feat: added user-friendly format to dashboard variable url

"
feat: added variable in url and made dashboard sync around that and sharable (#7944 )
2025-05-20 10:52:30 +05:30 · 2025-05-17 04:05:07 +05:30 · 2025-05-17 04:05:07 +05:30 · 2025-05-17 04:05:07 +05:30
1101 changed files with 30832 additions and 145842 deletions
--- a/.devenv/docker/clickhouse/compose.yaml
+++ b/.devenv/docker/clickhouse/compose.yaml
@@ -40,7 +40,7 @@ services:
      timeout: 5s
      retries: 3
  schema-migrator-sync:
-    image: signoz/signoz-schema-migrator:v0.111.42
+    image: signoz/signoz-schema-migrator:v0.111.41
    container_name: schema-migrator-sync
    command:
      - sync
@@ -53,7 +53,7 @@ services:
        condition: service_healthy
    restart: on-failure
  schema-migrator-async:
-    image: signoz/signoz-schema-migrator:v0.111.42
+    image: signoz/signoz-schema-migrator:v0.111.41
    container_name: schema-migrator-async
    command:
      - async
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -11,10 +11,4 @@
 /pkg/errors/ @grandwizard28
 /pkg/factory/ @grandwizard28
 /pkg/types/ @grandwizard28
-.golangci.yml @grandwizard28
-/pkg/zeus/ @vikrantgupta25
-/pkg/licensing/ @vikrantgupta25
 /pkg/sqlmigration/ @vikrantgupta25
-/ee/zeus/ @vikrantgupta25
-/ee/licensing/ @vikrantgupta25
-/ee/sqlmigration/ @vikrantgupta25
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -32,7 +32,9 @@ ex:

 > Tag the relevant teams for review:

- frontend / backend / devops
+- [ ] @SigNoz/frontend
+- [ ] @SigNoz/backend
+- [ ] @SigNoz/devops

 ---

--- a/.github/workflows/build-community.yaml
+++ b/.github/workflows/build-community.yaml
@@ -74,8 +74,7 @@ jobs:
        -X github.com/SigNoz/signoz/pkg/version.variant=community
        -X github.com/SigNoz/signoz/pkg/version.hash=${{ needs.prepare.outputs.hash }}
        -X github.com/SigNoz/signoz/pkg/version.time=${{ needs.prepare.outputs.time }}
-        -X github.com/SigNoz/signoz/pkg/version.branch=${{ needs.prepare.outputs.branch }}
-        -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr'
+        -X github.com/SigNoz/signoz/pkg/version.branch=${{ needs.prepare.outputs.branch }}'
      GO_CGO_ENABLED: 1
      DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
      DOCKER_DOCKERFILE_PATH: ./pkg/query-service/Dockerfile.multi-arch
--- a/.github/workflows/build-enterprise.yaml
+++ b/.github/workflows/build-enterprise.yaml
@@ -67,8 +67,9 @@ jobs:
          echo 'TUNNEL_URL="${{ secrets.TUNNEL_URL }}"' >> frontend/.env
          echo 'TUNNEL_DOMAIN="${{ secrets.TUNNEL_DOMAIN }}"' >> frontend/.env
          echo 'POSTHOG_KEY="${{ secrets.POSTHOG_KEY }}"' >> frontend/.env
-          echo 'PYLON_APP_ID="${{ secrets.PYLON_APP_ID }}"' >> frontend/.env
-          echo 'APPCUES_APP_ID="${{ secrets.APPCUES_APP_ID }}"' >> frontend/.env
+          echo 'CUSTOMERIO_ID="${{ secrets.CUSTOMERIO_ID }}"' >> frontend/.env
+          echo 'CUSTOMERIO_SITE_ID="${{ secrets.CUSTOMERIO_SITE_ID }}"' >> frontend/.env
+          echo 'USERPILOT_KEY="${{ secrets.USERPILOT_KEY }}"' >> frontend/.env
      - name: cache-dotenv
        uses: actions/cache@v4
        with:
@@ -108,8 +109,7 @@ jobs:
        -X github.com/SigNoz/signoz/ee/zeus.url=https://api.signoz.cloud
        -X github.com/SigNoz/signoz/ee/zeus.deprecatedURL=https://license.signoz.io
        -X github.com/SigNoz/signoz/ee/query-service/constants.ZeusURL=https://api.signoz.cloud
-        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.signoz.io/api/v1
-        -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr'
+        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.signoz.io/api/v1'
      GO_CGO_ENABLED: 1
      DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
      DOCKER_DOCKERFILE_PATH: ./ee/query-service/Dockerfile.multi-arch
--- a/.github/workflows/build-staging.yaml
+++ b/.github/workflows/build-staging.yaml
@@ -66,8 +66,7 @@ jobs:
          echo 'CI=1' > frontend/.env
          echo 'TUNNEL_URL="${{ secrets.NP_TUNNEL_URL }}"' >> frontend/.env
          echo 'TUNNEL_DOMAIN="${{ secrets.NP_TUNNEL_DOMAIN }}"' >> frontend/.env
-          echo 'PYLON_APP_ID="${{ secrets.NP_PYLON_APP_ID }}"' >> frontend/.env
-          echo 'APPCUES_APP_ID="${{ secrets.NP_APPCUES_APP_ID }}"' >> frontend/.env
+          echo 'USERPILOT_KEY="${{ secrets.NP_USERPILOT_KEY }}"' >> frontend/.env
      - name: cache-dotenv
        uses: actions/cache@v4
        with:
@@ -107,8 +106,7 @@ jobs:
        -X github.com/SigNoz/signoz/ee/zeus.url=https://api.staging.signoz.cloud
        -X github.com/SigNoz/signoz/ee/zeus.deprecatedURL=https://license.staging.signoz.cloud
        -X github.com/SigNoz/signoz/ee/query-service/constants.ZeusURL=https://api.staging.signoz.cloud
-        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.staging.signoz.cloud/api/v1
-        -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr'
+        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.staging.signoz.cloud/api/v1'
      GO_CGO_ENABLED: 1
      DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
      DOCKER_DOCKERFILE_PATH: ./ee/query-service/Dockerfile.multi-arch
--- a/.github/workflows/gor-signoz.yaml
+++ b/.github/workflows/gor-signoz.yaml
@@ -33,8 +33,9 @@ jobs:
          echo 'TUNNEL_URL="${{ secrets.TUNNEL_URL }}"' >> .env
          echo 'TUNNEL_DOMAIN="${{ secrets.TUNNEL_DOMAIN }}"' >> .env
          echo 'POSTHOG_KEY="${{ secrets.POSTHOG_KEY }}"' >> .env
-          echo 'PYLON_APP_ID="${{ secrets.PYLON_APP_ID }}"' >> .env
-          echo 'APPCUES_APP_ID="${{ secrets.APPCUES_APP_ID }}"' >> .env
+          echo 'CUSTOMERIO_ID="${{ secrets.CUSTOMERIO_ID }}"' >> .env
+          echo 'CUSTOMERIO_SITE_ID="${{ secrets.CUSTOMERIO_SITE_ID }}"' >> .env
+          echo 'USERPILOT_KEY="${{ secrets.USERPILOT_KEY }}"' >> .env
      - name: build-frontend
        run:  make js-build
      - name: upload-frontend-artifact
--- a/.gitignore
+++ b/.gitignore
@@ -66,7 +66,6 @@ e2e/.auth
 # go
 vendor/
 **/main/**
-__debug_bin**

 # git-town
 .git-branches.toml
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,33 +0,0 @@
-linters:
-  default: standard
-  enable:
-    - bodyclose
-    - misspell
-    - nilnil
-    - sloglint
-    - depguard
-    - iface
-
-linters-settings:
-  sloglint:
-    no-mixed-args: true
-    kv-only: true
-    no-global: all
-    context: all
-    static-msg: true
-    msg-style: lowercased
-    key-naming-case: snake
-  depguard:
-    rules:
-      nozap:
-        deny:
-          - pkg: "go.uber.org/zap"
-            desc: "Do not use zap logger. Use slog instead."
-  iface:
-    enable:
-      - identical
-issues:
-  exclude-dirs:
-    - "pkg/query-service"
-    - "ee/query-service"
-    - "scripts/"
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 <p align="center">All your logs, metrics, and traces in one place. Monitor your application, spot issues before they occur and troubleshoot downtime quickly with rich context. SigNoz is a cost-effective open-source alternative to Datadog and New Relic. Visit <a href="https://signoz.io" target="_blank">signoz.io</a> for the full documentation, tutorials, and guide.</p>

 <p align="center">
-    <img alt="Downloads" src="https://img.shields.io/docker/pulls/signoz/signoz.svg?label=Docker%20Downloads"> </a>
+    <img alt="Downloads" src="https://img.shields.io/docker/pulls/signoz/query-service?label=Docker Downloads"> </a>
    <img alt="GitHub issues" src="https://img.shields.io/github/issues/signoz/signoz"> </a>
    <a href="https://twitter.com/intent/tweet?text=Monitor%20your%20applications%20and%20troubleshoot%20problems%20with%20SigNoz,%20an%20open-source%20alternative%20to%20DataDog,%20NewRelic.&url=https://signoz.io/&via=SigNozHQ&hashtags=opensource,signoz,observability"> 
        <img alt="tweet" src="https://img.shields.io/twitter/url/http/shields.io.svg?style=social"> </a> 
--- a/conf/example.yaml
+++ b/conf/example.yaml
@@ -165,62 +165,8 @@ alertmanager:
      # Retention of the notification logs.
      retention: 120h

-##################### Emailing #####################
-emailing:
-  # Whether to enable emailing.
-  enabled: false
-  templates:
-    # The directory containing the email templates. This directory should contain a list of files defined at pkg/types/emailtypes/template.go.
-    directory: /opt/signoz/conf/templates/email
-  smtp:
-    # The SMTP server address.
-    address: localhost:25
-    # The email address to use for the SMTP server.
-    from:
-    # The hello message to use for the SMTP server.
-    hello:
-    # The static headers to send with the email.
-    headers: {}
-    auth:
-      # The username to use for the SMTP server.
-      username:
-      # The password to use for the SMTP server.
-      password:
-      # The secret to use for the SMTP server.
-      secret:
-      # The identity to use for the SMTP server.
-      identity:
-    tls:
-      # Whether to enable TLS. It should be false in most cases since the authentication mechanism should use the STARTTLS extension instead.
-      enabled: false
-      # Whether to skip TLS verification.
-      insecure_skip_verify: false
-      # The path to the CA file.
-      ca_file_path:
-      # The path to the key file.
-      key_file_path:
-      # The path to the certificate file.
-      cert_file_path:
-
-##################### Sharder (experimental) #####################
-sharder:
-  # Specifies the sharder provider to use.
-  provider: noop
-  single:
-    # The org id to which this instance belongs to.
-    org_id: org_id

 ##################### Analytics #####################
 analytics:
  # Whether to enable analytics.
  enabled: false
-  segment:
-    # The key to use for segment.
-    key: ""
-
-##################### StatsReporter #####################
-statsreporter:
-  # Whether to enable stats reporter. This is used to provide valuable insights to the SigNoz team. It does not collect any sensitive/PII data.
-  enabled: true
-  # The interval at which the stats are collected.
-  interval: 6h
--- a/deploy/docker-swarm/docker-compose.ha.yaml
+++ b/deploy/docker-swarm/docker-compose.ha.yaml
@@ -174,7 +174,7 @@ services:
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:v0.87.0
+    image: signoz/signoz:v0.83.0
    command:
      - --config=/root/config/prometheus.yml
    ports:
@@ -206,7 +206,7 @@ services:
      retries: 3
  otel-collector:
    !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:v0.111.42
+    image: signoz/signoz-otel-collector:v0.111.41
    command:
      - --config=/etc/otel-collector-config.yaml
      - --manager-config=/etc/manager-config.yaml
@@ -230,7 +230,7 @@ services:
      - signoz
  schema-migrator:
    !!merge <<: *common
-    image: signoz/signoz-schema-migrator:v0.111.42
+    image: signoz/signoz-schema-migrator:v0.111.41
    deploy:
      restart_policy:
        condition: on-failure
--- a/deploy/docker-swarm/docker-compose.yaml
+++ b/deploy/docker-swarm/docker-compose.yaml
@@ -100,33 +100,26 @@ services:
    #   - "9000:9000"
    #   - "8123:8123"
    #   - "9181:9181"
-              
-    configs:
-      - source: clickhouse-config
-        target: /etc/clickhouse-server/config.xml
-      - source: clickhouse-users
-        target: /etc/clickhouse-server/users.xml
-      - source: clickhouse-custom-function
-        target: /etc/clickhouse-server/custom-function.xml
-      - source: clickhouse-cluster
-        target: /etc/clickhouse-server/config.d/cluster.xml
-        
    volumes:
+      - ../common/clickhouse/config.xml:/etc/clickhouse-server/config.xml
+      - ../common/clickhouse/users.xml:/etc/clickhouse-server/users.xml
+      - ../common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
+      - ../common/clickhouse/user_scripts:/var/lib/clickhouse/user_scripts/
+      - ../common/clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
      - clickhouse:/var/lib/clickhouse/
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:v0.87.0
+    image: signoz/signoz:v0.83.0
    command:
      - --config=/root/config/prometheus.yml
    ports:
      - "8080:8080" # signoz port
    #   - "6060:6060"     # pprof port
    volumes:
+      - ../common/signoz/prometheus.yml:/root/config/prometheus.yml
+      - ../common/dashboards:/root/config/dashboards
      - sqlite:/var/lib/signoz/
-    configs:
-      - source: signoz-prometheus-config
-        target: /root/config/prometheus.yml
    environment:
      - SIGNOZ_ALERTMANAGER_PROVIDER=signoz
      - SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_DSN=tcp://clickhouse:9000
@@ -148,17 +141,15 @@ services:
      retries: 3
  otel-collector:
    !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:v0.111.42
+    image: signoz/signoz-otel-collector:v0.111.41
    command:
      - --config=/etc/otel-collector-config.yaml
      - --manager-config=/etc/manager-config.yaml
      - --copy-path=/var/tmp/collector-config.yaml
      - --feature-gates=-pkg.translator.prometheus.NormalizeName
-    configs:
-      - source: otel-collector-config
-        target: /etc/otel-collector-config.yaml
-      - source: otel-manager-config
-        target: /etc/manager-config.yaml
+    volumes:
+      - ./otel-collector-config.yaml:/etc/otel-collector-config.yaml
+      - ../common/signoz/otel-collector-opamp-config.yaml:/etc/manager-config.yaml
    environment:
      - OTEL_RESOURCE_ATTRIBUTES=host.name={{.Node.Hostname}},os.type={{.Node.Platform.OS}}
      - LOW_CARDINAL_EXCEPTION_GROUPING=false
@@ -174,7 +165,7 @@ services:
      - signoz
  schema-migrator:
    !!merge <<: *common
-    image: signoz/signoz-schema-migrator:v0.111.42
+    image: signoz/signoz-schema-migrator:v0.111.41
    deploy:
      restart_policy:
        condition: on-failure
@@ -195,26 +186,3 @@ volumes:
    name: signoz-sqlite
  zookeeper-1:
    name: signoz-zookeeper-1
-
-configs:
-  clickhouse-config:
-    file: ../common/clickhouse/config.xml
-  clickhouse-users:
-    file: ../common/clickhouse/users.xml
-  clickhouse-custom-function:
-    file: ../common/clickhouse/custom-function.xml
-  clickhouse-cluster:
-    file: ../common/clickhouse/cluster.xml
-
-  signoz-prometheus-config:
-    file: ../common/signoz/prometheus.yml
-  # If you have multiple dashboard files, you can list them individually:
-  # dashboard-foo:
-  #   file: ../common/dashboards/foo.json
-  # dashboard-bar:
-  #   file: ../common/dashboards/bar.json
-
-  otel-collector-config:
-    file: ./otel-collector-config.yaml
-  otel-manager-config:
-    file: ../common/signoz/otel-collector-opamp-config.yaml
--- a/deploy/docker/docker-compose.ha.yaml
+++ b/deploy/docker/docker-compose.ha.yaml
@@ -177,7 +177,7 @@ services:
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.87.0}
+    image: signoz/signoz:${VERSION:-v0.83.0}
    container_name: signoz
    command:
      - --config=/root/config/prometheus.yml
@@ -210,7 +210,7 @@ services:
  # TODO: support otel-collector multiple replicas. Nginx/Traefik for loadbalancing?
  otel-collector:
    !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.111.42}
+    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.111.41}
    container_name: signoz-otel-collector
    command:
      - --config=/etc/otel-collector-config.yaml
@@ -236,7 +236,7 @@ services:
        condition: service_healthy
  schema-migrator-sync:
    !!merge <<: *common
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.41}
    container_name: schema-migrator-sync
    command:
      - sync
@@ -247,7 +247,7 @@ services:
        condition: service_healthy
  schema-migrator-async:
    !!merge <<: *db-depend
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.41}
    container_name: schema-migrator-async
    command:
      - async
--- a/deploy/docker/docker-compose.yaml
+++ b/deploy/docker/docker-compose.yaml
@@ -110,7 +110,7 @@ services:
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.87.0}
+    image: signoz/signoz:${VERSION:-v0.83.0}
    container_name: signoz
    command:
      - --config=/root/config/prometheus.yml
@@ -142,7 +142,7 @@ services:
      retries: 3
  otel-collector:
    !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.111.42}
+    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.111.41}
    container_name: signoz-otel-collector
    command:
      - --config=/etc/otel-collector-config.yaml
@@ -164,7 +164,7 @@ services:
        condition: service_healthy
  schema-migrator-sync:
    !!merge <<: *common
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.41}
    container_name: schema-migrator-sync
    command:
      - sync
@@ -176,7 +176,7 @@ services:
    restart: on-failure
  schema-migrator-async:
    !!merge <<: *db-depend
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.41}
    container_name: schema-migrator-async
    command:
      - async
--- a/docs/contributing/go/endpoint.md
+++ b/docs/contributing/go/endpoint.md
@@ -1,51 +0,0 @@
-# Endpoint
-
-This guide outlines the recommended approach for designing endpoints, with a focus on entity relationships, RESTful structure, and examples from the codebase.
-
-## How do we design an endpoint?
-
-### Understand the core entities and their relationships
-
-Start with understanding the core entities and their relationships. For example:
-
- **Organization**: an organization can have multiple users
-
-### Structure Endpoints RESTfully
-
-Endpoints should reflect the resource hierarchy and follow RESTful conventions. Use clear, **pluralized resource names** and versioning. For example:
-
- `POST /v1/organizations` — Create an organization
- `GET /v1/organizations/:id` — Get an organization by id
- `DELETE /v1/organizations/:id` — Delete an organization by id
- `PUT /v1/organizations/:id` — Update an organization by id
- `GET /v1/organizations/:id/users` — Get all users in an organization
- `GET /v1/organizations/me/users` — Get all users in my organization
-
-Think in terms of resource navigation in a file system. For example, to find your organization, you would navigate to the root of the file system and then to the `organizations` directory. To find a user in an organization, you would navigate to the `organizations` directory and then to the `id` directory.
-
-```bash
-v1/
-├── organizations/
-│   └── 123/
-│       └── users/
-```
-
-`me` endpoints are special. They are used to determine the actual id via some auth/external mechanism. For `me` endpoints, think of the `me` directory being symlinked to your organization directory. For example, if you are a part of the organization `123`, the `me` directory will be symlinked to `/v1/organizations/123`:
-
-```bash
-v1/
-├── organizations/
-│   └── me/ -> symlink to /v1/organizations/123
-│       └── users/
-│   └── 123/
-│       └── users/
-```
-
-> 💡 **Note**: There are various ways to structure endpoints. Some prefer to use singular resource names instead of `me`. Others prefer to use singular resource names for all endpoints. We have, however, chosen to standardize our endpoints in the manner described above.
-
-## What should I remember?
-
- Use clear, **plural resource names**
- Use `me` endpoints for determining the actual id via some auth mechanism
-
-> 💡 **Note**: When in doubt, diagram the relationships and walk through the user flows as if navigating a file system. This will help you design endpoints that are both logical and user-friendly.
--- a/docs/contributing/go/provider.md
+++ b/docs/contributing/go/provider.md
@@ -1,106 +0,0 @@
-# Provider
-
-SigNoz is built on the provider pattern, a design approach where code is organized into providers that handle specific application responsibilities. Providers act as adapter components that integrate with external services and deliver required functionality to the application.
-
-> 💡 **Note**: Coming from a DDD background? Providers are similar (not exactly the same) to adapter/infrastructure services.
-
-## How to create a new provider?
-
-To create a new provider, create a directory in the `pkg/` directory named after your provider. The provider package consists of four key components:
-
- **Interface** (`pkg/<name>/<name>.go`): Defines the provider's interface. Other packages should import this interface to use the provider.
- **Config** (`pkg/<name>/config.go`): Contains provider configuration, implementing the `factory.Config` interface from [factory/config.go](/pkg/factory/config.go).
- **Implementation** (`pkg/<name>/<implname><name>/provider.go`): Contains the provider implementation, including a `NewProvider` function that returns a `factory.Provider` interface from [factory/provider.go](/pkg/factory/provider.go).
- **Mock** (`pkg/<name>/<name>test.go`): Provides mocks for the provider, typically used by dependent packages for unit testing.
-
-For example, the [prometheus](/pkg/prometheus) provider delivers a prometheus engine to the application:
-
- `pkg/prometheus/prometheus.go` - Interface definition
- `pkg/prometheus/config.go` - Configuration
- `pkg/prometheus/clickhouseprometheus/provider.go` - Clickhouse-powered implementation
- `pkg/prometheus/prometheustest/provider.go` - Mock implementation
-
-## How to wire it up?
-
-The `pkg/signoz` package contains the inversion of control container responsible for wiring providers. It handles instantiation, configuration, and assembly of providers based on configuration metadata.
-
-> 💡 **Note**: Coming from a Java background? Providers are similar to Spring beans.
-
-Wiring up a provider involves three steps:
-
-1. Wiring up the configuration
-Add your config from `pkg/<name>/config.go` to the `pkg/signoz/config.Config` struct and in new factories:
-
-```go
-type Config struct {
-    ...
-	MyProvider myprovider.Config `mapstructure:"myprovider"`
-    ...
-}
-
-func NewConfig(ctx context.Context, resolverConfig config.ResolverConfig, ....) (Config, error) {
-    ...
-	configFactories := []factory.ConfigFactory{
-        myprovider.NewConfigFactory(),
-	}
-    ...
-}
-```
-
-2. Wiring up the provider
-Add available provider implementations in `pkg/signoz/provider.go`:
-
-```go
-func NewMyProviderFactories() factory.NamedMap[factory.ProviderFactory[myprovider.MyProvider, myprovider.Config]] {
-	return factory.MustNewNamedMap(
-        myproviderone.NewFactory(),
-        myprovidertwo.NewFactory(),
-	)
-}
-```
-
-3. Instantiate the provider by adding it to the `SigNoz` struct in `pkg/signoz/signoz.go`:
-
-```go
-type SigNoz struct {
-    ...
-    MyProvider myprovider.MyProvider
-    ...
-}
-
-func New(...) (*SigNoz, error) {
-    ...
-    myprovider, err := myproviderone.New(ctx, settings, config.MyProvider, "one/two")
-    if err != nil {
-        return nil, err
-    }
-    ...
-}
-```
-
-## How to use it?
-
-To use a provider, import its interface. For example, to use the prometheus provider, import `pkg/prometheus/prometheus.go`:
-
-```go
-import "github.com/SigNoz/signoz/pkg/prometheus/prometheus"
-
-func CreateSomething(ctx context.Context, prometheus prometheus.Prometheus) {
-    ...
-    prometheus.DoSomething()
-    ...
-}
-```
-
-## Why do we need this?
-
-Like any dependency injection framework, providers decouple the codebase from implementation details. This is especially valuable in SigNoz's large codebase, where we need to swap implementations without changing dependent code. The provider pattern offers several benefits apart from the obvious one of decoupling:
-
- Configuration is **defined with each provider and centralized in one place**, making it easier to understand and manage through various methods (environment variables, config files, etc.)
- Provider mocking is **straightforward for unit testing**, with a consistent pattern for locating mocks
- **Multiple implementations** of the same provider are **supported**, as demonstrated by our sqlstore provider
-
-## What should I remember?
-
- Use the provider pattern wherever applicable.
- Always create a provider **irrespective of the number of implementations**. This makes it easier to add new implementations in the future.
--- a/ee/http/middleware/pat.go
+++ b/ee/http/middleware/pat.go
@@ -0,0 +1,91 @@
+package middleware
+
+import (
+	"net/http"
+	"time"
+
+	eeTypes "github.com/SigNoz/signoz/ee/types"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"go.uber.org/zap"
+)
+
+type Pat struct {
+	store   sqlstore.SQLStore
+	uuid    *authtypes.UUID
+	headers []string
+}
+
+func NewPat(store sqlstore.SQLStore, headers []string) *Pat {
+	return &Pat{store: store, uuid: authtypes.NewUUID(), headers: headers}
+}
+
+func (p *Pat) Wrap(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var values []string
+		var patToken string
+		var pat eeTypes.StorablePersonalAccessToken
+
+		for _, header := range p.headers {
+			values = append(values, r.Header.Get(header))
+		}
+
+		ctx, err := p.uuid.ContextFromRequest(r.Context(), values...)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+		patToken, ok := authtypes.UUIDFromContext(ctx)
+		if !ok {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		err = p.store.BunDB().NewSelect().Model(&pat).Where("token = ?", patToken).Scan(r.Context())
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		if pat.ExpiresAt < time.Now().Unix() && pat.ExpiresAt != 0 {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		// get user from db
+		user := types.User{}
+		err = p.store.BunDB().NewSelect().Model(&user).Where("id = ?", pat.UserID).Scan(r.Context())
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		role, err := types.NewRole(user.Role)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		jwt := authtypes.Claims{
+			UserID: user.ID.String(),
+			Role:   role,
+			Email:  user.Email,
+			OrgID:  user.OrgID,
+		}
+
+		ctx = authtypes.NewContextWithClaims(ctx, jwt)
+
+		r = r.WithContext(ctx)
+
+		next.ServeHTTP(w, r)
+
+		pat.LastUsed = time.Now().Unix()
+		_, err = p.store.BunDB().NewUpdate().Model(&pat).Column("last_used").Where("token = ?", patToken).Where("revoked = false").Exec(r.Context())
+		if err != nil {
+			zap.L().Error("Failed to update PAT last used in db, err: %v", zap.Error(err))
+		}
+
+	})
+
+}
--- a/ee/licensing/config.go
+++ b/ee/licensing/config.go
@@ -1,26 +0,0 @@
-package licensing
-
-import (
-	"fmt"
-	"sync"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/licensing"
-)
-
-var (
-	config licensing.Config
-	once   sync.Once
-)
-
-// initializes the licensing configuration
-func Config(pollInterval time.Duration, failureThreshold int) licensing.Config {
-	once.Do(func() {
-		config = licensing.Config{PollInterval: pollInterval, FailureThreshold: failureThreshold}
-		if err := config.Validate(); err != nil {
-			panic(fmt.Errorf("invalid licensing config: %w", err))
-		}
-	})
-
-	return config
-}
--- a/ee/licensing/httplicensing/api.go
+++ b/ee/licensing/httplicensing/api.go
@@ -1,168 +0,0 @@
-package httplicensing
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type licensingAPI struct {
-	licensing licensing.Licensing
-}
-
-func NewLicensingAPI(licensing licensing.Licensing) licensing.API {
-	return &licensingAPI{licensing: licensing}
-}
-
-func (api *licensingAPI) Activate(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	req := new(licensetypes.PostableLicense)
-	err = json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	err = api.licensing.Activate(r.Context(), orgID, req.Key)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusAccepted, nil)
-}
-
-func (api *licensingAPI) GetActive(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	license, err := api.licensing.GetActive(r.Context(), orgID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	gettableLicense := licensetypes.NewGettableLicense(license.Data, license.Key)
-	render.Success(rw, http.StatusOK, gettableLicense)
-}
-
-func (api *licensingAPI) Refresh(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	err = api.licensing.Refresh(r.Context(), orgID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusNoContent, nil)
-}
-
-func (api *licensingAPI) Checkout(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	req := new(licensetypes.PostableSubscription)
-	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	gettableSubscription, err := api.licensing.Checkout(ctx, orgID, req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusCreated, gettableSubscription)
-}
-
-func (api *licensingAPI) Portal(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	req := new(licensetypes.PostableSubscription)
-	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	gettableSubscription, err := api.licensing.Portal(ctx, orgID, req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusCreated, gettableSubscription)
-}
--- a/ee/licensing/httplicensing/provider.go
+++ b/ee/licensing/httplicensing/provider.go
@@ -1,249 +0,0 @@
-package httplicensing
-
-import (
-	"context"
-	"encoding/json"
-	"time"
-
-	"github.com/SigNoz/signoz/ee/licensing/licensingstore/sqllicensingstore"
-	"github.com/SigNoz/signoz/pkg/analytics"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/analyticstypes"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/SigNoz/signoz/pkg/zeus"
-	"github.com/tidwall/gjson"
-)
-
-type provider struct {
-	store     licensetypes.Store
-	zeus      zeus.Zeus
-	config    licensing.Config
-	settings  factory.ScopedProviderSettings
-	orgGetter organization.Getter
-	analytics analytics.Analytics
-	stopChan  chan struct{}
-}
-
-func NewProviderFactory(store sqlstore.SQLStore, zeus zeus.Zeus, orgGetter organization.Getter, analytics analytics.Analytics) factory.ProviderFactory[licensing.Licensing, licensing.Config] {
-	return factory.NewProviderFactory(factory.MustNewName("http"), func(ctx context.Context, providerSettings factory.ProviderSettings, config licensing.Config) (licensing.Licensing, error) {
-		return New(ctx, providerSettings, config, store, zeus, orgGetter, analytics)
-	})
-}
-
-func New(ctx context.Context, ps factory.ProviderSettings, config licensing.Config, sqlstore sqlstore.SQLStore, zeus zeus.Zeus, orgGetter organization.Getter, analytics analytics.Analytics) (licensing.Licensing, error) {
-	settings := factory.NewScopedProviderSettings(ps, "github.com/SigNoz/signoz/ee/licensing/httplicensing")
-	licensestore := sqllicensingstore.New(sqlstore)
-	return &provider{
-		store:     licensestore,
-		zeus:      zeus,
-		config:    config,
-		settings:  settings,
-		orgGetter: orgGetter,
-		stopChan:  make(chan struct{}),
-		analytics: analytics,
-	}, nil
-}
-
-func (provider *provider) Start(ctx context.Context) error {
-	tick := time.NewTicker(provider.config.PollInterval)
-	defer tick.Stop()
-
-	err := provider.Validate(ctx)
-	if err != nil {
-		provider.settings.Logger().ErrorContext(ctx, "failed to validate license from upstream server", "error", err)
-	}
-
-	for {
-		select {
-		case <-provider.stopChan:
-			return nil
-		case <-tick.C:
-			err := provider.Validate(ctx)
-			if err != nil {
-				provider.settings.Logger().ErrorContext(ctx, "failed to validate license from upstream server", "error", err)
-			}
-		}
-	}
-}
-
-func (provider *provider) Stop(ctx context.Context) error {
-	provider.settings.Logger().DebugContext(ctx, "license validation stopped")
-	close(provider.stopChan)
-	return nil
-}
-
-func (provider *provider) Validate(ctx context.Context) error {
-	organizations, err := provider.orgGetter.ListByOwnedKeyRange(ctx)
-	if err != nil {
-		return err
-	}
-
-	for _, organization := range organizations {
-		err := provider.Refresh(ctx, organization.ID)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (provider *provider) Activate(ctx context.Context, organizationID valuer.UUID, key string) error {
-	data, err := provider.zeus.GetLicense(ctx, key)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "unable to fetch license data with upstream server")
-	}
-
-	license, err := licensetypes.NewLicense(data, organizationID)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to create license entity")
-	}
-
-	storableLicense := licensetypes.NewStorableLicenseFromLicense(license)
-	err = provider.store.Create(ctx, storableLicense)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (provider *provider) GetActive(ctx context.Context, organizationID valuer.UUID) (*licensetypes.License, error) {
-	storableLicenses, err := provider.store.GetAll(ctx, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	activeLicense, err := licensetypes.GetActiveLicenseFromStorableLicenses(storableLicenses, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	return activeLicense, nil
-}
-
-func (provider *provider) Refresh(ctx context.Context, organizationID valuer.UUID) error {
-	activeLicense, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		if errors.Ast(err, errors.TypeNotFound) {
-			return nil
-		}
-		provider.settings.Logger().ErrorContext(ctx, "license validation failed", "org_id", organizationID.StringValue())
-		return err
-	}
-
-	data, err := provider.zeus.GetLicense(ctx, activeLicense.Key)
-	if err != nil {
-		if time.Since(activeLicense.LastValidatedAt) > time.Duration(provider.config.FailureThreshold)*provider.config.PollInterval {
-			activeLicense.UpdateFeatures(licensetypes.BasicPlan)
-			updatedStorableLicense := licensetypes.NewStorableLicenseFromLicense(activeLicense)
-			err = provider.store.Update(ctx, organizationID, updatedStorableLicense)
-			if err != nil {
-				return err
-			}
-
-			return nil
-		}
-		return err
-	}
-
-	err = activeLicense.Update(data)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to create license entity from license data")
-	}
-
-	updatedStorableLicense := licensetypes.NewStorableLicenseFromLicense(activeLicense)
-	err = provider.store.Update(ctx, organizationID, updatedStorableLicense)
-	if err != nil {
-		return err
-	}
-
-	stats := licensetypes.NewStatsFromLicense(activeLicense)
-	provider.analytics.Send(ctx,
-		analyticstypes.Track{
-			UserId:     "stats_" + organizationID.String(),
-			Event:      "License Updated",
-			Properties: analyticstypes.NewPropertiesFromMap(stats),
-			Context: &analyticstypes.Context{
-				Extra: map[string]interface{}{
-					analyticstypes.KeyGroupID: organizationID.String(),
-				},
-			},
-		},
-		analyticstypes.Group{
-			UserId:  "stats_" + organizationID.String(),
-			GroupId: organizationID.String(),
-			Traits:  analyticstypes.NewTraitsFromMap(stats),
-		},
-	)
-
-	return nil
-}
-
-func (provider *provider) Checkout(ctx context.Context, organizationID valuer.UUID, postableSubscription *licensetypes.PostableSubscription) (*licensetypes.GettableSubscription, error) {
-	activeLicense, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	body, err := json.Marshal(postableSubscription)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to marshal checkout payload")
-	}
-
-	response, err := provider.zeus.GetCheckoutURL(ctx, activeLicense.Key, body)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to generate checkout session")
-	}
-
-	return &licensetypes.GettableSubscription{RedirectURL: gjson.GetBytes(response, "url").String()}, nil
-}
-
-func (provider *provider) Portal(ctx context.Context, organizationID valuer.UUID, postableSubscription *licensetypes.PostableSubscription) (*licensetypes.GettableSubscription, error) {
-	activeLicense, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	body, err := json.Marshal(postableSubscription)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to marshal portal payload")
-	}
-
-	response, err := provider.zeus.GetPortalURL(ctx, activeLicense.Key, body)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to generate portal session")
-	}
-
-	return &licensetypes.GettableSubscription{RedirectURL: gjson.GetBytes(response, "url").String()}, nil
-}
-
-func (provider *provider) GetFeatureFlags(ctx context.Context, organizationID valuer.UUID) ([]*licensetypes.Feature, error) {
-	license, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		if errors.Ast(err, errors.TypeNotFound) {
-			return licensetypes.BasicPlan, nil
-		}
-		return nil, err
-	}
-
-	return license.Features, nil
-}
-
-func (provider *provider) Collect(ctx context.Context, orgID valuer.UUID) (map[string]any, error) {
-	activeLicense, err := provider.GetActive(ctx, orgID)
-	if err != nil {
-		if errors.Ast(err, errors.TypeNotFound) {
-			return map[string]any{}, nil
-		}
-
-		return nil, err
-	}
-
-	return licensetypes.NewStatsFromLicense(activeLicense), nil
-}
--- a/ee/licensing/licensingstore/sqllicensingstore/store.go
+++ b/ee/licensing/licensingstore/sqllicensingstore/store.go
@@ -1,81 +0,0 @@
-package sqllicensingstore
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type store struct {
-	sqlstore sqlstore.SQLStore
-}
-
-func New(sqlstore sqlstore.SQLStore) licensetypes.Store {
-	return &store{sqlstore}
-}
-
-func (store *store) Create(ctx context.Context, storableLicense *licensetypes.StorableLicense) error {
-	_, err := store.
-		sqlstore.
-		BunDB().
-		NewInsert().
-		Model(storableLicense).
-		Exec(ctx)
-	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, errors.CodeAlreadyExists, "license with ID: %s already exists", storableLicense.ID)
-	}
-
-	return nil
-}
-
-func (store *store) Get(ctx context.Context, organizationID valuer.UUID, licenseID valuer.UUID) (*licensetypes.StorableLicense, error) {
-	storableLicense := new(licensetypes.StorableLicense)
-	err := store.
-		sqlstore.
-		BunDB().
-		NewSelect().
-		Model(storableLicense).
-		Where("org_id = ?", organizationID).
-		Where("id = ?", licenseID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, errors.CodeNotFound, "license with ID: %s does not exist", licenseID)
-	}
-
-	return storableLicense, nil
-}
-
-func (store *store) GetAll(ctx context.Context, organizationID valuer.UUID) ([]*licensetypes.StorableLicense, error) {
-	storableLicenses := make([]*licensetypes.StorableLicense, 0)
-	err := store.
-		sqlstore.
-		BunDB().
-		NewSelect().
-		Model(&storableLicenses).
-		Where("org_id = ?", organizationID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, errors.CodeNotFound, "licenses for organizationID: %s does not exists", organizationID)
-	}
-
-	return storableLicenses, nil
-}
-
-func (store *store) Update(ctx context.Context, organizationID valuer.UUID, storableLicense *licensetypes.StorableLicense) error {
-	_, err := store.
-		sqlstore.
-		BunDB().
-		NewUpdate().
-		Model(storableLicense).
-		WherePK().
-		Where("org_id = ?", organizationID).
-		Exec(ctx)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "unable to update license with ID: %s", storableLicense.ID)
-	}
-
-	return nil
-}
--- a/ee/modules/user/impluser/handler.go
+++ b/ee/modules/user/impluser/handler.go
@@ -0,0 +1,203 @@
+package impluser
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/gorilla/mux"
+)
+
+// EnterpriseHandler embeds the base handler implementation
+type Handler struct {
+	user.Handler // Embed the base handler interface
+	module       user.Module
+}
+
+func NewHandler(module user.Module) user.Handler {
+	baseHandler := impluser.NewHandler(module)
+	return &Handler{
+		Handler: baseHandler,
+		module:  module,
+	}
+}
+
+func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	var req types.PostableLoginRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if req.RefreshToken == "" {
+		// the EE handler wrapper passes the feature flag value in context
+		ssoAvailable, ok := ctx.Value(types.SSOAvailable).(bool)
+		if !ok {
+			render.Error(w, errors.New(errors.TypeInternal, errors.CodeInternal, "failed to retrieve SSO availability"))
+			return
+		}
+
+		if ssoAvailable {
+			_, err := h.module.CanUsePassword(ctx, req.Email)
+			if err != nil {
+				render.Error(w, err)
+				return
+			}
+		}
+	}
+
+	user, err := h.module.GetAuthenticatedUser(ctx, req.OrgID, req.Email, req.Password, req.RefreshToken)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	jwt, err := h.module.GetJWTForUser(ctx, user)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	gettableLoginResponse := &types.GettableLoginResponse{
+		GettableUserJwt: jwt,
+		UserID:          user.ID.String(),
+	}
+
+	render.Success(w, http.StatusOK, gettableLoginResponse)
+}
+
+// Override only the methods you need with enterprise-specific implementations
+func (h *Handler) LoginPrecheck(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	// assume user is valid unless proven otherwise and assign default values for rest of the fields
+
+	email := r.URL.Query().Get("email")
+	sourceUrl := r.URL.Query().Get("ref")
+	orgID := r.URL.Query().Get("orgID")
+
+	resp, err := h.module.LoginPrecheck(ctx, orgID, email, sourceUrl)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusOK, resp)
+
+}
+
+func (h *Handler) AcceptInvite(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	req := new(types.PostableAcceptInvite)
+	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
+		render.Error(w, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to decode user"))
+		return
+	}
+
+	// get invite object
+	invite, err := h.module.GetInviteByToken(ctx, req.InviteToken)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	orgDomain, err := h.module.GetAuthDomainByEmail(ctx, invite.Email)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		render.Error(w, err)
+		return
+	}
+
+	precheckResp := &types.GettableLoginPrecheck{
+		SSO:    false,
+		IsUser: false,
+	}
+
+	if invite.Name == "" && req.DisplayName != "" {
+		invite.Name = req.DisplayName
+	}
+
+	user, err := types.NewUser(invite.Name, invite.Email, invite.Role, invite.OrgID)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if orgDomain != nil && orgDomain.SsoEnabled {
+		// sso is enabled, create user and respond precheck data
+		err = h.module.CreateUser(ctx, user)
+		if err != nil {
+			render.Error(w, err)
+			return
+		}
+
+		// check if sso is enforced for the org
+		precheckResp, err = h.module.LoginPrecheck(ctx, invite.OrgID, user.Email, req.SourceURL)
+		if err != nil {
+			render.Error(w, err)
+			return
+		}
+
+	} else {
+		password, err := types.NewFactorPassword(req.Password)
+		if err != nil {
+			render.Error(w, err)
+			return
+		}
+
+		user, err = h.module.CreateUserWithPassword(ctx, user, password)
+		if err != nil {
+			render.Error(w, err)
+			return
+		}
+
+		precheckResp.IsUser = true
+	}
+
+	// delete the invite
+	if err := h.module.DeleteInvite(ctx, invite.OrgID, invite.ID); err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusOK, precheckResp)
+}
+
+func (h *Handler) GetInvite(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	token := mux.Vars(r)["token"]
+	sourceUrl := r.URL.Query().Get("ref")
+	invite, err := h.module.GetInviteByToken(ctx, token)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	// precheck the user
+	precheckResp, err := h.module.LoginPrecheck(ctx, invite.OrgID, invite.Email, sourceUrl)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	gettableInvite := &types.GettableEEInvite{
+		GettableInvite: *invite,
+		PreCheck:       precheckResp,
+	}
+
+	render.Success(w, http.StatusOK, gettableInvite)
+	return
+}
--- a/ee/modules/user/impluser/module.go
+++ b/ee/modules/user/impluser/module.go
@@ -0,0 +1,229 @@
+package impluser
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/modules/user"
+	baseimpl "github.com/SigNoz/signoz/pkg/modules/user/impluser"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"go.uber.org/zap"
+)
+
+// EnterpriseModule embeds the base module implementation
+type Module struct {
+	*baseimpl.Module // Embed the base module implementation
+	store            types.UserStore
+}
+
+func NewModule(store types.UserStore) user.Module {
+	baseModule := baseimpl.NewModule(store).(*baseimpl.Module)
+	return &Module{
+		Module: baseModule,
+		store:  store,
+	}
+}
+
+func (m *Module) createUserForSAMLRequest(ctx context.Context, email string) (*types.User, error) {
+	// get auth domain from email domain
+	_, err := m.GetAuthDomainByEmail(ctx, email)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		return nil, err
+	}
+
+	// get name from email
+	parts := strings.Split(email, "@")
+	if len(parts) < 2 {
+		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid email format")
+	}
+	name := parts[0]
+
+	defaultOrgID, err := m.store.GetDefaultOrgID(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	user, err := types.NewUser(name, email, types.RoleViewer.String(), defaultOrgID)
+	if err != nil {
+		return nil, err
+	}
+
+	err = m.CreateUser(ctx, user)
+	if err != nil {
+		return nil, err
+	}
+
+	return user, nil
+}
+
+func (m *Module) PrepareSsoRedirect(ctx context.Context, redirectUri, email string, jwt *authtypes.JWT) (string, error) {
+	users, err := m.GetUsersByEmail(ctx, email)
+	if err != nil {
+		zap.L().Error("failed to get user with email received from auth provider", zap.String("error", err.Error()))
+		return "", err
+	}
+	user := &types.User{}
+
+	if len(users) == 0 {
+		newUser, err := m.createUserForSAMLRequest(ctx, email)
+		user = newUser
+		if err != nil {
+			zap.L().Error("failed to create user with email received from auth provider", zap.Error(err))
+			return "", err
+		}
+	} else {
+		user = &users[0].User
+	}
+
+	tokenStore, err := m.GetJWTForUser(ctx, user)
+	if err != nil {
+		zap.L().Error("failed to generate token for SSO login user", zap.Error(err))
+		return "", err
+	}
+
+	return fmt.Sprintf("%s?jwt=%s&usr=%s&refreshjwt=%s",
+		redirectUri,
+		tokenStore.AccessJwt,
+		user.ID,
+		tokenStore.RefreshJwt), nil
+}
+
+func (m *Module) CanUsePassword(ctx context.Context, email string) (bool, error) {
+	domain, err := m.GetAuthDomainByEmail(ctx, email)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		return false, err
+	}
+
+	if domain != nil && domain.SsoEnabled {
+		// sso is enabled, check if the user has admin role
+		users, err := m.GetUsersByEmail(ctx, email)
+		if err != nil {
+			return false, err
+		}
+
+		if len(users) == 0 {
+			return false, errors.New(errors.TypeNotFound, errors.CodeNotFound, "user not found")
+		}
+
+		if users[0].Role != types.RoleAdmin.String() {
+			return false, errors.New(errors.TypeForbidden, errors.CodeForbidden, "auth method not supported")
+		}
+
+	}
+
+	return true, nil
+}
+
+func (m *Module) LoginPrecheck(ctx context.Context, orgID, email, sourceUrl string) (*types.GettableLoginPrecheck, error) {
+	resp := &types.GettableLoginPrecheck{IsUser: true, CanSelfRegister: false}
+
+	// check if email is a valid user
+	users, err := m.GetUsersByEmail(ctx, email)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(users) == 0 {
+		resp.IsUser = false
+	}
+
+	// give them an option to select an org
+	if orgID == "" && len(users) > 1 {
+		resp.SelectOrg = true
+		resp.Orgs = make([]string, len(users))
+		for i, user := range users {
+			resp.Orgs[i] = user.OrgID
+		}
+		return resp, nil
+	}
+
+	// select the user with the corresponding orgID
+	if len(users) > 1 {
+		found := false
+		for _, tuser := range users {
+			if tuser.OrgID == orgID {
+				// user = tuser
+				found = true
+				break
+			}
+		}
+		if !found {
+			resp.IsUser = false
+			return resp, nil
+		}
+	}
+
+	// the EE handler wrapper passes the feature flag value in context
+	ssoAvailable, ok := ctx.Value(types.SSOAvailable).(bool)
+	if !ok {
+		zap.L().Error("failed to retrieve ssoAvailable from context")
+		return nil, errors.New(errors.TypeInternal, errors.CodeInternal, "failed to retrieve SSO availability")
+	}
+
+	if ssoAvailable {
+
+		// TODO(Nitya): in multitenancy this should use orgId as well.
+		orgDomain, err := m.GetAuthDomainByEmail(ctx, email)
+		if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+			return nil, err
+		}
+
+		if orgDomain != nil && orgDomain.SsoEnabled {
+			// this is to allow self registration
+			resp.IsUser = true
+
+			// saml is enabled for this domain, lets prepare sso url
+			if sourceUrl == "" {
+				sourceUrl = constants.GetDefaultSiteURL()
+			}
+
+			// parse source url that generated the login request
+			var err error
+			escapedUrl, _ := url.QueryUnescape(sourceUrl)
+			siteUrl, err := url.Parse(escapedUrl)
+			if err != nil {
+				return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to parse referer")
+			}
+
+			// build Idp URL that will authenticat the user
+			// the front-end will redirect user to this url
+			resp.SSOUrl, err = orgDomain.BuildSsoUrl(siteUrl)
+			if err != nil {
+				zap.L().Error("failed to prepare saml request for domain", zap.String("domain", orgDomain.Name), zap.Error(err))
+				return nil, errors.New(errors.TypeInternal, errors.CodeInternal, "failed to prepare saml request for domain")
+			}
+
+			// set SSO to true, as the url is generated correctly
+			resp.SSO = true
+		}
+	}
+	return resp, nil
+}
+
+func (m *Module) GetAuthDomainByEmail(ctx context.Context, email string) (*types.GettableOrgDomain, error) {
+
+	if email == "" {
+		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "email is required")
+	}
+
+	components := strings.Split(email, "@")
+	if len(components) < 2 {
+		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid email format")
+	}
+
+	domain, err := m.store.GetDomainByName(ctx, components[1])
+	if err != nil {
+		return nil, err
+	}
+
+	gettableDomain := &types.GettableOrgDomain{StorableOrgDomain: *domain}
+	if err := gettableDomain.LoadConfig(domain.Data); err != nil {
+		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to load domain config")
+	}
+	return gettableDomain, nil
+}
--- a/ee/modules/user/impluser/store.go
+++ b/ee/modules/user/impluser/store.go
@@ -0,0 +1,37 @@
+package impluser
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	baseimpl "github.com/SigNoz/signoz/pkg/modules/user/impluser"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+)
+
+type store struct {
+	*baseimpl.Store
+	sqlstore sqlstore.SQLStore
+}
+
+func NewStore(sqlstore sqlstore.SQLStore) types.UserStore {
+	baseStore := baseimpl.NewStore(sqlstore).(*baseimpl.Store)
+	return &store{
+		Store:    baseStore,
+		sqlstore: sqlstore,
+	}
+}
+
+func (s *store) GetDomainByName(ctx context.Context, name string) (*types.StorableOrgDomain, error) {
+	domain := new(types.StorableOrgDomain)
+	err := s.sqlstore.BunDB().NewSelect().
+		Model(domain).
+		Where("name = ?", name).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		return nil, errors.Wrapf(err, errors.TypeNotFound, errors.CodeNotFound, "failed to get domain from name")
+	}
+	return domain, nil
+}
--- a/ee/query-service/.goreleaser.yaml
+++ b/ee/query-service/.goreleaser.yaml
@@ -39,7 +39,6 @@ builds:
      - -X github.com/SigNoz/signoz/ee/zeus.deprecatedURL=https://license.signoz.io
      - -X github.com/SigNoz/signoz/ee/query-service/constants.ZeusURL=https://api.signoz.cloud
      - -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.signoz.io/api/v1
-      - -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr
      - >-
        {{- if eq .Os "linux" }}-linkmode external -extldflags '-static'{{- end }}
    mod_timestamp: "{{ .CommitTimestamp }}"
--- a/ee/query-service/app/api/api.go
+++ b/ee/query-service/app/api/api.go
@@ -1,35 +1,47 @@
 package api

