push tags to docker hub (#1766 )

MDNS registry fix for users on VPNs (#1759 )
* filter out unsolicited responses * send to local ip in case * allow ip func to be passed in. add option for sending to 0.0.0.0
2020-07-03 11:30:59 +01:00 · 2020-07-03 11:30:59 +01:00 · 2020-07-03 11:30:59 +01:00 · 2020-07-03 11:30:59 +01:00 · 2020-07-03 11:30:59 +01:00 · 2020-07-03 11:30:59 +01:00
365 changed files with 28052 additions and 10373 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,3 +1,3 @@
 # These are supported funding model platforms

-issuehunt: micro/development
+github: micro
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,10 @@
+## Pull Request template
+Please, go through these steps before clicking submit on this PR.
+
+1. Make sure this PR targets the `develop` branch. We follow the git-flow branching model.
+2. Give a descriptive title to your PR.
+3. Provide a description of your changes. 
+4. Make sure you have some relevant tests.
+5. Put `closes #XXXX` in your comment to auto-close the issue that your PR fixes (if applicable).
+
+**PLEASE REMOVE THIS TEMPLATE BEFORE SUBMITTING**
--- a/.github/generate.sh
+++ b/.github/generate.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+find . -type f -name '*.pb.*.go' -o -name '*.pb.go' -a ! -name 'message.pb.go' -delete
+PROTOS=$(find . -type f -name '*.proto' | grep -v proto/google/api)
+
+mkdir -p proto/google/api
+curl -s -o proto/google/api/annotations.proto -L https://raw.githubusercontent.com/googleapis/googleapis/master/google/api/annotations.proto
+curl -s -o proto/google/api/http.proto -L https://raw.githubusercontent.com/googleapis/googleapis/master/google/api/http.proto
+
+for PROTO in $PROTOS; do
+  echo $PROTO
+  protoc -I./proto -I. -I$(dirname $PROTO) --go_out=plugins=grpc,paths=source_relative:. --micro_out=paths=source_relative:. $PROTO
+done
+
+rm -r proto
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -4,7 +4,9 @@ on:
  push:
    branches:
    - master
-
+    tags:
+    - v2.*
+    - v3.*
 jobs:
  build:
     runs-on: ubuntu-latest
@@ -17,3 +19,4 @@ jobs:
           name: micro/go-micro
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
+           tag_names: true
--- a/.github/workflows/micro-examples.yml
+++ b/.github/workflows/micro-examples.yml
@@ -0,0 +1,34 @@
+name: Build all github.com/micro/examples
+on:
+  push: 
+    branches:
+      - 'release-**'
+
+jobs:
+
+  build:
+    name: Build repos
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go 1.13
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.13
+      id: go
+
+    - name: Check out this code
+      uses: actions/checkout@v2
+      with:
+        path: 'go-micro'
+
+    - name: Check out code examples
+      uses: actions/checkout@v2
+      with:
+        repository: 'micro/examples'
+        path: 'examples'
+
+    - name: Build all
+      run: $GITHUB_WORKSPACE/go-micro/.github/workflows/scripts/build-all-examples.sh $GITHUB_SHA
+      working-directory: examples
+    
--- a/.github/workflows/micro-main.yml
+++ b/.github/workflows/micro-main.yml
@@ -0,0 +1,34 @@
+name: Build and test micro
+on:
+  push: 
+    branches:
+      - 'release-**'
+
+jobs:
+
+  build:
+    name: Build and test micro
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go 1.13
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.13
+      id: go
+
+    - name: Check out this code
+      uses: actions/checkout@v2
+      with:
+        path: 'go-micro'
+
+    - name: Check out micro
+      uses: actions/checkout@v2
+      with:
+        repository: 'micro/micro'
+        path: 'micro'
+
+    - name: Build all
+      run: $GITHUB_WORKSPACE/go-micro/.github/workflows/scripts/build-micro.sh $GITHUB_SHA
+      working-directory: micro
+    
--- a/.github/workflows/scripts/build-all-examples.sh
+++ b/.github/workflows/scripts/build-all-examples.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# set -x
+
+function build_binary {
+    echo building $1
+    pushd $1
+    go build -o _main
+    local ret=$?
+    if [ $ret -gt 0 ]; then 
+        failed=1
+        failed_arr+=($1)
+    fi
+    popd
+}
+
+function is_main {
+    grep "package main" -l -dskip $1/*.go > /dev/null 2>&1
+}
+
+
+function check_dir {
+    is_main $1
+    local ret=$?
+    if [ $ret == 0 ]; then
+        build_binary $1 $2
+    fi
+    for filename in $1/*; do
+        if [ -d $filename ]; then
+            check_dir $filename $2
+        fi
+    done
+}
+failed_arr=()
+failed=0
+go mod edit -replace github.com/micro/go-micro/v2=github.com/micro/go-micro/v2@$1 
+check_dir . $1
+if [ $failed -gt 0 ]; then
+    echo Some builds failed
+    printf '%s\n' "${failed_arr[@]}"
+fi
+exit $failed
--- a/.github/workflows/scripts/build-micro.sh
+++ b/.github/workflows/scripts/build-micro.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+# set -x
+
+failed=0
+go mod edit -replace github.com/micro/go-micro/v2=github.com/micro/go-micro/v2@$1 
+# basic test, build the binary
+go build
+failed=$?
+if [ $failed -gt 0 ]; then
+    exit $failed
+fi
+# unit tests
+IN_TRAVIS_CI=yes go test -v ./...
+# TODO integration tests
--- a/2
+++ b/2
@@ -5,7 +5,7 @@ RUN mkdir /user && \
    echo 'nobody:x:65534:' > /user/group

 ENV GO111MODULE=on
-RUN apk --no-cache add make git gcc libtool musl-dev ca-certificates && \
+RUN apk --no-cache add make git gcc libtool musl-dev ca-certificates dumb-init && \
    rm -rf /var/cache/apk/* /tmp/*

 WORKDIR /
--- a/README.md
+++ b/README.md
@@ -1,23 +1,27 @@
-# Go Micro [![License](https://img.shields.io/:license-apache-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Go.Dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/micro/go-micro?tab=doc) [![Travis CI](https://api.travis-ci.org/micro/go-micro.svg?branch=master)](https://travis-ci.org/micro/go-micro) [![Go Report Card](https://goreportcard.com/badge/micro/go-micro)](https://goreportcard.com/report/github.com/micro/go-micro)
+# Go Micro [![License](https://img.shields.io/:license-apache-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Go.Dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/micro/go-micro?tab=doc) [![Travis CI](https://api.travis-ci.org/micro/go-micro.svg?branch=master)](https://travis-ci.org/micro/go-micro) [![Go Report Card](https://goreportcard.com/badge/micro/go-micro)](https://goreportcard.com/report/github.com/micro/go-micro) 

-Go Micro is a framework for microservice development.
+Go Micro is a framework for distributed systems development.

 ## Overview

 Go Micro provides the core requirements for distributed systems development including RPC and Event driven communication. 
-The **micro** philosophy is sane defaults with a pluggable architecture. We provide defaults to get you started quickly 
+The **Micro** philosophy is sane defaults with a pluggable architecture. We provide defaults to get you started quickly 
 but everything can be easily swapped out. 

-<img src="https://micro.mu/docs/images/go-micro.svg" />
-
-Plugins are available at [github.com/micro/go-plugins](https://github.com/micro/go-plugins).
-
-Follow us on [Twitter](https://twitter.com/microhq) or join the [Community](https://micro.mu/slack).
-
 ## Features

 Go Micro abstracts away the details of distributed systems. Here are the main features.

+- **Authentication** - Auth is built in as a first class citizen. Authentication and authorization enable secure 
+zero trust networking by providing every service an identity and certificates. This additionally includes rule 
+based access control.
+
+- **Dynamic Config** - Load and hot reload dynamic config from anywhere. The config interface provides a way to load application 
+level config from any source such as env vars, file, etcd. You can merge the sources and even define fallbacks.
+
+- **Data Storage** - A simple data store interface to read, write and delete records. It includes support for memory, file and 
+CockroachDB by default. State and persistence becomes a core requirement beyond prototyping and Micro looks to build that into the framework.
+
 - **Service Discovery** - Automatic service registration and name resolution. Service discovery is at the core of micro service 
 development. When service A needs to speak to service B it needs the location of that service. The default discovery mechanism is 
 multicast DNS (mdns), a zeroconf system.
@@ -30,13 +34,13 @@ across the services and retry a different node if there's a problem.
 to seamlessly encode and decode Go types for you. Any variety of messages could be encoded and sent from different clients. The client 
 and server handle this by default. This includes protobuf and json by default.

- **Request/Response** - RPC based request/response with support for bidirectional streaming. We provide an abstraction for synchronous 
-communication. A request made to a service will be automatically resolved, load balanced, dialled and streamed. The default 
-transport is [gRPC](https://grpc.io/).
+- **gRPC Transport** - gRPC based request/response with support for bidirectional streaming. We provide an abstraction for synchronous communication. A request made to a service will be automatically resolved, load balanced, dialled and streamed.

 - **Async Messaging** - PubSub is built in as a first class citizen for asynchronous communication and event driven architectures. 
-Event notifications are a core pattern in micro service development. The default messaging system is an embedded [NATS](https://nats.io/) 
-server.
+Event notifications are a core pattern in micro service development. The default messaging system is a HTTP event message broker.
+
+- **Synchronization** - Distributed systems are often built in an eventually consistent manner. Support for distributed locking and 
+leadership are built in as a Sync interface. When using an eventually consistent database or scheduling use the Sync interface.

 - **Pluggable Interfaces** - Go Micro makes use of Go interfaces for each distributed system abstraction. Because of this these interfaces 
 are pluggable and allows Go Micro to be runtime agnostic. You can plugin any underlying technology. Find plugins in 
@@ -44,5 +48,26 @@ are pluggable and allows Go Micro to be runtime agnostic. You can plugin any und

 ## Getting Started

-See the [docs](https://micro.mu/docs/framework.html) for detailed information on the architecture, installation and use of go-micro.
+To make use of Go Micro
+
+```golang
+import "github.com/micro/go-micro/v2"
+
+// create a new service
+service := micro.NewService(
+    micro.Name("helloworld"),
+)
+
+// initialise flags
+service.Init()
+
+// start the service
+service.Run()
+```
+
+See the [docs](https://dev.m3o.com) for detailed information on the architecture, installation and use of go-micro.
+
+## License
+
+Go Micro is Apache 2.0 licensed.

