diff --git a/docker-compose/wallet-api/config/auth.conf b/docker-compose/wallet-api/config/auth.conf
new file mode 100644
index 000000000..e166773db
--- /dev/null
+++ b/docker-compose/wallet-api/config/auth.conf
@@ -0,0 +1,4 @@
+encryptionKey = "dncygwnvivxzlohc" //<128 bit -- key> a 128 bit (16 chars) key
+signKey = "jyjeylmidlylokzh" //<128 bit -- key> a 128 bit (16 chars) key
+
+tokenKey = "hjklwcptiniwjkdwwkigreumcayoyiso" //<a - longer 256+ bit key - here> at least 256 bit (32 chars)
diff --git a/docker-compose/wallet-api/config/notification.conf b/docker-compose/wallet-api/config/notification.conf
new file mode 100644
index 000000000..d325a3839
--- /dev/null
+++ b/docker-compose/wallet-api/config/notification.conf
@@ -0,0 +1,2 @@
+url = "<webhook>"
+apiKey = "<apiKey>"
\ No newline at end of file
diff --git a/docker-compose/wallet-api/config/rejectionreason.conf b/docker-compose/wallet-api/config/rejectionreason.conf
new file mode 100644
index 000000000..15652ca1e
--- /dev/null
+++ b/docker-compose/wallet-api/config/rejectionreason.conf
@@ -0,0 +1,6 @@
+reasons = [
+    "Unknown sender",
+    "Not relevant to me",
+    "Unsure about accuracy",
+    "Need more details",
+]
\ No newline at end of file
diff --git a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/OidcLoginService.kt b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/OidcLoginService.kt
index cbf442c46..6adbbcdaf 100644
--- a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/OidcLoginService.kt
+++ b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/OidcLoginService.kt
@@ -2,13 +2,11 @@ package id.walt.webwallet.service
 
 import com.auth0.jwk.JwkProvider
 import com.auth0.jwk.JwkProviderBuilder
-import id.walt.webwallet.config.ConfigManager
-import id.walt.webwallet.config.OidcConfiguration
+import id.walt.webwallet.service.WalletServiceManager.oidcConfig
 import java.net.URL
 import java.util.concurrent.TimeUnit
 
 object OidcLoginService {
-    private val oidcConfig = ConfigManager.getConfig<OidcConfiguration>()
     val jwkProvider: JwkProvider = JwkProviderBuilder(URL(oidcConfig.oidcJwks))
         .cached(oidcConfig.jwksCache.cacheSize.toLong(), oidcConfig.jwksCache.cacheExpirationHours.toLong(), TimeUnit.HOURS)
         .rateLimited(
diff --git a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/WalletServiceManager.kt b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/WalletServiceManager.kt
index d78812a08..647f7f66d 100644
--- a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/WalletServiceManager.kt
+++ b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/WalletServiceManager.kt
@@ -1,6 +1,7 @@
 package id.walt.webwallet.service
 
 import id.walt.webwallet.config.ConfigManager
+import id.walt.webwallet.config.OidcConfiguration
 import id.walt.webwallet.config.TrustConfig
 import id.walt.webwallet.db.models.AccountWalletMappings
 import id.walt.webwallet.db.models.AccountWalletPermissions
@@ -40,6 +41,7 @@ object WalletServiceManager {
     private val credentialService = CredentialsService()
     private val credentialTypeSeeker = DefaultCredentialTypeSeeker()
     private val eventUseCase = EventUseCase(EventService())
+    val oidcConfig by lazy { ConfigManager.getConfig<OidcConfiguration>() }
     val issuerUseCase = IssuerUseCaseImpl(service = IssuersService, http = httpClient)
     val issuerTrustValidationService = DefaultTrustValidationService(httpClient, trustConfig.issuersRecord)
     val verifierTrustValidationService = DefaultTrustValidationService(httpClient, trustConfig.verifiersRecord)
diff --git a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/account/AccountsService.kt b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/account/AccountsService.kt
index e1f7d7005..fdbab8e73 100644
--- a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/account/AccountsService.kt
+++ b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/account/AccountsService.kt
@@ -23,7 +23,7 @@ object AccountsService {
 
     private val eventUseCase = EventUseCase(EventService())
     fun registerAuthenticationMethods() {
-        val loginMethods = ConfigManager.getConfig<LoginMethodsConfig>().enabledLoginMethods
+//        val loginMethods = ConfigManager.getConfig<LoginMethodsConfig>().enabledLoginMethods
     }
 
