUsersResp, err := s.testBench.AdminClient.ListPlatformUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListPlatformUsersRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listUsersResp)
-		s.Assert().True(utils.ContainsFunc(listUsersResp.GetServiceusers(), func(user *frontierv1beta1.ServiceUser) bool {
-			return user.GetId() == createServiceUserResp.GetServiceuser().GetId()
+		s.Assert().True(utils.ContainsFunc(listUsersResp.Msg.GetServiceusers(), func(user *frontierv1beta1.ServiceUser) bool {
+			return user.GetId() == createServiceUserResp.Msg.GetServiceuser().GetId()
 		}))
 
 		// superusers shouldn't be listed in non admin calls even if they have access
-		orgServiceUsersResp, err := s.testBench.Client.ListServiceUsers(ctxOrgAdminAuth, &frontierv1beta1.ListServiceUsersRequest{
-			OrgId: createOrg2Resp.GetOrganization().GetId(),
-		})
+		orgServiceUsersResp, err := s.testBench.Client.ListServiceUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListServiceUsersRequest{
+			OrgId: createOrg2Resp.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(orgServiceUsersResp)
-		s.Assert().Len(orgServiceUsersResp.GetServiceusers(), 0)
+		s.Assert().Len(orgServiceUsersResp.Msg.GetServiceusers(), 0)
 		// create a project in it to verify as well
-		createProjectResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectRequest{
+		createProjectResp, err := s.testBench.Client.CreateProject(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "project-sv-user-pl-3a",
-				OrgId: createOrg2Resp.GetOrganization().GetId(),
+				OrgId: createOrg2Resp.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		projectServiceUsersResp, err := s.testBench.Client.ListProjectServiceUsers(ctxOrgAdminAuth, &frontierv1beta1.ListProjectServiceUsersRequest{
-			Id: createProjectResp.GetProject().GetId(),
-		})
+		projectServiceUsersResp, err := s.testBench.Client.ListProjectServiceUsers(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListProjectServiceUsersRequest{
+			Id: createProjectResp.Msg.GetProject().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(projectServiceUsersResp)
-		s.Assert().Len(projectServiceUsersResp.GetServiceusers(), 0)
+		s.Assert().Len(projectServiceUsersResp.Msg.GetServiceusers(), 0)
 	})
 }
 
 func (s *ServiceUsersRegressionTestSuite) TestServiceUserWithToken() {
 	var svKeyToken string
 	var svUserID string
-	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
-		testbench.IdentityHeader: testbench.OrgAdminEmail,
-	}))
+	ctxOrgAdminAuth := testbench.ContextWithAuth(context.Background(), s.adminCookie)
 	s.Run("1. create a service user in an org and generate a token", func() {
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-sv-user-1",
-		})
+		}))
 		s.Assert().NoError(err)
 
-		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserRequest{
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		createServiceUserResp, err := s.testBench.Client.CreateServiceUser(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserRequest{
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserResp)
 
-		createServiceUserTokenResp, err := s.testBench.Client.CreateServiceUserToken(ctxOrgAdminAuth, &frontierv1beta1.CreateServiceUserTokenRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		createServiceUserTokenResp, err := s.testBench.Client.CreateServiceUserToken(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateServiceUserTokenRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(createServiceUserTokenResp)
-		svUserID = createServiceUserResp.GetServiceuser().GetId()
-		svUserToken := createServiceUserTokenResp.GetToken()
+		svUserID = createServiceUserResp.Msg.GetServiceuser().GetId()
+		svUserToken := createServiceUserTokenResp.Msg.GetToken()
 		svKeyToken = fmt.Sprintf("%s:%s", svUserToken.GetId(),
 			svUserToken.GetToken())
 		svKeyToken = base64.StdEncoding.EncodeToString([]byte(svKeyToken))
 
 		// list service user secrets
-		listServiceUserTokenResp, err := s.testBench.Client.ListServiceUserTokens(ctxOrgAdminAuth, &frontierv1beta1.ListServiceUserTokensRequest{
-			Id:    createServiceUserResp.GetServiceuser().GetId(),
-			OrgId: existingOrg.GetOrganization().GetId(),
-		})
+		listServiceUserTokenResp, err := s.testBench.Client.ListServiceUserTokens(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.ListServiceUserTokensRequest{
+			Id:    createServiceUserResp.Msg.GetServiceuser().GetId(),
+			OrgId: existingOrg.Msg.GetOrganization().GetId(),
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(listServiceUserTokenResp)
 	})
 	s.Run("2. fetch current profile and ensure request is authenticated using service user token", func() {
-		ctxWithSecret := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithSecret := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Basic " + svKeyToken,
-		}))
+		})
 