--- a/README.zh-cn.md
+++ b/README.zh-cn.md
@@ -1,36 +0,0 @@
-# Go Micro [![License](https://img.shields.io/:license-apache-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Go.Dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/micro/go-micro?tab=doc) [![Travis CI](https://api.travis-ci.org/micro/go-micro.svg?branch=master)](https://travis-ci.org/micro/go-micro) [![Go Report Card](https://goreportcard.com/badge/micro/go-micro)](https://goreportcard.com/report/github.com/micro/go-micro)
-
-Go Micro是基于Golang的微服务开发框架。
-
-## 概览
-
-Go Micro提供分布式系统开发的核心库，包含RPC与事件驱动的通信机制。
-
-**micro**的设计哲学是可插拔的架构理念，她提供可快速构建系统的组件，并且可以根据自身的需求剥离默认实现并自行定制。
-
-<img src="https://micro.mu/docs/images/go-micro.svg" />
-
-所有插件可在仓库[github.com/micro/go-plugins](https://github.com/micro/go-plugins)中找到。
-
-可以订阅我们的[Twitter](https://twitter.com/microhq)或者加入[Slack](http://slack.micro.mu/)论坛。
-
-## 特性
-
-Go Micro把分布式系统的各种细节抽象出来。下面是它的主要特性。
-
- **服务发现（Service Discovery）** - 自动服务注册与名称解析。服务发现是微服务开发中的核心。当服务A要与服务B协作时，它得知道B在哪里。默认的服务发现系统是Consul，而multicast DNS (mdns，组播)机制作为本地解决方案，或者零依赖的P2P网络中的SWIM协议（gossip）。 
-
- **负载均衡（Load Balancing）** - 在服务发现之上构建了负载均衡机制。当我们得到一个服务的任意多个的实例节点时，我们要一个机制去决定要路由到哪一个节点。我们使用随机处理过的哈希负载均衡机制来保证对服务请求颁发的均匀分布，并且在发生问题时进行重试。
-
- **消息编码（Message Encoding）** - 支持基于内容类型（content-type）动态编码消息。客户端和服务端会一起使用content-type的格式来对Go进行无缝编/解码。各种各样的消息被编码会发送到不同的客户端，客户端服服务端默认会处理这些消息。content-type默认包含proto-rpc和json-rpc。
-
- **Request/Response** - RPC通信基于支持双向流的请求/响应方式，我们提供有抽象的同步通信机制。请求发送到服务时，会自动解析、负载均衡、拨号、转成字节流。默认的传输协议是http/1.1，而tls下使用http2协议。
-
- **异步消息（Async Messaging）** - 发布订阅（PubSub）头等功能内置在异步通信与事件驱动架构中。事件通知在微服务开发中处于核心位置。默认的消息传送使用点到点http/1.1，激活tls时则使用http2。
-
- **可插拔接口（Pluggable Interfaces）** - Go Micro为每个分布式系统抽象出接口。因此，Go Micro的接口都是可插拔的，允许其在运行时不可知的情况下仍可支持。所以只要实现接口，可以在内部使用任何的技术。更多插件请参考：[github.com/micro/go-plugins](https://github.com/micro/go-plugins)。
-
-## 快速上手
-
-更多关于架构、安装的资料可以查看[文档](https://micro.mu/docs/cn/)。
-
--- a/agent/input/discord/conn.go
+++ b/agent/input/discord/conn.go
@@ -7,7 +7,7 @@ import (

 	"github.com/bwmarrin/discordgo"
 	"github.com/micro/go-micro/v2/agent/input"
-	log "github.com/micro/go-micro/v2/logger"
+	"github.com/micro/go-micro/v2/logger"
 )

 type discordConn struct {
@@ -70,11 +70,33 @@ func (dc *discordConn) Recv(event *input.Event) error {
 	}
 }

+func ChunkString(s string, chunkSize int) []string {
+	var chunks []string
+	runes := []rune(s)
+
+	if len(runes) == 0 {
+		return []string{s}
+	}
+
+	for i := 0; i < len(runes); i += chunkSize {
+		nn := i + chunkSize
+		if nn > len(runes) {
+			nn = len(runes)
+		}
+		chunks = append(chunks, string(runes[i:nn]))
+	}
+	return chunks
+}
+
 func (dc *discordConn) Send(e *input.Event) error {
 	fields := strings.Split(e.To, ":")
-	_, err := dc.master.session.ChannelMessageSend(fields[0], string(e.Data))
-	if err != nil {
-		log.Error("[bot][loop][send]", err)
+	for _, chunk := range ChunkString(string(e.Data), 2000) {
+		_, err := dc.master.session.ChannelMessageSend(fields[0], chunk)
+		if err != nil {
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Error("[bot][loop][send]", err)
+			}
+		}
 	}
 	return nil
 }
--- a/agent/input/discord/discord.go
+++ b/agent/input/discord/discord.go
@@ -87,7 +87,7 @@ func (d *discordInput) Start() error {
 	}

 	var err error
-	d.session, err = discordgo.New(d.token)
+	d.session, err = discordgo.New("Bot " + d.token)
 	if err != nil {
 		return err
 	}
--- a/agent/input/telegram/conn.go
+++ b/agent/input/telegram/conn.go
@@ -7,7 +7,7 @@ import (

 	"github.com/forestgiant/sliceutil"
 	"github.com/micro/go-micro/v2/agent/input"
-	log "github.com/micro/go-micro/v2/logger"
+	"github.com/micro/go-micro/v2/logger"
 	tgbotapi "gopkg.in/telegram-bot-api.v4"
 )

@@ -104,7 +104,9 @@ func (tc *telegramConn) Send(event *input.Event) error {

 	if err != nil {
 		// probably it could be because of nested HTML tags -- telegram doesn't allow nested tags
-		log.Error("[telegram][Send] error:", err)
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Error("[telegram][Send] error:", err)
+		}
 		msgConfig.Text = "This bot couldn't send the response (Internal error)"
 		tc.input.api.Send(msgConfig)
 	}
--- a/agent/proto/bot.pb.go
+++ b/agent/proto/bot.pb.go
@@ -1,11 +1,15 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
-// source: github.com/micro/go-micro/v2/agent/proto/bot.proto
+// source: agent/proto/bot.proto

 package go_micro_bot

 import (
+	context "context"
 	fmt "fmt"
 	proto "github.com/golang/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
 	math "math"
 )

@@ -30,7 +34,7 @@ func (m *HelpRequest) Reset()         { *m = HelpRequest{} }
 func (m *HelpRequest) String() string { return proto.CompactTextString(m) }
 func (*HelpRequest) ProtoMessage()    {}
 func (*HelpRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_018e8d5b14a89d12, []int{0}
+	return fileDescriptor_79b974b8c77805fa, []int{0}
 }

 func (m *HelpRequest) XXX_Unmarshal(b []byte) error {
@@ -63,7 +67,7 @@ func (m *HelpResponse) Reset()         { *m = HelpResponse{} }
 func (m *HelpResponse) String() string { return proto.CompactTextString(m) }
 func (*HelpResponse) ProtoMessage()    {}
 func (*HelpResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_018e8d5b14a89d12, []int{1}
+	return fileDescriptor_79b974b8c77805fa, []int{1}
 }

 func (m *HelpResponse) XXX_Unmarshal(b []byte) error {
@@ -109,7 +113,7 @@ func (m *ExecRequest) Reset()         { *m = ExecRequest{} }
 func (m *ExecRequest) String() string { return proto.CompactTextString(m) }
 func (*ExecRequest) ProtoMessage()    {}
 func (*ExecRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_018e8d5b14a89d12, []int{2}
+	return fileDescriptor_79b974b8c77805fa, []int{2}
 }

 func (m *ExecRequest) XXX_Unmarshal(b []byte) error {
@@ -149,7 +153,7 @@ func (m *ExecResponse) Reset()         { *m = ExecResponse{} }
 func (m *ExecResponse) String() string { return proto.CompactTextString(m) }
 func (*ExecResponse) ProtoMessage()    {}
 func (*ExecResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_018e8d5b14a89d12, []int{3}
+	return fileDescriptor_79b974b8c77805fa, []int{3}
 }

 func (m *ExecResponse) XXX_Unmarshal(b []byte) error {
@@ -191,26 +195,139 @@ func init() {
 	proto.RegisterType((*ExecResponse)(nil), "go.micro.bot.ExecResponse")
 }

-func init() {
-	proto.RegisterFile("github.com/micro/go-micro/v2/agent/proto/bot.proto", fileDescriptor_018e8d5b14a89d12)
+func init() { proto.RegisterFile("agent/proto/bot.proto", fileDescriptor_79b974b8c77805fa) }
+
+var fileDescriptor_79b974b8c77805fa = []byte{
+	// 234 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x90, 0x3f, 0x4f, 0xc3, 0x30,
+	0x10, 0xc5, 0x1b, 0x28, 0x45, 0xbd, 0x84, 0xc5, 0x02, 0x14, 0x3a, 0x05, 0x4f, 0x9d, 0x5c, 0x09,
+	0x56, 0x24, 0x06, 0x04, 0x62, 0xce, 0x37, 0x48, 0xd2, 0x53, 0x14, 0xa9, 0xf1, 0x99, 0xb3, 0x23,
+	0xf1, 0x1d, 0xf8, 0xd2, 0xc8, 0x7f, 0x06, 0xab, 0xea, 0x76, 0xcf, 0x67, 0xbd, 0xf7, 0x7b, 0x07,
+	0x0f, 0xdd, 0x88, 0xda, 0x1d, 0x0c, 0x93, 0xa3, 0x43, 0x4f, 0x4e, 0x85, 0x49, 0x54, 0x23, 0xa9,
+	0x79, 0x1a, 0x98, 0x54, 0x4f, 0x4e, 0xde, 0x41, 0xf9, 0x8d, 0x27, 0xd3, 0xe2, 0xcf, 0x82, 0xd6,
+	0xc9, 0x2f, 0xa8, 0xa2, 0xb4, 0x86, 0xb4, 0x45, 0x71, 0x0f, 0x37, 0x8b, 0xed, 0x46, 0xac, 0x8b,
+	0xa6, 0xd8, 0x6f, 0xdb, 0x28, 0x44, 0x03, 0xe5, 0x11, 0xed, 0xc0, 0x93, 0x71, 0x13, 0xe9, 0xfa,
+	0x2a, 0xec, 0xf2, 0x27, 0xf9, 0x0c, 0xe5, 0xe7, 0x2f, 0x0e, 0xc9, 0x56, 0x08, 0x58, 0x77, 0x3c,
+	0xda, 0xba, 0x68, 0xae, 0xf7, 0xdb, 0x36, 0xcc, 0xf2, 0x0d, 0xaa, 0xf8, 0x25, 0x45, 0x3d, 0xc2,
+	0x86, 0xd1, 0x2e, 0x27, 0x17, 0xb2, 0xaa, 0x36, 0x29, 0x8f, 0x80, 0xcc, 0xc4, 0x29, 0x26, 0x8a,
+	0x97, 0xbf, 0x02, 0x6e, 0x3f, 0x68, 0x9e, 0x3b, 0x7d, 0x14, 0xef, 0xb0, 0xf6, 0xd0, 0xe2, 0x49,
+	0xe5, 0xd5, 0x54, 0xd6, 0x6b, 0xb7, 0xbb, 0xb4, 0x8a, 0xc1, 0x72, 0xe5, 0x0d, 0x3c, 0xca, 0xb9,
+	0x41, 0xd6, 0xe0, 0xdc, 0x20, 0x27, 0x97, 0xab, 0x7e, 0x13, 0x4e, 0xfb, 0xfa, 0x1f, 0x00, 0x00,
+	0xff, 0xff, 0xe8, 0x08, 0x5e, 0xad, 0x73, 0x01, 0x00, 0x00,
 }