 import (
+	"context"
 	"net/http"
 	"net/http/httputil"
 	"time"

-	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
+	"github.com/SigNoz/signoz/ee/query-service/dao"
 	"github.com/SigNoz/signoz/ee/query-service/integrations/gateway"
 	"github.com/SigNoz/signoz/ee/query-service/interfaces"
+	"github.com/SigNoz/signoz/ee/query-service/license"
+	"github.com/SigNoz/signoz/ee/query-service/model"
 	"github.com/SigNoz/signoz/ee/query-service/usage"
 	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/apis/fields"
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
-	querierAPI "github.com/SigNoz/signoz/pkg/querier"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/modules/quickfilter"
+	quickfilterscore "github.com/SigNoz/signoz/pkg/modules/quickfilter/core"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/integrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/logparsingpipeline"
+	baseint "github.com/SigNoz/signoz/pkg/query-service/interfaces"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	rules "github.com/SigNoz/signoz/pkg/query-service/rules"
 	"github.com/SigNoz/signoz/pkg/signoz"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/gorilla/mux"
+	"go.uber.org/zap"
 )

 type APIHandlerOptions struct {
 	DataConnector                 interfaces.DataConnector
 	PreferSpanMetrics             bool
+	AppDao                        dao.ModelDao
 	RulesManager                  *rules.Manager
 	UsageManager                  *usage.Manager
+	FeatureFlags                  baseint.FeatureLookup
+	LicenseManager                *license.Manager
 	IntegrationsController        *integrations.Controller
 	CloudIntegrationsController   *cloudintegrations.Controller
 	LogsParsingPipelineController *logparsingpipeline.LogParsingPipelineController
@@ -49,19 +61,22 @@ type APIHandler struct {

 // NewAPIHandler returns an APIHandler
 func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz) (*APIHandler, error) {
+	quickfiltermodule := quickfilterscore.NewQuickFilters(quickfilterscore.NewStore(signoz.SQLStore))
+	quickFilter := quickfilter.NewAPI(quickfiltermodule)
 	baseHandler, err := baseapp.NewAPIHandler(baseapp.APIHandlerOpts{
 		Reader:                        opts.DataConnector,
 		PreferSpanMetrics:             opts.PreferSpanMetrics,
 		RuleManager:                   opts.RulesManager,
+		FeatureFlags:                  opts.FeatureFlags,
 		IntegrationsController:        opts.IntegrationsController,
 		CloudIntegrationsController:   opts.CloudIntegrationsController,
 		LogsParsingPipelineController: opts.LogsParsingPipelineController,
 		FluxInterval:                  opts.FluxInterval,
 		AlertmanagerAPI:               alertmanager.NewAPI(signoz.Alertmanager),
-		LicensingAPI:                  httplicensing.NewLicensingAPI(signoz.Licensing),
-		FieldsAPI:                     fields.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.TelemetryStore),
+		FieldsAPI:                     fields.NewAPI(signoz.TelemetryStore),
 		Signoz:                        signoz,
-		QuerierAPI:                    querierAPI.NewAPI(signoz.Querier),
+		QuickFilters:                  quickFilter,
+		QuickFilterModule:             quickfiltermodule,
 	})

 	if err != nil {
@@ -75,39 +90,79 @@ func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz) (*APIHandler,
 	return ah, nil
 }

+func (ah *APIHandler) FF() baseint.FeatureLookup {
+	return ah.opts.FeatureFlags
+}
+
 func (ah *APIHandler) RM() *rules.Manager {
 	return ah.opts.RulesManager
 }

+func (ah *APIHandler) LM() *license.Manager {
+	return ah.opts.LicenseManager
+}
+
 func (ah *APIHandler) UM() *usage.Manager {
 	return ah.opts.UsageManager
 }

+func (ah *APIHandler) AppDao() dao.ModelDao {
+	return ah.opts.AppDao
+}
+
 func (ah *APIHandler) Gateway() *httputil.ReverseProxy {
 	return ah.opts.Gateway
 }

+func (ah *APIHandler) CheckFeature(f string) bool {
+	err := ah.FF().CheckFeature(f)
+	return err == nil
+}
+
 // RegisterRoutes registers routes for this handler on the given router
 func (ah *APIHandler) RegisterRoutes(router *mux.Router, am *middleware.AuthZ) {
 	// note: add ee override methods first

 	// routes available only in ee version
-	router.HandleFunc("/api/v1/features", am.ViewAccess(ah.getFeatureFlags)).Methods(http.MethodGet)
+
+	router.HandleFunc("/api/v1/featureFlags", am.OpenAccess(ah.getFeatureFlags)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/loginPrecheck", am.OpenAccess(ah.loginPrecheck)).Methods(http.MethodGet)
+
+	// invite
+	router.HandleFunc("/api/v1/invite/{token}", am.OpenAccess(ah.getInvite)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/invite/accept", am.OpenAccess(ah.acceptInvite)).Methods(http.MethodPost)

 	// paid plans specific routes
 	router.HandleFunc("/api/v1/complete/saml", am.OpenAccess(ah.receiveSAML)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/complete/google", am.OpenAccess(ah.receiveGoogleAuth)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/orgs/{orgId}/domains", am.AdminAccess(ah.listDomainsByOrg)).Methods(http.MethodGet)
+
+	router.HandleFunc("/api/v1/domains", am.AdminAccess(ah.postDomain)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/domains/{id}", am.AdminAccess(ah.putDomain)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v1/domains/{id}", am.AdminAccess(ah.deleteDomain)).Methods(http.MethodDelete)

 	// base overrides
 	router.HandleFunc("/api/v1/version", am.OpenAccess(ah.getVersion)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/login", am.OpenAccess(ah.loginUser)).Methods(http.MethodPost)

-	router.HandleFunc("/api/v1/checkout", am.AdminAccess(ah.LicensingAPI.Checkout)).Methods(http.MethodPost)
+	// PAT APIs
+	router.HandleFunc("/api/v1/pats", am.AdminAccess(ah.createPAT)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/pats", am.AdminAccess(ah.getPATs)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/pats/{id}", am.AdminAccess(ah.updatePAT)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v1/pats/{id}", am.AdminAccess(ah.revokePAT)).Methods(http.MethodDelete)
+
+	router.HandleFunc("/api/v1/checkout", am.AdminAccess(ah.checkout)).Methods(http.MethodPost)
 	router.HandleFunc("/api/v1/billing", am.AdminAccess(ah.getBilling)).Methods(http.MethodGet)
-	router.HandleFunc("/api/v1/portal", am.AdminAccess(ah.LicensingAPI.Portal)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/portal", am.AdminAccess(ah.portalSession)).Methods(http.MethodPost)
+
+	router.HandleFunc("/api/v1/dashboards/{uuid}/lock", am.EditAccess(ah.lockDashboard)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v1/dashboards/{uuid}/unlock", am.EditAccess(ah.unlockDashboard)).Methods(http.MethodPut)

 	// v3
-	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.LicensingAPI.Activate)).Methods(http.MethodPost)
-	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.LicensingAPI.Refresh)).Methods(http.MethodPut)
-	router.HandleFunc("/api/v3/licenses/active", am.ViewAccess(ah.LicensingAPI.GetActive)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v3/licenses", am.ViewAccess(ah.listLicensesV3)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.applyLicenseV3)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.refreshLicensesV3)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v3/licenses/active", am.ViewAccess(ah.getActiveLicenseV3)).Methods(http.MethodGet)

 	// v4
 	router.HandleFunc("/api/v4/query_range", am.ViewAccess(ah.queryRangeV4)).Methods(http.MethodPost)
@@ -119,6 +174,54 @@ func (ah *APIHandler) RegisterRoutes(router *mux.Router, am *middleware.AuthZ) {

 }

+// TODO(nitya): remove this once we know how to get the FF's
+func (ah *APIHandler) updateRequestContext(w http.ResponseWriter, r *http.Request) (*http.Request, error) {
+	ssoAvailable := true
+	err := ah.FF().CheckFeature(model.SSO)
+	if err != nil {
+		switch err.(type) {
+		case basemodel.ErrFeatureUnavailable:
+			// do nothing, just skip sso
+			ssoAvailable = false
+		default:
+			zap.L().Error("feature check failed", zap.String("featureKey", model.SSO), zap.Error(err))
+			return r, errors.New(errors.TypeInternal, errors.CodeInternal, "error checking SSO feature")
+		}
+	}
+	ctx := context.WithValue(r.Context(), types.SSOAvailable, ssoAvailable)
+	return r.WithContext(ctx), nil
+}
+
+func (ah *APIHandler) loginPrecheck(w http.ResponseWriter, r *http.Request) {
+	r, err := ah.updateRequestContext(w, r)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+	ah.Signoz.Handlers.User.LoginPrecheck(w, r)
+	return
+}
+
+func (ah *APIHandler) acceptInvite(w http.ResponseWriter, r *http.Request) {
+	r, err := ah.updateRequestContext(w, r)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+	ah.Signoz.Handlers.User.AcceptInvite(w, r)
+	return
+}
+
+func (ah *APIHandler) getInvite(w http.ResponseWriter, r *http.Request) {
+	r, err := ah.updateRequestContext(w, r)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+	ah.Signoz.Handlers.User.GetInvite(w, r)
+	return
+}
+
 func (ah *APIHandler) RegisterCloudIntegrationsRoutes(router *mux.Router, am *middleware.AuthZ) {

 	ah.APIHandler.RegisterCloudIntegrationsRoutes(router, am)
--- a/ee/query-service/app/api/auth.go
+++ b/ee/query-service/app/api/auth.go
@@ -3,16 +3,41 @@ package api
 import (
 	"context"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"

 	"go.uber.org/zap"

-	"github.com/SigNoz/signoz/pkg/query-service/constants"
-	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/http/render"
 )

+func parseRequest(r *http.Request, req interface{}) error {
+	defer r.Body.Close()
+	requestBody, err := io.ReadAll(r.Body)
+	if err != nil {
+		return err
+	}
+
+	err = json.Unmarshal(requestBody, &req)
+	return err
+}
+
+// loginUser overrides base handler and considers SSO case.
+func (ah *APIHandler) loginUser(w http.ResponseWriter, r *http.Request) {
+	r, err := ah.updateRequestContext(w, r)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+	ah.Signoz.Handlers.User.Login(w, r)
+	return
+}
+
 func handleSsoError(w http.ResponseWriter, r *http.Request, redirectURL string) {
 	ssoError := []byte("Login failed. Please contact your system administrator")
 	dst := make([]byte, base64.StdEncoding.EncodedLen(len(ssoError)))
@@ -21,12 +46,84 @@ func handleSsoError(w http.ResponseWriter, r *http.Request, redirectURL string)
 	http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectURL, string(dst)), http.StatusSeeOther)
 }