     val defaultGenerationConfig by lazy { ConfigManager.getConfig<RegistrationDefaultsConfig>() }
diff --git a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/account/KeycloakAccountStrategy.kt b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/account/KeycloakAccountStrategy.kt
index 43fa0b995..24ef71abb 100644
--- a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/account/KeycloakAccountStrategy.kt
+++ b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/account/KeycloakAccountStrategy.kt
@@ -5,11 +5,10 @@ import com.auth0.jwt.JWT
 import com.auth0.jwt.algorithms.Algorithm
 import com.auth0.jwt.interfaces.DecodedJWT
 import id.walt.crypto.utils.JsonUtils.toJsonObject
-import id.walt.webwallet.config.ConfigManager
-import id.walt.webwallet.config.OidcConfiguration
 import id.walt.webwallet.db.models.Accounts
 import id.walt.webwallet.db.models.OidcLogins
 import id.walt.webwallet.service.OidcLoginService
+import id.walt.webwallet.service.WalletServiceManager.oidcConfig
 import id.walt.webwallet.web.controllers.ByteLoginRequest
 import id.walt.webwallet.web.model.KeycloakAccountRequest
 import id.walt.webwallet.web.model.KeycloakLogoutRequest
@@ -44,8 +43,6 @@ object KeycloakAccountStrategy : PasswordAccountStrategy<KeycloakAccountRequest>
         }
     }
 
-    val config = ConfigManager.getConfig<OidcConfiguration>()
-
     override suspend fun register(
         tenant: String,
         request: KeycloakAccountRequest
@@ -66,7 +63,7 @@ object KeycloakAccountStrategy : PasswordAccountStrategy<KeycloakAccountRequest>
                 .toJsonObject()
 
         val res =
-            http.post(config.keycloakUserApi) {
+            http.post(oidcConfig.keycloakUserApi) {
                 contentType(ContentType.Application.Json)
                 headers {
                     append("Content-Type", "application/json")
@@ -82,7 +79,7 @@ object KeycloakAccountStrategy : PasswordAccountStrategy<KeycloakAccountRequest>
         }
 
         val oidcAccountId = res.headers["Location"]?.split("/")?.last() ?: throw RuntimeException(
-            "Missing header-parameter 'Location' when creating user ${request.username} at the Keycloak user API ${config.keycloakUserApi}"
+            "Missing header-parameter 'Location' when creating user ${request.username} at the Keycloak user API ${oidcConfig.keycloakUserApi}"
         )
 
         val hash = request.password?.let {
@@ -187,8 +184,8 @@ object KeycloakAccountStrategy : PasswordAccountStrategy<KeycloakAccountRequest>
     private suspend fun getTokenExchange(request: KeycloakAccountRequest): String {
         val requestParams =
             mapOf(
-                "client_id" to config.clientId,
-                "client_secret" to config.clientSecret,
+                "client_id" to oidcConfig.clientId,
+                "client_secret" to oidcConfig.clientSecret,
                 "grant_type" to "urn:ietf:params:oauth:grant-type:token-exchange",
                 "subject_token" to request.token,
                 "subject_token_type" to "urn:ietf:params:oauth:token-type:access_token",
@@ -197,7 +194,7 @@ object KeycloakAccountStrategy : PasswordAccountStrategy<KeycloakAccountRequest>
 
         val requestBody = requestParams.map { (k, v) -> "$k=$v" }.joinToString("&")
         val res =
-            http.post(config.accessTokenUrl) {
+            http.post(oidcConfig.accessTokenUrl) {
                 headers { append("Content-Type", "application/x-www-form-urlencoded") }
                 setBody(requestBody)
             }
@@ -221,8 +218,8 @@ object KeycloakAccountStrategy : PasswordAccountStrategy<KeycloakAccountRequest>
     ): String {
         val requestParams =
             mutableMapOf(
-                "client_id" to config.clientId,
-                "client_secret" to config.clientSecret,
+                "client_id" to oidcConfig.clientId,
+                "client_secret" to oidcConfig.clientSecret,
                 "grant_type" to grantType
             )
 
@@ -236,7 +233,7 @@ object KeycloakAccountStrategy : PasswordAccountStrategy<KeycloakAccountRequest>
 
         val requestBody = requestParams.map { (k, v) -> "$k=$v" }.joinToString("&")
         val res =
-            http.post(config.accessTokenUrl) {
+            http.post(oidcConfig.accessTokenUrl) {
                 headers { append("Content-Type", "application/x-www-form-urlencoded") }
                 setBody(requestBody)
             }
@@ -260,7 +257,7 @@ object KeycloakAccountStrategy : PasswordAccountStrategy<KeycloakAccountRequest>
         val requestBody = requestParams.map { (k, v) -> "$k=$v" }.joinToString("&")
 
         val res =
-            http.post(config.keycloakUserApi + "/" + request.keycloakUserId + "/logout") {
+            http.post(oidcConfig.keycloakUserApi + "/" + request.keycloakUserId + "/logout") {
                 contentType(ContentType.Application.Json)
                 headers {
                     append("Content-Type", "application/json")
diff --git a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/credentials/RejectionReasonService.kt b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/credentials/RejectionReasonService.kt
index 884a2544e..3f39f3df0 100644
--- a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/credentials/RejectionReasonService.kt
+++ b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/credentials/RejectionReasonService.kt
@@ -1,11 +1,9 @@
 package id.walt.webwallet.service.credentials
 