-var fileDescriptor_018e8d5b14a89d12 = []byte{
-	// 246 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x50, 0x4d, 0x4b, 0xc4, 0x30,
-	0x10, 0xdd, 0xea, 0xba, 0xb2, 0xd3, 0x7a, 0x09, 0x22, 0x75, 0x4f, 0x35, 0xa7, 0xbd, 0x98, 0x80,
-	0x5e, 0x05, 0x0f, 0xa2, 0x78, 0xee, 0x3f, 0x68, 0xbb, 0x43, 0x2c, 0x6c, 0x3b, 0x35, 0x99, 0x82,
-	0xff, 0xc1, 0x3f, 0x2d, 0x4d, 0x72, 0x08, 0xc5, 0xdb, 0x7b, 0x79, 0xe1, 0x7d, 0x0c, 0x68, 0xd3,
-	0xf3, 0xd7, 0xdc, 0xaa, 0x8e, 0x06, 0x3d, 0xf4, 0x9d, 0x25, 0x6d, 0xe8, 0x31, 0x80, 0xc6, 0xe0,
-	0xc8, 0x7a, 0xb2, 0xc4, 0xa4, 0x5b, 0x62, 0xe5, 0x91, 0x28, 0x0c, 0x29, 0xaf, 0xab, 0x96, 0x58,
-	0xde, 0x40, 0xfe, 0x89, 0xe7, 0xa9, 0xc6, 0xef, 0x19, 0x1d, 0xcb, 0x0f, 0x28, 0x02, 0x75, 0x13,
-	0x8d, 0x0e, 0xc5, 0x2d, 0x5c, 0xcd, 0xae, 0x31, 0x58, 0x66, 0x55, 0x76, 0xdc, 0xd7, 0x81, 0x88,
-	0x0a, 0xf2, 0x13, 0xba, 0xce, 0xf6, 0x13, 0xf7, 0x34, 0x96, 0x17, 0x5e, 0x4b, 0x9f, 0xe4, 0x03,
-	0xe4, 0xef, 0x3f, 0xd8, 0x45, 0x5b, 0x21, 0x60, 0xdb, 0x58, 0xe3, 0xca, 0xac, 0xba, 0x3c, 0xee,
-	0x6b, 0x8f, 0xe5, 0x0b, 0x14, 0xe1, 0x4b, 0x8c, 0xba, 0x83, 0x9d, 0x45, 0x37, 0x9f, 0xd9, 0x67,
-	0x15, 0x75, 0x64, 0x4b, 0x05, 0xb4, 0x96, 0x6c, 0x8c, 0x09, 0xe4, 0xe9, 0x37, 0x83, 0xeb, 0x37,
-	0x1a, 0x86, 0x66, 0x3c, 0x89, 0x57, 0xd8, 0x2e, 0xa5, 0xc5, 0xbd, 0x4a, 0xa7, 0xa9, 0x64, 0xd7,
-	0xe1, 0xf0, 0x9f, 0x14, 0x82, 0xe5, 0x66, 0x31, 0x58, 0xaa, 0xac, 0x0d, 0x92, 0x05, 0x6b, 0x83,
-	0xb4, 0xb9, 0xdc, 0xb4, 0x3b, 0x7f, 0xda, 0xe7, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x18, 0xbd,
-	0x39, 0x29, 0x8d, 0x01, 0x00, 0x00,
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// CommandClient is the client API for Command service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type CommandClient interface {
+	Help(ctx context.Context, in *HelpRequest, opts ...grpc.CallOption) (*HelpResponse, error)
+	Exec(ctx context.Context, in *ExecRequest, opts ...grpc.CallOption) (*ExecResponse, error)
+}
+
+type commandClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewCommandClient(cc *grpc.ClientConn) CommandClient {
+	return &commandClient{cc}
+}
+
+func (c *commandClient) Help(ctx context.Context, in *HelpRequest, opts ...grpc.CallOption) (*HelpResponse, error) {
+	out := new(HelpResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.bot.Command/Help", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *commandClient) Exec(ctx context.Context, in *ExecRequest, opts ...grpc.CallOption) (*ExecResponse, error) {
+	out := new(ExecResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.bot.Command/Exec", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// CommandServer is the server API for Command service.
+type CommandServer interface {
+	Help(context.Context, *HelpRequest) (*HelpResponse, error)
+	Exec(context.Context, *ExecRequest) (*ExecResponse, error)
+}
+
+// UnimplementedCommandServer can be embedded to have forward compatible implementations.
+type UnimplementedCommandServer struct {
+}
+
+func (*UnimplementedCommandServer) Help(ctx context.Context, req *HelpRequest) (*HelpResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Help not implemented")
+}
+func (*UnimplementedCommandServer) Exec(ctx context.Context, req *ExecRequest) (*ExecResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Exec not implemented")
+}
+
+func RegisterCommandServer(s *grpc.Server, srv CommandServer) {
+	s.RegisterService(&_Command_serviceDesc, srv)
+}
+
+func _Command_Help_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(HelpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(CommandServer).Help(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.bot.Command/Help",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(CommandServer).Help(ctx, req.(*HelpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Command_Exec_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ExecRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(CommandServer).Exec(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.bot.Command/Exec",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(CommandServer).Exec(ctx, req.(*ExecRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Command_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "go.micro.bot.Command",
+	HandlerType: (*CommandServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Help",
+			Handler:    _Command_Help_Handler,
+		},
+		{
+			MethodName: "Exec",
+			Handler:    _Command_Exec_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "agent/proto/bot.proto",
 }
--- a/agent/proto/bot.pb.micro.go
+++ b/agent/proto/bot.pb.micro.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-micro. DO NOT EDIT.
-// source: github.com/micro/go-micro/v2/agent/proto/bot.proto
+// source: agent/proto/bot.proto

 package go_micro_bot

@@ -11,6 +11,7 @@ import (

 import (
 	context "context"
+	api "github.com/micro/go-micro/v2/api"
 	client "github.com/micro/go-micro/v2/client"
 	server "github.com/micro/go-micro/v2/server"
 )
@@ -27,10 +28,17 @@ var _ = math.Inf
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package

 // Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
 var _ context.Context
 var _ client.Option
 var _ server.Option

+// Api Endpoints for Command service
+
+func NewCommandEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
 // Client API for Command service

 type CommandService interface {
@@ -44,12 +52,6 @@ type commandService struct {
 }

 func NewCommandService(name string, c client.Client) CommandService {
-	if c == nil {
-		c = client.NewClient()
-	}
-	if len(name) == 0 {
-		name = "go.micro.bot"
-	}
 	return &commandService{
 		c:    c,
 		name: name,
--- a/api/api.go
+++ b/api/api.go
@@ -9,6 +9,23 @@ import (
 	"github.com/micro/go-micro/v2/server"
 )

+type Api interface {
+	// Initialise options
+	Init(...Option) error
+	// Get the options
+	Options() Options
+	// Register a http handler
+	Register(*Endpoint) error
+	// Register a route
+	Deregister(*Endpoint) error
+	// Implemenation of api
+	String() string
+}
+
+type Options struct{}
+
+type Option func(*Options) error
+
 // Endpoint is a mapping between an RPC method and HTTP endpoint
 type Endpoint struct {
 	// RPC Method e.g. Greeter.Hello
@@ -23,6 +40,12 @@ type Endpoint struct {
 	Method []string
 	// HTTP Path e.g /greeter. Expect POSIX regex
 	Path []string
+	// Body destination
+	// "*" or "" - top level message value
+	// "string" - inner message value
+	Body string
+	// Stream flag
+	Stream bool
 }

 // Service represents an API service
@@ -105,9 +128,18 @@ func Validate(e *Endpoint) error {
 	}

 	for _, p := range e.Path {
-		_, err := regexp.CompilePOSIX(p)
-		if err != nil {
-			return err
+		ps := p[0]
+		pe := p[len(p)-1]
+
+		if ps == '^' && pe == '$' {
+			_, err := regexp.CompilePOSIX(p)
+			if err != nil {
+				return err
+			}
+		} else if ps == '^' && pe != '$' {
+			return errors.New("invalid path")
+		} else if ps != '^' && pe == '$' {
+			return errors.New("invalid path")
 		}
 	}

--- a/api/api_test.go
+++ b/api/api_test.go
@@ -111,3 +111,42 @@ func TestEncoding(t *testing.T) {
 		}
 	}
 }
+
+func TestValidate(t *testing.T) {
+	epPcre := &Endpoint{
+		Name:        "Foo.Bar",
+		Description: "A test endpoint",
+		Handler:     "meta",
+		Host:        []string{"foo.com"},
+		Method:      []string{"GET"},
+		Path:        []string{"^/test/?$"},
+	}
+	if err := Validate(epPcre); err != nil {
+		t.Fatal(err)
+	}
+
+	epGpath := &Endpoint{
+		Name:        "Foo.Bar",
+		Description: "A test endpoint",
+		Handler:     "meta",
+		Host:        []string{"foo.com"},
+		Method:      []string{"GET"},
+		Path:        []string{"/test/{id}"},
+	}
+	if err := Validate(epGpath); err != nil {
+		t.Fatal(err)
+	}
+
+	epPcreInvalid := &Endpoint{
+		Name:        "Foo.Bar",
+		Description: "A test endpoint",
+		Handler:     "meta",
+		Host:        []string{"foo.com"},
+		Method:      []string{"GET"},
+		Path:        []string{"/test/?$"},
+	}
+	if err := Validate(epPcreInvalid); err == nil {
+		t.Fatalf("invalid pcre %v", epPcreInvalid.Path[0])
+	}
+
+}
--- a/api/handler/api/api.go
+++ b/api/handler/api/api.go
@@ -24,6 +24,12 @@ const (

 // API handler is the default handler which takes api.Request and returns api.Response
 func (a *apiHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	bsize := handler.DefaultMaxRecvSize
+	if a.opts.MaxRecvSize > 0 {
+		bsize = a.opts.MaxRecvSize
+	}
+
+	r.Body = http.MaxBytesReader(w, r.Body, bsize)
 	request, err := requestToProto(r)
 	if err != nil {
 		er := errors.InternalServerError("go.micro.api", err.Error())
@@ -59,7 +65,7 @@ func (a *apiHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}

 	// create request and response
-	c := a.opts.Service.Client()
+	c := a.opts.Client
 	req := c.NewRequest(service.Name, service.Endpoint.Name, request)
 	rsp := &api.Response{}

