diff --git a/go.mod b/go.mod
index 9114c9e9..e87d30d5 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,6 @@ require (
 	github.com/aws/aws-sdk-go v1.39.4 // indirect
 	github.com/brianvoe/gofakeit v3.18.0+incompatible
 	github.com/brianvoe/gofakeit/v5 v5.11.2
-	github.com/casbin/casbin/v2 v2.31.3
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/uuid v1.2.0
diff --git a/go.sum b/go.sum
index 35a37166..09627281 100644
--- a/go.sum
+++ b/go.sum
@@ -64,8 +64,6 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53/go.mod h1:+3IMCy2vIlbG1XG/0ggNQv0SvxCAIpPM5b1nCz56Xno=
 github.com/CloudyKit/jet/v3 v3.0.0/go.mod h1:HKQPgSJmdK8hdoAbKUUWajkHyHo4RaU5rMdUywE7VMo=
 github.com/Joker/hpp v1.0.0/go.mod h1:8x5n+M1Hp5hC0g8okX3sR3vFQwynaX/UgSOM9MeBKzY=
-github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1:1G1pk05UrOh0NlF1oeaaix1x8XzrfjIDK47TY0Zehcw=
-github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/Shopify/goreferrer v0.0.0-20181106222321-ec9c9a553398/go.mod h1:a1uqRtAwp2Xwc6WNPJEufxJ7fx3npB4UV/JOLmbu5I0=
 github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
 github.com/agnivade/levenshtein v1.0.3/go.mod h1:4SFRZbbXWLF4MU1T9Qg0pGgH3Pjs+t6ie5efyrwRJXs=
@@ -88,8 +86,6 @@ github.com/brianvoe/gofakeit v3.18.0+incompatible h1:wDOmHc9DLG4nRjUVVaxA+CEglKO
 github.com/brianvoe/gofakeit v3.18.0+incompatible/go.mod h1:kfwdRA90vvNhPutZWfH7WPaDzUjz+CZFqG+rPkOjGOc=
 github.com/brianvoe/gofakeit/v5 v5.11.2 h1:Ny5Nsf4z2023ZvYP8ujW8p5B1t5sxhdFaQ/0IYXbeSA=
 github.com/brianvoe/gofakeit/v5 v5.11.2/go.mod h1:/ZENnKqX+XrN8SORLe/fu5lZDIo1tuPncWuRD+eyhSI=
-github.com/casbin/casbin/v2 v2.31.3 h1:NaPzGmLYWAtEgItUjqH8aGP6cvIYOY2X4HNMusCuuzY=
-github.com/casbin/casbin/v2 v2.31.3/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -107,10 +103,8 @@ github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcju
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -348,9 +342,7 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4=
 github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
-github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/savannahghi/converterandformatter v0.0.3/go.mod h1:0o7yieYU10WabPqKuqj+5QL52eTL1eGElxjb+A68bbA=
@@ -393,7 +385,6 @@ github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNX
 github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
-github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/shurcooL/vfsgen v0.0.0-20180121065927-ffb13db8def0/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
@@ -425,7 +416,6 @@ github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGr
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
-github.com/urfave/cli/v2 v2.1.1 h1:Qt8FeAtxE/vfdrLmR3rxR6JRE0RoVmbXu8+6kZtYU4k=
 github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
 github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
diff --git a/pkg/onboarding/presentation/config.go b/pkg/onboarding/presentation/config.go
index 406829a7..05ffe99c 100644
--- a/pkg/onboarding/presentation/config.go
+++ b/pkg/onboarding/presentation/config.go
@@ -18,10 +18,8 @@ import (
 	"github.com/savannahghi/onboarding/pkg/onboarding/usecases"
 
 	"github.com/99designs/gqlgen/graphql/handler"
-	"github.com/99designs/gqlgen/graphql/playground"
 	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
-	"github.com/savannahghi/interserviceclient"
 	"github.com/savannahghi/onboarding/pkg/onboarding/presentation/graph"
 	"github.com/savannahghi/onboarding/pkg/onboarding/presentation/graph/generated"
 	"github.com/savannahghi/onboarding/pkg/onboarding/presentation/rest"
@@ -80,193 +78,9 @@ func Router(ctx context.Context) (*mux.Router, error) {
 	// Add Middleware that records the metrics for HTTP routes
 	r.Use(serverutils.CustomHTTPRequestMetricsMiddleware())
 
-	// Unauthenticated routes
-	r.Path("/switch_flagged_features").Methods(
-		http.MethodPost,
-		http.MethodOptions,
-	).HandlerFunc(
-		h.SwitchFlaggedFeaturesHandler(),
-	)
-
-	// misc routes
-	r.Path("/ide").HandlerFunc(playground.Handler("GraphQL IDE", "/graphql"))
-	r.Path("/health").HandlerFunc(HealthStatusCheck)
-
-	// Admin service polling
-	r.Path("/poll_services").Methods(http.MethodGet).HandlerFunc(h.PollServices())
-
-	// signup routes
-	r.Path("/verify_phone").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.VerifySignUpPhoneNumber())
-	r.Path("/create_user_by_phone").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.CreateUserWithPhoneNumber())