-		getCurrentUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithSecret, &frontierv1beta1.GetCurrentUserRequest{})
+		getCurrentUserResp, err := s.testBench.Client.GetCurrentUser(ctxWithSecret, connect.NewRequest(&frontierv1beta1.GetCurrentUserRequest{}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(getCurrentUserResp)
 	})
 	s.Run("3. should fail to fetch current profile with invalid service user token", func() {
-		ctxWithSecret := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithSecret := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Basic " + svKeyToken + "00",
-		}))
+		})
 
-		_, err := s.testBench.Client.GetCurrentUser(ctxWithSecret, &frontierv1beta1.GetCurrentUserRequest{})
+		_, err := s.testBench.Client.GetCurrentUser(ctxWithSecret, connect.NewRequest(&frontierv1beta1.GetCurrentUserRequest{}))
 		s.Assert().Error(err)
 	})
 	s.Run("4. give permission to create project in an org to service user", func() {
 		// create a role to grant project creation
-		projectOwnerRoleResp, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, &frontierv1beta1.CreateRoleRequest{
+		projectOwnerRoleResp, err := s.testBench.AdminClient.CreateRole(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreateRoleRequest{
 			Body: &frontierv1beta1.RoleRequestBody{
 				Name: "project_owner_custom",
 				Permissions: []string{
 					"app_organization_projectcreate",
 				},
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 		s.Assert().NotNil(projectOwnerRoleResp)
 
-		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, &frontierv1beta1.GetOrganizationRequest{
+		existingOrg, err := s.testBench.Client.GetOrganization(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.GetOrganizationRequest{
 			Id: "org-sv-user-1",
-		})
+		}))
 		s.Assert().NoError(err)
 
-		ctxWithSecret := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		ctxWithSecret := testbench.ContextWithHeaders(context.Background(), map[string]string{
 			"Authorization": "Basic " + svKeyToken,
-		}))
+		})
 
 		// check the user can't create project by default
-		projectCreateResp, err := s.testBench.Client.CreateProject(ctxWithSecret, &frontierv1beta1.CreateProjectRequest{
+		projectCreateResp, err := s.testBench.Client.CreateProject(ctxWithSecret, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "sv-token-project-1",
-				OrgId: existingOrg.GetOrganization().GetId(),
+				OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().Error(err)
 		s.Assert().Empty(projectCreateResp)
 
 		// assign permission to sv user
-		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, &frontierv1beta1.CreatePolicyRequest{
+		_, err = s.testBench.Client.CreatePolicy(ctxOrgAdminAuth, connect.NewRequest(&frontierv1beta1.CreatePolicyRequest{
 			Body: &frontierv1beta1.PolicyRequestBody{
-				RoleId:    projectOwnerRoleResp.GetRole().GetId(),
+				RoleId:    projectOwnerRoleResp.Msg.GetRole().GetId(),
 				Principal: schema.JoinNamespaceAndResourceID(schema.ServiceUserPrincipal, svUserID),
-				Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.GetOrganization().GetId()),
+				Resource:  schema.JoinNamespaceAndResourceID(schema.OrganizationNamespace, existingOrg.Msg.GetOrganization().GetId()),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
 
 		// creating project should work
-		projectCreateResp, err = s.testBench.Client.CreateProject(ctxWithSecret, &frontierv1beta1.CreateProjectRequest{
+		projectCreateResp, err = s.testBench.Client.CreateProject(ctxWithSecret, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: &frontierv1beta1.ProjectRequestBody{
 				Name:  "sv-token-project-1",
-				OrgId: existingOrg.GetOrganization().GetId(),
+				OrgId: existingOrg.Msg.GetOrganization().GetId(),
 			},
-		})
+		}))
 		s.Assert().NoError(err)
-		s.Assert().NotNil(projectCreateResp.GetProject().GetId())
+		s.Assert().NotNil(projectCreateResp.Msg.GetProject().GetId())
 	})
 }
 