+// receiveGoogleAuth completes google OAuth response and forwards a request
+// to front-end to sign user in
+func (ah *APIHandler) receiveGoogleAuth(w http.ResponseWriter, r *http.Request) {
+	redirectUri := constants.GetDefaultSiteURL()
+	ctx := context.Background()
+
+	if !ah.CheckFeature(model.SSO) {
+		zap.L().Error("[receiveGoogleAuth] sso requested but feature unavailable in org domain")
+		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "feature unavailable, please upgrade your billing plan to access this feature"), http.StatusMovedPermanently)
+		return
+	}
+
+	q := r.URL.Query()
+	if errType := q.Get("error"); errType != "" {
+		zap.L().Error("[receiveGoogleAuth] failed to login with google auth", zap.String("error", errType), zap.String("error_description", q.Get("error_description")))
+		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "failed to login through SSO "), http.StatusMovedPermanently)
+		return
+	}
+
+	relayState := q.Get("state")
+	zap.L().Debug("[receiveGoogleAuth] relay state received", zap.String("state", relayState))
+
+	parsedState, err := url.Parse(relayState)
+	if err != nil || relayState == "" {
+		zap.L().Error("[receiveGoogleAuth] failed to process response - invalid response from IDP", zap.Error(err), zap.Any("request", r))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	// upgrade redirect url from the relay state for better accuracy
+	redirectUri = fmt.Sprintf("%s://%s%s", parsedState.Scheme, parsedState.Host, "/login")
+
+	// fetch domain by parsing relay state.
+	domain, err := ah.AppDao().GetDomainFromSsoResponse(ctx, parsedState)
+	if err != nil {
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	// now that we have domain, use domain to fetch sso settings.
+	// prepare google callback handler using parsedState -
+	// which contains redirect URL (front-end endpoint)
+	callbackHandler, err := domain.PrepareGoogleOAuthProvider(parsedState)
+	if err != nil {
+		zap.L().Error("[receiveGoogleAuth] failed to prepare google oauth provider", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	identity, err := callbackHandler.HandleCallback(r)
+	if err != nil {
+		zap.L().Error("[receiveGoogleAuth] failed to process HandleCallback ", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	nextPage, err := ah.Signoz.Modules.User.PrepareSsoRedirect(ctx, redirectUri, identity.Email, ah.opts.JWT)
+	if err != nil {
+		zap.L().Error("[receiveGoogleAuth] failed to generate redirect URI after successful login ", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	http.Redirect(w, r, nextPage, http.StatusSeeOther)
+}
+
 // receiveSAML completes a SAML request and gets user logged in
 func (ah *APIHandler) receiveSAML(w http.ResponseWriter, r *http.Request) {
 	// this is the source url that initiated the login request
 	redirectUri := constants.GetDefaultSiteURL()
 	ctx := context.Background()

+	if !ah.CheckFeature(model.SSO) {
+		zap.L().Error("[receiveSAML] sso requested but feature unavailable in org domain")
+		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "feature unavailable, please upgrade your billing plan to access this feature"), http.StatusMovedPermanently)
+		return
+	}
+
 	err := r.ParseForm()
 	if err != nil {
 		zap.L().Error("[receiveSAML] failed to process response - invalid response from IDP", zap.Error(err), zap.Any("request", r))
@@ -50,25 +147,12 @@ func (ah *APIHandler) receiveSAML(w http.ResponseWriter, r *http.Request) {
 	redirectUri = fmt.Sprintf("%s://%s%s", parsedState.Scheme, parsedState.Host, "/login")

 	// fetch domain by parsing relay state.
-	domain, err := ah.Signoz.Modules.User.GetDomainFromSsoResponse(ctx, parsedState)
+	domain, err := ah.AppDao().GetDomainFromSsoResponse(ctx, parsedState)
 	if err != nil {
 		handleSsoError(w, r, redirectUri)
 		return
 	}

-	orgID, err := valuer.NewUUID(domain.OrgID)
-	if err != nil {
-		handleSsoError(w, r, redirectUri)
-		return
-	}
-
-	_, err = ah.Signoz.Licensing.GetActive(ctx, orgID)
-	if err != nil {
-		zap.L().Error("[receiveSAML] sso requested but feature unavailable in org domain")
-		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "feature unavailable, please upgrade your billing plan to access this feature"), http.StatusMovedPermanently)
-		return
-	}
-
 	sp, err := domain.PrepareSamlRequest(parsedState)
 	if err != nil {
 		zap.L().Error("[receiveSAML] failed to prepare saml request for domain", zap.String("domain", domain.String()), zap.Error(err))
--- a/ee/query-service/app/api/cloudIntegrations.go
+++ b/ee/query-service/app/api/cloudIntegrations.go
@@ -11,12 +11,12 @@ import (
 	"time"

 	"github.com/SigNoz/signoz/ee/query-service/constants"
+	eeTypes "github.com/SigNoz/signoz/ee/types"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/http/render"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/google/uuid"
 	"github.com/gorilla/mux"
 	"go.uber.org/zap"
@@ -36,12 +36,6 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		return
 	}

-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
 	cloudProvider := mux.Vars(r)["cloudProvider"]
 	if cloudProvider != "aws" {
 		RespondError(w, basemodel.BadRequest(fmt.Errorf(
@@ -62,9 +56,11 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		SigNozAPIKey: apiKey,
 	}

-	license, err := ah.Signoz.Licensing.GetActive(r.Context(), orgID)
-	if err != nil {
-		render.Error(w, err)
+	license, apiErr := ah.LM().GetRepo().GetActiveLicense(r.Context())
+	if apiErr != nil {
+		RespondError(w, basemodel.WrapApiError(
+			apiErr, "couldn't look for active license",
+		), nil)
 		return
 	}

@@ -120,21 +116,14 @@ func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId
 		return "", apiErr
 	}

-	orgIdUUID, err := valuer.NewUUID(orgId)
-	if err != nil {
-		return "", basemodel.InternalError(fmt.Errorf(
-			"couldn't parse orgId: %w", err,
-		))
-	}
-
-	allPats, err := ah.Signoz.Modules.User.ListAPIKeys(ctx, orgIdUUID)
+	allPats, err := ah.AppDao().ListPATs(ctx, orgId)
 	if err != nil {
 		return "", basemodel.InternalError(fmt.Errorf(
 			"couldn't list PATs: %w", err,
 		))
 	}
 	for _, p := range allPats {
-		if p.UserID == integrationUser.ID && p.Name == integrationPATName {
+		if p.UserID == integrationUser.ID.String() && p.Name == integrationPATName {
 			return p.Token, nil
 		}
 	}
@@ -144,25 +133,19 @@ func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId
 		zap.String("cloudProvider", cloudProvider),
 	)

-	newPAT, err := types.NewStorableAPIKey(
+	newPAT := eeTypes.NewGettablePAT(
 		integrationPATName,
-		integrationUser.ID,
-		types.RoleViewer,
+		types.RoleViewer.String(),
+		integrationUser.ID.String(),
 		0,
 	)
+	integrationPAT, err := ah.AppDao().CreatePAT(ctx, orgId, newPAT)
 	if err != nil {
 		return "", basemodel.InternalError(fmt.Errorf(
 			"couldn't create cloud integration PAT: %w", err,
 		))
 	}
-
-	err = ah.Signoz.Modules.User.CreateAPIKey(ctx, newPAT)
-	if err != nil {
-		return "", basemodel.InternalError(fmt.Errorf(
-			"couldn't create cloud integration PAT: %w", err,
-		))
-	}
-	return newPAT.Token, nil
+	return integrationPAT.Token, nil
 }

 func (ah *APIHandler) getOrCreateCloudIntegrationUser(
--- a/ee/query-service/app/api/dashboard.go
+++ b/ee/query-service/app/api/dashboard.go
@@ -0,0 +1,62 @@
+package api
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/gorilla/mux"
+)
+
+func (ah *APIHandler) lockDashboard(w http.ResponseWriter, r *http.Request) {
+	ah.lockUnlockDashboard(w, r, true)
+}
+
+func (ah *APIHandler) unlockDashboard(w http.ResponseWriter, r *http.Request) {
+	ah.lockUnlockDashboard(w, r, false)
+}
+
+func (ah *APIHandler) lockUnlockDashboard(w http.ResponseWriter, r *http.Request, lock bool) {
+	// Locking can only be done by the owner of the dashboard
+	// or an admin
+
+	// - Fetch the dashboard
+	// - Check if the user is the owner or an admin
+	// - If yes, lock/unlock the dashboard
+	// - If no, return 403
+
+	// Get the dashboard UUID from the request
+	uuid := mux.Vars(r)["uuid"]
+	if strings.HasPrefix(uuid, "integration") {
+		render.Error(w, errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "dashboards created by integrations cannot be modified"))
+		return
+	}
+
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, errors.Newf(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "unauthenticated"))
+		return
+	}
+
+	dashboard, err := ah.Signoz.Modules.Dashboard.Get(r.Context(), claims.OrgID, uuid)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if err := claims.IsAdmin(); err != nil && (dashboard.CreatedBy != claims.Email) {
+		render.Error(w, errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "You are not authorized to lock/unlock this dashboard"))
+		return
+	}
+
+	// Lock/Unlock the dashboard
+	err = ah.Signoz.Modules.Dashboard.LockUnlock(r.Context(), claims.OrgID, uuid, lock)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	ah.Respond(w, "Dashboard updated successfully")
+}
--- a/ee/query-service/app/api/domains.go
+++ b/ee/query-service/app/api/domains.go
@@ -0,0 +1,91 @@
+package api
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/google/uuid"
+	"github.com/gorilla/mux"
+)
+
+func (ah *APIHandler) listDomainsByOrg(w http.ResponseWriter, r *http.Request) {
+	orgId := mux.Vars(r)["orgId"]
+	domains, apierr := ah.AppDao().ListDomains(context.Background(), orgId)
+	if apierr != nil {
+		RespondError(w, apierr, domains)
+		return
+	}
+	ah.Respond(w, domains)
+}
+
+func (ah *APIHandler) postDomain(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
+
+	req := types.GettableOrgDomain{}
+
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	if err := req.ValidNew(); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	if apierr := ah.AppDao().CreateDomain(ctx, &req); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, &req)
+}
+
+func (ah *APIHandler) putDomain(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
+
+	domainIdStr := mux.Vars(r)["id"]
+	domainId, err := uuid.Parse(domainIdStr)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	req := types.GettableOrgDomain{StorableOrgDomain: types.StorableOrgDomain{ID: domainId}}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+	req.ID = domainId
+	if err := req.Valid(nil); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+	}
+
+	if apierr := ah.AppDao().UpdateDomain(ctx, &req); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, &req)
+}
+
+func (ah *APIHandler) deleteDomain(w http.ResponseWriter, r *http.Request) {
+	domainIdStr := mux.Vars(r)["id"]
+
+	domainId, err := uuid.Parse(domainIdStr)
+	if err != nil {
+		RespondError(w, model.BadRequest(fmt.Errorf("invalid domain id")), nil)
+		return
+	}
+
+	apierr := ah.AppDao().DeleteDomain(context.Background(), domainId)
+	if apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+	ah.Respond(w, nil)
+}
--- a/ee/query-service/app/api/featureFlags.go
+++ b/ee/query-service/app/api/featureFlags.go
@@ -9,29 +9,13 @@ import (
 	"time"

 	"github.com/SigNoz/signoz/ee/query-service/constants"
-	pkgError "github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"go.uber.org/zap"
 )

 func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(w, pkgError.Newf(pkgError.TypeInvalidInput, pkgError.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	featureSet, err := ah.Signoz.Licensing.GetFeatureFlags(r.Context(), orgID)
+	featureSet, err := ah.FF().GetFeatureFlags()
 	if err != nil {
 		ah.HandleError(w, err, http.StatusInternalServerError)
 		return
@@ -39,7 +23,7 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {

 	if constants.FetchFeatures == "true" {
 		zap.L().Debug("fetching license")
-		license, err := ah.Signoz.Licensing.GetActive(ctx, orgID)
+		license, err := ah.LM().GetRepo().GetActiveLicense(ctx)
 		if err != nil {
 			zap.L().Error("failed to fetch license", zap.Error(err))
 		} else if license == nil {
@@ -60,16 +44,9 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 	}

 	if ah.opts.PreferSpanMetrics {
-		for idx, feature := range featureSet {
-			if feature.Name == licensetypes.UseSpanMetrics {
-				featureSet[idx].Active = true
-			}
-		}
-	}
-
-	if constants.IsDotMetricsEnabled {
-		for idx, feature := range featureSet {
-			if feature.Name == licensetypes.DotMetricsEnabled {
+		for idx := range featureSet {
+			feature := &featureSet[idx]
+			if feature.Name == basemodel.UseSpanMetrics {
 				featureSet[idx].Active = true
 			}
 		}
@@ -80,7 +57,7 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {

 // fetchZeusFeatures makes an HTTP GET request to the /zeusFeatures endpoint
 // and returns the FeatureSet.
-func fetchZeusFeatures(url, licenseKey string) ([]*licensetypes.Feature, error) {
+func fetchZeusFeatures(url, licenseKey string) (basemodel.FeatureSet, error) {
 	// Check if the URL is empty
 	if url == "" {
 		return nil, fmt.Errorf("url is empty")
@@ -139,28 +116,28 @@ func fetchZeusFeatures(url, licenseKey string) ([]*licensetypes.Feature, error)
 }

 type ZeusFeaturesResponse struct {
-	Status string                  `json:"status"`
-	Data   []*licensetypes.Feature `json:"data"`
+	Status string               `json:"status"`
+	Data   basemodel.FeatureSet `json:"data"`
 }

 // MergeFeatureSets merges two FeatureSet arrays with precedence to zeusFeatures.
-func MergeFeatureSets(zeusFeatures, internalFeatures []*licensetypes.Feature) []*licensetypes.Feature {
+func MergeFeatureSets(zeusFeatures, internalFeatures basemodel.FeatureSet) basemodel.FeatureSet {
 	// Create a map to store the merged features
-	featureMap := make(map[string]*licensetypes.Feature)
+	featureMap := make(map[string]basemodel.Feature)

 	// Add all features from the otherFeatures set to the map
 	for _, feature := range internalFeatures {
-		featureMap[feature.Name.StringValue()] = feature
+		featureMap[feature.Name] = feature
 	}

 	// Add all features from the zeusFeatures set to the map
 	// If a feature already exists (i.e., same name), the zeusFeature will overwrite it
 	for _, feature := range zeusFeatures {
-		featureMap[feature.Name.StringValue()] = feature
+		featureMap[feature.Name] = feature
 	}

 	// Convert the map back to a FeatureSet slice
-	var mergedFeatures []*licensetypes.Feature
+	var mergedFeatures basemodel.FeatureSet
 	for _, feature := range featureMap {
 		mergedFeatures = append(mergedFeatures, feature)
 	}
--- a/ee/query-service/app/api/featureFlags_test.go
+++ b/ee/query-service/app/api/featureFlags_test.go
@@ -3,79 +3,78 @@ package api
 import (
 	"testing"

-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/stretchr/testify/assert"
 )

 func TestMergeFeatureSets(t *testing.T) {
 	tests := []struct {
 		name             string
-		zeusFeatures     []*licensetypes.Feature
-		internalFeatures []*licensetypes.Feature
-		expected         []*licensetypes.Feature
+		zeusFeatures     basemodel.FeatureSet
+		internalFeatures basemodel.FeatureSet
+		expected         basemodel.FeatureSet
 	}{
 		{
 			name:             "empty zeusFeatures and internalFeatures",
-			zeusFeatures:     []*licensetypes.Feature{},
-			internalFeatures: []*licensetypes.Feature{},
-			expected:         []*licensetypes.Feature{},
+			zeusFeatures:     basemodel.FeatureSet{},
+			internalFeatures: basemodel.FeatureSet{},
+			expected:         basemodel.FeatureSet{},
 		},
 		{
 			name: "non-empty zeusFeatures and empty internalFeatures",
-			zeusFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
-			internalFeatures: []*licensetypes.Feature{},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			internalFeatures: basemodel.FeatureSet{},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
 		},
 		{
 			name:         "empty zeusFeatures and non-empty internalFeatures",
-			zeusFeatures: []*licensetypes.Feature{},
-			internalFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{},
+			internalFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
 		},
 		{
 			name: "non-empty zeusFeatures and non-empty internalFeatures with no conflicts",
-			zeusFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature3"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature3", Active: false},
 			},
-			internalFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature2"), Active: true},
-				{Name: valuer.NewString("Feature4"), Active: false},
+			internalFeatures: basemodel.FeatureSet{
+				{Name: "Feature2", Active: true},
+				{Name: "Feature4", Active: false},
 			},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: true},
-				{Name: valuer.NewString("Feature3"), Active: false},
-				{Name: valuer.NewString("Feature4"), Active: false},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: true},
+				{Name: "Feature3", Active: false},
+				{Name: "Feature4", Active: false},
 			},
 		},
 		{
 			name: "non-empty zeusFeatures and non-empty internalFeatures with conflicts",
-			zeusFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
-			internalFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: false},
-				{Name: valuer.NewString("Feature3"), Active: true},
+			internalFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: false},
+				{Name: "Feature3", Active: true},
 			},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
-				{Name: valuer.NewString("Feature3"), Active: true},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
+				{Name: "Feature3", Active: true},
 			},
 		},
 	}
--- a/ee/query-service/app/api/gateway.go
+++ b/ee/query-service/app/api/gateway.go
@@ -5,26 +5,10 @@ import (
 	"strings"

 	"github.com/SigNoz/signoz/ee/query-service/integrations/gateway"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 )

 func (ah *APIHandler) ServeGatewayHTTP(rw http.ResponseWriter, req *http.Request) {
 	ctx := req.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
 	validPath := false
 	for _, allowedPrefix := range gateway.AllowedPrefix {
 		if strings.HasPrefix(req.URL.Path, gateway.RoutePrefix+allowedPrefix) {
@@ -38,9 +22,9 @@ func (ah *APIHandler) ServeGatewayHTTP(rw http.ResponseWriter, req *http.Request
 		return
 	}

-	license, err := ah.Signoz.Licensing.GetActive(ctx, orgID)
+	license, err := ah.LM().GetRepo().GetActiveLicense(ctx)
 	if err != nil {
-		render.Error(rw, err)
+		RespondError(rw, err, nil)
 		return
 	}

--- a/ee/query-service/app/api/license.go
+++ b/ee/query-service/app/api/license.go
@@ -6,7 +6,11 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/ee/query-service/integrations/signozio"
 	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/query-service/telemetry"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 )

 type DayWiseBreakdown struct {
@@ -45,6 +49,10 @@ type details struct {
 	BillTotal float64         `json:"billTotal"`
 }

+type Redirect struct {
+	RedirectURL string `json:"redirectURL"`
+}
+
 type billingDetails struct {
 	Status string `json:"status"`
 	Data   struct {
@@ -56,6 +64,97 @@ type billingDetails struct {
 	} `json:"data"`
 }

+type ApplyLicenseRequest struct {
+	LicenseKey string `json:"key"`
+}
+
+func (ah *APIHandler) listLicensesV3(w http.ResponseWriter, r *http.Request) {
+	ah.listLicensesV2(w, r)
+}
+
+func (ah *APIHandler) getActiveLicenseV3(w http.ResponseWriter, r *http.Request) {
+	activeLicense, err := ah.LM().GetRepo().GetActiveLicenseV3(r.Context())
+	if err != nil {
+		RespondError(w, &model.ApiError{Typ: model.ErrorInternal, Err: err}, nil)
+		return
+	}
+
+	// return 404 not found if there is no active license
+	if activeLicense == nil {
+		RespondError(w, &model.ApiError{Typ: model.ErrorNotFound, Err: fmt.Errorf("no active license found")}, nil)
+		return
+	}
+
+	// TODO deprecate this when we move away from key for stripe
+	activeLicense.Data["key"] = activeLicense.Key
+	render.Success(w, http.StatusOK, activeLicense.Data)
+}
+
+// this function is called by zeus when inserting licenses in the query-service
+func (ah *APIHandler) applyLicenseV3(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	var licenseKey ApplyLicenseRequest
+	if err := json.NewDecoder(r.Body).Decode(&licenseKey); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	if licenseKey.LicenseKey == "" {
+		RespondError(w, model.BadRequest(fmt.Errorf("license key is required")), nil)
+		return
+	}
+
+	_, err = ah.LM().ActivateV3(r.Context(), licenseKey.LicenseKey)
+	if err != nil {
+		telemetry.GetInstance().SendEvent(telemetry.TELEMETRY_LICENSE_ACT_FAILED, map[string]interface{}{"err": err.Error()}, claims.Email, true, false)
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusAccepted, nil)
+}
+
+func (ah *APIHandler) refreshLicensesV3(w http.ResponseWriter, r *http.Request) {
+	err := ah.LM().RefreshLicense(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusNoContent, nil)
+}
+
+func getCheckoutPortalResponse(redirectURL string) *Redirect {
+	return &Redirect{RedirectURL: redirectURL}
+}
+
+func (ah *APIHandler) checkout(w http.ResponseWriter, r *http.Request) {
+	checkoutRequest := &model.CheckoutRequest{}
+	if err := json.NewDecoder(r.Body).Decode(checkoutRequest); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	license := ah.LM().GetActiveLicense()
+	if license == nil {
+		RespondError(w, model.BadRequestStr("cannot proceed with checkout without license key"), nil)
+		return
+	}
+
+	redirectUrl, err := signozio.CheckoutSession(r.Context(), checkoutRequest, license.Key, ah.Signoz.Zeus)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	ah.Respond(w, getCheckoutPortalResponse(redirectUrl))
+}
+
 func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
 	licenseKey := r.URL.Query().Get("licenseKey")

@@ -89,3 +188,71 @@ func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
 	// TODO(srikanthccv):Fetch the current day usage and add it to the response
 	ah.Respond(w, billingResponse.Data)
 }
+
+func convertLicenseV3ToLicenseV2(licenses []*model.LicenseV3) []model.License {
+	licensesV2 := []model.License{}
+	for _, l := range licenses {
+		planKeyFromPlanName, ok := model.MapOldPlanKeyToNewPlanName[l.PlanName]
+		if !ok {
+			planKeyFromPlanName = model.Basic
+		}
+		licenseV2 := model.License{
+			Key:               l.Key,
+			ActivationId:      "",
+			PlanDetails:       "",
+			FeatureSet:        l.Features,
+			ValidationMessage: "",
+			IsCurrent:         l.IsCurrent,
+			LicensePlan: model.LicensePlan{
+				PlanKey:    planKeyFromPlanName,
+				ValidFrom:  l.ValidFrom,
+				ValidUntil: l.ValidUntil,
+				Status:     l.Status},
+		}
+		licensesV2 = append(licensesV2, licenseV2)
+	}
+	return licensesV2
+}
+
+func (ah *APIHandler) listLicensesV2(w http.ResponseWriter, r *http.Request) {
+	licensesV3, apierr := ah.LM().GetLicensesV3(r.Context())
+	if apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+	licenses := convertLicenseV3ToLicenseV2(licensesV3)
+
+	resp := model.Licenses{
+		TrialStart:                   -1,
+		TrialEnd:                     -1,
+		OnTrial:                      false,
+		WorkSpaceBlock:               false,
+		TrialConvertedToSubscription: false,
+		GracePeriodEnd:               -1,
+		Licenses:                     licenses,
+	}
+
+	ah.Respond(w, resp)
+}
+
+func (ah *APIHandler) portalSession(w http.ResponseWriter, r *http.Request) {
+	portalRequest := &model.PortalRequest{}
+	if err := json.NewDecoder(r.Body).Decode(portalRequest); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	license := ah.LM().GetActiveLicense()
+	if license == nil {
+		RespondError(w, model.BadRequestStr("cannot request the portal session without license key"), nil)
+		return
+	}
+
+	redirectUrl, err := signozio.PortalSession(r.Context(), portalRequest, license.Key, ah.Signoz.Zeus)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	ah.Respond(w, getCheckoutPortalResponse(redirectUrl))
+}
--- a/ee/query-service/app/api/pat.go
+++ b/ee/query-service/app/api/pat.go
@@ -0,0 +1,186 @@
+package api
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"slices"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	eeTypes "github.com/SigNoz/signoz/ee/types"
+	"github.com/SigNoz/signoz/pkg/errors"
+	errorsV2 "github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/gorilla/mux"
+	"go.uber.org/zap"
+)
+
+func (ah *APIHandler) createPAT(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	req := model.CreatePATRequestBody{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	pat := eeTypes.NewGettablePAT(
+		req.Name,
+		req.Role,
+		claims.UserID,
+		req.ExpiresInDays,
+	)
+	err = validatePATRequest(pat)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	zap.L().Info("Got Create PAT request", zap.Any("pat", pat))
+	var apierr basemodel.BaseApiError
+	if pat, apierr = ah.AppDao().CreatePAT(r.Context(), claims.OrgID, pat); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, &pat)
+}
+
+func validatePATRequest(req eeTypes.GettablePAT) error {
+	_, err := types.NewRole(req.Role)
+	if err != nil {
+		return err
+	}
+
+	if req.ExpiresAt < 0 {
+		return fmt.Errorf("valid expiresAt is required")
+	}
+
+	if req.Name == "" {
+		return fmt.Errorf("valid name is required")
+	}
+
+	return nil
+}
+
+func (ah *APIHandler) updatePAT(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	req := eeTypes.GettablePAT{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	idStr := mux.Vars(r)["id"]
+	id, err := valuer.NewUUID(idStr)
+	if err != nil {
+		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is not a valid uuid-v7"))
+		return
+	}
+
+	//get the pat
+	existingPAT, err := ah.AppDao().GetPATByID(r.Context(), claims.OrgID, id)
+	if err != nil {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, err.Error()))
+		return
+	}
+
+	// get the user
+	createdByUser, err := ah.Signoz.Modules.User.GetUserByID(r.Context(), claims.OrgID, existingPAT.UserID)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if slices.Contains(types.AllIntegrationUserEmails, types.IntegrationUserEmail(createdByUser.Email)) {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, "integration user pat cannot be updated"))
+		return
+	}
+
+	err = validatePATRequest(req)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	req.UpdatedByUserID = claims.UserID
+	req.UpdatedAt = time.Now()
+	var apierr basemodel.BaseApiError
+	if apierr = ah.AppDao().UpdatePAT(r.Context(), claims.OrgID, req, id); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, map[string]string{"data": "pat updated successfully"})
+}
+
+func (ah *APIHandler) getPATs(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	pats, apierr := ah.AppDao().ListPATs(r.Context(), claims.OrgID)
+	if apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, pats)
+}
+
+func (ah *APIHandler) revokePAT(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	idStr := mux.Vars(r)["id"]
+	id, err := valuer.NewUUID(idStr)
+	if err != nil {
+		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is not a valid uuid-v7"))
+		return
+	}
+
+	//get the pat
+	existingPAT, paterr := ah.AppDao().GetPATByID(r.Context(), claims.OrgID, id)
+	if paterr != nil {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, paterr.Error()))
+		return
+	}
+
+	// get the user
+	createdByUser, err := ah.Signoz.Modules.User.GetUserByID(r.Context(), claims.OrgID, existingPAT.UserID)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if slices.Contains(types.AllIntegrationUserEmails, types.IntegrationUserEmail(createdByUser.Email)) {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, "integration user pat cannot be updated"))
+		return
+	}
+
+	zap.L().Info("Revoke PAT with id", zap.String("id", id.StringValue()))
+	if apierr := ah.AppDao().RevokePAT(r.Context(), claims.OrgID, id, claims.UserID); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+	ah.Respond(w, map[string]string{"data": "pat revoked successfully"})
+}
--- a/ee/query-service/app/server.go
+++ b/ee/query-service/app/server.go
@@ -11,16 +11,16 @@ import (
 	"github.com/gorilla/handlers"
 	"github.com/jmoiron/sqlx"

+	eemiddleware "github.com/SigNoz/signoz/ee/http/middleware"
 	"github.com/SigNoz/signoz/ee/query-service/app/api"
 	"github.com/SigNoz/signoz/ee/query-service/app/db"
 	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/ee/query-service/dao/sqlite"
 	"github.com/SigNoz/signoz/ee/query-service/integrations/gateway"
 	"github.com/SigNoz/signoz/ee/query-service/rules"
-	"github.com/SigNoz/signoz/ee/query-service/usage"
 	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/cache"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/signoz"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
@@ -30,6 +30,9 @@ import (
 	"github.com/rs/cors"
 	"github.com/soheilhy/cmux"

+	licensepkg "github.com/SigNoz/signoz/ee/query-service/license"
+	"github.com/SigNoz/signoz/ee/query-service/usage"
+
 	"github.com/SigNoz/signoz/pkg/query-service/agentConf"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
@@ -87,11 +90,18 @@ func (s Server) HealthCheckStatus() chan healthcheck.Status {

 // NewServer creates and initializes Server
 func NewServer(serverOptions *ServerOptions) (*Server, error) {
+	modelDao := sqlite.NewModelDao(serverOptions.SigNoz.SQLStore)
 	gatewayProxy, err := gateway.NewProxy(serverOptions.GatewayUrl, gateway.RoutePrefix)
 	if err != nil {
 		return nil, err
 	}

+	// initiate license manager
+	lm, err := licensepkg.StartManager(serverOptions.SigNoz.SQLStore.SQLxDB(), serverOptions.SigNoz.SQLStore, serverOptions.SigNoz.Zeus)
+	if err != nil {
+		return nil, err
+	}
+
 	fluxIntervalForTraceDetail, err := time.ParseDuration(serverOptions.FluxIntervalForTraceDetail)
 	if err != nil {
 		return nil, err
@@ -114,7 +124,6 @@ func NewServer(serverOptions *ServerOptions) (*Server, error) {
 		serverOptions.SigNoz.SQLStore,
 		serverOptions.SigNoz.TelemetryStore,
 		serverOptions.SigNoz.Prometheus,
-		serverOptions.SigNoz.Modules.OrgGetter,
 	)

 	if err != nil {
@@ -122,7 +131,10 @@ func NewServer(serverOptions *ServerOptions) (*Server, error) {
 	}

 	// initiate opamp
-	opAmpModel.InitDB(serverOptions.SigNoz.SQLStore, serverOptions.SigNoz.Instrumentation.Logger(), serverOptions.SigNoz.Modules.OrgGetter)
+	_, err = opAmpModel.InitDB(serverOptions.SigNoz.SQLStore.SQLxDB())
+	if err != nil {
+		return nil, err
+	}

 	integrationsController, err := integrations.NewController(serverOptions.SigNoz.SQLStore)
 	if err != nil {
@@ -140,8 +152,7 @@ func NewServer(serverOptions *ServerOptions) (*Server, error) {

 	// ingestion pipelines manager
 	logParsingPipelineController, err := logparsingpipeline.NewLogParsingPipelinesController(
-		serverOptions.SigNoz.SQLStore,
-		integrationsController.GetPipelinesForInstalledIntegrations,
+		serverOptions.SigNoz.SQLStore, integrationsController.GetPipelinesForInstalledIntegrations,
 	)
 	if err != nil {
 		return nil, err
@@ -149,7 +160,7 @@ func NewServer(serverOptions *ServerOptions) (*Server, error) {

 	// initiate agent config handler
 	agentConfMgr, err := agentConf.Initiate(&agentConf.ManagerOptions{
-		Store:         serverOptions.SigNoz.SQLStore,
+		DB:            serverOptions.SigNoz.SQLStore.SQLxDB(),
 		AgentFeatures: []agentConf.AgentFeature{logParsingPipelineController},
 	})
 	if err != nil {
@@ -157,11 +168,11 @@ func NewServer(serverOptions *ServerOptions) (*Server, error) {
 	}