-	r.Path("/user_recovery_phonenumbers").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.UserRecoveryPhoneNumbers())
-	r.Path("/set_primary_phonenumber").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.SetPrimaryPhoneNumber())
-
-	// LoginByPhone routes
-	r.Path("/login_by_phone").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.LoginByPhone())
-	r.Path("/login_anonymous").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.LoginAnonymous())
-	r.Path("/refresh_token").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.RefreshToken())
-
-	// PIN Routes
-	r.Path("/reset_pin").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.ResetPin())
-
-	r.Path("/request_pin_reset").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.RequestPINReset())
-
-	//OTP routes
-	r.Path("/send_otp").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.SendOTP())
-
-	r.Path("/send_retry_otp").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.SendRetryOTP())
-
-	r.Path("/remove_user").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.RemoveUserByPhoneNumber())
-
-	r.Path("/add_admin_permissions").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.AddAdminPermsToUser())
-
-	r.Path("/remove_admin_permissions").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.RemoveAdminPermsToUser())
-
-	// Authenticated routes
-	rs := r.PathPrefix("/roles").Subrouter()
-	rs.Use(firebasetools.AuthenticationMiddleware(firebaseApp))
-	rs.Path("/create_role").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.CreateRole())
-	rs.Path("/assign_role").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.AssignRole())
-	rs.Path("/remove_role").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.RemoveRoleByName())
-
-	rs.Path("/add_user_role").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.AddRoleToUser())
-
-	rs.Path("/remove_user_role").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.RemoveRoleToUser())
-
-	// Interservice Authenticated routes
-	isc := r.PathPrefix("/internal").Subrouter()
-	isc.Use(interserviceclient.InterServiceAuthenticationMiddleware())
-	isc.Path("/user_profile").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.GetUserProfileByUID())
-	isc.Path("/retrieve_user_profile").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.GetUserProfileByPhoneOrEmail())
-	isc.Path("/contactdetails/{attribute}/").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.ProfileAttributes())
-	isc.Path("/check_permission").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.CheckHasPermission())
-
-	// Interservice Authenticated routes
-	// The reason for the below endpoints to be used for interservice communication
-	// is to allow for the creation and deletion of internal `test` users that can be used
-	// to run tests in other services that require an authenticated user.
-	// These endpoint have been used in the `Base` lib to create and delete the test users
-	iscTesting := r.PathPrefix("/testing").Subrouter()
-	iscTesting.Use(interserviceclient.InterServiceAuthenticationMiddleware())
-	iscTesting.Path("/verify_phone").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.VerifySignUpPhoneNumber())
-	iscTesting.Path("/create_user_by_phone").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.CreateUserWithPhoneNumber())
-	iscTesting.Path("/login_by_phone").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.LoginByPhone())
-	iscTesting.Path("/remove_user").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.RemoveUserByPhoneNumber())
-	iscTesting.Path("/register_push_token").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.RegisterPushToken())
-	iscTesting.Path("/add_admin_permissions").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.AddAdminPermsToUser())
-	iscTesting.Path("/add_user_role").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.AddRoleToUser())
-	iscTesting.Path("/remove_user_role").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.RemoveRoleToUser())
-	iscTesting.Path("/update_user_profile").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.UpdateUserProfile())
-	iscTesting.Path("/create_role").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.CreateRole())
-	iscTesting.Path("/assign_role").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.AssignRole())
-	iscTesting.Path("/remove_role").Methods(
-		http.MethodPost,
-		http.MethodOptions).