--- a/api/handler/api/util.go
+++ b/api/handler/api/util.go
@@ -2,7 +2,6 @@ package api

 import (
 	"fmt"
-	"io/ioutil"
 	"mime"
 	"net"
 	"net/http"
@@ -11,6 +10,12 @@ import (
 	api "github.com/micro/go-micro/v2/api/proto"
 	"github.com/micro/go-micro/v2/client/selector"
 	"github.com/micro/go-micro/v2/registry"
+	"github.com/oxtoacart/bpool"
+)
+
+var (
+	// need to calculate later to specify useful defaults
+	bufferPool = bpool.NewSizedBufferPool(1024, 8)
 )

 func requestToProto(r *http.Request) (*api.Request, error) {
@@ -39,9 +44,12 @@ func requestToProto(r *http.Request) (*api.Request, error) {
 		case "application/x-www-form-urlencoded":
 			// expect form vals in Post data
 		default:
-
-			data, _ := ioutil.ReadAll(r.Body)
-			req.Body = string(data)
+			buf := bufferPool.Get()
+			defer bufferPool.Put(buf)
+			if _, err = buf.ReadFrom(r.Body); err != nil {
+				return nil, err
+			}
+			req.Body = buf.String()
 		}
 	}

--- a/api/handler/broker/broker.go
+++ b/api/handler/broker/broker.go
@@ -1,276 +0,0 @@
-// Package broker provides a go-micro/broker handler
-package broker
-
-import (
-	"encoding/json"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	"github.com/gorilla/websocket"
-	"github.com/micro/go-micro/v2/api/handler"
-	"github.com/micro/go-micro/v2/broker"
-	log "github.com/micro/go-micro/v2/logger"
-)
-
-const (
-	Handler = "broker"
-
-	pingTime      = (readDeadline * 9) / 10
-	readLimit     = 16384
-	readDeadline  = 60 * time.Second
-	writeDeadline = 10 * time.Second
-)
-
-type brokerHandler struct {
-	once atomic.Value
-	opts handler.Options
-	u    websocket.Upgrader
-}
-
-type conn struct {
-	b     broker.Broker
-	cType string
-	topic string
-	queue string
-	exit  chan bool
-
-	sync.Mutex
-	ws *websocket.Conn
-}
-
-var (
-	contentType = "text/plain"
-)
-
-func checkOrigin(r *http.Request) bool {
-	origin := r.Header["Origin"]
-	if len(origin) == 0 {
-		return true
-	}
-	u, err := url.Parse(origin[0])
-	if err != nil {
-		return false
-	}
-	return u.Host == r.Host
-}
-
-func (c *conn) close() {
-	select {
-	case <-c.exit:
-		return
-	default:
-		close(c.exit)
-	}
-}
-
-func (c *conn) readLoop() {
-	defer func() {
-		c.close()
-		c.ws.Close()
-	}()
-
-	// set read limit/deadline
-	c.ws.SetReadLimit(readLimit)
-	c.ws.SetReadDeadline(time.Now().Add(readDeadline))
-
-	// set close handler
-	ch := c.ws.CloseHandler()
-	c.ws.SetCloseHandler(func(code int, text string) error {
-		err := ch(code, text)
-		c.close()
-		return err
-	})
-
-	// set pong handler
-	c.ws.SetPongHandler(func(string) error {
-		c.ws.SetReadDeadline(time.Now().Add(readDeadline))
-		return nil
-	})
-
-	for {
-		_, message, err := c.ws.ReadMessage()
-		if err != nil {
-			return
-		}
-		c.b.Publish(c.topic, &broker.Message{
-			Header: map[string]string{"Content-Type": c.cType},
-			Body:   message,
-		})
-	}
-}
-
-func (c *conn) write(mType int, data []byte) error {
-	c.Lock()
-	c.ws.SetWriteDeadline(time.Now().Add(writeDeadline))
-	err := c.ws.WriteMessage(mType, data)
-	c.Unlock()
-	return err
-}
-
-func (c *conn) writeLoop() {
-	ticker := time.NewTicker(pingTime)
-
-	var opts []broker.SubscribeOption
-
-	if len(c.queue) > 0 {
-		opts = append(opts, broker.Queue(c.queue))
-	}
-
-	subscriber, err := c.b.Subscribe(c.topic, func(p broker.Event) error {
-		b, err := json.Marshal(p.Message())
-		if err != nil {
-			return nil
-		}
-		return c.write(websocket.TextMessage, b)
-	}, opts...)
-
-	defer func() {
-		subscriber.Unsubscribe()
-		ticker.Stop()
-		c.ws.Close()
-	}()
-
-	if err != nil {
-		log.Error(err.Error())
-		return
-	}
-
-	for {
-		select {
-		case <-ticker.C:
-			if err := c.write(websocket.PingMessage, []byte{}); err != nil {
-				return
-			}
-		case <-c.exit:
-			return
-		}
-	}
-}
-
-func (b *brokerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	br := b.opts.Service.Client().Options().Broker
-
-	// Setup the broker
-	if !b.once.Load().(bool) {
-		if err := br.Init(); err != nil {
-			http.Error(w, err.Error(), 500)
-		}
-		if err := br.Connect(); err != nil {
-			http.Error(w, err.Error(), 500)
-		}
-		b.once.Store(true)
-	}
-
-	// Parse
-	r.ParseForm()
-	topic := r.Form.Get("topic")
-
-	// Can't do anything without a topic
-	if len(topic) == 0 {
-		http.Error(w, "Topic not specified", 400)
-		return
-	}
-
-	// Post assumed to be Publish
-	if r.Method == "POST" {
-		// Create a broker message
-		msg := &broker.Message{
-			Header: make(map[string]string),
-		}
-
-		// Set header
-		for k, v := range r.Header {
-			msg.Header[k] = strings.Join(v, ", ")
-		}
-
-		// Read body
-		b, err := ioutil.ReadAll(r.Body)
-		if err != nil {
-			http.Error(w, err.Error(), 500)
-			return
-		}
-
-		// Set body
-		msg.Body = b
-
-		// Publish
-		br.Publish(topic, msg)
-		return
-	}
-
-	// now back to our regularly scheduled programming
-
-	if r.Method != "GET" {
-		http.Error(w, "Method not allowed", 405)
-		return
-	}
-
-	queue := r.Form.Get("queue")
-
-	ws, err := b.u.Upgrade(w, r, nil)
-	if err != nil {
-		log.Error(err.Error())
-		return
-	}
-
-	cType := r.Header.Get("Content-Type")
-	if len(cType) == 0 {
-		cType = contentType
-	}
-
-	c := &conn{
-		b:     br,
-		cType: cType,
-		topic: topic,
-		queue: queue,
-		exit:  make(chan bool),
-		ws:    ws,
-	}
-
-	go c.writeLoop()
-	c.readLoop()
-}
-
-func (b *brokerHandler) String() string {
-	return "broker"
-}
-
-func NewHandler(opts ...handler.Option) handler.Handler {
-	h := &brokerHandler{
-		u: websocket.Upgrader{
-			CheckOrigin: func(r *http.Request) bool {
-				return true
-			},
-			ReadBufferSize:  1024,
-			WriteBufferSize: 1024,
-		},
-		opts: handler.NewOptions(opts...),
-	}
-	h.once.Store(true)
-	return h
-}
-
-func WithCors(cors map[string]bool, opts ...handler.Option) handler.Handler {
-	return &brokerHandler{
-		u: websocket.Upgrader{
-			CheckOrigin: func(r *http.Request) bool {
-				if origin := r.Header.Get("Origin"); cors[origin] {
-					return true
-				} else if len(origin) > 0 && cors["*"] {
-					return true
-				} else if checkOrigin(r) {
-					return true
-				}
-				return false
-			},
-			ReadBufferSize:  1024,
-			WriteBufferSize: 1024,
-		},
-		opts: handler.NewOptions(opts...),
-	}
-}
--- a/api/handler/cloudevents/cloudevents.go
+++ b/api/handler/cloudevents/cloudevents.go
@@ -1,94 +0,0 @@
-// Package cloudevents provides a cloudevents handler publishing the event using the go-micro/client
-package cloudevents
-
-import (
-	"net/http"
-	"path"
-	"regexp"
-	"strings"
-
-	"github.com/micro/go-micro/v2/api/handler"
-	"github.com/micro/go-micro/v2/util/ctx"
-)
-
-type event struct {
-	options handler.Options
-}
-
-var (
-	Handler   = "cloudevents"
-	versionRe = regexp.MustCompilePOSIX("^v[0-9]+$")
-)
-
-func eventName(parts []string) string {
-	return strings.Join(parts, ".")
-}
-
-func evRoute(ns, p string) (string, string) {
-	p = path.Clean(p)
-	p = strings.TrimPrefix(p, "/")
-
-	if len(p) == 0 {
-		return ns, "event"
-	}
-
-	parts := strings.Split(p, "/")
-
-	// no path
-	if len(parts) == 0 {
-		// topic: namespace
-		// action: event
-		return strings.Trim(ns, "."), "event"
-	}
-
-	// Treat /v[0-9]+ as versioning
-	// /v1/foo/bar => topic: v1.foo action: bar
-	if len(parts) >= 2 && versionRe.Match([]byte(parts[0])) {
-		topic := ns + "." + strings.Join(parts[:2], ".")
-		action := eventName(parts[1:])
-		return topic, action
-	}
-
-	// /foo => topic: ns.foo action: foo
-	// /foo/bar => topic: ns.foo action: bar
-	topic := ns + "." + strings.Join(parts[:1], ".")
-	action := eventName(parts[1:])
-
-	return topic, action
-}
-
-func (e *event) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	// request to topic:event
-	// create event
-	// publish to topic
-	topic, _ := evRoute(e.options.Namespace, r.URL.Path)
-
-	// create event
-	ev, err := FromRequest(r)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	// get client
-	c := e.options.Service.Client()
-
-	// create publication
-	p := c.NewMessage(topic, ev)
-
-	// publish event
-	if err := c.Publish(ctx.FromRequest(r), p); err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-}
-
-func (e *event) String() string {
-	return "cloudevents"
-}
-
-func NewHandler(opts ...handler.Option) handler.Handler {
-	return &event{
-		options: handler.NewOptions(opts...),
-	}
-}
--- a/api/handler/cloudevents/event.go
+++ b/api/handler/cloudevents/event.go
@@ -1,282 +0,0 @@
-/*
- * From: https://github.com/serverless/event-gateway/blob/master/event/event.go
- * Modified: Strip to handler requirements
- *
- * Copyright 2017 Serverless, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package cloudevents
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"mime"
-	"net/http"
-	"strings"
-	"time"
-	"unicode"
-
-	"github.com/google/uuid"
-	validator "gopkg.in/go-playground/validator.v9"
-)
-
-const (
-	// TransformationVersion is indicative of the revision of how Event Gateway transforms a request into CloudEvents format.
-	TransformationVersion = "0.1"
-
-	// CloudEventsVersion currently supported by Event Gateway
-	CloudEventsVersion = "0.1"
-)
-
-// Event is a default event structure. All data that passes through the Event Gateway
-// is formatted to a format defined CloudEvents v0.1 spec.
-type Event struct {
-	EventType          string                 `json:"eventType" validate:"required"`
-	EventTypeVersion   string                 `json:"eventTypeVersion,omitempty"`
-	CloudEventsVersion string                 `json:"cloudEventsVersion" validate:"required"`
-	Source             string                 `json:"source" validate:"uri,required"`
-	EventID            string                 `json:"eventID" validate:"required"`
-	EventTime          *time.Time             `json:"eventTime,omitempty"`
-	SchemaURL          string                 `json:"schemaURL,omitempty"`
-	Extensions         map[string]interface{} `json:"extensions,omitempty"`
-	ContentType        string                 `json:"contentType,omitempty"`
-	Data               interface{}            `json:"data"`
-}
-
-// New return new instance of Event.
-func New(eventType string, mimeType string, payload interface{}) *Event {
-	now := time.Now()
-
-	event := &Event{
-		EventType:          eventType,
-		CloudEventsVersion: CloudEventsVersion,
-		Source:             "https://micro.mu",
-		EventID:            uuid.New().String(),
-		EventTime:          &now,
-		ContentType:        mimeType,
-		Data:               payload,
-		Extensions: map[string]interface{}{
-			"eventgateway": map[string]interface{}{
-				"transformed":            "true",
-				"transformation-version": TransformationVersion,
-			},
-		},
-	}
-
-	event.Data = normalizePayload(event.Data, event.ContentType)
-	return event
-}
-
-// FromRequest takes an HTTP request and returns an Event along with path. Most of the implementation
-// is based on https://github.com/cloudevents/spec/blob/master/http-transport-binding.md.
-// This function also supports legacy mode where event type is sent in Event header.
-func FromRequest(r *http.Request) (*Event, error) {
-	contentType := r.Header.Get("Content-Type")
-	mimeType, _, err := mime.ParseMediaType(contentType)
-	if err != nil {
-		if err.Error() != "mime: no media type" {
-			return nil, err
-		}
-		mimeType = "application/octet-stream"
-	}
-	// Read request body
-	body := []byte{}
-	if r.Body != nil {
-		body, err = ioutil.ReadAll(r.Body)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	var event *Event
-	if mimeType == mimeCloudEventsJSON { // CloudEvents Structured Content Mode
-		return parseAsCloudEvent(mimeType, body)
-	} else if isCloudEventsBinaryContentMode(r.Header) { // CloudEvents Binary Content Mode
-		return parseAsCloudEventBinary(r.Header, body)
-	} else if isLegacyMode(r.Header) {
-		if mimeType == mimeJSON { // CloudEvent in Legacy Mode
-			event, err = parseAsCloudEvent(mimeType, body)
-			if err != nil {
-				return New(string(r.Header.Get("event")), mimeType, body), nil
-			}
-			return event, err
-		}
-
-		return New(string(r.Header.Get("event")), mimeType, body), nil
-	}
-
-	return New("http.request", mimeJSON, newHTTPRequestData(r, body)), nil
-}
-
-// Validate Event struct
-func (e *Event) Validate() error {
-	validate := validator.New()
-	err := validate.Struct(e)
-	if err != nil {
-		return fmt.Errorf("CloudEvent not valid: %v", err)
-	}
-	return nil
-}
-
-func isLegacyMode(headers http.Header) bool {
-	if headers.Get("Event") != "" {
-		return true
-	}
-
-	return false
-}
-
-func isCloudEventsBinaryContentMode(headers http.Header) bool {
-	if headers.Get("CE-EventType") != "" &&
-		headers.Get("CE-CloudEventsVersion") != "" &&
-		headers.Get("CE-Source") != "" &&
-		headers.Get("CE-EventID") != "" {
-		return true
-	}
-
-	return false
-}
-
-func parseAsCloudEventBinary(headers http.Header, payload interface{}) (*Event, error) {
-	event := &Event{
-		EventType:          headers.Get("CE-EventType"),
-		EventTypeVersion:   headers.Get("CE-EventTypeVersion"),
-		CloudEventsVersion: headers.Get("CE-CloudEventsVersion"),
-		Source:             headers.Get("CE-Source"),
-		EventID:            headers.Get("CE-EventID"),
-		ContentType:        headers.Get("Content-Type"),
-		Data:               payload,
-	}
-
-	err := event.Validate()
-	if err != nil {
-		return nil, err
-	}
-
-	if headers.Get("CE-EventTime") != "" {
-		val, err := time.Parse(time.RFC3339, headers.Get("CE-EventTime"))
-		if err != nil {
-			return nil, err
-		}
-		event.EventTime = &val
-	}
-
-	if val := headers.Get("CE-SchemaURL"); len(val) > 0 {
-		event.SchemaURL = val
-	}
-
-	event.Extensions = map[string]interface{}{}
-	for key, val := range flatten(headers) {
-		if strings.HasPrefix(key, "Ce-X-") {
-			key = strings.TrimLeft(key, "Ce-X-")
-			// Make first character lowercase
-			runes := []rune(key)
-			runes[0] = unicode.ToLower(runes[0])
-			event.Extensions[string(runes)] = val
-		}
-	}
-
-	event.Data = normalizePayload(event.Data, event.ContentType)
-	return event, nil
-}
-
-func flatten(h http.Header) map[string]string {
-	headers := map[string]string{}
-	for key, header := range h {
-		headers[key] = header[0]
-		if len(header) > 1 {
-			headers[key] = strings.Join(header, ", ")
-		}
-	}
-	return headers
-}
-
-func parseAsCloudEvent(mime string, payload interface{}) (*Event, error) {
-	body, ok := payload.([]byte)
-	if ok {
-		event := &Event{}
-		err := json.Unmarshal(body, event)
-		if err != nil {
-			return nil, err
-		}
-
-		err = event.Validate()
-		if err != nil {
-			return nil, err
-		}
-
-		event.Data = normalizePayload(event.Data, event.ContentType)
-		return event, nil
-	}
-
-	return nil, errors.New("couldn't cast to []byte")
-}
-
-const (
-	mimeJSON            = "application/json"
-	mimeFormMultipart   = "multipart/form-data"
-	mimeFormURLEncoded  = "application/x-www-form-urlencoded"
-	mimeCloudEventsJSON = "application/cloudevents+json"
-)
-
-// normalizePayload takes anything, checks if it's []byte array and depending on provided mime
-// type converts it to either string or map[string]interface to avoid having base64 string after
-// JSON marshaling.
-func normalizePayload(payload interface{}, mime string) interface{} {
-	if bytePayload, ok := payload.([]byte); ok && len(bytePayload) > 0 {
-		switch {
-		case mime == mimeJSON || strings.HasSuffix(mime, "+json"):
-			var result map[string]interface{}
-			err := json.Unmarshal(bytePayload, &result)
-			if err != nil {
-				return payload
-			}
-			return result
-		case strings.HasPrefix(mime, mimeFormMultipart), mime == mimeFormURLEncoded:
-			return string(bytePayload)
-		}
-	}
-
-	return payload
-}
-
-// HTTPRequestData is a event schema used for sending events to HTTP subscriptions.
-type HTTPRequestData struct {
-	Headers map[string]string   `json:"headers"`
-	Query   map[string][]string `json:"query"`
-	Body    interface{}         `json:"body"`
-	Host    string              `json:"host"`
-	Path    string              `json:"path"`
-	Method  string              `json:"method"`
-	Params  map[string]string   `json:"params"`
-}
-
-// NewHTTPRequestData returns a new instance of HTTPRequestData
-func newHTTPRequestData(r *http.Request, eventData interface{}) *HTTPRequestData {
-	req := &HTTPRequestData{
-		Headers: flatten(r.Header),
-		Query:   r.URL.Query(),
-		Body:    eventData,
-		Host:    r.Host,
-		Path:    r.URL.Path,
-		Method:  r.Method,
-	}
-
-	req.Body = normalizePayload(req.Body, r.Header.Get("content-type"))
-	return req
-}
--- a/api/handler/event/event.go
+++ b/api/handler/event/event.go
@@ -4,7 +4,6 @@ package event
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"path"
 	"regexp"
@@ -15,10 +14,15 @@ import (
 	"github.com/micro/go-micro/v2/api/handler"
 	proto "github.com/micro/go-micro/v2/api/proto"
 	"github.com/micro/go-micro/v2/util/ctx"
+	"github.com/oxtoacart/bpool"
+)
+
+var (
+	bufferPool = bpool.NewSizedBufferPool(1024, 8)
 )