 	// start the usagemanager
-	usageManager, err := usage.New(serverOptions.SigNoz.Licensing, serverOptions.SigNoz.TelemetryStore.ClickhouseDB(), serverOptions.SigNoz.Zeus, serverOptions.SigNoz.Modules.OrgGetter)
+	usageManager, err := usage.New(modelDao, lm.GetRepo(), serverOptions.SigNoz.TelemetryStore.ClickhouseDB(), serverOptions.SigNoz.Zeus)
 	if err != nil {
 		return nil, err
 	}
-	err = usageManager.Start(context.Background())
+	err = usageManager.Start()
 	if err != nil {
 		return nil, err
 	}
@@ -183,8 +194,11 @@ func NewServer(serverOptions *ServerOptions) (*Server, error) {
 	apiOpts := api.APIHandlerOptions{
 		DataConnector:                 reader,
 		PreferSpanMetrics:             serverOptions.PreferSpanMetrics,
+		AppDao:                        modelDao,
 		RulesManager:                  rm,
 		UsageManager:                  usageManager,
+		FeatureFlags:                  lm,
+		LicenseManager:                lm,
 		IntegrationsController:        integrationsController,
 		CloudIntegrationsController:   cloudIntegrationsController,
 		LogsParsingPipelineController: logParsingPipelineController,
@@ -225,7 +239,7 @@ func NewServer(serverOptions *ServerOptions) (*Server, error) {
 		&opAmpModel.AllAgents, agentConfMgr,
 	)

-	orgs, err := apiHandler.Signoz.Modules.OrgGetter.ListByOwnedKeyRange(context.Background())
+	orgs, err := apiHandler.Signoz.Modules.Organization.GetAll(context.Background())
 	if err != nil {
 		return nil, err
 	}
@@ -240,17 +254,18 @@ func NewServer(serverOptions *ServerOptions) (*Server, error) {
 }

 func (s *Server) createPrivateServer(apiHandler *api.APIHandler) (*http.Server, error) {
+
 	r := baseapp.NewRouter()

-	r.Use(middleware.NewAuth(s.serverOptions.Jwt, []string{"Authorization", "Sec-WebSocket-Protocol"}, s.serverOptions.SigNoz.Sharder, s.serverOptions.SigNoz.Instrumentation.Logger()).Wrap)
-	r.Use(middleware.NewAPIKey(s.serverOptions.SigNoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.serverOptions.SigNoz.Instrumentation.Logger(), s.serverOptions.SigNoz.Sharder).Wrap)
-	r.Use(middleware.NewTimeout(s.serverOptions.SigNoz.Instrumentation.Logger(),
+	r.Use(middleware.NewAuth(zap.L(), s.serverOptions.Jwt, []string{"Authorization", "Sec-WebSocket-Protocol"}).Wrap)
+	r.Use(eemiddleware.NewPat(s.serverOptions.SigNoz.SQLStore, []string{"SIGNOZ-API-KEY"}).Wrap)
+	r.Use(middleware.NewTimeout(zap.L(),
 		s.serverOptions.Config.APIServer.Timeout.ExcludedRoutes,
 		s.serverOptions.Config.APIServer.Timeout.Default,
 		s.serverOptions.Config.APIServer.Timeout.Max,
 	).Wrap)
-	r.Use(middleware.NewAnalytics().Wrap)
-	r.Use(middleware.NewLogging(s.serverOptions.SigNoz.Instrumentation.Logger(), s.serverOptions.Config.APIServer.Logging.ExcludedRoutes).Wrap)
+	r.Use(middleware.NewAnalytics(zap.L()).Wrap)
+	r.Use(middleware.NewLogging(zap.L(), s.serverOptions.Config.APIServer.Logging.ExcludedRoutes).Wrap)

 	apiHandler.RegisterPrivateRoutes(r)

@@ -274,15 +289,15 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 	r := baseapp.NewRouter()
 	am := middleware.NewAuthZ(s.serverOptions.SigNoz.Instrumentation.Logger())

-	r.Use(middleware.NewAuth(s.serverOptions.Jwt, []string{"Authorization", "Sec-WebSocket-Protocol"}, s.serverOptions.SigNoz.Sharder, s.serverOptions.SigNoz.Instrumentation.Logger()).Wrap)
-	r.Use(middleware.NewAPIKey(s.serverOptions.SigNoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.serverOptions.SigNoz.Instrumentation.Logger(), s.serverOptions.SigNoz.Sharder).Wrap)
-	r.Use(middleware.NewTimeout(s.serverOptions.SigNoz.Instrumentation.Logger(),
+	r.Use(middleware.NewAuth(zap.L(), s.serverOptions.Jwt, []string{"Authorization", "Sec-WebSocket-Protocol"}).Wrap)
+	r.Use(eemiddleware.NewPat(s.serverOptions.SigNoz.SQLStore, []string{"SIGNOZ-API-KEY"}).Wrap)
+	r.Use(middleware.NewTimeout(zap.L(),
 		s.serverOptions.Config.APIServer.Timeout.ExcludedRoutes,
 		s.serverOptions.Config.APIServer.Timeout.Default,
 		s.serverOptions.Config.APIServer.Timeout.Max,
 	).Wrap)
-	r.Use(middleware.NewAnalytics().Wrap)
-	r.Use(middleware.NewLogging(s.serverOptions.SigNoz.Instrumentation.Logger(), s.serverOptions.Config.APIServer.Logging.ExcludedRoutes).Wrap)
+	r.Use(middleware.NewAnalytics(zap.L()).Wrap)
+	r.Use(middleware.NewLogging(zap.L(), s.serverOptions.Config.APIServer.Logging.ExcludedRoutes).Wrap)

 	apiHandler.RegisterRoutes(r, am)
 	apiHandler.RegisterLogsRoutes(r, am)
@@ -292,12 +307,10 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 	apiHandler.RegisterQueryRangeV3Routes(r, am)
 	apiHandler.RegisterInfraMetricsRoutes(r, am)
 	apiHandler.RegisterQueryRangeV4Routes(r, am)
-	apiHandler.RegisterQueryRangeV5Routes(r, am)
 	apiHandler.RegisterWebSocketPaths(r, am)
 	apiHandler.RegisterMessagingQueuesRoutes(r, am)
 	apiHandler.RegisterThirdPartyApiRoutes(r, am)
 	apiHandler.MetricExplorerRoutes(r, am)
-	apiHandler.RegisterTraceFunnelsRoutes(r, am)

 	c := cors.New(cors.Options{
 		AllowedOrigins: []string{"*"},
@@ -418,15 +431,15 @@ func (s *Server) Start(ctx context.Context) error {
 	return nil
 }

-func (s *Server) Stop(ctx context.Context) error {
+func (s *Server) Stop() error {
 	if s.httpServer != nil {
-		if err := s.httpServer.Shutdown(ctx); err != nil {
+		if err := s.httpServer.Shutdown(context.Background()); err != nil {
 			return err
 		}
 	}

 	if s.privateHTTP != nil {
-		if err := s.privateHTTP.Shutdown(ctx); err != nil {
+		if err := s.privateHTTP.Shutdown(context.Background()); err != nil {
 			return err
 		}
 	}
@@ -434,11 +447,11 @@ func (s *Server) Stop(ctx context.Context) error {
 	s.opampServer.Stop()

 	if s.ruleManager != nil {
-		s.ruleManager.Stop(ctx)
+		s.ruleManager.Stop(context.Background())
 	}

 	// stop usage manager
-	s.usageManager.Stop(ctx)
+	s.usageManager.Stop()

 	return nil
 }
@@ -451,7 +464,6 @@ func makeRulesManager(
 	sqlstore sqlstore.SQLStore,
 	telemetryStore telemetrystore.TelemetryStore,
 	prometheus prometheus.Prometheus,
-	orgGetter organization.Getter,
 ) (*baserules.Manager, error) {
 	// create manager opts
 	managerOpts := &baserules.ManagerOptions{
@@ -467,7 +479,6 @@ func makeRulesManager(
 		PrepareTestRuleFunc: rules.TestNotification,
 		Alertmanager:        alertmanager,
 		SQLStore:            sqlstore,
-		OrgGetter:           orgGetter,
 	}

 	// create Manager
--- a/ee/query-service/constants/constants.go
+++ b/ee/query-service/constants/constants.go
@@ -33,13 +33,3 @@ func GetOrDefaultEnv(key string, fallback string) string {
 func GetDefaultSiteURL() string {
 	return GetOrDefaultEnv("SIGNOZ_SITE_URL", DefaultSiteURL)
 }
-
-const DotMetricsEnabled = "DOT_METRICS_ENABLED"
-
-var IsDotMetricsEnabled = false
-
-func init() {
-	if GetOrDefaultEnv(DotMetricsEnabled, "false") == "true" {
-		IsDotMetricsEnabled = true
-	}
-}
--- a/ee/query-service/dao/interface.go
+++ b/ee/query-service/dao/interface.go
@@ -0,0 +1,32 @@
+package dao
+
+import (
+	"context"
+	"net/url"
+
+	eeTypes "github.com/SigNoz/signoz/ee/types"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/google/uuid"
+)
+
+type ModelDao interface {
+	// auth methods
+	GetDomainFromSsoResponse(ctx context.Context, relayState *url.URL) (*types.GettableOrgDomain, error)
+
+	// org domain (auth domains) CRUD ops
+	ListDomains(ctx context.Context, orgId string) ([]types.GettableOrgDomain, basemodel.BaseApiError)
+	GetDomain(ctx context.Context, id uuid.UUID) (*types.GettableOrgDomain, basemodel.BaseApiError)
+	CreateDomain(ctx context.Context, d *types.GettableOrgDomain) basemodel.BaseApiError
+	UpdateDomain(ctx context.Context, domain *types.GettableOrgDomain) basemodel.BaseApiError
+	DeleteDomain(ctx context.Context, id uuid.UUID) basemodel.BaseApiError
+	GetDomainByEmail(ctx context.Context, email string) (*types.GettableOrgDomain, basemodel.BaseApiError)
+
+	CreatePAT(ctx context.Context, orgID string, p eeTypes.GettablePAT) (eeTypes.GettablePAT, basemodel.BaseApiError)
+	UpdatePAT(ctx context.Context, orgID string, p eeTypes.GettablePAT, id valuer.UUID) basemodel.BaseApiError
+	GetPAT(ctx context.Context, pat string) (*eeTypes.GettablePAT, basemodel.BaseApiError)
+	GetPATByID(ctx context.Context, orgID string, id valuer.UUID) (*eeTypes.GettablePAT, basemodel.BaseApiError)
+	ListPATs(ctx context.Context, orgID string) ([]eeTypes.GettablePAT, basemodel.BaseApiError)
+	RevokePAT(ctx context.Context, orgID string, id valuer.UUID, userID string) basemodel.BaseApiError
+}
--- a/ee/query-service/dao/sqlite/domain.go
+++ b/ee/query-service/dao/sqlite/domain.go
@@ -0,0 +1,272 @@
+package sqlite
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types"
+	ossTypes "github.com/SigNoz/signoz/pkg/types"
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+)
+
+// GetDomainFromSsoResponse uses relay state received from IdP to fetch
+// user domain. The domain is further used to process validity of the response.
+// when sending login request to IdP we send relay state as URL (site url)
+// with domainId or domainName as query parameter.
+func (m *modelDao) GetDomainFromSsoResponse(ctx context.Context, relayState *url.URL) (*types.GettableOrgDomain, error) {
+	// derive domain id from relay state now
+	var domainIdStr string
+	var domainNameStr string
+	var domain *types.GettableOrgDomain
+
+	for k, v := range relayState.Query() {
+		if k == "domainId" && len(v) > 0 {
+			domainIdStr = strings.Replace(v[0], ":", "-", -1)
+		}
+		if k == "domainName" && len(v) > 0 {
+			domainNameStr = v[0]
+		}
+	}
+
+	if domainIdStr != "" {
+		domainId, err := uuid.Parse(domainIdStr)
+		if err != nil {
+			zap.L().Error("failed to parse domainId from relay state", zap.Error(err))
+			return nil, fmt.Errorf("failed to parse domainId from IdP response")
+		}
+
+		domain, err = m.GetDomain(ctx, domainId)
+		if err != nil {
+			zap.L().Error("failed to find domain from domainId received in IdP response", zap.Error(err))
+			return nil, fmt.Errorf("invalid credentials")
+		}
+	}
+
+	if domainNameStr != "" {
+
+		domainFromDB, err := m.GetDomainByName(ctx, domainNameStr)
+		domain = domainFromDB
+		if err != nil {
+			zap.L().Error("failed to find domain from domainName received in IdP response", zap.Error(err))
+			return nil, fmt.Errorf("invalid credentials")
+		}
+	}
+	if domain != nil {
+		return domain, nil
+	}
+
+	return nil, fmt.Errorf("failed to find domain received in IdP response")
+}
+
+// GetDomainByName returns org domain for a given domain name
+func (m *modelDao) GetDomainByName(ctx context.Context, name string) (*types.GettableOrgDomain, basemodel.BaseApiError) {
+
+	stored := types.StorableOrgDomain{}
+	err := m.sqlStore.BunDB().NewSelect().
+		Model(&stored).
+		Where("name = ?", name).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, model.BadRequest(fmt.Errorf("invalid domain name"))
+		}
+		return nil, model.InternalError(err)
+	}
+
+	domain := &types.GettableOrgDomain{StorableOrgDomain: stored}
+	if err := domain.LoadConfig(stored.Data); err != nil {
+		return nil, model.InternalError(err)
+	}
+	return domain, nil
+}
+
+// GetDomain returns org domain for a given domain id
+func (m *modelDao) GetDomain(ctx context.Context, id uuid.UUID) (*types.GettableOrgDomain, basemodel.BaseApiError) {
+
+	stored := types.StorableOrgDomain{}
+	err := m.sqlStore.BunDB().NewSelect().
+		Model(&stored).
+		Where("id = ?", id).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, model.BadRequest(fmt.Errorf("invalid domain id"))
+		}
+		return nil, model.InternalError(err)
+	}
+
+	domain := &types.GettableOrgDomain{StorableOrgDomain: stored}
+	if err := domain.LoadConfig(stored.Data); err != nil {
+		return nil, model.InternalError(err)
+	}
+	return domain, nil
+}
+
+// ListDomains gets the list of auth domains by org id
+func (m *modelDao) ListDomains(ctx context.Context, orgId string) ([]types.GettableOrgDomain, basemodel.BaseApiError) {
+	domains := []types.GettableOrgDomain{}
+
+	stored := []types.StorableOrgDomain{}
+	err := m.sqlStore.BunDB().NewSelect().
+		Model(&stored).
+		Where("org_id = ?", orgId).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return domains, nil
+		}
+		return nil, model.InternalError(err)
+	}
+
+	for _, s := range stored {
+		domain := types.GettableOrgDomain{StorableOrgDomain: s}
+		if err := domain.LoadConfig(s.Data); err != nil {
+			zap.L().Error("ListDomains() failed", zap.Error(err))
+		}
+		domains = append(domains, domain)
+	}
+
+	return domains, nil
+}
+
+// CreateDomain creates  a new auth domain
+func (m *modelDao) CreateDomain(ctx context.Context, domain *types.GettableOrgDomain) basemodel.BaseApiError {
+
+	if domain.ID == uuid.Nil {
+		domain.ID = uuid.New()
+	}
+
+	if domain.OrgID == "" || domain.Name == "" {
+		return model.BadRequest(fmt.Errorf("domain creation failed, missing fields: OrgID, Name "))
+	}
+
+	configJson, err := json.Marshal(domain)
+	if err != nil {
+		zap.L().Error("failed to unmarshal domain config", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain creation failed"))
+	}
+
+	storableDomain := types.StorableOrgDomain{
+		ID:            domain.ID,
+		Name:          domain.Name,
+		OrgID:         domain.OrgID,
+		Data:          string(configJson),
+		TimeAuditable: ossTypes.TimeAuditable{CreatedAt: time.Now(), UpdatedAt: time.Now()},
+	}
+
+	_, err = m.sqlStore.BunDB().NewInsert().
+		Model(&storableDomain).
+		Exec(ctx)
+
+	if err != nil {
+		zap.L().Error("failed to insert domain in db", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain creation failed"))
+	}
+
+	return nil
+}
+
+// UpdateDomain updates stored config params for a domain
+func (m *modelDao) UpdateDomain(ctx context.Context, domain *types.GettableOrgDomain) basemodel.BaseApiError {
+
+	if domain.ID == uuid.Nil {
+		zap.L().Error("domain update failed", zap.Error(fmt.Errorf("OrgDomain.Id is null")))
+		return model.InternalError(fmt.Errorf("domain update failed"))
+	}
+
+	configJson, err := json.Marshal(domain)
+	if err != nil {
+		zap.L().Error("domain update failed", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain update failed"))
+	}
+
+	storableDomain := &types.StorableOrgDomain{
+		ID:            domain.ID,
+		Name:          domain.Name,
+		OrgID:         domain.OrgID,
+		Data:          string(configJson),
+		TimeAuditable: ossTypes.TimeAuditable{UpdatedAt: time.Now()},
+	}
+
+	_, err = m.sqlStore.BunDB().NewUpdate().
+		Model(storableDomain).
+		Column("data", "updated_at").
+		WherePK().
+		Exec(ctx)
+
+	if err != nil {
+		zap.L().Error("domain update failed", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain update failed"))
+	}
+
+	return nil
+}
+
+// DeleteDomain deletes an org domain
+func (m *modelDao) DeleteDomain(ctx context.Context, id uuid.UUID) basemodel.BaseApiError {
+
+	if id == uuid.Nil {
+		zap.L().Error("domain delete failed", zap.Error(fmt.Errorf("OrgDomain.Id is null")))
+		return model.InternalError(fmt.Errorf("domain delete failed"))
+	}
+
+	storableDomain := &types.StorableOrgDomain{ID: id}
+	_, err := m.sqlStore.BunDB().NewDelete().
+		Model(storableDomain).
+		WherePK().
+		Exec(ctx)
+
+	if err != nil {
+		zap.L().Error("domain delete failed", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain delete failed"))
+	}
+
+	return nil
+}
+
+func (m *modelDao) GetDomainByEmail(ctx context.Context, email string) (*types.GettableOrgDomain, basemodel.BaseApiError) {
+
+	if email == "" {
+		return nil, model.BadRequest(fmt.Errorf("could not find auth domain, missing fields: email "))
+	}
+
+	components := strings.Split(email, "@")
+	if len(components) < 2 {
+		return nil, model.BadRequest(fmt.Errorf("invalid email address"))
+	}
+
+	parsedDomain := components[1]
+
+	stored := types.StorableOrgDomain{}
+	err := m.sqlStore.BunDB().NewSelect().
+		Model(&stored).
+		Where("name = ?", parsedDomain).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, nil
+		}
+		return nil, model.InternalError(err)
+	}
+
+	domain := &types.GettableOrgDomain{StorableOrgDomain: stored}
+	if err := domain.LoadConfig(stored.Data); err != nil {
+		return nil, model.InternalError(err)
+	}
+	return domain, nil
+}
--- a/ee/query-service/dao/sqlite/modelDao.go
+++ b/ee/query-service/dao/sqlite/modelDao.go
@@ -0,0 +1,18 @@
+package sqlite
+
+import (
+	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+)
+
+type modelDao struct {
+	userModule user.Module
+	sqlStore   sqlstore.SQLStore
+}
+
+// InitDB creates and extends base model DB repository
+func NewModelDao(sqlStore sqlstore.SQLStore) *modelDao {
+	userModule := impluser.NewModule(impluser.NewStore(sqlStore))
+	return &modelDao{userModule: userModule, sqlStore: sqlStore}
+}
--- a/ee/query-service/dao/sqlite/pat.go
+++ b/ee/query-service/dao/sqlite/pat.go
@@ -0,0 +1,201 @@
+package sqlite
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/ee/types"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	ossTypes "github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+
+	"go.uber.org/zap"
+)
+
+func (m *modelDao) CreatePAT(ctx context.Context, orgID string, p types.GettablePAT) (types.GettablePAT, basemodel.BaseApiError) {
+	p.StorablePersonalAccessToken.OrgID = orgID
+	p.StorablePersonalAccessToken.ID = valuer.GenerateUUID()
+	_, err := m.sqlStore.BunDB().NewInsert().
+		Model(&p.StorablePersonalAccessToken).
+		Exec(ctx)
+	if err != nil {
+		zap.L().Error("Failed to insert PAT in db, err: %v", zap.Error(err))
+		return types.GettablePAT{}, model.InternalError(fmt.Errorf("PAT insertion failed"))
+	}
+
+	createdByUser, _ := m.userModule.GetUserByID(ctx, orgID, p.UserID)
+	if createdByUser == nil {
+		p.CreatedByUser = types.PatUser{
+			NotFound: true,
+		}
+	} else {
+		p.CreatedByUser = types.PatUser{
+			User: ossTypes.User{
+				Identifiable: ossTypes.Identifiable{
+					ID: createdByUser.ID,
+				},
+				DisplayName: createdByUser.DisplayName,
+				Email:       createdByUser.Email,
+				TimeAuditable: ossTypes.TimeAuditable{
+					CreatedAt: createdByUser.CreatedAt,
+					UpdatedAt: createdByUser.UpdatedAt,
+				},
+			},
+			NotFound: false,
+		}
+	}
+	return p, nil
+}
+
+func (m *modelDao) UpdatePAT(ctx context.Context, orgID string, p types.GettablePAT, id valuer.UUID) basemodel.BaseApiError {
+	_, err := m.sqlStore.BunDB().NewUpdate().
+		Model(&p.StorablePersonalAccessToken).
+		Column("role", "name", "updated_at", "updated_by_user_id").
+		Where("id = ?", id.StringValue()).
+		Where("org_id = ?", orgID).
+		Where("revoked = false").
+		Exec(ctx)
+	if err != nil {
+		zap.L().Error("Failed to update PAT in db, err: %v", zap.Error(err))
+		return model.InternalError(fmt.Errorf("PAT update failed"))
+	}
+	return nil
+}
+
+func (m *modelDao) ListPATs(ctx context.Context, orgID string) ([]types.GettablePAT, basemodel.BaseApiError) {
+	pats := []types.StorablePersonalAccessToken{}
+
+	if err := m.sqlStore.BunDB().NewSelect().
+		Model(&pats).
+		Where("revoked = false").
+		Where("org_id = ?", orgID).
+		Order("updated_at DESC").
+		Scan(ctx); err != nil {
+		zap.L().Error("Failed to fetch PATs err: %v", zap.Error(err))
+		return nil, model.InternalError(fmt.Errorf("failed to fetch PATs"))
+	}
+
+	patsWithUsers := []types.GettablePAT{}
+	for i := range pats {
+		patWithUser := types.GettablePAT{
+			StorablePersonalAccessToken: pats[i],
+		}
+
+		createdByUser, _ := m.userModule.GetUserByID(ctx, orgID, pats[i].UserID)
+		if createdByUser == nil {
+			patWithUser.CreatedByUser = types.PatUser{
+				NotFound: true,
+			}
+		} else {
+			patWithUser.CreatedByUser = types.PatUser{
+				User: ossTypes.User{
+					Identifiable: ossTypes.Identifiable{
+						ID: createdByUser.ID,
+					},
+					DisplayName: createdByUser.DisplayName,
+					Email:       createdByUser.Email,
+					TimeAuditable: ossTypes.TimeAuditable{
+						CreatedAt: createdByUser.CreatedAt,
+						UpdatedAt: createdByUser.UpdatedAt,
+					},
+				},
+				NotFound: false,
+			}
+		}
+
+		updatedByUser, _ := m.userModule.GetUserByID(ctx, orgID, pats[i].UpdatedByUserID)
+		if updatedByUser == nil {
+			patWithUser.UpdatedByUser = types.PatUser{
+				NotFound: true,
+			}
+		} else {
+			patWithUser.UpdatedByUser = types.PatUser{
+				User: ossTypes.User{
+					Identifiable: ossTypes.Identifiable{
+						ID: updatedByUser.ID,
+					},
+					DisplayName: updatedByUser.DisplayName,
+					Email:       updatedByUser.Email,
+					TimeAuditable: ossTypes.TimeAuditable{
+						CreatedAt: updatedByUser.CreatedAt,
+						UpdatedAt: updatedByUser.UpdatedAt,
+					},
+				},
+				NotFound: false,
+			}
+		}
+
+		patsWithUsers = append(patsWithUsers, patWithUser)
+	}
+	return patsWithUsers, nil
+}
+
+func (m *modelDao) RevokePAT(ctx context.Context, orgID string, id valuer.UUID, userID string) basemodel.BaseApiError {
+	updatedAt := time.Now().Unix()
+	_, err := m.sqlStore.BunDB().NewUpdate().
+		Model(&types.StorablePersonalAccessToken{}).
+		Set("revoked = ?", true).
+		Set("updated_by_user_id = ?", userID).
+		Set("updated_at = ?", updatedAt).
+		Where("id = ?", id.StringValue()).
+		Where("org_id = ?", orgID).
+		Exec(ctx)
+	if err != nil {
+		zap.L().Error("Failed to revoke PAT in db, err: %v", zap.Error(err))
+		return model.InternalError(fmt.Errorf("PAT revoke failed"))
+	}
+	return nil
+}
+
+func (m *modelDao) GetPAT(ctx context.Context, token string) (*types.GettablePAT, basemodel.BaseApiError) {
+	pats := []types.StorablePersonalAccessToken{}
+
+	if err := m.sqlStore.BunDB().NewSelect().
+		Model(&pats).
+		Where("token = ?", token).
+		Where("revoked = false").
+		Scan(ctx); err != nil {
+		return nil, model.InternalError(fmt.Errorf("failed to fetch PAT"))
+	}
+
+	if len(pats) != 1 {
+		return nil, &model.ApiError{
+			Typ: model.ErrorInternal,
+			Err: fmt.Errorf("found zero or multiple PATs with same token, %s", token),
+		}
+	}
+
+	patWithUser := types.GettablePAT{
+		StorablePersonalAccessToken: pats[0],
+	}
+
+	return &patWithUser, nil
+}
+
+func (m *modelDao) GetPATByID(ctx context.Context, orgID string, id valuer.UUID) (*types.GettablePAT, basemodel.BaseApiError) {
+	pats := []types.StorablePersonalAccessToken{}
+
+	if err := m.sqlStore.BunDB().NewSelect().
+		Model(&pats).
+		Where("id = ?", id.StringValue()).
+		Where("org_id = ?", orgID).
+		Where("revoked = false").
+		Scan(ctx); err != nil {
+		return nil, model.InternalError(fmt.Errorf("failed to fetch PAT"))
+	}
+
+	if len(pats) != 1 {
+		return nil, &model.ApiError{
+			Typ: model.ErrorInternal,
+			Err: fmt.Errorf("found zero or multiple PATs with same token"),
+		}
+	}
+
+	patWithUser := types.GettablePAT{
+		StorablePersonalAccessToken: pats[0],
+	}
+
+	return &patWithUser, nil
+}
--- a/ee/query-service/integrations/signozio/signozio.go
+++ b/ee/query-service/integrations/signozio/signozio.go
@@ -0,0 +1,67 @@
+package signozio
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/zeus"
+	"github.com/tidwall/gjson"
+)
+
+func ValidateLicenseV3(ctx context.Context, licenseKey string, zeus zeus.Zeus) (*model.LicenseV3, error) {
+	data, err := zeus.GetLicense(ctx, licenseKey)
+	if err != nil {
+		return nil, err
+	}
+
+	var m map[string]any
+	if err = json.Unmarshal(data, &m); err != nil {
+		return nil, err
+	}
+
+	license, err := model.NewLicenseV3(m)
+	if err != nil {
+		return nil, err
+	}
+
+	return license, nil
+}
+
+// SendUsage reports the usage of signoz to license server
+func SendUsage(ctx context.Context, usage model.UsagePayload, zeus zeus.Zeus) error {
+	body, err := json.Marshal(usage)
+	if err != nil {
+		return err
+	}
+
+	return zeus.PutMeters(ctx, usage.LicenseKey.String(), body)
+}
+
+func CheckoutSession(ctx context.Context, checkoutRequest *model.CheckoutRequest, licenseKey string, zeus zeus.Zeus) (string, error) {
+	body, err := json.Marshal(checkoutRequest)
+	if err != nil {
+		return "", err
+	}
+
+	response, err := zeus.GetCheckoutURL(ctx, licenseKey, body)
+	if err != nil {
+		return "", err
+	}
+
+	return gjson.GetBytes(response, "url").String(), nil
+}
+
+func PortalSession(ctx context.Context, portalRequest *model.PortalRequest, licenseKey string, zeus zeus.Zeus) (string, error) {
+	body, err := json.Marshal(portalRequest)
+	if err != nil {
+		return "", err
+	}
+
+	response, err := zeus.GetPortalURL(ctx, licenseKey, body)
+	if err != nil {
+		return "", err
+	}
+
+	return gjson.GetBytes(response, "url").String(), nil
+}
--- a/ee/query-service/license/db.go
+++ b/ee/query-service/license/db.go
@@ -0,0 +1,248 @@
+package license
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+	"github.com/mattn/go-sqlite3"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"go.uber.org/zap"
+)
+
+// Repo is license repo. stores license keys in a secured DB
+type Repo struct {
+	db    *sqlx.DB
+	store sqlstore.SQLStore
+}
+
+// NewLicenseRepo initiates a new license repo
+func NewLicenseRepo(db *sqlx.DB, store sqlstore.SQLStore) Repo {
+	return Repo{
+		db:    db,
+		store: store,
+	}
+}
+
+func (r *Repo) GetLicensesV3(ctx context.Context) ([]*model.LicenseV3, error) {
+	licensesData := []model.LicenseDB{}
+	licenseV3Data := []*model.LicenseV3{}
+
+	query := "SELECT id,key,data FROM licenses_v3"
+
+	err := r.db.Select(&licensesData, query)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get licenses from db: %v", err)
+	}
+
+	for _, l := range licensesData {
+		var licenseData map[string]interface{}
+		err := json.Unmarshal([]byte(l.Data), &licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal data into licenseData : %v", err)
+		}
+
+		license, err := model.NewLicenseV3WithIDAndKey(l.ID, l.Key, licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get licenses v3 schema : %v", err)
+		}
+		licenseV3Data = append(licenseV3Data, license)
+	}
+
+	return licenseV3Data, nil
+}
+
+// GetActiveLicense fetches the latest active license from DB.
+// If the license is not present, expect a nil license and a nil error in the output.
+func (r *Repo) GetActiveLicense(ctx context.Context) (*model.License, *basemodel.ApiError) {
+	activeLicenseV3, err := r.GetActiveLicenseV3(ctx)
+	if err != nil {
+		return nil, basemodel.InternalError(fmt.Errorf("failed to get active licenses from db: %v", err))
+	}
+
+	if activeLicenseV3 == nil {
+		return nil, nil
+	}
+	activeLicenseV2 := model.ConvertLicenseV3ToLicenseV2(activeLicenseV3)
+	return activeLicenseV2, nil
+}
+
+func (r *Repo) GetActiveLicenseV3(ctx context.Context) (*model.LicenseV3, error) {
+	var err error
+	licenses := []model.LicenseDB{}
+
+	query := "SELECT id,key,data FROM licenses_v3"
+
+	err = r.db.Select(&licenses, query)
+	if err != nil {
+		return nil, basemodel.InternalError(fmt.Errorf("failed to get active licenses from db: %v", err))
+	}
+
+	var active *model.LicenseV3
+	for _, l := range licenses {
+		var licenseData map[string]interface{}
+		err := json.Unmarshal([]byte(l.Data), &licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal data into licenseData : %v", err)
+		}
+
+		license, err := model.NewLicenseV3WithIDAndKey(l.ID, l.Key, licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get licenses v3 schema : %v", err)
+		}
+
+		if active == nil &&
+			(license.ValidFrom != 0) &&
+			(license.ValidUntil == -1 || license.ValidUntil > time.Now().Unix()) {
+			active = license
+		}
+		if active != nil &&
+			license.ValidFrom > active.ValidFrom &&
+			(license.ValidUntil == -1 || license.ValidUntil > time.Now().Unix()) {
+			active = license
+		}
+	}
+
+	return active, nil
+}
+
+// InsertLicenseV3 inserts a new license v3 in db
+func (r *Repo) InsertLicenseV3(ctx context.Context, l *model.LicenseV3) *model.ApiError {
+
+	query := `INSERT INTO licenses_v3 (id, key, data) VALUES ($1, $2, $3)`
+
+	// licsense is the entity of zeus so putting the entire license here without defining schema
+	licenseData, err := json.Marshal(l.Data)
+	if err != nil {
+		return &model.ApiError{Typ: basemodel.ErrorBadData, Err: err}
+	}
+
+	_, err = r.db.ExecContext(ctx,
+		query,
+		l.ID,
+		l.Key,
+		string(licenseData),
+	)
+
+	if err != nil {
+		if sqliteErr, ok := err.(sqlite3.Error); ok {
+			if sqliteErr.ExtendedCode == sqlite3.ErrConstraintUnique {
+				zap.L().Error("error in inserting license data: ", zap.Error(sqliteErr))
+				return &model.ApiError{Typ: model.ErrorConflict, Err: sqliteErr}
+			}
+		}
+		zap.L().Error("error in inserting license data: ", zap.Error(err))
+		return &model.ApiError{Typ: basemodel.ErrorExec, Err: err}
+	}
+
+	return nil
+}
+
+// UpdateLicenseV3 updates a new license v3 in db
+func (r *Repo) UpdateLicenseV3(ctx context.Context, l *model.LicenseV3) error {
+
+	// the key and id for the license can't change so only update the data here!
+	query := `UPDATE licenses_v3 SET data=$1 WHERE id=$2;`
+
+	license, err := json.Marshal(l.Data)
+	if err != nil {
+		return fmt.Errorf("insert license failed: license marshal error")
+	}
+	_, err = r.db.ExecContext(ctx,
+		query,
+		license,
+		l.ID,
+	)
+
+	if err != nil {
+		zap.L().Error("error in updating license data: ", zap.Error(err))
+		return fmt.Errorf("failed to update license in db: %v", err)
+	}
+
+	return nil
+}
+
+func (r *Repo) CreateFeature(req *types.FeatureStatus) *basemodel.ApiError {
+
+	_, err := r.store.BunDB().NewInsert().
+		Model(req).
+		Exec(context.Background())
+	if err != nil {
+		return &basemodel.ApiError{Typ: basemodel.ErrorInternal, Err: err}
+	}
+	return nil
+}
+
+func (r *Repo) GetFeature(featureName string) (types.FeatureStatus, error) {
+	var feature types.FeatureStatus
+
+	err := r.store.BunDB().NewSelect().
+		Model(&feature).
+		Where("name = ?", featureName).
+		Scan(context.Background())
+
+	if err != nil {
+		return feature, err
+	}
+	if feature.Name == "" {
+		return feature, basemodel.ErrFeatureUnavailable{Key: featureName}
+	}
+	return feature, nil
+}
+
+func (r *Repo) GetAllFeatures() ([]basemodel.Feature, error) {
+
+	var feature []basemodel.Feature
+
+	err := r.db.Select(&feature,
+		`SELECT * FROM feature_status;`)
+	if err != nil {
+		return feature, err
+	}
+
+	return feature, nil
+}
+
+func (r *Repo) UpdateFeature(req types.FeatureStatus) error {
+
+	_, err := r.store.BunDB().NewUpdate().
+		Model(&req).
+		Where("name = ?", req.Name).
+		Exec(context.Background())
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (r *Repo) InitFeatures(req []types.FeatureStatus) error {
+	// get a feature by name, if it doesn't exist, create it. If it does exist, update it.
+	for _, feature := range req {
+		currentFeature, err := r.GetFeature(feature.Name)
+		if err != nil && err == sql.ErrNoRows {
+			err := r.CreateFeature(&feature)
+			if err != nil {
+				return err
+			}
+			continue
+		} else if err != nil {
+			return err
+		}
+		feature.Usage = int(currentFeature.Usage)
+		if feature.Usage >= feature.UsageLimit && feature.UsageLimit != -1 {
+			feature.Active = false
+		}
+		err = r.UpdateFeature(feature)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
--- a/ee/query-service/license/manager.go
+++ b/ee/query-service/license/manager.go
@@ -0,0 +1,318 @@
+package license
+
+import (
+	"context"
+	"sync/atomic"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+
+	"sync"
+
+	baseconstants "github.com/SigNoz/signoz/pkg/query-service/constants"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/zeus"
+
+	validate "github.com/SigNoz/signoz/ee/query-service/integrations/signozio"
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/query-service/telemetry"
+	"go.uber.org/zap"
+)
+
+var LM *Manager
+
+// validate and update license every 24 hours
+var validationFrequency = 24 * 60 * time.Minute
+
+type Manager struct {
+	repo             *Repo
+	zeus             zeus.Zeus
+	mutex            sync.Mutex
+	validatorRunning bool
+	// end the license validation, this is important to gracefully
+	// stopping validation and protect in-consistent updates
+	done chan struct{}
+	// terminated waits for the validate go routine to end
+	terminated chan struct{}
+	// last time the license was validated
+	lastValidated int64
+	// keep track of validation failure attempts
+	failedAttempts uint64
+	// keep track of active license and features
+	activeLicenseV3 *model.LicenseV3
+	activeFeatures  basemodel.FeatureSet
+}
+
+func StartManager(db *sqlx.DB, store sqlstore.SQLStore, zeus zeus.Zeus, features ...basemodel.Feature) (*Manager, error) {
+	if LM != nil {
+		return LM, nil
+	}
+
+	repo := NewLicenseRepo(db, store)
+	m := &Manager{
+		repo: &repo,
+		zeus: zeus,
+	}
+	if err := m.start(features...); err != nil {
+		return m, err
+	}
+
+	LM = m
+	return m, nil
+}
+
+// start loads active license in memory and initiates validator
+func (lm *Manager) start(features ...basemodel.Feature) error {
+	return lm.LoadActiveLicenseV3(features...)
+}
+
+func (lm *Manager) Stop() {
+	close(lm.done)
+	<-lm.terminated
+}
+
+func (lm *Manager) SetActiveV3(l *model.LicenseV3, features ...basemodel.Feature) {
+	lm.mutex.Lock()
+	defer lm.mutex.Unlock()
+
+	if l == nil {
+		return
+	}
+
+	lm.activeLicenseV3 = l
+	lm.activeFeatures = append(l.Features, features...)
+	// set default features
+	setDefaultFeatures(lm)
+
+	err := lm.InitFeatures(lm.activeFeatures)
+	if err != nil {
+		zap.L().Panic("Couldn't activate features", zap.Error(err))
+	}
+	if !lm.validatorRunning {
+		// we want to make sure only one validator runs,
+		// we already have lock() so good to go
+		lm.validatorRunning = true
+		go lm.ValidatorV3(context.Background())
+	}
+
+}
+
+func setDefaultFeatures(lm *Manager) {
+	lm.activeFeatures = append(lm.activeFeatures, baseconstants.DEFAULT_FEATURE_SET...)
+}
+
+func (lm *Manager) LoadActiveLicenseV3(features ...basemodel.Feature) error {
+	active, err := lm.repo.GetActiveLicenseV3(context.Background())
+	if err != nil {
+		return err
+	}
+
+	if active != nil {
+		lm.SetActiveV3(active, features...)
+	} else {
+		zap.L().Info("No active license found, defaulting to basic plan")
+		// if no active license is found, we default to basic(free) plan with all default features
+		lm.activeFeatures = model.BasicPlan
+		setDefaultFeatures(lm)
+		err := lm.InitFeatures(lm.activeFeatures)
+		if err != nil {
+			zap.L().Error("Couldn't initialize features", zap.Error(err))
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (lm *Manager) GetLicensesV3(ctx context.Context) (response []*model.LicenseV3, apiError *model.ApiError) {
+
+	licenses, err := lm.repo.GetLicensesV3(ctx)
+	if err != nil {
+		return nil, model.InternalError(err)
+	}
+
+	for _, l := range licenses {
+		if lm.activeLicenseV3 != nil && l.Key == lm.activeLicenseV3.Key {
+			l.IsCurrent = true
+		}
+		if l.ValidUntil == -1 {
+			// for subscriptions, there is no end-date as such
+			// but for showing user some validity we default one year timespan
+			l.ValidUntil = l.ValidFrom + 31556926
+		}
+		response = append(response, l)
+	}
+
+	return response, nil
+}
+
+// Validator validates license after an epoch of time
+func (lm *Manager) ValidatorV3(ctx context.Context) {
+	zap.L().Info("ValidatorV3 started!")
+	defer close(lm.terminated)
+
+	tick := time.NewTicker(validationFrequency)
+	defer tick.Stop()
+
+	_ = lm.ValidateV3(ctx)
+	for {
+		select {
+		case <-lm.done:
+			return
+		default:
+			select {
+			case <-lm.done:
+				return
+			case <-tick.C:
+				_ = lm.ValidateV3(ctx)
+			}
+		}
+
+	}
+}
+
+func (lm *Manager) RefreshLicense(ctx context.Context) error {
+	license, err := validate.ValidateLicenseV3(ctx, lm.activeLicenseV3.Key, lm.zeus)
+	if err != nil {
+		return err
+	}
+
+	err = lm.repo.UpdateLicenseV3(ctx, license)
+	if err != nil {
+		return err
+	}
+	lm.SetActiveV3(license)
+
+	return nil
+}
+
+func (lm *Manager) ValidateV3(ctx context.Context) (reterr error) {
+	if lm.activeLicenseV3 == nil {
+		return nil
+	}
+
+	defer func() {
+		lm.mutex.Lock()
+
+		lm.lastValidated = time.Now().Unix()
+		if reterr != nil {
+			zap.L().Error("License validation completed with error", zap.Error(reterr))
+
+			atomic.AddUint64(&lm.failedAttempts, 1)
+			// default to basic plan if validation fails for three consecutive times
+			if atomic.LoadUint64(&lm.failedAttempts) > 3 {
+				zap.L().Error("License validation completed with error for three consecutive times, defaulting to basic plan", zap.String("license_id", lm.activeLicenseV3.ID), zap.Bool("license_validation", false))
+				lm.activeLicenseV3 = nil
+				lm.activeFeatures = model.BasicPlan
+				setDefaultFeatures(lm)
+				err := lm.InitFeatures(lm.activeFeatures)
+				if err != nil {
+					zap.L().Error("Couldn't initialize features", zap.Error(err))
+				}
+				lm.done <- struct{}{}
+				lm.validatorRunning = false
+			}
+
+			telemetry.GetInstance().SendEvent(telemetry.TELEMETRY_LICENSE_CHECK_FAILED,
+				map[string]interface{}{"err": reterr.Error()}, "", true, false)
+		} else {
+			// reset the failed attempts counter
+			atomic.StoreUint64(&lm.failedAttempts, 0)
+			zap.L().Info("License validation completed with no errors")
+		}
+
+		lm.mutex.Unlock()
+	}()
+
+	err := lm.RefreshLicense(ctx)
+
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (lm *Manager) ActivateV3(ctx context.Context, licenseKey string) (*model.LicenseV3, error) {
+	license, err := validate.ValidateLicenseV3(ctx, licenseKey, lm.zeus)
+	if err != nil {
+		return nil, err
+	}
+
+	// insert the new license to the sqlite db
+	modelErr := lm.repo.InsertLicenseV3(ctx, license)
+	if modelErr != nil {
+		zap.L().Error("failed to activate license", zap.Error(modelErr))
+		return nil, modelErr
+	}
+
+	// license is valid, activate it
+	lm.SetActiveV3(license)
+	return license, nil
+}
+
+func (lm *Manager) GetActiveLicense() *model.LicenseV3 {
+	return lm.activeLicenseV3
+}
+
+// CheckFeature will be internally used by backend routines
+// for feature gating
+func (lm *Manager) CheckFeature(featureKey string) error {
+	feature, err := lm.repo.GetFeature(featureKey)
+	if err != nil {
+		return err
+	}
+	if feature.Active {
+		return nil
+	}
+	return basemodel.ErrFeatureUnavailable{Key: featureKey}
+}
+
+// GetFeatureFlags returns current active features
+func (lm *Manager) GetFeatureFlags() (basemodel.FeatureSet, error) {
+	return lm.repo.GetAllFeatures()
+}
+
+func (lm *Manager) InitFeatures(features basemodel.FeatureSet) error {
+	featureStatus := make([]types.FeatureStatus, len(features))
+	for i, f := range features {
+		featureStatus[i] = types.FeatureStatus{
+			Name:       f.Name,
+			Active:     f.Active,
+			Usage:      int(f.Usage),
+			UsageLimit: int(f.UsageLimit),
+			Route:      f.Route,
+		}
+	}
+	return lm.repo.InitFeatures(featureStatus)
+}
+
+func (lm *Manager) UpdateFeatureFlag(feature basemodel.Feature) error {
+	return lm.repo.UpdateFeature(types.FeatureStatus{
+		Name:       feature.Name,
+		Active:     feature.Active,
+		Usage:      int(feature.Usage),
+		UsageLimit: int(feature.UsageLimit),
+		Route:      feature.Route,
+	})
+}
+
+func (lm *Manager) GetFeatureFlag(key string) (basemodel.Feature, error) {
+	featureStatus, err := lm.repo.GetFeature(key)
+	if err != nil {
+		return basemodel.Feature{}, err
+	}
+	return basemodel.Feature{
+		Name:       featureStatus.Name,
+		Active:     featureStatus.Active,
+		Usage:      int64(featureStatus.Usage),
+		UsageLimit: int64(featureStatus.UsageLimit),
+		Route:      featureStatus.Route,
+	}, nil
+}
+
+// GetRepo return the license repo
+func (lm *Manager) GetRepo() *Repo {
+	return lm.repo
+}
--- a/ee/query-service/main.go
+++ b/ee/query-service/main.go
@@ -6,26 +6,21 @@ import (
 	"os"
 	"time"