@@ -1059,9 +1065,9 @@ func TestEndToEndServiceUsersRegressionTestSuite(t *testing.T) {
 }
 
 func getSVUCtx(cred *frontierv1beta1.SecretCredential) context.Context {
-	ctxWithKey := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+	ctxWithKey := testbench.ContextWithHeaders(context.Background(), map[string]string{
 		"Authorization": "Basic " + base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", cred.GetId(),
 			cred.GetSecret()))),
-	}))
+	})
 	return ctxWithKey
 }
diff --git a/test/e2e/smoke/ping_test.go b/test/e2e/smoke/ping_test.go
index 7c3de855e..963dd68d5 100644
--- a/test/e2e/smoke/ping_test.go
+++ b/test/e2e/smoke/ping_test.go
@@ -54,7 +54,6 @@ func (s *PingSmokeTestSuite) SetupSuite() {
 				MaxRecvMsgSize: 2 << 10,
 				MaxSendMsgSize: 2 << 10,
 			},
-			IdentityProxyHeader: testbench.IdentityHeader,
 			ResourcesConfigPath: path.Join(testDataPath, "resource"),
 		},
 	}
diff --git a/test/e2e/testbench/helper.go b/test/e2e/testbench/helper.go
index 12efdc0a5..ae98f5ddb 100644
--- a/test/e2e/testbench/helper.go
+++ b/test/e2e/testbench/helper.go
@@ -5,12 +5,15 @@ import (
 	_ "embed"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"net"
+	"net/http"
+	"strings"
 
+	"connectrpc.com/connect"
+	"github.com/raystack/frontier/core/authenticate/strategy"
 	frontierv1beta1 "github.com/raystack/frontier/proto/v1beta1"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials/insecure"
-	"google.golang.org/grpc/metadata"
+	"github.com/raystack/frontier/proto/v1beta1/frontierv1beta1connect"
 )
 
 var (
@@ -25,10 +28,83 @@ var (
 )
 
 const (
-	OrgAdminEmail  = "admin1-group1-org1@raystack.org"
-	IdentityHeader = "X-Frontier-Email"
+	OrgAdminEmail = "admin1-group1-org1@raystack.org"
+	TestOTP       = "123456"
 )
 
+// headersKey is the context key for storing headers to be sent with ConnectRPC requests.
+type headersKey struct{}
+
+// ContextWithHeaders returns a new context with the given headers.
+// These headers will be automatically applied to ConnectRPC requests
+// by the headerInterceptor.
+func ContextWithHeaders(ctx context.Context, headers map[string]string) context.Context {
+	return context.WithValue(ctx, headersKey{}, headers)
+}
+
+// ContextWithAuth returns a context that carries the session cookie for authentication.
+func ContextWithAuth(ctx context.Context, cookieStr string) context.Context {
+	return ContextWithHeaders(ctx, map[string]string{
+		"Cookie": cookieStr,
+	})
+}
+
+// HeadersFromContext returns headers stored in the context, if any.
+func HeadersFromContext(ctx context.Context) map[string]string {
+	if h, ok := ctx.Value(headersKey{}).(map[string]string); ok {
+		return h
+	}
+	return nil
+}
+
+// headerInterceptor is a ConnectRPC unary interceptor that reads headers
+// from the context and sets them on the outgoing request.
+func headerInterceptor() connect.UnaryInterceptorFunc {
+	return connect.UnaryInterceptorFunc(func(next connect.UnaryFunc) connect.UnaryFunc {
+		return connect.UnaryFunc(func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			if headers := HeadersFromContext(ctx); headers != nil {
+				for k, v := range headers {
+					req.Header().Set(k, v)
+				}
+			}
+			return next(ctx, req)
+		})
+	})
+}
+
+// AuthenticateUser authenticates a user via mail OTP using the test_users config
+// (which skips SMTP) and returns the session cookie string (e.g. "sid=<encrypted>").
+func AuthenticateUser(ctx context.Context, cl frontierv1beta1connect.FrontierServiceClient, email string) (string, error) {
+	// start mail OTP flow
+	authResp, err := cl.Authenticate(ctx, connect.NewRequest(&frontierv1beta1.AuthenticateRequest{
+		StrategyName:    strategy.MailOTPAuthMethod,
+		RedirectOnstart: false,
+		Email:           email,
+	}))
+	if err != nil {
+		return "", fmt.Errorf("authenticate: %w", err)
+	}
+
+	// complete OTP verification with the fixed test OTP
+	callbackResp, err := cl.AuthCallback(ctx, connect.NewRequest(&frontierv1beta1.AuthCallbackRequest{
+		StrategyName: strategy.MailOTPAuthMethod,
+		Code:         TestOTP,
+		State:        authResp.Msg.GetState(),
+	}))
+	if err != nil {
+		return "", fmt.Errorf("auth callback: %w", err)
+	}
+
+	// extract session cookie from Set-Cookie header
+	setCookie := callbackResp.Header().Get("Set-Cookie")
+	if setCookie == "" {
+		return "", fmt.Errorf("no Set-Cookie header in auth callback response")
+	}
+	// take only the cookie name=value part (before the first ";")
+	cookie := strings.SplitN(setCookie, ";", 2)[0]
+	return cookie, nil
+}
+
 func GetFreePort() (int, error) {
 	addr, err := net.ResolveTCPAddr("tcp", "localhost:0")
 	if err != nil {
@@ -43,97 +119,85 @@ func GetFreePort() (int, error) {
 	return l.Addr().(*net.TCPAddr).Port, nil
 }
 