 type event struct {
-	options handler.Options
+	opts handler.Options
 }

 var (
@@ -64,11 +68,18 @@ func evRoute(ns, p string) (string, string) {
 }

 func (e *event) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	bsize := handler.DefaultMaxRecvSize
+	if e.opts.MaxRecvSize > 0 {
+		bsize = e.opts.MaxRecvSize
+	}
+
+	r.Body = http.MaxBytesReader(w, r.Body, bsize)
+
 	// request to topic:event
 	// create event
 	// publish to topic

-	topic, action := evRoute(e.options.Namespace, r.URL.Path)
+	topic, action := evRoute(e.opts.Namespace, r.URL.Path)

 	// create event
 	ev := &proto.Event{
@@ -96,16 +107,18 @@ func (e *event) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		bytes, _ := json.Marshal(r.URL.Query())
 		ev.Data = string(bytes)
 	} else {
-		b, err := ioutil.ReadAll(r.Body)
-		if err != nil {
+		// Read body
+		buf := bufferPool.Get()
+		defer bufferPool.Put(buf)
+		if _, err := buf.ReadFrom(r.Body); err != nil {
 			http.Error(w, err.Error(), 500)
 			return
 		}
-		ev.Data = string(b)
+		ev.Data = buf.String()
 	}

 	// get client
-	c := e.options.Service.Client()
+	c := e.opts.Client

 	// create publication
 	p := c.NewMessage(topic, ev)
@@ -123,6 +136,6 @@ func (e *event) String() string {

 func NewHandler(opts ...handler.Option) handler.Handler {
 	return &event{
-		options: handler.NewOptions(opts...),
+		opts: handler.NewOptions(opts...),
 	}
 }
--- a/api/handler/file/file.go
+++ b/api/handler/file/file.go
@@ -1,16 +0,0 @@
-// Package file serves file relative to the current directory
-package file
-
-import (
-	"net/http"
-)
-
-type Handler struct{}
-
-func (h *Handler) Serve(w http.ResponseWriter, r *http.Request) {
-	http.ServeFile(w, r, "."+r.URL.Path)
-}
-
-func (h *Handler) String() string {
-	return "file"
-}
--- a/api/handler/http/http_test.go
+++ b/api/handler/http/http_test.go
@@ -7,6 +7,8 @@ import (
 	"testing"