+import id.walt.webwallet.config.ConfigManager
 import id.walt.webwallet.config.RejectionReasonConfig
-import id.walt.webwallet.config.WalletConfig
-
-class RejectionReasonService(
-    private val config: WalletConfig,
-) {
 
+class RejectionReasonService {
+    private val config by lazy { ConfigManager.getConfig<RejectionReasonConfig>() }
     fun list(): List<String> = (config as? RejectionReasonConfig)?.reasons ?: emptyList()
 }
\ No newline at end of file
diff --git a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/AuthController.kt b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/AuthController.kt
index 4441ab26a..fec4ef271 100644
--- a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/AuthController.kt
+++ b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/AuthController.kt
@@ -9,12 +9,12 @@ import com.nimbusds.jose.crypto.MACVerifier
 import id.walt.crypto.utils.JsonUtils.toJsonElement
 import id.walt.webwallet.config.AuthConfig
 import id.walt.webwallet.config.ConfigManager
-import id.walt.webwallet.config.OidcConfiguration
 import id.walt.webwallet.config.WebConfig
 import id.walt.webwallet.db.models.AccountWalletMappings
 import id.walt.webwallet.db.models.AccountWalletPermissions
 import id.walt.webwallet.service.OidcLoginService
 import id.walt.webwallet.service.WalletServiceManager
+import id.walt.webwallet.service.WalletServiceManager.oidcConfig
 import id.walt.webwallet.service.account.AccountsService
 import id.walt.webwallet.service.account.KeycloakAccountStrategy
 import id.walt.webwallet.web.ForbiddenException
@@ -71,7 +71,6 @@ object AuthKeys {
 
 fun Application.configureSecurity() {
     val webConfig = ConfigManager.getConfig<WebConfig>()
-    val oidcConfig = ConfigManager.getConfig<OidcConfiguration>()
     install(Sessions) {
         cookie<LoginTokenSession>("login") {
             // cookie.encoding = CookieEncoding.BASE64_ENCODING
@@ -309,7 +308,6 @@ fun Application.auth() {
             }
 
             get("logout-oidc", { description = "Logout via OIDC provider" }) {
-                val oidcConfig = ConfigManager.getConfig<OidcConfiguration>()
                 val webConfig = ConfigManager.getConfig<WebConfig>()
                 call.respondRedirect(
                     "${oidcConfig.logoutUrl}?post_logout_redirect_uri=${webConfig.publicBaseUrl}&client_id=${oidcConfig.clientId}"
diff --git a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/ManifestController.kt b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/ManifestController.kt
index 89e4e0e81..542059131 100644
--- a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/ManifestController.kt
+++ b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/ManifestController.kt
@@ -147,7 +147,7 @@ fun Application.manifest() = walletRoute {
 }
 
 internal suspend fun callManifest(parameters: Parameters, method: suspend (Parameters) -> JsonObject?): JsonObject? {
-    val runtimeConfig = ConfigManager.getConfig<RuntimeConfig>()
+    val runtimeConfig by lazy { ConfigManager.getConfig<RuntimeConfig>() }
     return if (runtimeConfig.mock) {
         EntraMockManifestExtractor().extract("")
     } else {
diff --git a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/ReasonController.kt b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/ReasonController.kt
index 6457969f5..5e7cf81a9 100644
--- a/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/ReasonController.kt
+++ b/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/ReasonController.kt
@@ -1,7 +1,5 @@
 package id.walt.webwallet.web.controllers
 
-import id.walt.webwallet.config.ConfigManager
-import id.walt.webwallet.config.RejectionReasonConfig
 import id.walt.webwallet.service.credentials.RejectionReasonService
 import id.walt.webwallet.web.WebBaseRoutes.authenticatedWebWalletRoute
 import io.github.smiley4.ktorswaggerui.dsl.get
@@ -24,7 +22,7 @@ fun Application.reasons() = authenticatedWebWalletRoute {
                 }
             }
         }) {
-            val service = RejectionReasonService(ConfigManager.getConfig<RejectionReasonConfig>())
+            val service = RejectionReasonService()
             context.respond(service.list())
         }
     }