-func createConnection(ctx context.Context, host string) (*grpc.ClientConn, error) {
-	opts := []grpc.DialOption{
-		grpc.WithTransportCredentials(insecure.NewCredentials()),
-		grpc.WithBlock(),
-	}
-
-	return grpc.DialContext(ctx, host, opts...)
-}
-
-func CreateClient(ctx context.Context, host string) (frontierv1beta1.FrontierServiceClient, func() error, error) {
-	conn, err := createConnection(ctx, host)
-	if err != nil {
-		return nil, nil, err
-	}
-	client := frontierv1beta1.NewFrontierServiceClient(conn)
-	return client, conn.Close, nil
+func CreateClient(host string) (frontierv1beta1connect.FrontierServiceClient, error) {
+	return frontierv1beta1connect.NewFrontierServiceClient(
+		http.DefaultClient,
+		fmt.Sprintf("http://%s", host),
+		connect.WithInterceptors(headerInterceptor()),
+	), nil
 }
 
-func CreateAdminClient(ctx context.Context, host string) (frontierv1beta1.AdminServiceClient, func() error, error) {
-	conn, err := createConnection(ctx, host)
-	if err != nil {
-		return nil, nil, err
-	}
-	client := frontierv1beta1.NewAdminServiceClient(conn)
-	return client, conn.Close, nil
+func CreateAdminClient(host string) (frontierv1beta1connect.AdminServiceClient, error) {
+	return frontierv1beta1connect.NewAdminServiceClient(
+		http.DefaultClient,
+		fmt.Sprintf("http://%s", host),
+		connect.WithInterceptors(headerInterceptor()),
+	), nil
 }
 
-func BootstrapUsers(ctx context.Context, cl frontierv1beta1.FrontierServiceClient, creatorEmail string) error {
+func BootstrapUsers(ctx context.Context, cl frontierv1beta1connect.FrontierServiceClient, sessionCookie string) error {
 	var data []*frontierv1beta1.UserRequestBody
 	if err := json.Unmarshal(mockUserFixture, &data); err != nil {
 		return err
 	}
 
 	for _, d := range data {
-		ctx = metadata.NewOutgoingContext(ctx, metadata.New(map[string]string{
-			IdentityHeader: creatorEmail,
-		}))
-		if _, err := cl.CreateUser(ctx, &frontierv1beta1.CreateUserRequest{
+		authCtx := ContextWithAuth(ctx, sessionCookie)
+		if _, err := cl.CreateUser(authCtx, connect.NewRequest(&frontierv1beta1.CreateUserRequest{
 			Body: d,
-		}); err != nil {
+		})); err != nil {
 			return err
 		}
 	}
 
 	// validate
-	uRes, err := cl.ListUsers(ctx, &frontierv1beta1.ListUsersRequest{})
+	authCtx := ContextWithAuth(ctx, sessionCookie)
+	uRes, err := cl.ListUsers(authCtx, connect.NewRequest(&frontierv1beta1.ListUsersRequest{}))
 	if err != nil {
 		return err
 	}
 	// +1 for counting admin user
-	if len(data)+1 != len(uRes.GetUsers()) {
+	if len(data)+1 != len(uRes.Msg.GetUsers()) {
 		return errors.New("failed to validate number of users created")
 	}
 	return nil
 }
 