 	"github.com/micro/go-micro/v2/api/handler"
+	"github.com/micro/go-micro/v2/api/resolver"
+	"github.com/micro/go-micro/v2/api/resolver/vpath"
 	"github.com/micro/go-micro/v2/api/router"
 	regRouter "github.com/micro/go-micro/v2/api/router/registry"
 	"github.com/micro/go-micro/v2/registry"
@@ -54,8 +56,10 @@ func testHttp(t *testing.T, path, service, ns string) {
 	// initialise the handler
 	rt := regRouter.NewRouter(
 		router.WithHandler("http"),
-		router.WithNamespace(ns),
 		router.WithRegistry(r),
+		router.WithResolver(vpath.NewResolver(
+			resolver.WithNamespace(resolver.StaticNamespace(ns)),
+		)),
 	)

 	p := NewHandler(handler.WithRouter(rt))
@@ -116,6 +120,8 @@ func TestHttpHandler(t *testing.T) {
 	}

 	for _, d := range testData {
-		testHttp(t, d.path, d.service, d.namespace)
+		t.Run(d.service, func(t *testing.T) {
+			testHttp(t, d.path, d.service, d.namespace)
+		})
 	}
 }
--- a/api/handler/options.go
+++ b/api/handler/options.go
@@ -1,14 +1,20 @@
 package handler

 import (
-	"github.com/micro/go-micro/v2"
 	"github.com/micro/go-micro/v2/api/router"
+	"github.com/micro/go-micro/v2/client"
+	"github.com/micro/go-micro/v2/client/grpc"
+)
+
+var (
+	DefaultMaxRecvSize int64 = 1024 * 1024 * 100 // 10Mb
 )

 type Options struct {
-	Namespace string
-	Router    router.Router
-	Service   micro.Service
+	MaxRecvSize int64
+	Namespace   string
+	Router      router.Router
+	Client      client.Client
 }

 type Option func(o *Options)
@@ -20,9 +26,8 @@ func NewOptions(opts ...Option) Options {
 		o(&options)
 	}

-	// create service if its blank
-	if options.Service == nil {
-		WithService(micro.NewService())(&options)
+	if options.Client == nil {
+		WithClient(grpc.NewClient())(&options)
 	}

 	// set namespace if blank
@@ -30,6 +35,10 @@ func NewOptions(opts ...Option) Options {
 		WithNamespace("go.micro.api")(&options)
 	}

+	if options.MaxRecvSize == 0 {
+		options.MaxRecvSize = DefaultMaxRecvSize
+	}
+
 	return options
 }

@@ -47,9 +56,15 @@ func WithRouter(r router.Router) Option {
 	}
 }

-// WithService specifies a micro.Service
-func WithService(s micro.Service) Option {
+func WithClient(c client.Client) Option {
 	return func(o *Options) {
-		o.Service = s
+		o.Client = c
+	}
+}
+
+// WithmaxRecvSize specifies max body size
+func WithMaxRecvSize(size int64) Option {
+	return func(o *Options) {
+		o.MaxRecvSize = size
 	}
 }
--- a/api/handler/registry/registry.go
+++ b/api/handler/registry/registry.go
@@ -1,211 +0,0 @@
-// Package registry is a go-micro/registry handler
-package registry
-
-import (
-	"encoding/json"
-	"io/ioutil"
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/gorilla/websocket"
-	"github.com/micro/go-micro/v2/api/handler"
-	"github.com/micro/go-micro/v2/registry"
-)
-
-const (
-	Handler = "registry"
-
-	pingTime      = (readDeadline * 9) / 10
-	readLimit     = 16384
-	readDeadline  = 60 * time.Second
-	writeDeadline = 10 * time.Second
-)
-
-type registryHandler struct {
-	opts handler.Options
-	reg  registry.Registry
-}
-
-func (rh *registryHandler) add(w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-	b, err := ioutil.ReadAll(r.Body)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	defer r.Body.Close()
-
-	var opts []registry.RegisterOption
-
-	// parse ttl
-	if ttl := r.Form.Get("ttl"); len(ttl) > 0 {
-		d, err := time.ParseDuration(ttl)
-		if err == nil {
-			opts = append(opts, registry.RegisterTTL(d))
-		}
-	}
-
-	var service *registry.Service
-	err = json.Unmarshal(b, &service)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	err = rh.reg.Register(service, opts...)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-}
-
-func (rh *registryHandler) del(w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-	b, err := ioutil.ReadAll(r.Body)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	defer r.Body.Close()
-
-	var service *registry.Service
-	err = json.Unmarshal(b, &service)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	err = rh.reg.Deregister(service)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-}
-
-func (rh *registryHandler) get(w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-	service := r.Form.Get("service")
-
-	var s []*registry.Service
-	var err error
-
-	if len(service) == 0 {
-		//
-		upgrade := r.Header.Get("Upgrade")
-		connect := r.Header.Get("Connection")
-
-		// watch if websockets
-		if upgrade == "websocket" && connect == "Upgrade" {
-			rw, err := rh.reg.Watch()
-			if err != nil {
-				http.Error(w, err.Error(), 500)
-				return
-			}
-			watch(rw, w, r)
-			return
-		}
-
-		// otherwise list services
-		s, err = rh.reg.ListServices()
-	} else {
-		s, err = rh.reg.GetService(service)
-	}
-
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	if s == nil || (len(service) > 0 && (len(s) == 0 || len(s[0].Name) == 0)) {
-		http.Error(w, "Service not found", 404)
-		return
-	}
-
-	b, err := json.Marshal(s)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	w.Header().Set("Content-Type", "application/json")
-	w.Header().Set("Content-Length", strconv.Itoa(len(b)))
-	w.Write(b)
-}
-
-func ping(ws *websocket.Conn, exit chan bool) {
-	ticker := time.NewTicker(pingTime)
-
-	for {
-		select {
-		case <-ticker.C:
-			ws.SetWriteDeadline(time.Now().Add(writeDeadline))
-			err := ws.WriteMessage(websocket.PingMessage, []byte{})
-			if err != nil {
-				return
-			}
-		case <-exit:
-			return
-		}
-	}
-}
-
-func watch(rw registry.Watcher, w http.ResponseWriter, r *http.Request) {
-	upgrader := websocket.Upgrader{
-		ReadBufferSize:  1024,
-		WriteBufferSize: 1024,
-	}
-
-	ws, err := upgrader.Upgrade(w, r, nil)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	// we need an exit chan
-	exit := make(chan bool)
-
-	defer func() {
-		close(exit)
-	}()
-
-	// ping the socket
-	go ping(ws, exit)
-
-	for {
-		// get next result
-		r, err := rw.Next()
-		if err != nil {
-			http.Error(w, err.Error(), 500)
-			return
-		}
-
-		// write to client
-		ws.SetWriteDeadline(time.Now().Add(writeDeadline))
-		if err := ws.WriteJSON(r); err != nil {
-			return
-		}
-	}
-}
-
-func (rh *registryHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	switch r.Method {
-	case "GET":
-		rh.get(w, r)
-	case "POST":
-		rh.add(w, r)
-	case "DELETE":
-		rh.del(w, r)
-	}
-}
-
-func (rh *registryHandler) String() string {
-	return "registry"
-}
-
-func NewHandler(opts ...handler.Option) handler.Handler {
-	options := handler.NewOptions(opts...)
-
-	return &registryHandler{
-		opts: options,
-		reg:  options.Service.Client().Options().Registry,
-	}
-}
--- a/api/handler/rpc/rpc.go
+++ b/api/handler/rpc/rpc.go
@@ -4,23 +4,27 @@ package rpc
 import (
 	"encoding/json"
 	"io"
-	"io/ioutil"
 	"net/http"
+	"net/textproto"
 	"strconv"
 	"strings"

-	"github.com/joncalhoun/qson"
+	jsonpatch "github.com/evanphx/json-patch/v5"
 	"github.com/micro/go-micro/v2/api"
 	"github.com/micro/go-micro/v2/api/handler"
-	proto "github.com/micro/go-micro/v2/api/internal/proto"
+	"github.com/micro/go-micro/v2/api/internal/proto"
 	"github.com/micro/go-micro/v2/client"
 	"github.com/micro/go-micro/v2/client/selector"
 	"github.com/micro/go-micro/v2/codec"
 	"github.com/micro/go-micro/v2/codec/jsonrpc"
 	"github.com/micro/go-micro/v2/codec/protorpc"
 	"github.com/micro/go-micro/v2/errors"
+	"github.com/micro/go-micro/v2/logger"
+	"github.com/micro/go-micro/v2/metadata"
 	"github.com/micro/go-micro/v2/registry"
 	"github.com/micro/go-micro/v2/util/ctx"
+	"github.com/micro/go-micro/v2/util/qson"
+	"github.com/oxtoacart/bpool"
 )

 const (
@@ -44,6 +48,8 @@ var (
 		"application/proto-rpc",
 		"application/octet-stream",
 	}
+
+	bufferPool = bpool.NewSizedBufferPool(1024, 8)
 )

 type rpcHandler struct {
@@ -68,6 +74,13 @@ func strategy(services []*registry.Service) selector.Strategy {
 }

 func (h *rpcHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	bsize := handler.DefaultMaxRecvSize
+	if h.opts.MaxRecvSize > 0 {
+		bsize = h.opts.MaxRecvSize
+	}
+
+	r.Body = http.MaxBytesReader(w, r.Body, bsize)
+
 	defer r.Body.Close()
 	var service *api.Service

@@ -88,12 +101,6 @@ func (h *rpcHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	// only allow post when we have the router
-	if r.Method != "GET" && (h.opts.Router != nil && r.Method != "POST") {
-		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
-		return
-	}
-
 	ct := r.Header.Get("Content-Type")

 	// Strip charset from Content-Type (like `application/json; charset=UTF-8`)
@@ -102,11 +109,42 @@ func (h *rpcHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}

 	// micro client
-	c := h.opts.Service.Client()
+	c := h.opts.Client
+
+	// create context
+	cx := ctx.FromRequest(r)
+	// get context from http handler wrappers
+	md, ok := metadata.FromContext(r.Context())
+	if !ok {
+		md = make(metadata.Metadata)
+	}
+	// fill contex with http headers
+	md["Host"] = r.Host
+	md["Method"] = r.Method
+	// get canonical headers
+	for k, _ := range r.Header {
+		// may be need to get all values for key like r.Header.Values() provide in go 1.14
+		md[textproto.CanonicalMIMEHeaderKey(k)] = r.Header.Get(k)
+	}
+
+	// merge context with overwrite
+	cx = metadata.MergeContext(cx, md, true)
+
+	// set merged context to request
+	*r = *r.Clone(cx)
+	// if stream we currently only support json
+	if isStream(r, service) {
+		// drop older context as it can have timeouts and create new
+		//		md, _ := metadata.FromContext(cx)
+		//serveWebsocket(context.TODO(), w, r, service, c)
+		serveWebsocket(cx, w, r, service, c)
+		return
+	}