-	"github.com/SigNoz/signoz/ee/licensing"
-	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
+	eeuserimpl "github.com/SigNoz/signoz/ee/modules/user/impluser"
 	"github.com/SigNoz/signoz/ee/query-service/app"
 	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
 	"github.com/SigNoz/signoz/ee/zeus"
 	"github.com/SigNoz/signoz/ee/zeus/httpzeus"
-	"github.com/SigNoz/signoz/pkg/analytics"
 	"github.com/SigNoz/signoz/pkg/config"
 	"github.com/SigNoz/signoz/pkg/config/envprovider"
 	"github.com/SigNoz/signoz/pkg/config/fileprovider"
-	"github.com/SigNoz/signoz/pkg/factory"
-	pkglicensing "github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/user"
 	baseconst "github.com/SigNoz/signoz/pkg/query-service/constants"
 	"github.com/SigNoz/signoz/pkg/signoz"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstorehook"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/version"
-	pkgzeus "github.com/SigNoz/signoz/pkg/zeus"

 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
@@ -93,9 +88,8 @@ func main() {
 	loggerMgr := initZapLog()
 	zap.ReplaceGlobals(loggerMgr)
 	defer loggerMgr.Sync() // flushes buffer, if any
-	ctx := context.Background()

-	config, err := signoz.NewConfig(ctx, config.ResolverConfig{
+	config, err := signoz.NewConfig(context.Background(), config.ResolverConfig{
 		Uris: []string{"env:"},
 		ProviderFactories: []config.ProviderFactory{
 			envprovider.NewFactory(),
@@ -118,6 +112,26 @@ func main() {
 		zap.L().Fatal("Failed to add postgressqlstore factory", zap.Error(err))
 	}

+	signoz, err := signoz.New(
+		context.Background(),
+		config,
+		zeus.Config(),
+		httpzeus.NewProviderFactory(),
+		signoz.NewCacheProviderFactories(),
+		signoz.NewWebProviderFactories(),
+		sqlStoreFactories,
+		signoz.NewTelemetryStoreProviderFactories(),
+		func(sqlstore sqlstore.SQLStore) user.Module {
+			return eeuserimpl.NewModule(eeuserimpl.NewStore(sqlstore))
+		},
+		func(userModule user.Module) user.Handler {
+			return eeuserimpl.NewHandler(userModule)
+		},
+	)
+	if err != nil {
+		zap.L().Fatal("Failed to create signoz", zap.Error(err))
+	}
+
 	jwtSecret := os.Getenv("SIGNOZ_JWT_SECRET")

 	if len(jwtSecret) == 0 {
@@ -128,26 +142,6 @@ func main() {

 	jwt := authtypes.NewJWT(jwtSecret, 30*time.Minute, 30*24*time.Hour)

-	signoz, err := signoz.New(
-		context.Background(),
-		config,
-		jwt,
-		zeus.Config(),
-		httpzeus.NewProviderFactory(),
-		licensing.Config(24*time.Hour, 3),
-		func(sqlstore sqlstore.SQLStore, zeus pkgzeus.Zeus, orgGetter organization.Getter, analytics analytics.Analytics) factory.ProviderFactory[pkglicensing.Licensing, pkglicensing.Config] {
-			return httplicensing.NewProviderFactory(sqlstore, zeus, orgGetter, analytics)
-		},
-		signoz.NewEmailingProviderFactories(),
-		signoz.NewCacheProviderFactories(),
-		signoz.NewWebProviderFactories(),
-		sqlStoreFactories,
-		signoz.NewTelemetryStoreProviderFactories(),
-	)
-	if err != nil {
-		zap.L().Fatal("Failed to create signoz", zap.Error(err))
-	}
-
 	serverOptions := &app.ServerOptions{
 		Config:                     config,
 		SigNoz:                     signoz,
@@ -166,22 +160,22 @@ func main() {
 		zap.L().Fatal("Failed to create server", zap.Error(err))
 	}

-	if err := server.Start(ctx); err != nil {
+	if err := server.Start(context.Background()); err != nil {
 		zap.L().Fatal("Could not start server", zap.Error(err))
 	}

-	signoz.Start(ctx)
+	signoz.Start(context.Background())

-	if err := signoz.Wait(ctx); err != nil {
+	if err := signoz.Wait(context.Background()); err != nil {
 		zap.L().Fatal("Failed to start signoz", zap.Error(err))
 	}

-	err = server.Stop(ctx)
+	err = server.Stop()
 	if err != nil {
 		zap.L().Fatal("Failed to stop server", zap.Error(err))
 	}

-	err = signoz.Stop(ctx)
+	err = signoz.Stop(context.Background())
 	if err != nil {
 		zap.L().Fatal("Failed to stop signoz", zap.Error(err))
 	}
--- a/ee/query-service/model/license.go
+++ b/ee/query-service/model/license.go
@@ -0,0 +1,244 @@
+package model
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"time"
+
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/pkg/errors"
+)
+
+type License struct {
+	Key          string    `json:"key" db:"key"`
+	ActivationId string    `json:"activationId" db:"activationId"`
+	CreatedAt    time.Time `db:"created_at"`
+
+	// PlanDetails contains the encrypted plan info
+	PlanDetails string `json:"planDetails" db:"planDetails"`
+
+	// stores parsed license details
+	LicensePlan
+
+	FeatureSet basemodel.FeatureSet
+
+	// populated in case license has any errors
+	ValidationMessage string `db:"validationMessage"`
+
+	// used only for sending details to front-end
+	IsCurrent bool `json:"isCurrent"`
+}
+
+func (l *License) MarshalJSON() ([]byte, error) {
+
+	return json.Marshal(&struct {
+		Key               string    `json:"key" db:"key"`
+		ActivationId      string    `json:"activationId" db:"activationId"`
+		ValidationMessage string    `db:"validationMessage"`
+		IsCurrent         bool      `json:"isCurrent"`
+		PlanKey           string    `json:"planKey"`
+		ValidFrom         time.Time `json:"ValidFrom"`
+		ValidUntil        time.Time `json:"ValidUntil"`
+		Status            string    `json:"status"`
+	}{
+		Key:               l.Key,
+		ActivationId:      l.ActivationId,
+		IsCurrent:         l.IsCurrent,
+		PlanKey:           l.PlanKey,
+		ValidFrom:         time.Unix(l.ValidFrom, 0),
+		ValidUntil:        time.Unix(l.ValidUntil, 0),
+		Status:            l.Status,
+		ValidationMessage: l.ValidationMessage,
+	})
+}
+
+type LicensePlan struct {
+	PlanKey    string `json:"planKey"`
+	ValidFrom  int64  `json:"validFrom"`
+	ValidUntil int64  `json:"validUntil"`
+	Status     string `json:"status"`
+}
+
+type Licenses struct {
+	TrialStart                   int64     `json:"trialStart"`
+	TrialEnd                     int64     `json:"trialEnd"`
+	OnTrial                      bool      `json:"onTrial"`
+	WorkSpaceBlock               bool      `json:"workSpaceBlock"`
+	TrialConvertedToSubscription bool      `json:"trialConvertedToSubscription"`
+	GracePeriodEnd               int64     `json:"gracePeriodEnd"`
+	Licenses                     []License `json:"licenses"`
+}
+
+type SubscriptionServerResp struct {
+	Status string   `json:"status"`
+	Data   Licenses `json:"data"`
+}
+
+type Plan struct {
+	Name string `json:"name"`
+}
+
+type LicenseDB struct {
+	ID   string `json:"id"`
+	Key  string `json:"key"`
+	Data string `json:"data"`
+}
+type LicenseV3 struct {
+	ID         string
+	Key        string
+	Data       map[string]interface{}
+	PlanName   string
+	Features   basemodel.FeatureSet
+	Status     string
+	IsCurrent  bool
+	ValidFrom  int64
+	ValidUntil int64
+}
+
+func extractKeyFromMapStringInterface[T any](data map[string]interface{}, key string) (T, error) {
+	var zeroValue T
+	if val, ok := data[key]; ok {
+		if value, ok := val.(T); ok {
+			return value, nil
+		}
+		return zeroValue, fmt.Errorf("%s key is not a valid %s", key, reflect.TypeOf(zeroValue))
+	}
+	return zeroValue, fmt.Errorf("%s key is missing", key)
+}
+
+func NewLicenseV3(data map[string]interface{}) (*LicenseV3, error) {
+	var features basemodel.FeatureSet
+
+	// extract id from data
+	licenseID, err := extractKeyFromMapStringInterface[string](data, "id")
+	if err != nil {
+		return nil, err
+	}
+	delete(data, "id")
+
+	// extract key from data
+	licenseKey, err := extractKeyFromMapStringInterface[string](data, "key")
+	if err != nil {
+		return nil, err
+	}
+	delete(data, "key")
+
+	// extract status from data
+	status, err := extractKeyFromMapStringInterface[string](data, "status")
+	if err != nil {
+		return nil, err
+	}
+
+	planMap, err := extractKeyFromMapStringInterface[map[string]any](data, "plan")
+	if err != nil {
+		return nil, err
+	}
+
+	planName, err := extractKeyFromMapStringInterface[string](planMap, "name")
+	if err != nil {
+		return nil, err
+	}
+	// if license status is invalid then default it to basic
+	if status == LicenseStatusInvalid {
+		planName = PlanNameBasic
+	}
+
+	featuresFromZeus := basemodel.FeatureSet{}
+	if _features, ok := data["features"]; ok {
+		featuresData, err := json.Marshal(_features)
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to marshal features data")
+		}
+
+		if err := json.Unmarshal(featuresData, &featuresFromZeus); err != nil {
+			return nil, errors.Wrap(err, "failed to unmarshal features data")
+		}
+	}
+
+	switch planName {
+	case PlanNameEnterprise:
+		features = append(features, EnterprisePlan...)
+	case PlanNameBasic:
+		features = append(features, BasicPlan...)
+	default:
+		features = append(features, BasicPlan...)
+	}
+
+	if len(featuresFromZeus) > 0 {
+		for _, feature := range featuresFromZeus {
+			exists := false
+			for i, existingFeature := range features {
+				if existingFeature.Name == feature.Name {
+					features[i] = feature // Replace existing feature
+					exists = true
+					break
+				}
+			}
+			if !exists {
+				features = append(features, feature) // Append if it doesn't exist
+			}
+		}
+	}
+	data["features"] = features
+
+	_validFrom, err := extractKeyFromMapStringInterface[float64](data, "valid_from")
+	if err != nil {
+		_validFrom = 0
+	}
+	validFrom := int64(_validFrom)
+
+	_validUntil, err := extractKeyFromMapStringInterface[float64](data, "valid_until")
+	if err != nil {
+		_validUntil = 0
+	}
+	validUntil := int64(_validUntil)
+
+	return &LicenseV3{
+		ID:         licenseID,
+		Key:        licenseKey,
+		Data:       data,
+		PlanName:   planName,
+		Features:   features,
+		ValidFrom:  validFrom,
+		ValidUntil: validUntil,
+		Status:     status,
+	}, nil
+
+}
+
+func NewLicenseV3WithIDAndKey(id string, key string, data map[string]interface{}) (*LicenseV3, error) {
+	licenseDataWithIdAndKey := data
+	licenseDataWithIdAndKey["id"] = id
+	licenseDataWithIdAndKey["key"] = key
+	return NewLicenseV3(licenseDataWithIdAndKey)
+}
+
+func ConvertLicenseV3ToLicenseV2(l *LicenseV3) *License {
+	planKeyFromPlanName, ok := MapOldPlanKeyToNewPlanName[l.PlanName]
+	if !ok {
+		planKeyFromPlanName = Basic
+	}
+	return &License{
+		Key:               l.Key,
+		ActivationId:      "",
+		PlanDetails:       "",
+		FeatureSet:        l.Features,
+		ValidationMessage: "",
+		IsCurrent:         l.IsCurrent,
+		LicensePlan: LicensePlan{
+			PlanKey:    planKeyFromPlanName,
+			ValidFrom:  l.ValidFrom,
+			ValidUntil: l.ValidUntil,
+			Status:     l.Status},
+	}
+
+}
+
+type CheckoutRequest struct {
+	SuccessURL string `json:"url"`
+}
+
+type PortalRequest struct {
+	SuccessURL string `json:"url"`
+}
--- a/ee/query-service/model/license_test.go
+++ b/ee/query-service/model/license_test.go
@@ -0,0 +1,170 @@
+package model
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewLicenseV3(t *testing.T) {
+	testCases := []struct {
+		name     string
+		data     []byte
+		pass     bool
+		expected *LicenseV3
+		error    error
+	}{
+		{
+			name:  "Error for missing license id",
+			data:  []byte(`{}`),
+			pass:  false,
+			error: errors.New("id key is missing"),
+		},
+		{
+			name:  "Error for license id not being a valid string",
+			data:  []byte(`{"id": 10}`),
+			pass:  false,
+			error: errors.New("id key is not a valid string"),
+		},
+		{
+			name:  "Error for missing license key",
+			data:  []byte(`{"id":"does-not-matter"}`),
+			pass:  false,
+			error: errors.New("key key is missing"),
+		},
+		{
+			name:  "Error for invalid string license key",
+			data:  []byte(`{"id":"does-not-matter","key":10}`),
+			pass:  false,
+			error: errors.New("key key is not a valid string"),
+		},
+		{
+			name:  "Error for missing license status",
+			data:  []byte(`{"id":"does-not-matter", "key": "does-not-matter","category":"FREE"}`),
+			pass:  false,
+			error: errors.New("status key is missing"),
+		},
+		{
+			name:  "Error for invalid string license status",
+			data:  []byte(`{"id":"does-not-matter","key": "does-not-matter", "category":"FREE", "status":10}`),
+			pass:  false,
+			error: errors.New("status key is not a valid string"),
+		},
+		{
+			name:  "Error for missing license plan",
+			data:  []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE"}`),
+			pass:  false,
+			error: errors.New("plan key is missing"),
+		},
+		{
+			name:  "Error for invalid json license plan",
+			data:  []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":10}`),
+			pass:  false,
+			error: errors.New("plan key is not a valid map[string]interface {}"),
+		},
+		{
+			name:  "Error for invalid license plan",
+			data:  []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":{}}`),
+			pass:  false,
+			error: errors.New("name key is missing"),
+		},
+		{
+			name: "Parse the entire license properly",
+			data: []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":{"name":"ENTERPRISE"},"valid_from": 1730899309,"valid_until": -1}`),
+			pass: true,
+			expected: &LicenseV3{
+				ID:  "does-not-matter",
+				Key: "does-not-matter-key",
+				Data: map[string]interface{}{
+					"plan": map[string]interface{}{
+						"name": "ENTERPRISE",
+					},
+					"category":    "FREE",
+					"status":      "ACTIVE",
+					"valid_from":  float64(1730899309),
+					"valid_until": float64(-1),
+				},
+				PlanName:   PlanNameEnterprise,
+				ValidFrom:  1730899309,
+				ValidUntil: -1,
+				Status:     "ACTIVE",
+				IsCurrent:  false,
+				Features:   model.FeatureSet{},
+			},
+		},
+		{
+			name: "Fallback to basic plan if license status is invalid",
+			data: []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"INVALID","plan":{"name":"ENTERPRISE"},"valid_from": 1730899309,"valid_until": -1}`),
+			pass: true,
+			expected: &LicenseV3{
+				ID:  "does-not-matter",
+				Key: "does-not-matter-key",
+				Data: map[string]interface{}{
+					"plan": map[string]interface{}{
+						"name": "ENTERPRISE",
+					},
+					"category":    "FREE",
+					"status":      "INVALID",
+					"valid_from":  float64(1730899309),
+					"valid_until": float64(-1),
+				},
+				PlanName:   PlanNameBasic,
+				ValidFrom:  1730899309,
+				ValidUntil: -1,
+				Status:     "INVALID",
+				IsCurrent:  false,
+				Features:   model.FeatureSet{},
+			},
+		},
+		{
+			name: "fallback states for validFrom and validUntil",
+			data: []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":{"name":"ENTERPRISE"},"valid_from":1234.456,"valid_until":5678.567}`),
+			pass: true,
+			expected: &LicenseV3{
+				ID:  "does-not-matter",
+				Key: "does-not-matter-key",
+				Data: map[string]interface{}{
+					"plan": map[string]interface{}{
+						"name": "ENTERPRISE",
+					},
+					"valid_from":  1234.456,
+					"valid_until": 5678.567,
+					"category":    "FREE",
+					"status":      "ACTIVE",
+				},
+				PlanName:   PlanNameEnterprise,
+				ValidFrom:  1234,
+				ValidUntil: 5678,
+				Status:     "ACTIVE",
+				IsCurrent:  false,
+				Features:   model.FeatureSet{},
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		var licensePayload map[string]interface{}
+		err := json.Unmarshal(tc.data, &licensePayload)
+		require.NoError(t, err)
+		license, err := NewLicenseV3(licensePayload)
+		if license != nil {
+			license.Features = make(model.FeatureSet, 0)
+			delete(license.Data, "features")
+		}
+
+		if tc.pass {
+			require.NoError(t, err)
+			require.NotNil(t, license)
+			assert.Equal(t, tc.expected, license)
+		} else {
+			require.Error(t, err)
+			assert.EqualError(t, err, tc.error.Error())
+			require.Nil(t, license)
+		}
+
+	}
+}
--- a/ee/query-service/model/pat.go
+++ b/ee/query-service/model/pat.go
@@ -0,0 +1,7 @@
+package model
+
+type CreatePATRequestBody struct {
+	Name          string `json:"name"`
+	Role          string `json:"role"`
+	ExpiresInDays int64  `json:"expiresInDays"`
+}
--- a/ee/query-service/model/plans.go
+++ b/ee/query-service/model/plans.go
@@ -0,0 +1,131 @@
+package model
+
+import (
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+)
+
+const SSO = "SSO"
+const Basic = "BASIC_PLAN"
+const Enterprise = "ENTERPRISE_PLAN"
+
+var (
+	PlanNameEnterprise = "ENTERPRISE"
+	PlanNameBasic      = "BASIC"
+)
+
+var (
+	MapOldPlanKeyToNewPlanName map[string]string = map[string]string{PlanNameBasic: Basic, PlanNameEnterprise: Enterprise}
+)
+
+var (
+	LicenseStatusInvalid = "INVALID"
+)
+
+const Onboarding = "ONBOARDING"
+const ChatSupport = "CHAT_SUPPORT"
+const Gateway = "GATEWAY"
+const PremiumSupport = "PREMIUM_SUPPORT"
+
+var BasicPlan = basemodel.FeatureSet{
+	basemodel.Feature{
+		Name:       SSO,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.UseSpanMetrics,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       Gateway,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       PremiumSupport,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.AnomalyDetection,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.TraceFunnels,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+}
+
+var EnterprisePlan = basemodel.FeatureSet{
+	basemodel.Feature{
+		Name:       SSO,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.UseSpanMetrics,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       Onboarding,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       ChatSupport,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       Gateway,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       PremiumSupport,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.AnomalyDetection,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.TraceFunnels,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+}
--- a/ee/query-service/usage/manager.go
+++ b/ee/query-service/usage/manager.go
@@ -14,9 +14,9 @@ import (