-func BootstrapOrganizations(ctx context.Context, cl frontierv1beta1.FrontierServiceClient, creatorEmail string) error {
+func BootstrapOrganizations(ctx context.Context, cl frontierv1beta1connect.FrontierServiceClient, sessionCookie string) error {
 	var data []*frontierv1beta1.OrganizationRequestBody
 	if err := json.Unmarshal(mockOrganizationFixture, &data); err != nil {
 		return err
 	}
 
 	for _, d := range data {
-		ctx = metadata.NewOutgoingContext(ctx, metadata.New(map[string]string{
-			IdentityHeader: creatorEmail,
-		}))
-		if _, err := cl.CreateOrganization(ctx, &frontierv1beta1.CreateOrganizationRequest{
+		authCtx := ContextWithAuth(ctx, sessionCookie)
+		if _, err := cl.CreateOrganization(authCtx, connect.NewRequest(&frontierv1beta1.CreateOrganizationRequest{
 			Body: d,
-		}); err != nil {
+		})); err != nil {
 			return err
 		}
 	}
 
 	// validate
-	uRes, err := cl.ListOrganizations(ctx, &frontierv1beta1.ListOrganizationsRequest{})
+	authCtx := ContextWithAuth(ctx, sessionCookie)
+	uRes, err := cl.ListOrganizations(authCtx, connect.NewRequest(&frontierv1beta1.ListOrganizationsRequest{}))
 	if err != nil {
 		return err
 	}
-	if len(data) != len(uRes.GetOrganizations()) {
+	if len(data) != len(uRes.Msg.GetOrganizations()) {
 		return errors.New("failed to validate number of organizations created")
 	}
 	return nil
 }
 
-func BootstrapProject(ctx context.Context, cl frontierv1beta1.FrontierServiceClient, creatorEmail string) error {
-	orgResp, err := cl.ListOrganizations(ctx, &frontierv1beta1.ListOrganizationsRequest{})
+func BootstrapProject(ctx context.Context, cl frontierv1beta1connect.FrontierServiceClient, sessionCookie string) error {
+	authCtx := ContextWithAuth(ctx, sessionCookie)
+	orgResp, err := cl.ListOrganizations(authCtx, connect.NewRequest(&frontierv1beta1.ListOrganizationsRequest{}))
 	if err != nil {
 		return err
 	}
 
-	if len(orgResp.GetOrganizations()) < 1 {
+	if len(orgResp.Msg.GetOrganizations()) < 1 {
 		return errors.New("no organization found")
 	}
 
@@ -143,37 +207,37 @@ func BootstrapProject(ctx context.Context, cl frontierv1beta1.FrontierServiceCli
 	}
 
 	for _, d := range data {
-		d.OrgId = orgResp.GetOrganizations()[0].GetId()
-		ctx = metadata.NewOutgoingContext(ctx, metadata.New(map[string]string{
-			IdentityHeader: creatorEmail,
-		}))
-		if _, err := cl.CreateProject(ctx, &frontierv1beta1.CreateProjectRequest{
+		d.OrgId = orgResp.Msg.GetOrganizations()[0].GetId()
+		authCtx = ContextWithAuth(ctx, sessionCookie)
+		if _, err := cl.CreateProject(authCtx, connect.NewRequest(&frontierv1beta1.CreateProjectRequest{
 			Body: d,
-		}); err != nil {
+		})); err != nil {
 			return err
 		}
 	}
 
 	// validate
-	uRes, err := cl.ListOrganizationProjects(ctx, &frontierv1beta1.ListOrganizationProjectsRequest{
-		Id: orgResp.GetOrganizations()[0].GetId(),
-	})
+	authCtx = ContextWithAuth(ctx, sessionCookie)
+	uRes, err := cl.ListOrganizationProjects(authCtx, connect.NewRequest(&frontierv1beta1.ListOrganizationProjectsRequest{
+		Id: orgResp.Msg.GetOrganizations()[0].GetId(),
+	}))
 	if err != nil {
 		return err
 	}
-	if len(data) != len(uRes.GetProjects()) {
+	if len(data) != len(uRes.Msg.GetProjects()) {
 		return errors.New("failed to validate number of projects created")
 	}
 	return nil
 }
 
-func BootstrapGroup(ctx context.Context, cl frontierv1beta1.FrontierServiceClient, creatorEmail string) error {
-	orgResp, err := cl.ListOrganizations(ctx, &frontierv1beta1.ListOrganizationsRequest{})
+func BootstrapGroup(ctx context.Context, cl frontierv1beta1connect.FrontierServiceClient, sessionCookie string) error {
+	authCtx := ContextWithAuth(ctx, sessionCookie)
+	orgResp, err := cl.ListOrganizations(authCtx, connect.NewRequest(&frontierv1beta1.ListOrganizationsRequest{}))
 	if err != nil {
 		return err
 	}
 
-	if len(orgResp.GetOrganizations()) < 1 {
+	if len(orgResp.Msg.GetOrganizations()) < 1 {
 		return errors.New("no organization found")
 	}
 