 	// create strategy
 	so := selector.WithStrategy(strategy(service.Services))

+	// walk the standard call path
 	// get payload
 	br, err := requestPayload(r)
 	if err != nil {
@@ -114,9 +152,6 @@ func (h *rpcHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	// create context
-	cx := ctx.FromRequest(r)
-
 	var rsp []byte

 	switch {
@@ -145,7 +180,12 @@ func (h *rpcHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}

 		// marshall response
-		rsp, _ = response.Marshal()
+		rsp, err = response.Marshal()
+		if err != nil {
+			writeError(w, r, err)
+			return
+		}
+
 	default:
 		// if json codec is not present set to json
 		if !hasCodec(ct, jsonCodecs) {
@@ -168,7 +208,6 @@ func (h *rpcHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			&request,
 			client.WithContentType(ct),
 		)
-
 		// make the call
 		if err := c.Call(cx, req, &response, client.WithSelectOption(so)); err != nil {
 			writeError(w, r, err)
@@ -176,7 +215,11 @@ func (h *rpcHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}

 		// marshall response
-		rsp, _ = response.MarshalJSON()
+		rsp, err = response.MarshalJSON()
+		if err != nil {
+			writeError(w, r, err)
+			return
+		}
 	}

 	// write the response
@@ -200,8 +243,11 @@ func hasCodec(ct string, codecs []string) bool {
 // If the request is a GET the query string parameters are extracted and marshaled to JSON and the raw bytes are returned.
 // If the request method is a POST the request body is read and returned
 func requestPayload(r *http.Request) ([]byte, error) {
+	var err error
+
 	// we have to decode json-rpc and proto-rpc because we suck
 	// well actually because there's no proxy codec right now
+
 	ct := r.Header.Get("Content-Type")
 	switch {
 	case strings.Contains(ct, "application/json-rpc"):
@@ -210,11 +256,11 @@ func requestPayload(r *http.Request) ([]byte, error) {
 			Header: make(map[string]string),
 		}
 		c := jsonrpc.NewCodec(&buffer{r.Body})
-		if err := c.ReadHeader(&msg, codec.Request); err != nil {
+		if err = c.ReadHeader(&msg, codec.Request); err != nil {
 			return nil, err
 		}
 		var raw json.RawMessage
-		if err := c.ReadBody(&raw); err != nil {
+		if err = c.ReadBody(&raw); err != nil {
 			return nil, err
 		}
 		return ([]byte)(raw), nil
@@ -224,15 +270,14 @@ func requestPayload(r *http.Request) ([]byte, error) {
 			Header: make(map[string]string),
 		}
 		c := protorpc.NewCodec(&buffer{r.Body})
-		if err := c.ReadHeader(&msg, codec.Request); err != nil {
+		if err = c.ReadHeader(&msg, codec.Request); err != nil {
 			return nil, err
 		}
 		var raw proto.Message
-		if err := c.ReadBody(&raw); err != nil {
+		if err = c.ReadBody(&raw); err != nil {
 			return nil, err
 		}
-		b, _ := raw.Marshal()
-		return b, nil
+		return raw.Marshal()
 	case strings.Contains(ct, "application/www-x-form-urlencoded"):
 		r.ParseForm()

@@ -243,20 +288,158 @@ func requestPayload(r *http.Request) ([]byte, error) {
 		}

 		// marshal
-		b, _ := json.Marshal(vals)
-		return b, nil
+		return json.Marshal(vals)
 		// TODO: application/grpc
 	}

 	// otherwise as per usual
+	ctx := r.Context()
+	// dont user meadata.FromContext as it mangles names
+	md, ok := metadata.FromContext(ctx)
+	if !ok {
+		md = make(map[string]string)
+	}
+
+	// allocate maximum
+	matches := make(map[string]interface{}, len(md))
+	bodydst := ""
+
+	// get fields from url path
+	for k, v := range md {
+		k = strings.ToLower(k)
+		// filter own keys
+		if strings.HasPrefix(k, "x-api-field-") {
+			matches[strings.TrimPrefix(k, "x-api-field-")] = v
+			delete(md, k)
+		} else if k == "x-api-body" {
+			bodydst = v
+			delete(md, k)
+		}
+	}
+
+	// map of all fields
+	req := make(map[string]interface{}, len(md))
+
+	// get fields from url values
+	if len(r.URL.RawQuery) > 0 {
+		umd := make(map[string]interface{})
+		err = qson.Unmarshal(&umd, r.URL.RawQuery)
+		if err != nil {
+			return nil, err
+		}
+		for k, v := range umd {
+			matches[k] = v
+		}
+	}
+
+	// restore context without fields
+	*r = *r.Clone(metadata.NewContext(ctx, md))
+
+	for k, v := range matches {
+		ps := strings.Split(k, ".")
+		if len(ps) == 1 {
+			req[k] = v
+			continue
+		}
+		em := make(map[string]interface{})
+		em[ps[len(ps)-1]] = v
+		for i := len(ps) - 2; i > 0; i-- {
+			nm := make(map[string]interface{})
+			nm[ps[i]] = em
+			em = nm
+		}
+		if vm, ok := req[ps[0]]; ok {
+			// nested map
+			nm := vm.(map[string]interface{})
+			for vk, vv := range em {
+				nm[vk] = vv
+			}
+			req[ps[0]] = nm
+		} else {
+			req[ps[0]] = em
+		}
+	}
+	pathbuf := []byte("{}")
+	if len(req) > 0 {
+		pathbuf, err = json.Marshal(req)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	urlbuf := []byte("{}")
+	out, err := jsonpatch.MergeMergePatches(urlbuf, pathbuf)
+	if err != nil {
+		return nil, err
+	}

 	switch r.Method {
 	case "GET":
-		if len(r.URL.RawQuery) > 0 {
-			return qson.ToJSON(r.URL.RawQuery)
+		// empty response
+		if strings.Contains(ct, "application/json") && string(out) == "{}" {
+			return out, nil
+		} else if string(out) == "{}" && !strings.Contains(ct, "application/json") {
+			return []byte{}, nil
 		}
-	case "PATCH", "POST":
-		return ioutil.ReadAll(r.Body)
+		return out, nil
+	case "PATCH", "POST", "PUT", "DELETE":
+		bodybuf := []byte("{}")
+		buf := bufferPool.Get()
+		defer bufferPool.Put(buf)
+		if _, err := buf.ReadFrom(r.Body); err != nil {
+			return nil, err
+		}
+		if b := buf.Bytes(); len(b) > 0 {
+			bodybuf = b
+		}
+		if bodydst == "" || bodydst == "*" {
+			if out, err = jsonpatch.MergeMergePatches(out, bodybuf); err == nil {
+				return out, nil
+			}
+		}
+		var jsonbody map[string]interface{}
+		if json.Valid(bodybuf) {
+			if err = json.Unmarshal(bodybuf, &jsonbody); err != nil {
+				return nil, err
+			}
+		}
+		dstmap := make(map[string]interface{})
+		ps := strings.Split(bodydst, ".")
+		if len(ps) == 1 {
+			if jsonbody != nil {
+				dstmap[ps[0]] = jsonbody
+			} else {
+				// old unexpected behaviour
+				dstmap[ps[0]] = bodybuf
+			}
+		} else {
+			em := make(map[string]interface{})
+			if jsonbody != nil {
+				em[ps[len(ps)-1]] = jsonbody
+			} else {
+				// old unexpected behaviour
+				em[ps[len(ps)-1]] = bodybuf
+			}
+			for i := len(ps) - 2; i > 0; i-- {
+				nm := make(map[string]interface{})
+				nm[ps[i]] = em
+				em = nm
+			}
+			dstmap[ps[0]] = em
+		}
+
+		bodyout, err := json.Marshal(dstmap)
+		if err != nil {
+			return nil, err
+		}
+
+		if out, err = jsonpatch.MergeMergePatches(out, bodyout); err == nil {
+			return out, nil
+		}
+
+		//fallback to previous unknown behaviour
+		return bodybuf, nil
+
 	}

 	return []byte{}, nil
@@ -288,7 +471,12 @@ func writeError(w http.ResponseWriter, r *http.Request, err error) {
 		w.Header().Set("grpc-message", ce.Detail)
 	}

-	w.Write([]byte(ce.Error()))
+	_, werr := w.Write([]byte(ce.Error()))
+	if werr != nil {
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Error(werr)
+		}
+	}
 }

 func writeResponse(w http.ResponseWriter, r *http.Request, rsp []byte) {
@@ -303,8 +491,19 @@ func writeResponse(w http.ResponseWriter, r *http.Request, rsp []byte) {
 		w.Header().Set("grpc-message", "")
 	}

+	// write 204 status if rsp is nil
+	if len(rsp) == 0 {
+		w.WriteHeader(http.StatusNoContent)
+	}
+
 	// write response
-	w.Write(rsp)
+	_, err := w.Write(rsp)
+	if err != nil {
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Error(err)
+		}
+	}
+
 }

 func NewHandler(opts ...handler.Option) handler.Handler {
--- a/api/handler/rpc/rpc_test.go
+++ b/api/handler/rpc/rpc_test.go
@@ -27,6 +27,23 @@ func TestRequestPayloadFromRequest(t *testing.T) {
 		t.Fatal("Failed to marshal proto to JSON ", err)
 	}