 	"go.uber.org/zap"

+	"github.com/SigNoz/signoz/ee/query-service/dao"
+	"github.com/SigNoz/signoz/ee/query-service/license"
 	"github.com/SigNoz/signoz/ee/query-service/model"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/query-service/utils/encryption"
 	"github.com/SigNoz/signoz/pkg/zeus"
 )
@@ -35,68 +35,64 @@ var (
 type Manager struct {
 	clickhouseConn clickhouse.Conn

-	licenseService licensing.Licensing
+	licenseRepo *license.Repo

 	scheduler *gocron.Scheduler

-	zeus zeus.Zeus
+	modelDao dao.ModelDao

-	orgGetter organization.Getter
+	zeus zeus.Zeus
 }

-func New(licenseService licensing.Licensing, clickhouseConn clickhouse.Conn, zeus zeus.Zeus, orgGetter organization.Getter) (*Manager, error) {
+func New(modelDao dao.ModelDao, licenseRepo *license.Repo, clickhouseConn clickhouse.Conn, zeus zeus.Zeus) (*Manager, error) {
 	m := &Manager{
 		clickhouseConn: clickhouseConn,
-		licenseService: licenseService,
+		licenseRepo:    licenseRepo,
 		scheduler:      gocron.NewScheduler(time.UTC).Every(1).Day().At("00:00"), // send usage every at 00:00 UTC
+		modelDao:       modelDao,
 		zeus:           zeus,
-		orgGetter:      orgGetter,
 	}
 	return m, nil
 }

 // start loads collects and exports any exported snapshot and starts the exporter
-func (lm *Manager) Start(ctx context.Context) error {
+func (lm *Manager) Start() error {
 	// compares the locker and stateUnlocked if both are same lock is applied else returns error
 	if !atomic.CompareAndSwapUint32(&locker, stateUnlocked, stateLocked) {
 		return fmt.Errorf("usage exporter is locked")
 	}

-	// upload usage once when starting the service
-
-	_, err := lm.scheduler.Do(func() { lm.UploadUsage(ctx) })
+	_, err := lm.scheduler.Do(func() { lm.UploadUsage() })
 	if err != nil {
 		return err
 	}

-	lm.UploadUsage(ctx)
+	// upload usage once when starting the service
+	lm.UploadUsage()
+
 	lm.scheduler.StartAsync()
+
 	return nil
 }
-func (lm *Manager) UploadUsage(ctx context.Context) {
-	organizations, err := lm.orgGetter.ListByOwnedKeyRange(ctx)
+func (lm *Manager) UploadUsage() {
+	ctx := context.Background()
+	// check if license is present or not
+	license, err := lm.licenseRepo.GetActiveLicense(ctx)
 	if err != nil {
-		zap.L().Error("failed to get organizations", zap.Error(err))
+		zap.L().Error("failed to get active license", zap.Error(err))
+		return
+	}
+	if license == nil {
+		// we will not start the usage reporting if license is not present.
+		zap.L().Info("no license present, skipping usage reporting")
 		return
 	}
-	for _, organization := range organizations {
-		// check if license is present or not
-		license, err := lm.licenseService.GetActive(ctx, organization.ID)
-		if err != nil {
-			zap.L().Error("failed to get active license", zap.Error(err))
-			return
-		}
-		if license == nil {
-			// we will not start the usage reporting if license is not present.
-			zap.L().Info("no license present, skipping usage reporting")
-			return
-		}

-		usages := []model.UsageDB{}
+	usages := []model.UsageDB{}

-		// get usage from clickhouse
-		dbs := []string{"signoz_logs", "signoz_traces", "signoz_metrics"}
-		query := `
+	// get usage from clickhouse
+	dbs := []string{"signoz_logs", "signoz_traces", "signoz_metrics"}
+	query := `
 		SELECT tenant, collector_id, exporter_id, timestamp, data
 		FROM %s.distributed_usage as u1 
 			GLOBAL INNER JOIN 
@@ -111,76 +107,76 @@ func (lm *Manager) UploadUsage(ctx context.Context) {
 		order by timestamp
 	`

-		for _, db := range dbs {
-			dbusages := []model.UsageDB{}
-			err := lm.clickhouseConn.Select(ctx, &dbusages, fmt.Sprintf(query, db, db), time.Now().Add(-(24 * time.Hour)))
-			if err != nil && !strings.Contains(err.Error(), "doesn't exist") {
-				zap.L().Error("failed to get usage from clickhouse: %v", zap.Error(err))
-				return
-			}
-			for _, u := range dbusages {
-				u.Type = db
-				usages = append(usages, u)
-			}
+	for _, db := range dbs {
+		dbusages := []model.UsageDB{}
+		err := lm.clickhouseConn.Select(ctx, &dbusages, fmt.Sprintf(query, db, db), time.Now().Add(-(24 * time.Hour)))
+		if err != nil && !strings.Contains(err.Error(), "doesn't exist") {
+			zap.L().Error("failed to get usage from clickhouse: %v", zap.Error(err))
+			return
 		}
+		for _, u := range dbusages {
+			u.Type = db
+			usages = append(usages, u)
+		}
+	}

-		if len(usages) <= 0 {
-			zap.L().Info("no snapshots to upload, skipping.")
+	if len(usages) <= 0 {
+		zap.L().Info("no snapshots to upload, skipping.")
+		return
+	}
+
+	zap.L().Info("uploading usage data")
+
+	usagesPayload := []model.Usage{}
+	for _, usage := range usages {
+		usageDataBytes, err := encryption.Decrypt([]byte(usage.ExporterID[:32]), []byte(usage.Data))
+		if err != nil {
+			zap.L().Error("error while decrypting usage data: %v", zap.Error(err))
 			return
 		}

-		zap.L().Info("uploading usage data")
-
-		usagesPayload := []model.Usage{}
-		for _, usage := range usages {
-			usageDataBytes, err := encryption.Decrypt([]byte(usage.ExporterID[:32]), []byte(usage.Data))
-			if err != nil {
-				zap.L().Error("error while decrypting usage data: %v", zap.Error(err))
-				return
-			}
-
-			usageData := model.Usage{}
-			err = json.Unmarshal(usageDataBytes, &usageData)
-			if err != nil {
-				zap.L().Error("error while unmarshalling usage data: %v", zap.Error(err))
-				return
-			}
-
-			usageData.CollectorID = usage.CollectorID
-			usageData.ExporterID = usage.ExporterID
-			usageData.Type = usage.Type
-			usageData.Tenant = "default"
-			usageData.OrgName = "default"
-			usageData.TenantId = "default"
-			usagesPayload = append(usagesPayload, usageData)
-		}
-
-		key, _ := uuid.Parse(license.Key)
-		payload := model.UsagePayload{
-			LicenseKey: key,
-			Usage:      usagesPayload,
-		}
-
-		body, errv2 := json.Marshal(payload)
-		if errv2 != nil {
-			zap.L().Error("error while marshalling usage payload: %v", zap.Error(errv2))
+		usageData := model.Usage{}
+		err = json.Unmarshal(usageDataBytes, &usageData)
+		if err != nil {
+			zap.L().Error("error while unmarshalling usage data: %v", zap.Error(err))
 			return
 		}

-		errv2 = lm.zeus.PutMeters(ctx, payload.LicenseKey.String(), body)
-		if errv2 != nil {
-			zap.L().Error("failed to upload usage: %v", zap.Error(errv2))
-			// not returning error here since it is captured in the failed count
-			return
-		}
+		usageData.CollectorID = usage.CollectorID
+		usageData.ExporterID = usage.ExporterID
+		usageData.Type = usage.Type
+		usageData.Tenant = "default"
+		usageData.OrgName = "default"
+		usageData.TenantId = "default"
+		usagesPayload = append(usagesPayload, usageData)
+	}
+
+	key, _ := uuid.Parse(license.Key)
+	payload := model.UsagePayload{
+		LicenseKey: key,
+		Usage:      usagesPayload,
+	}
+
+	body, errv2 := json.Marshal(payload)
+	if errv2 != nil {
+		zap.L().Error("error while marshalling usage payload: %v", zap.Error(errv2))
+		return
+	}
+
+	errv2 = lm.zeus.PutMeters(ctx, payload.LicenseKey.String(), body)
+	if errv2 != nil {
+		zap.L().Error("failed to upload usage: %v", zap.Error(errv2))
+		// not returning error here since it is captured in the failed count
+		return
 	}
 }

-func (lm *Manager) Stop(ctx context.Context) {
+func (lm *Manager) Stop() {
 	lm.scheduler.Stop()

 	zap.L().Info("sending usage data before shutting down")
 	// send usage before shutting down
-	lm.UploadUsage(ctx)
+	lm.UploadUsage()
+
 	atomic.StoreUint32(&locker, stateUnlocked)
 }
--- a/ee/sqlstore/postgressqlstore/dialect.go
+++ b/ee/sqlstore/postgressqlstore/dialect.go
@@ -17,21 +17,17 @@ var (
 )

 var (
-	Org                = "org"
-	User               = "user"
-	UserNoCascade      = "user_no_cascade"
-	FactorPassword     = "factor_password"
-	CloudIntegration   = "cloud_integration"
-	AgentConfigVersion = "agent_config_version"
+	Org              = "org"
+	User             = "user"
+	FactorPassword   = "factor_password"
+	CloudIntegration = "cloud_integration"
 )

 var (
-	OrgReference                = `("org_id") REFERENCES "organizations" ("id")`
-	UserReference               = `("user_id") REFERENCES "users" ("id") ON DELETE CASCADE ON UPDATE CASCADE`
-	UserReferenceNoCascade      = `("user_id") REFERENCES "users" ("id")`
-	FactorPasswordReference     = `("password_id") REFERENCES "factor_password" ("id")`
-	CloudIntegrationReference   = `("cloud_integration_id") REFERENCES "cloud_integration" ("id") ON DELETE CASCADE`
-	AgentConfigVersionReference = `("version_id") REFERENCES "agent_config_version" ("id")`
+	OrgReference              = `("org_id") REFERENCES "organizations" ("id")`
+	UserReference             = `("user_id") REFERENCES "users" ("id") ON DELETE CASCADE ON UPDATE CASCADE`
+	FactorPasswordReference   = `("password_id") REFERENCES "factor_password" ("id")`
+	CloudIntegrationReference = `("cloud_integration_id") REFERENCES "cloud_integration" ("id") ON DELETE CASCADE`
 )

 type dialect struct{}
@@ -270,14 +266,10 @@ func (dialect *dialect) RenameTableAndModifyModel(ctx context.Context, bun bun.I
 			fkReferences = append(fkReferences, OrgReference)
 		} else if reference == User && !slices.Contains(fkReferences, UserReference) {
 			fkReferences = append(fkReferences, UserReference)
-		} else if reference == UserNoCascade && !slices.Contains(fkReferences, UserReferenceNoCascade) {
-			fkReferences = append(fkReferences, UserReferenceNoCascade)
 		} else if reference == FactorPassword && !slices.Contains(fkReferences, FactorPasswordReference) {
 			fkReferences = append(fkReferences, FactorPasswordReference)
 		} else if reference == CloudIntegration && !slices.Contains(fkReferences, CloudIntegrationReference) {
 			fkReferences = append(fkReferences, CloudIntegrationReference)
-		} else if reference == AgentConfigVersion && !slices.Contains(fkReferences, AgentConfigVersionReference) {
-			fkReferences = append(fkReferences, AgentConfigVersionReference)
 		}
 	}

--- a/ee/types/personal_access_token.go
+++ b/ee/types/personal_access_token.go
@@ -0,0 +1,76 @@
+package types
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/uptrace/bun"
+)
+
+type GettablePAT struct {
+	CreatedByUser PatUser `json:"createdByUser"`
+	UpdatedByUser PatUser `json:"updatedByUser"`
+
+	StorablePersonalAccessToken
+}
+
+type PatUser struct {
+	types.User
+	NotFound bool `json:"notFound"`
+}
+
+func NewGettablePAT(name, role, userID string, expiresAt int64) GettablePAT {
+	return GettablePAT{
+		StorablePersonalAccessToken: NewStorablePersonalAccessToken(name, role, userID, expiresAt),
+	}
+}
+
+type StorablePersonalAccessToken struct {
+	bun.BaseModel `bun:"table:personal_access_token"`
+	types.Identifiable
+	types.TimeAuditable
+	OrgID           string `json:"orgId" bun:"org_id,type:text,notnull"`
+	Role            string `json:"role" bun:"role,type:text,notnull,default:'ADMIN'"`
+	UserID          string `json:"userId" bun:"user_id,type:text,notnull"`
+	Token           string `json:"token" bun:"token,type:text,notnull,unique"`
+	Name            string `json:"name" bun:"name,type:text,notnull"`
+	ExpiresAt       int64  `json:"expiresAt" bun:"expires_at,notnull,default:0"`
+	LastUsed        int64  `json:"lastUsed" bun:"last_used,notnull,default:0"`
+	Revoked         bool   `json:"revoked" bun:"revoked,notnull,default:false"`
+	UpdatedByUserID string `json:"updatedByUserId" bun:"updated_by_user_id,type:text,notnull,default:''"`
+}
+
+func NewStorablePersonalAccessToken(name, role, userID string, expiresAt int64) StorablePersonalAccessToken {
+	now := time.Now()
+	if expiresAt != 0 {
+		// convert expiresAt to unix timestamp from days
+		expiresAt = now.Unix() + (expiresAt * 24 * 60 * 60)
+	}
+
+	// Generate a 32-byte random token.
+	token := make([]byte, 32)
+	rand.Read(token)
+	// Encode the token in base64.
+	encodedToken := base64.StdEncoding.EncodeToString(token)
+
+	return StorablePersonalAccessToken{
+		Token:           encodedToken,
+		Name:            name,
+		Role:            role,
+		UserID:          userID,
+		ExpiresAt:       expiresAt,
+		LastUsed:        0,
+		Revoked:         false,
+		UpdatedByUserID: "",
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: now,
+			UpdatedAt: now,
+		},
+		Identifiable: types.Identifiable{
+			ID: valuer.GenerateUUID(),
+		},
+	}
+}
--- a/frontend/example.env
+++ b/frontend/example.env
@@ -1,7 +1,6 @@
 NODE_ENV="development"
 BUNDLE_ANALYSER="true"
 FRONTEND_API_ENDPOINT="http://localhost:8080/"
-PYLON_APP_ID="pylon-app-id"
-APPCUES_APP_ID="appcess-app-id"
+INTERCOM_APP_ID="intercom-app-id"

 CI="1"
--- a/frontend/jest.config.ts
+++ b/frontend/jest.config.ts
@@ -15,7 +15,6 @@ const config: Config.InitialOptions = {
 		extensionsToTreatAsEsm: ['.ts'],
 		'ts-jest': {
 			useESM: true,
-			isolatedModules: true,
 		},
 	},
 	testMatch: ['<rootDir>/src/**/*?(*.)(test).(ts|js)?(x)'],
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -31,7 +31,6 @@
 		"@dnd-kit/core": "6.1.0",
 		"@dnd-kit/modifiers": "7.0.0",
 		"@dnd-kit/sortable": "8.0.0",
-		"@dnd-kit/utilities": "3.2.2",
 		"@grafana/data": "^11.2.3",
 		"@mdx-js/loader": "2.3.0",
 		"@mdx-js/react": "2.3.0",
@@ -78,7 +77,7 @@
 		"fontfaceobserver": "2.3.0",
 		"history": "4.10.1",
 		"html-webpack-plugin": "5.5.0",
-		"http-proxy-middleware": "3.0.5",
+		"http-proxy-middleware": "3.0.3",
 		"http-status-codes": "2.3.0",
 		"i18next": "^21.6.12",
 		"i18next-browser-languagedetector": "^6.1.3",
@@ -134,7 +133,7 @@
 		"uuid": "^8.3.2",
 		"web-vitals": "^0.2.4",
 		"webpack": "5.94.0",
-		"webpack-dev-server": "^5.2.1",
+		"webpack-dev-server": "^4.15.2",
 		"webpack-retry-chunk-load-plugin": "3.1.1",
 		"xstate": "^4.31.0"
 	},
@@ -197,6 +196,7 @@
 		"babel-plugin-styled-components": "^1.12.0",
 		"compression-webpack-plugin": "9.0.0",
 		"copy-webpack-plugin": "^11.0.0",
+		"critters-webpack-plugin": "^3.0.1",
 		"eslint": "^7.32.0",
 		"eslint-config-airbnb": "^19.0.4",
 		"eslint-config-airbnb-typescript": "^16.1.4",
@@ -234,7 +234,7 @@
 		"ts-node": "^10.2.1",
 		"typescript-plugin-css-modules": "5.0.1",
 		"webpack-bundle-analyzer": "^4.5.0",
-		"webpack-cli": "^5.1.4"
+		"webpack-cli": "^4.9.2"
 	},
 	"lint-staged": {
 		"*.(js|jsx|ts|tsx)": [
@@ -250,7 +250,7 @@
 		"xml2js": "0.5.0",
 		"phin": "^3.7.1",
 		"body-parser": "1.20.3",
-		"http-proxy-middleware": "3.0.5",
+		"http-proxy-middleware": "3.0.3",
 		"cross-spawn": "7.0.5",
 		"cookie": "^0.7.1",
 		"serialize-javascript": "6.0.2",
--- a/frontend/public/locales/en-GB/channels.json
+++ b/frontend/public/locales/en-GB/channels.json
@@ -9,8 +9,8 @@
  "tooltip_notification_channels": "More details on how to setting notification channels",
  "sending_channels_note": "The alerts will be sent to all the configured channels.",
  "loading_channels_message": "Loading Channels..",
-  "page_title_create": "New Notification Channel",
-  "page_title_edit": "Edit Notification Channel",
+  "page_title_create": "New Notification Channels",
+  "page_title_edit": "Edit Notification Channels",
  "button_save_channel": "Save",
  "button_test_channel": "Test",
  "button_return": "Back",
--- a/frontend/public/locales/en-GB/services.json
+++ b/frontend/public/locales/en-GB/services.json
@@ -1,3 +1,3 @@
 {
-	"rps_over_100": "You are sending data at more than 100 RPS, your ingestion  may be rate limited. Please reach out to us via chat support or "
+	"rps_over_100": "You are sending data at more than 100 RPS, your ingestion  may be rate limited. Please reach out to us via Intercom support or "
 }
--- a/frontend/public/locales/en/channels.json
+++ b/frontend/public/locales/en/channels.json
@@ -9,8 +9,8 @@
  "tooltip_notification_channels": "More details on how to setting notification channels",
  "sending_channels_note": "The alerts will be sent to all the configured channels.",
  "loading_channels_message": "Loading Channels..",
-  "page_title_create": "New Notification Channel",
-  "page_title_edit": "Edit Notification Channel",
+  "page_title_create": "New Notification Channels",
+  "page_title_edit": "Edit Notification Channels",
  "button_save_channel": "Save",
  "button_test_channel": "Test",
  "button_return": "Back",
--- a/frontend/public/locales/en/services.json
+++ b/frontend/public/locales/en/services.json
@@ -1,3 +1,3 @@
 {
-	"rps_over_100": "You are sending data at more than 100 RPS, your ingestion  may be rate limited. Please reach out to us via chat support or "
+	"rps_over_100": "You are sending data at more than 100 RPS, your ingestion  may be rate limited. Please reach out to us via Intercom support or "
 }
--- a/frontend/public/locales/en/titles.json
+++ b/frontend/public/locales/en/titles.json
@@ -69,5 +69,5 @@
 	"METRICS_EXPLORER": "SigNoz | Metrics Explorer",
 	"METRICS_EXPLORER_EXPLORER": "SigNoz | Metrics Explorer",
 	"METRICS_EXPLORER_VIEWS": "SigNoz | Metrics Explorer",
-	"API_MONITORING": "SigNoz | External APIs"
+	"API_MONITORING": "SigNoz | Third Party API"
 }
--- a/frontend/src/AppRoutes/Private.tsx
+++ b/frontend/src/AppRoutes/Private.tsx
@@ -3,7 +3,6 @@ import setLocalStorageApi from 'api/browser/localstorage/set';
 import getAll from 'api/v1/user/get';
 import { FeatureKeys } from 'constants/features';
 import { LOCALSTORAGE } from 'constants/localStorage';
-import { ORG_PREFERENCES } from 'constants/orgPreferences';
 import ROUTES from 'constants/routes';
 import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
 import history from 'lib/history';
@@ -15,7 +14,6 @@ import { matchPath, useLocation } from 'react-router-dom';
 import { SuccessResponseV2 } from 'types/api';
 import APIError from 'types/api/error';
 import { LicensePlatform, LicenseState } from 'types/api/licensesV3/getActive';
-import { OrgPreference } from 'types/api/preferences/preference';
 import { Organization } from 'types/api/user/getOrganization';
 import { UserResponse } from 'types/api/user/getUser';
 import { USER_ROLES } from 'types/roles';
@@ -38,8 +36,8 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 		user,
 		isLoggedIn: isLoggedInState,
 		isFetchingOrgPreferences,
-		activeLicense,
-		isFetchingActiveLicense,
+		activeLicenseV3,
+		isFetchingActiveLicenseV3,
 		trialInfo,
 		featureFlags,
 	} = useAppContext();
@@ -80,7 +78,7 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 	const checkFirstTimeUser = useCallback((): boolean => {
 		const users = usersData?.data || [];

-		const remainingUsers = (Array.isArray(users) ? users : []).filter(
+		const remainingUsers = users.filter(
 			(user) => user.email !== 'admin@signoz.cloud',
 		);

@@ -97,8 +95,7 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 			usersData.data
 		) {
 			const isOnboardingComplete = orgPreferences?.find(
-				(preference: OrgPreference) =>
-					preference.name === ORG_PREFERENCES.ORG_ONBOARDING,
+				(preference: Record<string, any>) => preference.key === 'ORG_ONBOARDING',
 			)?.value;

 			const isFirstUser = checkFirstTimeUser();
@@ -148,16 +145,16 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 	};

 	useEffect(() => {
-		if (!isFetchingActiveLicense && activeLicense) {
+		if (!isFetchingActiveLicenseV3 && activeLicenseV3) {
 			const currentRoute = mapRoutes.get('current');

-			const isTerminated = activeLicense.state === LicenseState.TERMINATED;
-			const isExpired = activeLicense.state === LicenseState.EXPIRED;
-			const isCancelled = activeLicense.state === LicenseState.CANCELLED;
+			const isTerminated = activeLicenseV3.state === LicenseState.TERMINATED;
+			const isExpired = activeLicenseV3.state === LicenseState.EXPIRED;
+			const isCancelled = activeLicenseV3.state === LicenseState.CANCELLED;

 			const isWorkspaceAccessRestricted = isTerminated || isExpired || isCancelled;

-			const { platform } = activeLicense;
+			const { platform } = activeLicenseV3;

 			if (
 				isWorkspaceAccessRestricted &&
@@ -167,26 +164,26 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 				navigateToWorkSpaceAccessRestricted(currentRoute);
 			}
 		}
-	}, [isFetchingActiveLicense, activeLicense, mapRoutes, pathname]);
+	}, [isFetchingActiveLicenseV3, activeLicenseV3, mapRoutes, pathname]);

 	useEffect(() => {
-		if (!isFetchingActiveLicense) {
+		if (!isFetchingActiveLicenseV3) {
 			const currentRoute = mapRoutes.get('current');
 			const shouldBlockWorkspace = trialInfo?.workSpaceBlock;

 			if (
 				shouldBlockWorkspace &&
 				currentRoute &&
-				activeLicense?.platform === LicensePlatform.CLOUD
+				activeLicenseV3?.platform === LicensePlatform.CLOUD
 			) {
 				navigateToWorkSpaceBlocked(currentRoute);
 			}
 		}
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 	}, [
-		isFetchingActiveLicense,
+		isFetchingActiveLicenseV3,
 		trialInfo?.workSpaceBlock,
-		activeLicense?.platform,
+		activeLicenseV3?.platform,
 		mapRoutes,
 		pathname,
 	]);
@@ -200,20 +197,20 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 	};

 	useEffect(() => {
-		if (!isFetchingActiveLicense && activeLicense) {
+		if (!isFetchingActiveLicenseV3 && activeLicenseV3) {
 			const currentRoute = mapRoutes.get('current');
 			const shouldSuspendWorkspace =
-				activeLicense.state === LicenseState.DEFAULTED;
+				activeLicenseV3.state === LicenseState.DEFAULTED;

 			if (
 				shouldSuspendWorkspace &&
 				currentRoute &&
-				activeLicense.platform === LicensePlatform.CLOUD
+				activeLicenseV3.platform === LicensePlatform.CLOUD
 			) {
 				navigateToWorkSpaceSuspended(currentRoute);
 			}
 		}
-	}, [isFetchingActiveLicense, activeLicense, mapRoutes, pathname]);
+	}, [isFetchingActiveLicenseV3, activeLicenseV3, mapRoutes, pathname]);

 	useEffect(() => {
 		if (org && org.length > 0 && org[0].id !== undefined) {
--- a/frontend/src/AppRoutes/index.tsx
+++ b/frontend/src/AppRoutes/index.tsx
@@ -13,9 +13,9 @@ import AppLayout from 'container/AppLayout';
 import { KeyboardHotkeysProvider } from 'hooks/hotkeys/useKeyboardHotkeys';
 import { useThemeConfig } from 'hooks/useDarkMode';
 import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
+import { LICENSE_PLAN_KEY } from 'hooks/useLicense';
 import { NotificationProvider } from 'hooks/useNotifications';
 import { ResourceProvider } from 'hooks/useResourceAttribute';
-import { StatusCodes } from 'http-status-codes';
 import history from 'lib/history';
 import ErrorBoundaryFallback from 'pages/ErrorBoundaryFallback/ErrorBoundaryFallback';
 import posthog from 'posthog-js';
@@ -23,12 +23,10 @@ import AlertRuleProvider from 'providers/Alert';
 import { useAppContext } from 'providers/App/App';
 import { IUser } from 'providers/App/types';
 import { DashboardProvider } from 'providers/Dashboard/Dashboard';
-import { ErrorModalProvider } from 'providers/ErrorModalProvider';
 import { QueryBuilderProvider } from 'providers/QueryBuilder';
 import { Suspense, useCallback, useEffect, useState } from 'react';
 import { Route, Router, Switch } from 'react-router-dom';
 import { CompatRouter } from 'react-router-dom-v5-compat';
-import { LicenseStatus } from 'types/api/licensesV3/getActive';
 import { Userpilot } from 'userpilot';
 import { extractDomain } from 'utils/app';

@@ -43,13 +41,14 @@ import defaultRoutes, {
 function App(): JSX.Element {
 	const themeConfig = useThemeConfig();
 	const {
+		licenses,
 		user,
 		isFetchingUser,
+		isFetchingLicenses,
 		isFetchingFeatureFlags,
 		trialInfo,
-		activeLicense,
-		isFetchingActiveLicense,
-		activeLicenseFetchError,
+		activeLicenseV3,
+		isFetchingActiveLicenseV3,
 		userFetchError,
 		featureFlagsFetchError,
 		isLoggedIn: isLoggedInState,
@@ -67,7 +66,7 @@ function App(): JSX.Element {
 	const enableAnalytics = useCallback(
 		(user: IUser): void => {
 			// wait for the required data to be loaded before doing init for anything!
-			if (!isFetchingActiveLicense && activeLicense && org) {
+			if (!isFetchingActiveLicenseV3 && activeLicenseV3 && org) {
 				const orgName =
 					org && Array.isArray(org) && org.length > 0 ? org[0].displayName : '';

@@ -104,20 +103,6 @@ function App(): JSX.Element {
 				if (domain) {
 					logEvent('Domain Identified', groupTraits, 'group');
 				}
-				if (window && window.Appcues) {
-					window.Appcues.identify(email, {
-						name: displayName,
-
-						tenant_id: hostNameParts[0],
-						data_region: hostNameParts[1],
-						tenant_url: hostname,
-						company_domain: domain,
-
-						companyName: orgName,
-						email,
-						paidUser: !!trialInfo?.trialConvertedToSubscription,
-					});
-				}