@@ -183,25 +247,24 @@ func BootstrapGroup(ctx context.Context, cl frontierv1beta1.FrontierServiceClien
 	}
 
 	for _, d := range data {
-		ctx = metadata.NewOutgoingContext(ctx, metadata.New(map[string]string{
-			IdentityHeader: creatorEmail,
-		}))
-		if _, err := cl.CreateGroup(ctx, &frontierv1beta1.CreateGroupRequest{
+		authCtx = ContextWithAuth(ctx, sessionCookie)
+		if _, err := cl.CreateGroup(authCtx, connect.NewRequest(&frontierv1beta1.CreateGroupRequest{
 			Body:  d,
-			OrgId: orgResp.GetOrganizations()[0].GetId(),
-		}); err != nil {
+			OrgId: orgResp.Msg.GetOrganizations()[0].GetId(),
+		})); err != nil {
 			return err
 		}
 	}
 
 	// validate
-	uRes, err := cl.ListOrganizationGroups(ctx, &frontierv1beta1.ListOrganizationGroupsRequest{
-		OrgId: orgResp.GetOrganizations()[0].GetId(),
-	})
+	authCtx = ContextWithAuth(ctx, sessionCookie)
+	uRes, err := cl.ListOrganizationGroups(authCtx, connect.NewRequest(&frontierv1beta1.ListOrganizationGroupsRequest{
+		OrgId: orgResp.Msg.GetOrganizations()[0].GetId(),
+	}))
 	if err != nil {
 		return err
 	}
-	if len(data) != len(uRes.GetGroups()) {
+	if len(data) != len(uRes.Msg.GetGroups()) {
 		return errors.New("failed to validate number of groups created")
 	}
 	return nil
diff --git a/test/e2e/testbench/testbench.go b/test/e2e/testbench/testbench.go
index c5553c593..9f4e33446 100644
--- a/test/e2e/testbench/testbench.go
+++ b/test/e2e/testbench/testbench.go
@@ -1,7 +1,6 @@
 package testbench
 
 import (
-	"context"
 	"errors"
 	"fmt"
 	"net"
@@ -12,7 +11,7 @@ import (
 	"gopkg.in/dnaeon/go-vcr.v3/recorder"
 
 	"github.com/raystack/frontier/pkg/logger"
-	frontierv1beta1 "github.com/raystack/frontier/proto/v1beta1"
+	"github.com/raystack/frontier/proto/v1beta1/frontierv1beta1connect"
 
 	"github.com/google/uuid"
 	"github.com/ory/dockertest/v3"
@@ -35,8 +34,8 @@ type TestBench struct {
 	Pool        *dockertest.Pool
 	Network     *docker.Network
 	Resources   []*dockertest.Resource
-	Client      frontierv1beta1.FrontierServiceClient
-	AdminClient frontierv1beta1.AdminServiceClient
+	Client      frontierv1beta1connect.FrontierServiceClient
+	AdminClient frontierv1beta1connect.AdminServiceClient
 	close       func() error
 }
 
@@ -112,14 +111,15 @@ func Init(appConfig *config.Frontier) (*TestBench, error) {
 
 	StartFrontier(logger, appConfig)
 
-	// create fixtures
-	sClient, sClose, err := CreateClient(context.Background(), net.JoinHostPort(appConfig.App.Host, strconv.Itoa(appConfig.App.GRPC.Port)))
+	// create ConnectRPC clients using the connect port
+	connectHost := net.JoinHostPort(appConfig.App.Host, strconv.Itoa(appConfig.App.Connect.Port))
+	sClient, err := CreateClient(connectHost)
 	if err != nil {
 		return nil, err
 	}
 	te.Client = sClient
 
-	adClient, adClose, err := CreateAdminClient(context.Background(), net.JoinHostPort(appConfig.App.Host, strconv.Itoa(appConfig.App.GRPC.Port)))
+	adClient, err := CreateAdminClient(connectHost)
 	if err != nil {
 		return nil, err
 	}
@@ -128,10 +128,8 @@ func Init(appConfig *config.Frontier) (*TestBench, error) {
 	te.close = func() error {
 		err1 := pgResource.Close()
 		err2 := spiceDBClose()
-		err3 := sClose()
-		err4 := adClose()
-		err5 := stripeClose()
-		return errors.Join(err1, err2, err3, err4, err5)
+		err3 := stripeClose()
+		return errors.Join(err1, err2, err3)
 	}
 
 	// let frontier start