-		HandlerFunc(h.RemoveRoleByName())
+	SharedRoutes(h, r)
 
-	// Authenticated routes
+	// Graphql route
 	authR := r.Path("/graphql").Subrouter()
 	authR.Use(firebasetools.AuthenticationMiddleware(firebaseApp))
 	authR.Methods(
diff --git a/pkg/onboarding/presentation/routes.go b/pkg/onboarding/presentation/routes.go
new file mode 100644
index 00000000..94a7ee25
--- /dev/null
+++ b/pkg/onboarding/presentation/routes.go
@@ -0,0 +1,217 @@
+package presentation
+
+import (
+	"net/http"
+
+	"github.com/99designs/gqlgen/graphql/playground"
+	"github.com/gorilla/mux"
+	"github.com/savannahghi/firebasetools"
+	"github.com/savannahghi/interserviceclient"
+	"github.com/savannahghi/onboarding/pkg/onboarding/presentation/rest"
+)
+
+// SharedRoutes return REST routes shared by open/closed onboarding services
+func SharedRoutes(handlers rest.HandlersInterfaces, r *mux.Router) {
+	SharedUnauthenticatedRoutes(handlers, r)
+	SharedAuthenticatedISCRoutes(handlers, r)
+	SharedAuthenticatedRoutes(handlers, r)
+}
+
+// SharedUnauthenticatedRoutes return REST routes shared by open/closed onboarding services
+func SharedUnauthenticatedRoutes(handlers rest.HandlersInterfaces, r *mux.Router) {
+	// Unauthenticated routes
+	r.Path("/switch_flagged_features").Methods(
+		http.MethodPost,
+		http.MethodOptions,
+	).HandlerFunc(
+		handlers.SwitchFlaggedFeaturesHandler(),
+	)
+
+	// misc routes
+	r.Path("/ide").HandlerFunc(playground.Handler("GraphQL IDE", "/graphql"))
+	r.Path("/health").HandlerFunc(HealthStatusCheck)
+
+	// Admin service polling
+	r.Path("/poll_services").Methods(http.MethodGet).HandlerFunc(handlers.PollServices())
+
+	// signup routes
+	r.Path("/verify_phone").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.VerifySignUpPhoneNumber())
+	r.Path("/create_user_by_phone").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.CreateUserWithPhoneNumber())
+	r.Path("/user_recovery_phonenumbers").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.UserRecoveryPhoneNumbers())
+	r.Path("/set_primary_phonenumber").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.SetPrimaryPhoneNumber())
+
+	// LoginByPhone routes
+	r.Path("/login_by_phone").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.LoginByPhone())
+	r.Path("/login_anonymous").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.LoginAnonymous())
+	r.Path("/refresh_token").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.RefreshToken())
+
+	// PIN Routes
+	r.Path("/reset_pin").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.ResetPin())
+
+	r.Path("/request_pin_reset").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.RequestPINReset())
+
+	//OTP routes
+	r.Path("/send_otp").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.SendOTP())
+
+	r.Path("/send_retry_otp").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.SendRetryOTP())
+
+	r.Path("/remove_user").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.RemoveUserByPhoneNumber())
+
+	r.Path("/add_admin_permissions").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.AddAdminPermsToUser())
+
+	r.Path("/remove_admin_permissions").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.RemoveAdminPermsToUser())
+}
+
+// SharedAuthenticatedRoutes return REST routes shared by open/closed onboarding services
+func SharedAuthenticatedRoutes(handlers rest.HandlersInterfaces, r *mux.Router) {
+	fc := &firebasetools.FirebaseClient{}
+	firebaseApp, _ := fc.InitFirebase()
+
+	// Authenticated routes
+	rs := r.PathPrefix("/roles").Subrouter()
+	rs.Use(firebasetools.AuthenticationMiddleware(firebaseApp))
+	rs.Path("/create_role").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.CreateRole())
+	rs.Path("/assign_role").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.AssignRole())
+	rs.Path("/remove_role").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.RemoveRoleByName())
+
+	rs.Path("/add_user_role").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.AddRoleToUser())
+
+	rs.Path("/remove_user_role").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.RemoveRoleToUser())
+
+}
+
+// SharedAuthenticatedISCRoutes return ISC REST routes shared by open/closed onboarding services
+func SharedAuthenticatedISCRoutes(handlers rest.HandlersInterfaces, r *mux.Router) {
+	// Interservice Authenticated routes
+	isc := r.PathPrefix("/internal").Subrouter()
+	isc.Use(interserviceclient.InterServiceAuthenticationMiddleware())
+	isc.Path("/user_profile").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.GetUserProfileByUID())
+	isc.Path("/retrieve_user_profile").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.GetUserProfileByPhoneOrEmail())
+	isc.Path("/contactdetails/{attribute}/").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.ProfileAttributes())
+	isc.Path("/check_permission").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.CheckHasPermission())
+
+	// Interservice Authenticated routes
+	// The reason for the below endpoints to be used for interservice communication
+	// is to allow for the creation and deletion of internal `test` users that can be used
+	// to run tests in other services that require an authenticated user.
+	// These endpoint have been used in the `Base` lib to create and delete the test users
+	iscTesting := r.PathPrefix("/testing").Subrouter()
+	iscTesting.Use(interserviceclient.InterServiceAuthenticationMiddleware())
+	iscTesting.Path("/verify_phone").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.VerifySignUpPhoneNumber())
+	iscTesting.Path("/create_user_by_phone").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.CreateUserWithPhoneNumber())
+	iscTesting.Path("/login_by_phone").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.LoginByPhone())
+	iscTesting.Path("/remove_user").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.RemoveUserByPhoneNumber())
+	iscTesting.Path("/register_push_token").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.RegisterPushToken())
+	iscTesting.Path("/add_admin_permissions").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.AddAdminPermsToUser())
+	iscTesting.Path("/add_user_role").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.AddRoleToUser())
+	iscTesting.Path("/remove_user_role").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.RemoveRoleToUser())
+	iscTesting.Path("/update_user_profile").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.UpdateUserProfile())
+	iscTesting.Path("/create_role").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.CreateRole())
+	iscTesting.Path("/assign_role").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.AssignRole())
+	iscTesting.Path("/remove_role").Methods(
+		http.MethodPost,
+		http.MethodOptions).
+		HandlerFunc(handlers.RemoveRoleByName())
+}