 				Userpilot.identify(email, {
 					email,
@@ -152,12 +137,24 @@ function App(): JSX.Element {
 					source: 'signoz-ui',
 					isPaidUser: !!trialInfo?.trialConvertedToSubscription,
 				});
+
+				if (
+					window.cioanalytics &&
+					typeof window.cioanalytics.identify === 'function'
+				) {
+					window.cioanalytics.reset();
+					window.cioanalytics.identify(email, {
+						name: user.displayName,
+						email,
+						role: user.role,
+					});
+				}
 			}
 		},
 		[
 			hostname,
-			isFetchingActiveLicense,
-			activeLicense,
+			isFetchingActiveLicenseV3,
+			activeLicenseV3,
 			org,
 			trialInfo?.trialConvertedToSubscription,
 		],
@@ -166,19 +163,18 @@ function App(): JSX.Element {
 	// eslint-disable-next-line sonarjs/cognitive-complexity
 	useEffect(() => {
 		if (
-			!isFetchingActiveLicense &&
-			(activeLicense || activeLicenseFetchError) &&
+			!isFetchingLicenses &&
+			licenses &&
 			!isFetchingUser &&
 			user &&
 			!!user.email
 		) {
-			// either the active API returns error with 404 or 501 and if it returns a terminated license means it's on basic plan
 			const isOnBasicPlan =
-				(activeLicenseFetchError &&
-					[StatusCodes.NOT_FOUND, StatusCodes.NOT_IMPLEMENTED].includes(
-						activeLicenseFetchError?.getHttpStatusCode(),
-					)) ||
-				(activeLicense?.status && activeLicense.status === LicenseStatus.INVALID);
+				licenses.licenses?.some(
+					(license) =>
+						license.isCurrent && license.planKey === LICENSE_PLAN_KEY.BASIC_PLAN,
+				) || licenses.licenses === null;
+
 			const isIdentifiedUser = getLocalStorageApi(LOCALSTORAGE.IS_IDENTIFIED_USER);

 			if (isLoggedInState && user && user.id && user.email && !isIdentifiedUser) {
@@ -194,11 +190,6 @@ function App(): JSX.Element {
 						(route) => route?.path !== ROUTES.BILLING,
 					);
 				}
-
-				if (isEnterpriseSelfHostedUser) {
-					updatedRoutes.push(LIST_LICENSES);
-				}
-
 				// always add support route for cloud users
 				updatedRoutes = [...updatedRoutes, SUPPORT_ROUTE];
 			} else {
@@ -213,23 +204,22 @@ function App(): JSX.Element {
 	}, [
 		isLoggedInState,
 		user,
+		licenses,
 		isCloudUser,
 		isEnterpriseSelfHostedUser,
-		isFetchingActiveLicense,
+		isFetchingLicenses,
 		isFetchingUser,
-		activeLicense,
-		activeLicenseFetchError,
 	]);

 	useEffect(() => {
 		if (pathname === ROUTES.ONBOARDING) {
-			// eslint-disable-next-line @typescript-eslint/ban-ts-comment
-			// @ts-ignore
-			window.Pylon('hideChatBubble');
+			window.Intercom('update', {
+				hide_default_launcher: true,
+			});
 		} else {
-			// eslint-disable-next-line @typescript-eslint/ban-ts-comment
-			// @ts-ignore
-			window.Pylon('showChatBubble');
+			window.Intercom('update', {
+				hide_default_launcher: false,
+			});
 		}
 	}, [pathname]);

@@ -241,7 +231,8 @@ function App(): JSX.Element {
 		if (
 			!isFetchingFeatureFlags &&
 			(featureFlags || featureFlagsFetchError) &&
-			activeLicense &&
+			licenses &&
+			activeLicenseV3 &&
 			trialInfo
 		) {
 			let isChatSupportEnabled = false;
@@ -264,13 +255,11 @@ function App(): JSX.Element {
 				!showAddCreditCardModal &&
 				(isCloudUser || isEnterpriseSelfHostedUser)
 			) {
-				window.pylon = {
-					chat_settings: {
-						app_id: process.env.PYLON_APP_ID,
-						email: user.email,
-						name: user.displayName,
-					},
-				};
+				window.Intercom('boot', {
+					app_id: process.env.INTERCOM_APP_ID,
+					email: user?.email || '',
+					name: user?.displayName || '',
+				});
 			}
 		}
 	}, [
@@ -281,7 +270,8 @@ function App(): JSX.Element {
 		featureFlags,
 		isFetchingFeatureFlags,
 		featureFlagsFetchError,
-		activeLicense,
+		licenses,
+		activeLicenseV3,
 		trialInfo,
 		isCloudUser,
 		isEnterpriseSelfHostedUser,
@@ -332,6 +322,10 @@ function App(): JSX.Element {
 		} else {
 			posthog.reset();
 			Sentry.close();
+
+			if (window.cioanalytics && typeof window.cioanalytics.reset === 'function') {
+				window.cioanalytics.reset();
+			}
 		}
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 	}, [isCloudUser, isEnterpriseSelfHostedUser]);
@@ -339,7 +333,7 @@ function App(): JSX.Element {
 	// if the user is in logged in state
 	if (isLoggedInState) {
 		// if the setup calls are loading then return a spinner
-		if (isFetchingActiveLicense || isFetchingUser || isFetchingFeatureFlags) {
+		if (isFetchingLicenses || isFetchingUser || isFetchingFeatureFlags) {
 			return <Spinner tip="Loading..." />;
 		}

@@ -351,11 +345,7 @@ function App(): JSX.Element {
 		}

 		// if all of the data is not set then return a spinner, this is required because there is some gap between loading states and data setting
-		if (
-			(!activeLicense || !user.email || !featureFlags) &&
-			!userFetchError &&
-			!activeLicenseFetchError
-		) {
+		if ((!licenses || !user.email || !featureFlags) && !userFetchError) {
 			return <Spinner tip="Loading..." />;
 		}
 	}
@@ -367,36 +357,34 @@ function App(): JSX.Element {
 					<CompatRouter>
 						<UserpilotRouteTracker />
 						<NotificationProvider>
-							<ErrorModalProvider>
-								<PrivateRoute>
-									<ResourceProvider>
-										<QueryBuilderProvider>
-											<DashboardProvider>
-												<KeyboardHotkeysProvider>
-													<AlertRuleProvider>
-														<AppLayout>
-															<Suspense fallback={<Spinner size="large" tip="Loading..." />}>
-																<Switch>
-																	{routes.map(({ path, component, exact }) => (
-																		<Route
-																			key={`${path}`}
-																			exact={exact}
-																			path={path}
-																			component={component}
-																		/>
-																	))}
-																	<Route exact path="/" component={Home} />
-																	<Route path="*" component={NotFound} />
-																</Switch>
-															</Suspense>
-														</AppLayout>
-													</AlertRuleProvider>
-												</KeyboardHotkeysProvider>
-											</DashboardProvider>
-										</QueryBuilderProvider>
-									</ResourceProvider>
-								</PrivateRoute>
-							</ErrorModalProvider>
+							<PrivateRoute>
+								<ResourceProvider>
+									<QueryBuilderProvider>
+										<DashboardProvider>
+											<KeyboardHotkeysProvider>
+												<AlertRuleProvider>
+													<AppLayout>
+														<Suspense fallback={<Spinner size="large" tip="Loading..." />}>
+															<Switch>
+																{routes.map(({ path, component, exact }) => (
+																	<Route
+																		key={`${path}`}
+																		exact={exact}
+																		path={path}
+																		component={component}
+																	/>
+																))}
+																<Route exact path="/" component={Home} />
+																<Route path="*" component={NotFound} />
+															</Switch>
+														</Suspense>
+													</AppLayout>
+												</AlertRuleProvider>
+											</KeyboardHotkeysProvider>
+										</DashboardProvider>
+									</QueryBuilderProvider>
+								</ResourceProvider>
+							</PrivateRoute>
 						</NotificationProvider>
 					</CompatRouter>
 				</Router>
--- a/frontend/src/AppRoutes/pageComponents.ts
+++ b/frontend/src/AppRoutes/pageComponents.ts
@@ -128,11 +128,12 @@ export const AlertOverview = Loadable(
 );

 export const CreateAlertChannelAlerts = Loadable(
-	() => import(/* webpackChunkName: "Create Channels" */ 'pages/Settings'),
+	() =>
+		import(/* webpackChunkName: "Create Channels" */ 'pages/AlertChannelCreate'),
 );

 export const EditAlertChannelsAlerts = Loadable(
-	() => import(/* webpackChunkName: "Edit Channels" */ 'pages/Settings'),
+	() => import(/* webpackChunkName: "Edit Channels" */ 'pages/ChannelsEdit'),
 );

 export const AllAlertChannels = Loadable(
@@ -164,7 +165,7 @@ export const APIKeys = Loadable(
 );

 export const MySettings = Loadable(
-	() => import(/* webpackChunkName: "All MySettings" */ 'pages/Settings'),
+	() => import(/* webpackChunkName: "All MySettings" */ 'pages/MySettings'),
 );

 export const CustomDomainSettings = Loadable(
@@ -221,7 +222,7 @@ export const LogsIndexToFields = Loadable(
 );

 export const BillingPage = Loadable(
-	() => import(/* webpackChunkName: "BillingPage" */ 'pages/Settings'),
+	() => import(/* webpackChunkName: "BillingPage" */ 'pages/Billing'),
 );

 export const SupportPage = Loadable(
@@ -248,7 +249,7 @@ export const WorkspaceAccessRestricted = Loadable(
 );

 export const ShortcutsPage = Loadable(
-	() => import(/* webpackChunkName: "ShortcutsPage" */ 'pages/Settings'),
+	() => import(/* webpackChunkName: "ShortcutsPage" */ 'pages/Shortcuts'),
 );

 export const InstalledIntegrations = Loadable(
--- a/frontend/src/AppRoutes/routes.ts
+++ b/frontend/src/AppRoutes/routes.ts
@@ -7,9 +7,12 @@ import {
 	AlertOverview,
 	AllAlertChannels,
 	AllErrors,
+	APIKeys,
 	ApiMonitoring,
+	BillingPage,
 	CreateAlertChannelAlerts,
 	CreateNewAlerts,
+	CustomDomainSettings,
 	DashboardPage,
 	DashboardWidget,
 	EditAlertChannelsAlerts,
@@ -17,6 +20,7 @@ import {
 	ErrorDetails,
 	Home,
 	InfrastructureMonitoring,
+	IngestionSettings,
 	InstalledIntegrations,
 	LicensePage,
 	ListAllALertsPage,
@@ -27,10 +31,12 @@ import {
 	LogsIndexToFields,
 	LogsSaveViews,
 	MetricsExplorer,
+	MySettings,
 	NewDashboardPage,
 	OldLogsExplorer,
 	Onboarding,
 	OnboardingV2,
+	OrganizationSettings,
 	OrgOnboarding,
 	PasswordReset,
 	PipelinePage,
@@ -39,6 +45,7 @@ import {
 	ServicesTablePage,
 	ServiceTopLevelOperationsPage,
 	SettingsPage,
+	ShortcutsPage,
 	SignupPage,
 	SomethingWentWrong,
 	StatusPage,
@@ -143,7 +150,7 @@ const routes: AppRoutes[] = [
 	},
 	{
 		path: ROUTES.SETTINGS,
-		exact: false,
+		exact: true,
 		component: SettingsPage,
 		isPrivate: true,
 		key: 'SETTINGS',
@@ -288,6 +295,41 @@ const routes: AppRoutes[] = [
 		isPrivate: true,
 		key: 'VERSION',
 	},
+	{
+		path: ROUTES.ORG_SETTINGS,
+		exact: true,
+		component: OrganizationSettings,
+		isPrivate: true,
+		key: 'ORG_SETTINGS',
+	},
+	{
+		path: ROUTES.INGESTION_SETTINGS,
+		exact: true,
+		component: IngestionSettings,
+		isPrivate: true,
+		key: 'INGESTION_SETTINGS',
+	},
+	{
+		path: ROUTES.API_KEYS,
+		exact: true,
+		component: APIKeys,
+		isPrivate: true,
+		key: 'API_KEYS',
+	},
+	{
+		path: ROUTES.MY_SETTINGS,
+		exact: true,
+		component: MySettings,
+		isPrivate: true,
+		key: 'MY_SETTINGS',
+	},
+	{
+		path: ROUTES.CUSTOM_DOMAIN_SETTINGS,
+		exact: true,
+		component: CustomDomainSettings,
+		isPrivate: true,
+		key: 'CUSTOM_DOMAIN_SETTINGS',
+	},
 	{
 		path: ROUTES.LOGS,
 		exact: true,
@@ -351,6 +393,13 @@ const routes: AppRoutes[] = [
 		key: 'SOMETHING_WENT_WRONG',
 		isPrivate: false,
 	},
+	{
+		path: ROUTES.BILLING,
+		exact: true,
+		component: BillingPage,
+		key: 'BILLING',
+		isPrivate: true,
+	},
 	{
 		path: ROUTES.WORKSPACE_LOCKED,
 		exact: true,
@@ -372,6 +421,13 @@ const routes: AppRoutes[] = [
 		isPrivate: true,
 		key: 'WORKSPACE_ACCESS_RESTRICTED',
 	},
+	{
+		path: ROUTES.SHORTCUTS,
+		exact: true,
+		component: ShortcutsPage,
+		isPrivate: true,
+		key: 'SHORTCUTS',
+	},
 	{
 		path: ROUTES.INTEGRATIONS,
 		exact: true,
--- a/frontend/src/api/APIKeys/createAPIKey.ts
+++ b/frontend/src/api/APIKeys/createAPIKey.ts
@@ -0,0 +1,26 @@
+import axios from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { APIKeyProps, CreateAPIKeyProps } from 'types/api/pat/types';
+
+const createAPIKey = async (
+	props: CreateAPIKeyProps,
+): Promise<SuccessResponse<APIKeyProps> | ErrorResponse> => {
+	try {
+		const response = await axios.post('/pats', {
+			...props,
+		});
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default createAPIKey;
--- a/frontend/src/api/APIKeys/deleteAPIKey.ts
+++ b/frontend/src/api/APIKeys/deleteAPIKey.ts
@@ -0,0 +1,24 @@
+import axios from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { AllAPIKeyProps } from 'types/api/pat/types';
+
+const deleteAPIKey = async (
+	id: string,
+): Promise<SuccessResponse<AllAPIKeyProps> | ErrorResponse> => {
+	try {
+		const response = await axios.delete(`/pats/${id}`);
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default deleteAPIKey;
--- a/frontend/src/api/APIKeys/getAPIKey.ts
+++ b/frontend/src/api/APIKeys/getAPIKey.ts
@@ -0,0 +1,24 @@
+import axios from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { PayloadProps, Props } from 'types/api/alerts/get';
+
+const get = async (
+	props: Props,
+): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
+	try {
+		const response = await axios.get(`/pats/${props.id}`);
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default get;
--- a/frontend/src/api/APIKeys/getAllAPIKeys.ts
+++ b/frontend/src/api/APIKeys/getAllAPIKeys.ts
@@ -0,0 +1,6 @@
+import axios from 'api';
+import { AxiosResponse } from 'axios';
+import { AllAPIKeyProps } from 'types/api/pat/types';
+
+export const getAllAPIKeys = (): Promise<AxiosResponse<AllAPIKeyProps>> =>
+	axios.get(`/pats`);
--- a/frontend/src/api/APIKeys/updateAPIKey.ts
+++ b/frontend/src/api/APIKeys/updateAPIKey.ts
@@ -0,0 +1,26 @@
+import axios from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { PayloadProps, UpdateAPIKeyProps } from 'types/api/pat/types';
+
+const updateAPIKey = async (
+	props: UpdateAPIKeyProps,
+): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
+	try {
+		const response = await axios.put(`/pats/${props.id}`, {
+			...props.data,
+		});
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default updateAPIKey;
--- a/frontend/src/api/quickFilters/getCustomFilters.ts
+++ b/frontend/src/api/quickFilters/getCustomFilters.ts
@@ -1,20 +1,19 @@
-import { ApiBaseInstance } from 'api';
+import axios from 'api';
 import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
 import { AxiosError } from 'axios';
 import { ErrorResponse, SuccessResponse } from 'types/api';
-import { PayloadProps, Props } from 'types/api/quickFilters/getCustomFilters';
+import { PayloadProps, Props } from 'types/api/SAML/deleteDomain';

-const getCustomFilters = async (
+const deleteDomain = async (
 	props: Props,
 ): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
-	const { signal } = props;
 	try {
-		const response = await ApiBaseInstance.get(`orgs/me/filters/${signal}`);
+		const response = await axios.delete(`/domains/${props.id}`);

 		return {
 			statusCode: 200,
 			error: null,
-			message: 'Success',
+			message: response.data.status,
 			payload: response.data.data,
 		};
 	} catch (error) {
@@ -22,4 +21,4 @@ const getCustomFilters = async (
 	}
 };

-export default getCustomFilters;
+export default deleteDomain;
--- a/frontend/src/api/SAML/listAllDomain.ts
+++ b/frontend/src/api/SAML/listAllDomain.ts
@@ -0,0 +1,24 @@
+import axios from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { PayloadProps, Props } from 'types/api/SAML/listDomain';
+
+const listAllDomain = async (
+	props: Props,
+): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
+	try {
+		const response = await axios.get(`/orgs/${props.orgId}/domains`);
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default listAllDomain;
--- a/frontend/src/api/SAML/postDomain.ts
+++ b/frontend/src/api/SAML/postDomain.ts
@@ -0,0 +1,24 @@
+import axios from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { PayloadProps, Props } from 'types/api/SAML/postDomain';
+
+const postDomain = async (
+	props: Props,
+): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
+	try {
+		const response = await axios.post(`/domains`, props);
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default postDomain;
--- a/frontend/src/api/SAML/updateDomain.ts
+++ b/frontend/src/api/SAML/updateDomain.ts
@@ -0,0 +1,24 @@
+import axios from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { PayloadProps, Props } from 'types/api/SAML/updateDomain';
+
+const updateDomain = async (
+	props: Props,
+): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
+	try {
+		const response = await axios.put(`/domains/${props.id}`, props);
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default updateDomain;
--- a/frontend/src/api/billing/checkout.ts
+++ b/frontend/src/api/billing/checkout.ts
@@ -0,0 +1,29 @@
+import axios from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import {
+	CheckoutRequestPayloadProps,
+	CheckoutSuccessPayloadProps,
+} from 'types/api/billing/checkout';
+
+const updateCreditCardApi = async (
+	props: CheckoutRequestPayloadProps,
+): Promise<SuccessResponse<CheckoutSuccessPayloadProps> | ErrorResponse> => {
+	try {
+		const response = await axios.post('/checkout', {
+			url: props.url,
+		});
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default updateCreditCardApi;
--- a/frontend/src/api/billing/manage.ts
+++ b/frontend/src/api/billing/manage.ts
@@ -0,0 +1,29 @@
+import axios from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import {
+	CheckoutRequestPayloadProps,
+	CheckoutSuccessPayloadProps,
+} from 'types/api/billing/checkout';
+
+const manageCreditCardApi = async (
+	props: CheckoutRequestPayloadProps,
+): Promise<SuccessResponse<CheckoutSuccessPayloadProps> | ErrorResponse> => {
+	try {
+		const response = await axios.post('/portal', {
+			url: props.url,
+		});
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default manageCreditCardApi;
--- a/frontend/src/api/dashboard/create.ts
+++ b/frontend/src/api/dashboard/create.ts
@@ -0,0 +1,27 @@
+import axios from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { PayloadProps, Props } from 'types/api/dashboard/create';
+
+const createDashboard = async (
+	props: Props,
+): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
+	const url = props.uploadedGrafana ? '/dashboards/grafana' : '/dashboards';
+	try {
+		const response = await axios.post(url, {
+			...props,
+		});
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default createDashboard;
--- a/frontend/src/api/dashboard/delete.ts
+++ b/frontend/src/api/dashboard/delete.ts
@@ -0,0 +1,9 @@
+import axios from 'api';
+import { PayloadProps, Props } from 'types/api/dashboard/delete';
+
+const deleteDashboard = (props: Props): Promise<PayloadProps> =>
+	axios
+		.delete<PayloadProps>(`/dashboards/${props.uuid}`)
+		.then((response) => response.data);
+
+export default deleteDashboard;
--- a/frontend/src/api/dashboard/get.ts
+++ b/frontend/src/api/dashboard/get.ts
@@ -0,0 +1,11 @@
+import axios from 'api';
+import { ApiResponse } from 'types/api';
+import { Props } from 'types/api/dashboard/get';
+import { Dashboard } from 'types/api/dashboard/getAll';
+
+const getDashboard = (props: Props): Promise<Dashboard> =>
+	axios
+		.get<ApiResponse<Dashboard>>(`/dashboards/${props.uuid}`)
+		.then((res) => res.data.data);
+
+export default getDashboard;
--- a/frontend/src/api/dashboard/getAll.ts
+++ b/frontend/src/api/dashboard/getAll.ts
@@ -0,0 +1,8 @@
+import axios from 'api';
+import { ApiResponse } from 'types/api';
+import { Dashboard } from 'types/api/dashboard/getAll';
+
+export const getAllDashboardList = (): Promise<Dashboard[]> =>
+	axios
+		.get<ApiResponse<Dashboard[]>>('/dashboards')
+		.then((res) => res.data.data);
--- a/frontend/src/api/dashboard/lockDashboard.ts
+++ b/frontend/src/api/dashboard/lockDashboard.ts
@@ -0,0 +1,11 @@
+import axios from 'api';
+import { AxiosResponse } from 'axios';
+
+interface LockDashboardProps {
+	uuid: string;
+}
+
+const lockDashboard = (props: LockDashboardProps): Promise<AxiosResponse> =>
+	axios.put(`/dashboards/${props.uuid}/lock`);
+
+export default lockDashboard;
--- a/frontend/src/api/dashboard/unlockDashboard.ts
+++ b/frontend/src/api/dashboard/unlockDashboard.ts
@@ -0,0 +1,11 @@
+import axios from 'api';
+import { AxiosResponse } from 'axios';
+
+interface UnlockDashboardProps {
+	uuid: string;
+}
+
+const unlockDashboard = (props: UnlockDashboardProps): Promise<AxiosResponse> =>
+	axios.put(`/dashboards/${props.uuid}/unlock`);
+
+export default unlockDashboard;
--- a/frontend/src/api/dashboard/update.ts
+++ b/frontend/src/api/dashboard/update.ts
@@ -0,0 +1,20 @@
+import axios from 'api';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { PayloadProps, Props } from 'types/api/dashboard/update';
+
+const updateDashboard = async (
+	props: Props,
+): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
+	const response = await axios.put(`/dashboards/${props.uuid}`, {
+		...props.data,
+	});
+
+	return {
+		statusCode: 200,
+		error: null,
+		message: response.data.status,
+		payload: response.data.data,
+	};
+};
+
+export default updateDashboard;
--- a/frontend/src/api/dynamicVariables/getFieldKeys.ts
+++ b/frontend/src/api/dynamicVariables/getFieldKeys.ts
@@ -0,0 +1,34 @@
+import { ApiBaseInstance } from 'api';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { FieldKeyResponse } from 'types/api/dynamicVariables/getFieldKeys';
+
+/**
+ * Get field keys for a given signal type
+ * @param signal Type of signal (traces, logs, metrics)
+ * @param name Optional search text
+ */
+export const getFieldKeys = async (
+	signal?: 'traces' | 'logs' | 'metrics',
+	name?: string,
+): Promise<SuccessResponse<FieldKeyResponse> | ErrorResponse> => {
+	const params: Record<string, string> = {};
+
+	if (signal) {
+		params.signal = signal;
+	}
+
+	if (name) {
+		params.name = name;
+	}
+
+	const response = await ApiBaseInstance.get('/fields/keys', { params });
+
+	return {
+		statusCode: 200,
+		error: null,
+		message: response.data.status,
+		payload: response.data.data,
+	};
+};
+
+export default getFieldKeys;
--- a/frontend/src/api/dynamicVariables/getFieldValues.ts
+++ b/frontend/src/api/dynamicVariables/getFieldValues.ts
@@ -0,0 +1,63 @@
+import { ApiBaseInstance } from 'api';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { FieldValueResponse } from 'types/api/dynamicVariables/getFieldValues';
+
+/**
+ * Get field values for a given signal type and field name
+ * @param signal Type of signal (traces, logs, metrics)
+ * @param name Name of the attribute for which values are being fetched
+ * @param value Optional search text
+ */
+export const getFieldValues = async (
+	signal?: 'traces' | 'logs' | 'metrics',
+	name?: string,
+	value?: string,
+	startUnixMilli?: number,
+	endUnixMilli?: number,
+): Promise<SuccessResponse<FieldValueResponse> | ErrorResponse> => {
+	const params: Record<string, string> = {};
+
+	if (signal) {
+		params.signal = signal;
+	}
+
+	if (name) {
+		params.name = name;
+	}
+
+	if (value) {
+		params.value = value;
+	}
+
+	if (startUnixMilli) {
+		params.startUnixMilli = Math.floor(startUnixMilli / 1000000).toString();
+	}
+
+	if (endUnixMilli) {
+		params.endUnixMilli = Math.floor(endUnixMilli / 1000000).toString();
+	}
+
+	const response = await ApiBaseInstance.get('/fields/values', { params });
+
+	// Normalize values from different types (stringValues, boolValues, etc.)
+	if (response.data?.data?.values) {
+		const allValues: string[] = [];
+		Object.values(response.data.data.values).forEach((valueArray: any) => {
+			if (Array.isArray(valueArray)) {
+				allValues.push(...valueArray.map(String));
+			}
+		});
+
+		// Add a normalized values array to the response
+		response.data.data.normalizedValues = allValues;
+	}
+
+	return {
+		statusCode: 200,
+		error: null,
+		message: response.data.status,
+		payload: response.data.data,
+	};
+};
+
+export default getFieldValues;
--- a/frontend/src/api/features/getFeatureFlags.ts
+++ b/frontend/src/api/features/getFeatureFlags.ts
@@ -0,0 +1,10 @@
+import axios from 'api';
+import { ApiResponse } from 'types/api';
+import { FeatureFlagProps } from 'types/api/features/getFeaturesFlags';
+
+const getFeaturesFlags = (): Promise<FeatureFlagProps[]> =>
+	axios
+		.get<ApiResponse<FeatureFlagProps[]>>(`/featureFlags`)
+		.then((response) => response.data.data);
+
+export default getFeaturesFlags;
--- a/frontend/src/api/index.ts
+++ b/frontend/src/api/index.ts
@@ -4,11 +4,7 @@
 import getLocalStorageApi from 'api/browser/localstorage/get';
 import loginApi from 'api/v1/login/login';
 import afterLogin from 'AppRoutes/utils';
-import axios, {
-	AxiosError,
-	AxiosResponse,
-	InternalAxiosRequestConfig,
-} from 'axios';
+import axios, { AxiosResponse, InternalAxiosRequestConfig } from 'axios';
 import { ENVIRONMENT } from 'constants/env';
 import { Events } from 'constants/events';
 import { LOCALSTORAGE } from 'constants/localStorage';
@@ -87,27 +83,24 @@ const interceptorRejected = async (
 						true,
 					);

-					try {
-						const reResponse = await axios(
-							`${value.config.baseURL}${value.config.url?.substring(1)}`,
-							{
-								method: value.config.method,
-								headers: {
-									...value.config.headers,
-									Authorization: `Bearer ${response.data.accessJwt}`,
-								},
-								data: {
-									...JSON.parse(value.config.data || '{}'),
-								},
+					const reResponse = await axios(
+						`${value.config.baseURL}${value.config.url?.substring(1)}`,
+						{
+							method: value.config.method,
+							headers: {
+								...value.config.headers,
+								Authorization: `Bearer ${response.data.accessJwt}`,
 							},
-						);
-
+							data: {
+								...JSON.parse(value.config.data || '{}'),
+							},
+						},
+					);
+					if (reResponse.status === 200) {
 						return await Promise.resolve(reResponse);
-					} catch (error) {
-						if ((error as AxiosError)?.response?.status === 401) {
-							Logout();
-						}
 					}
+					Logout();
+					return await Promise.reject(reResponse);
 				} catch (error) {
 					Logout();
 				}
--- a/frontend/src/api/infraMonitoring/getK8sClustersList.ts
+++ b/frontend/src/api/infraMonitoring/getK8sClustersList.ts
@@ -5,8 +5,6 @@ import { ErrorResponse, SuccessResponse } from 'types/api';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { TagFilter } from 'types/api/queryBuilder/queryBuilderData';

-import { UnderscoreToDotMap } from '../utils';
-
 export interface K8sClustersListPayload {
 	filters: TagFilter;
 	groupBy?: BaseAutocompleteData[];
@@ -42,80 +40,23 @@ export interface K8sClustersListResponse {
 	};
 }

-export const clustersMetaMap = [
-	{ dot: 'k8s.cluster.name', under: 'k8s_cluster_name' },
-	{ dot: 'k8s.cluster.uid', under: 'k8s_cluster_uid' },
-] as const;
-
-export function mapClustersMeta(
-	raw: Record<string, unknown>,
-): K8sClustersData['meta'] {
-	const out: Record<string, unknown> = { ...raw };
-	clustersMetaMap.forEach(({ dot, under }) => {
-		if (dot in raw) {
-			const v = raw[dot];
-			out[under] = typeof v === 'string' ? v : raw[under];
-		}
-	});
-	return out as K8sClustersData['meta'];
-}
-
 export const getK8sClustersList = async (
 	props: K8sClustersListPayload,
 	signal?: AbortSignal,
 	headers?: Record<string, string>,
-	dotMetricsEnabled = false,
 ): Promise<SuccessResponse<K8sClustersListResponse> | ErrorResponse> => {
 	try {
-		const requestProps =
-			dotMetricsEnabled && Array.isArray(props.filters?.items)
-				? {
-						...props,
-						filters: {
-							...props.filters,
-							items: props.filters.items.reduce<typeof props.filters.items>(
-								(acc, item) => {
-									if (item.value === undefined) return acc;
-									if (
-										item.key &&
-										typeof item.key === 'object' &&
-										'key' in item.key &&
-										typeof item.key.key === 'string'
-									) {
-										const mappedKey = UnderscoreToDotMap[item.key.key] ?? item.key.key;
-										acc.push({
-											...item,
-											key: { ...item.key, key: mappedKey },
-										});
-									} else {
-										acc.push(item);
-									}
-									return acc;
-								},
-								[] as typeof props.filters.items,
-							),
-						},
-				  }
-				: props;
-
-		const response = await axios.post('/clusters/list', requestProps, {
+		const response = await axios.post('/clusters/list', props, {
 			signal,
 			headers,
 		});
-		const payload: K8sClustersListResponse = response.data;
-
-		// one-liner meta mapping
-		payload.data.records = payload.data.records.map((record) => ({
-			...record,
-			meta: mapClustersMeta(record.meta as Record<string, unknown>),
-		}));

 		return {
 			statusCode: 200,
 			error: null,
 			message: 'Success',
-			payload,
-			params: requestProps,
+			payload: response.data,
+			params: props,
 		};
 	} catch (error) {
 		return ErrorResponseHandler(error as AxiosError);
--- a/frontend/src/api/infraMonitoring/getK8sDaemonSetsList.ts
+++ b/frontend/src/api/infraMonitoring/getK8sDaemonSetsList.ts
@@ -5,8 +5,6 @@ import { ErrorResponse, SuccessResponse } from 'types/api';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { TagFilter } from 'types/api/queryBuilder/queryBuilderData';

-import { UnderscoreToDotMap } from '../utils';
-
 export interface K8sDaemonSetsListPayload {
 	filters: TagFilter;
 	groupBy?: BaseAutocompleteData[];
@@ -48,82 +46,23 @@ export interface K8sDaemonSetsListResponse {
 	};
 }

-export const daemonSetsMetaMap = [
-	{ dot: 'k8s.namespace.name', under: 'k8s_namespace_name' },
-	{ dot: 'k8s.daemonset.name', under: 'k8s_daemonset_name' },
-	{ dot: 'k8s.cluster.name', under: 'k8s_cluster_name' },
-] as const;
-
-export function mapDaemonSetsMeta(
-	raw: Record<string, unknown>,
-): K8sDaemonSetsData['meta'] {
-	const out: Record<string, unknown> = { ...raw };
-	daemonSetsMetaMap.forEach(({ dot, under }) => {
-		if (dot in raw) {
-			const v = raw[dot];
-			out[under] = typeof v === 'string' ? v : raw[under];
-		}
-	});
-	return out as K8sDaemonSetsData['meta'];
-}
-
 export const getK8sDaemonSetsList = async (
 	props: K8sDaemonSetsListPayload,
 	signal?: AbortSignal,
 	headers?: Record<string, string>,
-	dotMetricsEnabled = false,
 ): Promise<SuccessResponse<K8sDaemonSetsListResponse> | ErrorResponse> => {
 	try {
-		// filter prep (unchanged)…
-		const requestProps =
-			dotMetricsEnabled && Array.isArray(props.filters?.items)
-				? {
-						...props,
-						filters: {
-							...props.filters,
-							items: props.filters.items.reduce<typeof props.filters.items>(
-								(acc, item) => {
-									if (item.value === undefined) return acc;
-									if (
-										item.key &&
-										typeof item.key === 'object' &&
-										'key' in item.key &&
-										typeof item.key.key === 'string'
-									) {
-										const mappedKey = UnderscoreToDotMap[item.key.key] ?? item.key.key;
-										acc.push({
-											...item,
-											key: { ...item.key, key: mappedKey },
-										});
-									} else {
-										acc.push(item);
-									}
-									return acc;
-								},
-								[] as typeof props.filters.items,
-							),
-						},
-				  }
-				: props;
-
-		const response = await axios.post('/daemonsets/list', requestProps, {
+		const response = await axios.post('/daemonsets/list', props, {
 			signal,
 			headers,
 		});
-		const payload: K8sDaemonSetsListResponse = response.data;
-
-		// single-line meta mapping
-		payload.data.records = payload.data.records.map((record) => ({
-			...record,
-			meta: mapDaemonSetsMeta(record.meta as Record<string, unknown>),
-		}));

 		return {
 			statusCode: 200,
 			error: null,
 			message: 'Success',
-			payload,
-			params: requestProps,
+			payload: response.data,
+			params: props,
 		};
 	} catch (error) {
 		return ErrorResponseHandler(error as AxiosError);
--- a/frontend/src/api/infraMonitoring/getK8sDeploymentsList.ts
+++ b/frontend/src/api/infraMonitoring/getK8sDeploymentsList.ts
@@ -5,8 +5,6 @@ import { ErrorResponse, SuccessResponse } from 'types/api';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { TagFilter } from 'types/api/queryBuilder/queryBuilderData';

-import { UnderscoreToDotMap } from '../utils';
-
 export interface K8sDeploymentsListPayload {
 	filters: TagFilter;
 	groupBy?: BaseAutocompleteData[];
@@ -48,81 +46,23 @@ export interface K8sDeploymentsListResponse {
 	};
 }

-export const deploymentsMetaMap = [
-	{ dot: 'k8s.cluster.name', under: 'k8s_cluster_name' },
-	{ dot: 'k8s.deployment.name', under: 'k8s_deployment_name' },
-	{ dot: 'k8s.namespace.name', under: 'k8s_namespace_name' },
-] as const;
-
-export function mapDeploymentsMeta(
-	raw: Record<string, unknown>,
-): K8sDeploymentsData['meta'] {
-	const out: Record<string, unknown> = { ...raw };
-	deploymentsMetaMap.forEach(({ dot, under }) => {
-		if (dot in raw) {
-			const v = raw[dot];
-			out[under] = typeof v === 'string' ? v : raw[under];
-		}
-	});
-	return out as K8sDeploymentsData['meta'];
-}
-
 export const getK8sDeploymentsList = async (
 	props: K8sDeploymentsListPayload,
 	signal?: AbortSignal,
 	headers?: Record<string, string>,
-	dotMetricsEnabled = false,
 ): Promise<SuccessResponse<K8sDeploymentsListResponse> | ErrorResponse> => {
 	try {
-		const requestProps =
-			dotMetricsEnabled && Array.isArray(props.filters?.items)
-				? {
-						...props,
-						filters: {
-							...props.filters,
-							items: props.filters.items.reduce<typeof props.filters.items>(
-								(acc, item) => {
-									if (item.value === undefined) return acc;
-									if (
-										item.key &&
-										typeof item.key === 'object' &&
-										'key' in item.key &&
-										typeof item.key.key === 'string'
-									) {
-										const mappedKey = UnderscoreToDotMap[item.key.key] ?? item.key.key;
-										acc.push({
-											...item,
-											key: { ...item.key, key: mappedKey },
-										});
-									} else {
-										acc.push(item);
-									}
-									return acc;
-								},
-								[] as typeof props.filters.items,
-							),
-						},
-				  }
-				: props;
-
-		const response = await axios.post('/deployments/list', requestProps, {
+		const response = await axios.post('/deployments/list', props, {
 			signal,
 			headers,
 		});
-		const payload: K8sDeploymentsListResponse = response.data;
-
-		// single-line mapping
-		payload.data.records = payload.data.records.map((record) => ({
-			...record,
-			meta: mapDeploymentsMeta(record.meta as Record<string, unknown>),
-		}));

 		return {
 			statusCode: 200,
 			error: null,
 			message: 'Success',
-			payload,
-			params: requestProps,
+			payload: response.data,
+			params: props,
 		};
 	} catch (error) {
 		return ErrorResponseHandler(error as AxiosError);
--- a/frontend/src/api/infraMonitoring/getK8sJobsList.ts
+++ b/frontend/src/api/infraMonitoring/getK8sJobsList.ts
@@ -5,8 +5,6 @@ import { ErrorResponse, SuccessResponse } from 'types/api';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { TagFilter } from 'types/api/queryBuilder/queryBuilderData';

-import { UnderscoreToDotMap } from '../utils';
-
 export interface K8sJobsListPayload {
 	filters: TagFilter;
 	groupBy?: BaseAutocompleteData[];
@@ -50,79 +48,23 @@ export interface K8sJobsListResponse {
 	};
 }

-export const jobsMetaMap = [
-	{ dot: 'k8s.cluster.name', under: 'k8s_cluster_name' },
-	{ dot: 'k8s.job.name', under: 'k8s_job_name' },
-	{ dot: 'k8s.namespace.name', under: 'k8s_namespace_name' },
-] as const;
-
-export function mapJobsMeta(raw: Record<string, unknown>): K8sJobsData['meta'] {
-	const out: Record<string, unknown> = { ...raw };
-	jobsMetaMap.forEach(({ dot, under }) => {
-		if (dot in raw) {
-			const v = raw[dot];
-			out[under] = typeof v === 'string' ? v : raw[under];
-		}
-	});
-	return out as K8sJobsData['meta'];
-}
-
 export const getK8sJobsList = async (
 	props: K8sJobsListPayload,
 	signal?: AbortSignal,
 	headers?: Record<string, string>,
-	dotMetricsEnabled = false,
 ): Promise<SuccessResponse<K8sJobsListResponse> | ErrorResponse> => {
 	try {
-		const requestProps =
-			dotMetricsEnabled && Array.isArray(props.filters?.items)
-				? {
-						...props,
-						filters: {
-							...props.filters,
-							items: props.filters.items.reduce<typeof props.filters.items>(
-								(acc, item) => {
-									if (item.value === undefined) return acc;
-									if (
-										item.key &&
-										typeof item.key === 'object' &&
-										'key' in item.key &&
-										typeof item.key.key === 'string'
-									) {
-										const mappedKey = UnderscoreToDotMap[item.key.key] ?? item.key.key;
-										acc.push({
-											...item,
-											key: { ...item.key, key: mappedKey },
-										});
-									} else {
-										acc.push(item);
-									}
-									return acc;
-								},
-								[] as typeof props.filters.items,
-							),
-						},
-				  }
-				: props;
-
-		const response = await axios.post('/jobs/list', requestProps, {
+		const response = await axios.post('/jobs/list', props, {
 			signal,
 			headers,
 		});
-		const payload: K8sJobsListResponse = response.data;
-
-		// one-liner meta mapping
-		payload.data.records = payload.data.records.map((record) => ({
-			...record,
-			meta: mapJobsMeta(record.meta as Record<string, unknown>),
-		}));

 		return {
 			statusCode: 200,
 			error: null,
 			message: 'Success',
-			payload,
-			params: requestProps,
+			payload: response.data,
+			params: props,
 		};
 	} catch (error) {
 		return ErrorResponseHandler(error as AxiosError);
--- a/frontend/src/api/infraMonitoring/getK8sNamespacesList.ts
+++ b/frontend/src/api/infraMonitoring/getK8sNamespacesList.ts
@@ -5,8 +5,6 @@ import { ErrorResponse, SuccessResponse } from 'types/api';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { TagFilter } from 'types/api/queryBuilder/queryBuilderData';

-import { UnderscoreToDotMap } from '../utils';
-
 export interface K8sNamespacesListPayload {
 	filters: TagFilter;
 	groupBy?: BaseAutocompleteData[];
@@ -40,79 +38,23 @@ export interface K8sNamespacesListResponse {
 	};
 }

-export const namespacesMetaMap = [
-	{ dot: 'k8s.cluster.name', under: 'k8s_cluster_name' },
-	{ dot: 'k8s.namespace.name', under: 'k8s_namespace_name' },
-] as const;
-
-export function mapNamespacesMeta(
-	raw: Record<string, unknown>,
-): K8sNamespacesData['meta'] {
-	const out: Record<string, unknown> = { ...raw };
-	namespacesMetaMap.forEach(({ dot, under }) => {
-		if (dot in raw) {
-			const v = raw[dot];
-			out[under] = typeof v === 'string' ? v : raw[under];
-		}
-	});
-	return out as K8sNamespacesData['meta'];
-}
-
 export const getK8sNamespacesList = async (
 	props: K8sNamespacesListPayload,
 	signal?: AbortSignal,
 	headers?: Record<string, string>,
-	dotMetricsEnabled = false,
 ): Promise<SuccessResponse<K8sNamespacesListResponse> | ErrorResponse> => {
 	try {
-		const requestProps =
-			dotMetricsEnabled && Array.isArray(props.filters?.items)
-				? {
-						...props,
-						filters: {
-							...props.filters,
-							items: props.filters.items.reduce<typeof props.filters.items>(
-								(acc, item) => {
-									if (item.value === undefined) return acc;
-									if (
-										item.key &&
-										typeof item.key === 'object' &&
-										'key' in item.key &&
-										typeof item.key.key === 'string'
-									) {
-										const mappedKey = UnderscoreToDotMap[item.key.key] ?? item.key.key;
-										acc.push({
-											...item,
-											key: { ...item.key, key: mappedKey },
-										});
-									} else {
-										acc.push(item);
-									}
-									return acc;
-								},
-								[] as typeof props.filters.items,
-							),
-						},
-				  }
-				: props;
-
-		const response = await axios.post('/namespaces/list', requestProps, {
+		const response = await axios.post('/namespaces/list', props, {
 			signal,
 			headers,
 		});
-		const payload: K8sNamespacesListResponse = response.data;
-
-		payload.data.records = payload.data.records.map((record) => ({
-			...record,
-			meta: mapNamespacesMeta(record.meta as Record<string, unknown>),
-		}));

 		return {
 			statusCode: 200,
 			error: null,
 			message: 'Success',
-			payload,
-			params: requestProps,
+			payload: response.data,
+			params: props,
 		};
 	} catch (error) {
 		return ErrorResponseHandler(error as AxiosError);
--- a/frontend/src/api/infraMonitoring/getK8sNodesList.ts
+++ b/frontend/src/api/infraMonitoring/getK8sNodesList.ts
@@ -5,8 +5,6 @@ import { ErrorResponse, SuccessResponse } from 'types/api';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { TagFilter } from 'types/api/queryBuilder/queryBuilderData';

-import { UnderscoreToDotMap } from '../utils';
-
 export interface K8sNodesListPayload {
 	filters: TagFilter;
 	groupBy?: BaseAutocompleteData[];
@@ -43,81 +41,23 @@ export interface K8sNodesListResponse {
 	};
 }

-export const nodesMetaMap = [
-	{ dot: 'k8s.node.name', under: 'k8s_node_name' },
-	{ dot: 'k8s.node.uid', under: 'k8s_node_uid' },
-	{ dot: 'k8s.cluster.name', under: 'k8s_cluster_name' },
-] as const;
-
-export function mapNodesMeta(
-	raw: Record<string, unknown>,
-): K8sNodesData['meta'] {
-	const out: Record<string, unknown> = { ...raw };
-	nodesMetaMap.forEach(({ dot, under }) => {
-		if (dot in raw) {
-			const v = raw[dot];
-			out[under] = typeof v === 'string' ? v : raw[under];
-		}
-	});
-	return out as K8sNodesData['meta'];
-}
-
 export const getK8sNodesList = async (
 	props: K8sNodesListPayload,
 	signal?: AbortSignal,
 	headers?: Record<string, string>,
-	dotMetricsEnabled = false,
 ): Promise<SuccessResponse<K8sNodesListResponse> | ErrorResponse> => {
 	try {
-		const requestProps =
-			dotMetricsEnabled && Array.isArray(props.filters?.items)
-				? {
-						...props,
-						filters: {
-							...props.filters,
-							items: props.filters.items.reduce<typeof props.filters.items>(
-								(acc, item) => {
-									if (item.value === undefined) return acc;
-									if (
-										item.key &&
-										typeof item.key === 'object' &&
-										'key' in item.key &&
-										typeof item.key.key === 'string'
-									) {
-										const mappedKey = UnderscoreToDotMap[item.key.key] ?? item.key.key;
-										acc.push({
-											...item,
-											key: { ...item.key, key: mappedKey },
-										});
-									} else {
-										acc.push(item);
-									}
-									return acc;
-								},
-								[] as typeof props.filters.items,
-							),
-						},
-				  }
-				: props;
-
-		const response = await axios.post('/nodes/list', requestProps, {
+		const response = await axios.post('/nodes/list', props, {
 			signal,
 			headers,
 		});
-		const payload: K8sNodesListResponse = response.data;
-
-		// one-liner to map dot→underscore
-		payload.data.records = payload.data.records.map((record) => ({
-			...record,
-			meta: mapNodesMeta(record.meta as Record<string, unknown>),
-		}));

 		return {
 			statusCode: 200,
 			error: null,
 			message: 'Success',
-			payload,
-			params: requestProps,
+			payload: response.data,
+			params: props,
 		};
 	} catch (error) {
 		return ErrorResponseHandler(error as AxiosError);
--- a/frontend/src/api/infraMonitoring/getK8sPodsList.ts
+++ b/frontend/src/api/infraMonitoring/getK8sPodsList.ts
@@ -5,8 +5,6 @@ import { ErrorResponse, SuccessResponse } from 'types/api';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { TagFilter } from 'types/api/queryBuilder/queryBuilderData';

-import { UnderscoreToDotMap } from '../utils';
-
 export interface K8sPodsListPayload {
 	filters: TagFilter;
 	groupBy?: BaseAutocompleteData[];
@@ -71,87 +69,23 @@ export interface K8sPodsListResponse {
 	};
 }

-export const podsMetaMap = [
-	{ dot: 'k8s.cronjob.name', under: 'k8s_cronjob_name' },
-	{ dot: 'k8s.daemonset.name', under: 'k8s_daemonset_name' },
-	{ dot: 'k8s.deployment.name', under: 'k8s_deployment_name' },
-	{ dot: 'k8s.job.name', under: 'k8s_job_name' },
-	{ dot: 'k8s.namespace.name', under: 'k8s_namespace_name' },
-	{ dot: 'k8s.node.name', under: 'k8s_node_name' },
-	{ dot: 'k8s.pod.name', under: 'k8s_pod_name' },
-	{ dot: 'k8s.pod.uid', under: 'k8s_pod_uid' },
-	{ dot: 'k8s.statefulset.name', under: 'k8s_statefulset_name' },
-	{ dot: 'k8s.cluster.name', under: 'k8s_cluster_name' },
-] as const;
-
-export function mapPodsMeta(raw: Record<string, unknown>): K8sPodsData['meta'] {
-	// clone everything
-	const out: Record<string, unknown> = { ...raw };
-	// overlay only the dot→under mappings
-	podsMetaMap.forEach(({ dot, under }) => {
-		if (dot in raw) {
-			const v = raw[dot];
-			out[under] = typeof v === 'string' ? v : raw[under];
-		}
-	});
-	return out as K8sPodsData['meta'];
-}
-
-// getK8sPodsList
 export const getK8sPodsList = async (
 	props: K8sPodsListPayload,
 	signal?: AbortSignal,
 	headers?: Record<string, string>,
-	dotMetricsEnabled = false,
 ): Promise<SuccessResponse<K8sPodsListResponse> | ErrorResponse> => {
 	try {
-		const requestProps =
-			dotMetricsEnabled && Array.isArray(props.filters?.items)
-				? {
-						...props,
-						filters: {
-							...props.filters,
-							items: props.filters.items.reduce<typeof props.filters.items>(
-								(acc, item) => {
-									if (item.value === undefined) return acc;
-									if (
-										item.key &&
-										typeof item.key === 'object' &&
-										'key' in item.key &&
-										typeof item.key.key === 'string'
-									) {
-										const mappedKey = UnderscoreToDotMap[item.key.key] ?? item.key.key;
-										acc.push({
-											...item,
-											key: { ...item.key, key: mappedKey },
-										});
-									} else {
-										acc.push(item);
-									}
-									return acc;
-								},
-								[] as typeof props.filters.items,
-							),
-						},
-				  }
-				: props;
-
-		const response = await axios.post('/pods/list', requestProps, {
+		const response = await axios.post('/pods/list', props, {
 			signal,
 			headers,
 		});
-		const payload: K8sPodsListResponse = response.data;
-		payload.data.records = payload.data.records.map((record) => ({
-			...record,
-			meta: mapPodsMeta(record.meta as Record<string, unknown>),
-		}));

 		return {
 			statusCode: 200,
 			error: null,
 			message: 'Success',
-			payload,
-			params: requestProps,
+			payload: response.data,
+			params: props,
 		};
 	} catch (error) {
 		return ErrorResponseHandler(error as AxiosError);
--- a/frontend/src/api/infraMonitoring/getK8sVolumesList.ts
+++ b/frontend/src/api/infraMonitoring/getK8sVolumesList.ts
@@ -5,8 +5,6 @@ import { ErrorResponse, SuccessResponse } from 'types/api';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { TagFilter } from 'types/api/queryBuilder/queryBuilderData';

-import { UnderscoreToDotMap } from '../utils';
-
 export interface K8sVolumesListPayload {
 	filters: TagFilter;
 	groupBy?: BaseAutocompleteData[];
@@ -49,92 +47,23 @@ export interface K8sVolumesListResponse {
 	};
 }

-export const volumesMetaMap: Array<{
-	dot: keyof Record<string, unknown>;
-	under: keyof K8sVolumesData['meta'];
-}> = [
-	{ dot: 'k8s.cluster.name', under: 'k8s_cluster_name' },
-	{ dot: 'k8s.namespace.name', under: 'k8s_namespace_name' },
-	{ dot: 'k8s.node.name', under: 'k8s_node_name' },
-	{
-		dot: 'k8s.persistentvolumeclaim.name',
-		under: 'k8s_persistentvolumeclaim_name',
-	},
-	{ dot: 'k8s.pod.name', under: 'k8s_pod_name' },
-	{ dot: 'k8s.pod.uid', under: 'k8s_pod_uid' },
-	{ dot: 'k8s.statefulset.name', under: 'k8s_statefulset_name' },
-];
-
-export function mapVolumesMeta(
-	rawMeta: Record<string, unknown>,
-): K8sVolumesData['meta'] {
-	// start with everything that was already there
-	const out: Record<string, unknown> = { ...rawMeta };
-
-	// for each dot→under rule, if the raw has the dot, overwrite the underscore
-	volumesMetaMap.forEach(({ dot, under }) => {
-		if (dot in rawMeta) {
-			const val = rawMeta[dot];
-			out[under] = typeof val === 'string' ? val : rawMeta[under];
-		}
-	});
-
-	return out as K8sVolumesData['meta'];
-}
-
 export const getK8sVolumesList = async (
 	props: K8sVolumesListPayload,
 	signal?: AbortSignal,
 	headers?: Record<string, string>,
-	dotMetricsEnabled = false,
 ): Promise<SuccessResponse<K8sVolumesListResponse> | ErrorResponse> => {
 	try {
-		// Prepare filters
-		const requestProps =
-			dotMetricsEnabled && Array.isArray(props.filters?.items)
-				? {
-						...props,
-						filters: {
-							...props.filters,
-							items: props.filters.items.reduce<typeof props.filters.items>(
-								(acc, item) => {
-									if (item.value === undefined) return acc;
-									if (
-										item.key &&
-										typeof item.key === 'object' &&
-										'key' in item.key &&
-										typeof item.key.key === 'string'
-									) {
-										const mappedKey = UnderscoreToDotMap[item.key.key] ?? item.key.key;
-										acc.push({ ...item, key: { ...item.key, key: mappedKey } });
-									} else {
-										acc.push(item);
-									}
-									return acc;
-								},
-								[] as typeof props.filters.items,
-							),
-						},
-				  }
-				: props;
-
-		const response = await axios.post('/pvcs/list', requestProps, {
+		const response = await axios.post('/pvcs/list', props, {
 			signal,
 			headers,
 		});
-		const payload: K8sVolumesListResponse = response.data;
-
-		payload.data.records = payload.data.records.map((record) => ({
-			...record,
-			meta: mapVolumesMeta(record.meta as Record<string, unknown>),
-		}));

 		return {
 			statusCode: 200,
 			error: null,
 			message: 'Success',
-			payload,
-			params: requestProps,
+			payload: response.data,
+			params: props,
 		};
 	} catch (error) {
 		return ErrorResponseHandler(error as AxiosError);
--- a/frontend/src/api/infraMonitoring/getsK8sStatefulSetsList.ts
+++ b/frontend/src/api/infraMonitoring/getsK8sStatefulSetsList.ts
@@ -5,8 +5,6 @@ import { ErrorResponse, SuccessResponse } from 'types/api';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { TagFilter } from 'types/api/queryBuilder/queryBuilderData';

-import { UnderscoreToDotMap } from '../utils';
-
 export interface K8sStatefulSetsListPayload {
 	filters: TagFilter;
 	groupBy?: BaseAutocompleteData[];
@@ -47,78 +45,23 @@ export interface K8sStatefulSetsListResponse {
 	};
 }

-export const statefulSetsMetaMap = [
-	{ dot: 'k8s.statefulset.name', under: 'k8s_statefulset_name' },
-	{ dot: 'k8s.namespace.name', under: 'k8s_namespace_name' },
-] as const;
-
-export function mapStatefulSetsMeta(
-	raw: Record<string, unknown>,
-): K8sStatefulSetsData['meta'] {
-	const out: Record<string, unknown> = { ...raw };
-	statefulSetsMetaMap.forEach(({ dot, under }) => {
-		if (dot in raw) {
-			const v = raw[dot];
-			out[under] = typeof v === 'string' ? v : raw[under];
-		}
-	});
-	return out as K8sStatefulSetsData['meta'];
-}
-
 export const getK8sStatefulSetsList = async (
 	props: K8sStatefulSetsListPayload,
 	signal?: AbortSignal,
 	headers?: Record<string, string>,
-	dotMetricsEnabled = false,
 ): Promise<SuccessResponse<K8sStatefulSetsListResponse> | ErrorResponse> => {
 	try {
-		// Prepare filters
-		const requestProps =
-			dotMetricsEnabled && Array.isArray(props.filters?.items)
-				? {
-						...props,
-						filters: {
-							...props.filters,
-							items: props.filters.items.reduce<typeof props.filters.items>(
-								(acc, item) => {
-									if (item.value === undefined) return acc;
-									if (
-										item.key &&
-										typeof item.key === 'object' &&
-										'key' in item.key &&
-										typeof item.key.key === 'string'
-									) {
-										const mappedKey = UnderscoreToDotMap[item.key.key] ?? item.key.key;
-										acc.push({ ...item, key: { ...item.key, key: mappedKey } });
-									} else {
-										acc.push(item);
-									}
-									return acc;
-								},
-								[] as typeof props.filters.items,
-							),
-						},
-				  }
-				: props;
-
-		const response = await axios.post('/statefulsets/list', requestProps, {
+		const response = await axios.post('/statefulsets/list', props, {
 			signal,
 			headers,
 		});
-		const payload: K8sStatefulSetsListResponse = response.data;
-
-		// apply our helper
-		payload.data.records = payload.data.records.map((record) => ({
-			...record,
-			meta: mapStatefulSetsMeta(record.meta as Record<string, unknown>),
-		}));

 		return {
 			statusCode: 200,
 			error: null,
 			message: 'Success',
-			payload,
-			params: requestProps,
+			payload: response.data,
+			params: props,
 		};
 	} catch (error) {
 		return ErrorResponseHandler(error as AxiosError);
--- a/frontend/src/api/licenses/apply.ts
+++ b/frontend/src/api/licenses/apply.ts
@@ -0,0 +1,26 @@
+import { ApiV3Instance as axios } from 'api';
+import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
+import { AxiosError } from 'axios';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { PayloadProps, Props } from 'types/api/licenses/apply';
+
+const apply = async (
+	props: Props,
+): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
+	try {
+		const response = await axios.post('/licenses', {
+			key: props.key,
+		});
+
+		return {
+			statusCode: 200,
+			error: null,
+			message: response.data.status,
+			payload: response.data.data,
+		};
+	} catch (error) {
+		return ErrorResponseHandler(error as AxiosError);
+	}
+};
+
+export default apply;
--- a/frontend/src/api/licenses/getAll.ts
+++ b/frontend/src/api/licenses/getAll.ts
@@ -0,0 +1,18 @@
+import { ApiV3Instance as axios } from 'api';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { PayloadProps } from 'types/api/licenses/getAll';
+
+const getAll = async (): Promise<
+	SuccessResponse<PayloadProps> | ErrorResponse
+> => {
+	const response = await axios.get('/licenses');
+
+	return {
+		statusCode: 200,
+		error: null,
+		message: response.data.status,
+		payload: response.data.data,
+	};
+};
+
+export default getAll;
--- a/frontend/src/api/licensesV3/getActive.ts
+++ b/frontend/src/api/licensesV3/getActive.ts
@@ -0,0 +1,18 @@
+import { ApiV3Instance as axios } from 'api';
+import { ErrorResponse, SuccessResponse } from 'types/api';
+import { LicenseV3EventQueueResModel } from 'types/api/licensesV3/getActive';
+
+const getActive = async (): Promise<
+	SuccessResponse<LicenseV3EventQueueResModel> | ErrorResponse
+> => {
+	const response = await axios.get('/licenses/active');
+
+	return {
+		statusCode: 200,
+		error: null,
+		message: response.data.status,
+		payload: response.data.data,
+	};
+};
+
+export default getActive;
--- a/frontend/src/api/metrics/ApDex/getApDexSettings.ts
+++ b/frontend/src/api/metrics/ApDex/getApDexSettings.ts
@@ -0,0 +1,8 @@
+import axios from 'api';
+import { AxiosResponse } from 'axios';
+import { ApDexPayloadAndSettingsProps } from 'types/api/metrics/getApDex';
+
+export const getApDexSettings = (
+	servicename: string,
+): Promise<AxiosResponse<ApDexPayloadAndSettingsProps[]>> =>
+	axios.get(`/settings/apdex?services=${servicename}`);
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
SagarRajput-7	8b448e9df8	feat: added user-friendly format to dashboard variable url "	2025-05-20 10:52:30 +05:30
SagarRajput-7	02ee073a97	feat: added variable in url and made dashboard sync around that and sharable (#7944 ) * feat: added dynamic variable to the dashboard details * feat: added new component to existing variables * feat: added enhancement to multiselect and select for dyn-variables * feat: added refetch method between all dynamic-variables * feat: correct error handling * feat: correct error handling * feat: enforced non-empty selectedvalues and default value * feat: added client and server side searches * feat: retry on error * feat: correct error handling * feat: handle defautl value in existing variables * feat: lowercase the source for payload * feat: fixed the incorrect assignment of active indices * feat: improved handling of all option * feat: improved the ALL option visuals * feat: handled default value enforcement in existing variables * feat: added unix time to values call * feat: added incomplete data message and info to search * feat: changed dashboard panel call handling with existing variables * feat: adjusted the response type and data with the new API schema for values * feat: code refactor * feat: made dyn-variable option as the default * feat: added test cases for dyn variable creation and completion * feat: updated test cases * feat: added variable in url and made dashboard sync around that and sharable * feat: added test cases * feat: added safety check * feat: enabled url setting on first load itself * feat: code refactor * feat: cleared options query param when on dashboard list page	2025-05-17 04:05:07 +05:30
SagarRajput-7	1e2694ae03	feat: added dynamic variable to the dashboard details (#7755 ) * feat: added dynamic variable to the dashboard details * feat: added new component to existing variables * feat: added enhancement to multiselect and select for dyn-variables * feat: added refetch method between all dynamic-variables * feat: correct error handling * feat: correct error handling * feat: enforced non-empty selectedvalues and default value * feat: added client and server side searches * feat: retry on error * feat: correct error handling * feat: handle defautl value in existing variables * feat: lowercase the source for payload * feat: fixed the incorrect assignment of active indices * feat: improved handling of all option * feat: improved the ALL option visuals * feat: handled default value enforcement in existing variables * feat: added unix time to values call * feat: added incomplete data message and info to search * feat: changed dashboard panel call handling with existing variables * feat: adjusted the response type and data with the new API schema for values * feat: code refactor * feat: made dyn-variable option as the default * feat: added test cases for dyn variable creation and completion * feat: updated test cases	2025-05-17 04:05:07 +05:30
SagarRajput-7	cef1d56ee8	feat: added dynamic variables creation flow (#7541 ) * feat: added dynamic variables creation flow * feat: added keys and value apis and hooks * feat: added api and select component changes * feat: added keys fetching and preview values * feat: added dynamic variable to variable items * feat: handled value persistence and tab switches * feat: added default value and formed a schema for dyn-variables * feat: added client and server side searches * feat: corrected the initial load getfieldKey api * feat: removed fetch on mount restriction	2025-05-17 04:05:07 +05:30