+	jsonUrlBytes := []byte(`{"key1":"val1","key2":"val2","name":"Test"}`)
+
+	t.Run("extracting a json from a POST request with url params", func(t *testing.T) {
+		r, err := http.NewRequest("POST", "http://localhost/my/path?key1=val1&key2=val2", bytes.NewReader(jsonBytes))
+		if err != nil {
+			t.Fatalf("Failed to created http.Request: %v", err)
+		}
+
+		extByte, err := requestPayload(r)
+		if err != nil {
+			t.Fatalf("Failed to extract payload from request: %v", err)
+		}
+		if string(extByte) != string(jsonUrlBytes) {
+			t.Fatalf("Expected %v and %v to match", string(extByte), jsonUrlBytes)
+		}
+	})
+
 	t.Run("extracting a proto from a POST request", func(t *testing.T) {
 		r, err := http.NewRequest("POST", "http://localhost/my/path", bytes.NewReader(protoBytes))
 		if err != nil {
--- a/api/handler/rpc/stream.go
+++ b/api/handler/rpc/stream.go
@@ -0,0 +1,259 @@
+package rpc
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/gobwas/httphead"
+	"github.com/gobwas/ws"
+	"github.com/gobwas/ws/wsutil"
+	"github.com/micro/go-micro/v2/api"
+	"github.com/micro/go-micro/v2/client"
+	"github.com/micro/go-micro/v2/client/selector"
+	raw "github.com/micro/go-micro/v2/codec/bytes"
+	"github.com/micro/go-micro/v2/logger"
+)
+
+// serveWebsocket will stream rpc back over websockets assuming json
+func serveWebsocket(ctx context.Context, w http.ResponseWriter, r *http.Request, service *api.Service, c client.Client) {
+	var op ws.OpCode
+
+	ct := r.Header.Get("Content-Type")
+	// Strip charset from Content-Type (like `application/json; charset=UTF-8`)
+	if idx := strings.IndexRune(ct, ';'); idx >= 0 {
+		ct = ct[:idx]
+	}
+
+	// check proto from request
+	switch ct {
+	case "application/json":
+		op = ws.OpText
+	default:
+		op = ws.OpBinary
+	}
+
+	hdr := make(http.Header)
+	if proto, ok := r.Header["Sec-WebSocket-Protocol"]; ok {
+		for _, p := range proto {
+			switch p {
+			case "binary":
+				hdr["Sec-WebSocket-Protocol"] = []string{"binary"}
+				op = ws.OpBinary
+			}
+		}
+	}
+	payload, err := requestPayload(r)
+	if err != nil {
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Error(err)
+		}
+		return
+	}
+
+	upgrader := ws.HTTPUpgrader{Timeout: 5 * time.Second,
+		Protocol: func(proto string) bool {
+			if strings.Contains(proto, "binary") {
+				return true
+			}
+			// fallback to support all protocols now
+			return true
+		},
+		Extension: func(httphead.Option) bool {
+			// disable extensions for compatibility
+			return false
+		},
+		Header: hdr,
+	}
+
+	conn, rw, _, err := upgrader.Upgrade(r, w)
+	if err != nil {
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Error(err)
+		}
+		return
+	}
+
+	defer func() {
+		if err := conn.Close(); err != nil {
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Error(err)
+			}
+			return
+		}
+	}()
+
+	var request interface{}
+	if !bytes.Equal(payload, []byte(`{}`)) {
+		switch ct {
+		case "application/json", "":
+			m := json.RawMessage(payload)
+			request = &m
+		default:
+			request = &raw.Frame{Data: payload}
+		}
+	}
+
+	// we always need to set content type for message
+	if ct == "" {
+		ct = "application/json"
+	}
+	req := c.NewRequest(
+		service.Name,
+		service.Endpoint.Name,
+		request,
+		client.WithContentType(ct),
+		client.StreamingRequest(),
+	)
+
+	so := selector.WithStrategy(strategy(service.Services))
+	// create a new stream
+	stream, err := c.Stream(ctx, req, client.WithSelectOption(so))
+	if err != nil {
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Error(err)
+		}
+		return
+	}
+
+	if request != nil {
+		if err = stream.Send(request); err != nil {
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Error(err)
+			}
+			return
+		}
+	}
+
+	go writeLoop(rw, stream)
+
+	rsp := stream.Response()
+
+	// receive from stream and send to client
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case <-stream.Context().Done():
+			return
+		default:
+			// read backend response body
+			buf, err := rsp.Read()
+			if err != nil {
+				// wants to avoid import  grpc/status.Status
+				if strings.Contains(err.Error(), "context canceled") {
+					return
+				}
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Error(err)
+				}
+				return
+			}
+
+			// write the response
+			if err := wsutil.WriteServerMessage(rw, op, buf); err != nil {
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Error(err)
+				}
+				return
+			}
+			if err = rw.Flush(); err != nil {
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Error(err)
+				}
+				return
+			}
+		}
+	}
+}
+
+// writeLoop
+func writeLoop(rw io.ReadWriter, stream client.Stream) {
+	// close stream when done
+	defer stream.Close()
+
+	for {
+		select {
+		case <-stream.Context().Done():
+			return
+		default:
+			buf, op, err := wsutil.ReadClientData(rw)
+			if err != nil {
+				if wserr, ok := err.(wsutil.ClosedError); ok {
+					switch wserr.Code {
+					case ws.StatusGoingAway:
+						// this happens when user leave the page
+						return
+					case ws.StatusNormalClosure, ws.StatusNoStatusRcvd:
+						// this happens when user close ws connection, or we don't get any status
+						return
+					}
+				}
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Error(err)
+				}
+				return
+			}
+			switch op {
+			default:
+				// not relevant
+				continue
+			case ws.OpText, ws.OpBinary:
+				break
+			}
+			// send to backend
+			// default to trying json
+			// if the extracted payload isn't empty lets use it
+			request := &raw.Frame{Data: buf}
+			if err := stream.Send(request); err != nil {
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Error(err)
+				}
+				return
+			}
+		}
+	}
+}
+
+func isStream(r *http.Request, srv *api.Service) bool {
+	// check if it's a web socket
+	if !isWebSocket(r) {
+		return false
+	}
+	// check if the endpoint supports streaming
+	for _, service := range srv.Services {
+		for _, ep := range service.Endpoints {
+			// skip if it doesn't match the name
+			if ep.Name != srv.Endpoint.Name {
+				continue
+			}
+			// matched if the name
+			if v := ep.Metadata["stream"]; v == "true" {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func isWebSocket(r *http.Request) bool {
+	contains := func(key, val string) bool {
+		vv := strings.Split(r.Header.Get(key), ",")
+		for _, v := range vv {
+			if val == strings.ToLower(strings.TrimSpace(v)) {
+				return true
+			}
+		}
+		return false
+	}
+
+	if contains("Connection", "upgrade") && contains("Upgrade", "websocket") {
+		return true
+	}
+
+	return false
+}
--- a/api/handler/udp/udp.go
+++ b/api/handler/udp/udp.go
@@ -1,25 +0,0 @@
-// Package udp reads and write from a udp connection
-package udp
-
-import (
-	"io"
-	"net"
-	"net/http"
-)
-
-type Handler struct{}
-
-func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	c, err := net.Dial("udp", r.Host)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	go io.Copy(c, r.Body)
-	// write response
-	io.Copy(w, c)
-}
-
-func (h *Handler) String() string {
-	return "udp"
-}
--- a/api/handler/unix/unix.go
+++ b/api/handler/unix/unix.go
@@ -1,30 +0,0 @@
-// Package unix reads from a unix socket expecting it to be in /tmp/path
-package unix
-
-import (
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"path/filepath"
-)
-
-type Handler struct{}
-
-func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	sock := fmt.Sprintf("%s.sock", filepath.Clean(r.URL.Path))
-	path := filepath.Join("/tmp", sock)
-
-	c, err := net.Dial("unix", path)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	go io.Copy(c, r.Body)
-	// write response
-	io.Copy(w, c)
-}
-
-func (h *Handler) String() string {
-	return "unix"
-}
--- a/api/proto/api.pb.go
+++ b/api/proto/api.pb.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
-// source: github.com/micro/go-micro/v2/api/proto/api.proto
+// source: api/proto/api.proto

 package go_api

@@ -32,7 +32,7 @@ func (m *Pair) Reset()         { *m = Pair{} }
 func (m *Pair) String() string { return proto.CompactTextString(m) }
 func (*Pair) ProtoMessage()    {}
 func (*Pair) Descriptor() ([]byte, []int) {
-	return fileDescriptor_7b6696ef87ec1943, []int{0}
+	return fileDescriptor_2df576b66d12087a, []int{0}
 }

 func (m *Pair) XXX_Unmarshal(b []byte) error {
@@ -86,7 +86,7 @@ func (m *Request) Reset()         { *m = Request{} }
 func (m *Request) String() string { return proto.CompactTextString(m) }
 func (*Request) ProtoMessage()    {}
 func (*Request) Descriptor() ([]byte, []int) {
-	return fileDescriptor_7b6696ef87ec1943, []int{1}
+	return fileDescriptor_2df576b66d12087a, []int{1}
 }

 func (m *Request) XXX_Unmarshal(b []byte) error {
@@ -171,7 +171,7 @@ func (m *Response) Reset()         { *m = Response{} }
 func (m *Response) String() string { return proto.CompactTextString(m) }
 func (*Response) ProtoMessage()    {}
 func (*Response) Descriptor() ([]byte, []int) {
-	return fileDescriptor_7b6696ef87ec1943, []int{2}
+	return fileDescriptor_2df576b66d12087a, []int{2}
 }

 func (m *Response) XXX_Unmarshal(b []byte) error {
@@ -235,7 +235,7 @@ func (m *Event) Reset()         { *m = Event{} }
 func (m *Event) String() string { return proto.CompactTextString(m) }
 func (*Event) ProtoMessage()    {}
 func (*Event) Descriptor() ([]byte, []int) {
-	return fileDescriptor_7b6696ef87ec1943, []int{3}
+	return fileDescriptor_2df576b66d12087a, []int{3}
 }

 func (m *Event) XXX_Unmarshal(b []byte) error {
@@ -303,36 +303,33 @@ func init() {
 	proto.RegisterMapType((map[string]*Pair)(nil), "go.api.Event.HeaderEntry")
 }

-func init() {
-	proto.RegisterFile("github.com/micro/go-micro/v2/api/proto/api.proto", fileDescriptor_7b6696ef87ec1943)
-}
+func init() { proto.RegisterFile("api/proto/api.proto", fileDescriptor_2df576b66d12087a) }

-var fileDescriptor_7b6696ef87ec1943 = []byte{
-	// 408 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x53, 0x4d, 0x8f, 0xd3, 0x30,
-	0x10, 0x55, 0xe2, 0x24, 0xbb, 0x99, 0x22, 0x84, 0x7c, 0x40, 0x66, 0x59, 0xa1, 0x2a, 0xa7, 0x0a,
-	0xa9, 0x29, 0xec, 0x72, 0x40, 0x5c, 0xa1, 0x5a, 0x8e, 0x2b, 0xff, 0x03, 0x77, 0x63, 0x25, 0x16,
-	0x4d, 0x1c, 0x62, 0xa7, 0x52, 0x7f, 0x1c, 0x07, 0x7e, 0x06, 0xff, 0x06, 0x79, 0xec, 0x7e, 0x50,
-	0x95, 0x0b, 0xf4, 0xf6, 0x62, 0xbf, 0x79, 0xf3, 0xe6, 0x8d, 0x03, 0xf3, 0x5a, 0xd9, 0x66, 0x5c,
-	0x95, 0x4f, 0xba, 0x5d, 0xb4, 0xea, 0x69, 0xd0, 0x8b, 0x5a, 0xcf, 0x3d, 0x10, 0xbd, 0x5a, 0xf4,
-	0x83, 0xb6, 0x88, 0x4a, 0x44, 0x34, 0xab, 0x75, 0x29, 0x7a, 0x55, 0xbc, 0x83, 0xe4, 0x51, 0xa8,
-	0x81, 0xbe, 0x00, 0xf2, 0x4d, 0x6e, 0x59, 0x34, 0x8d, 0x66, 0x39, 0x77, 0x90, 0xbe, 0x84, 0x6c,
-	0x23, 0xd6, 0xa3, 0x34, 0x2c, 0x9e, 0x92, 0x59, 0xce, 0xc3, 0x57, 0xf1, 0x93, 0xc0, 0x15, 0x97,
-	0xdf, 0x47, 0x69, 0xac, 0xe3, 0xb4, 0xd2, 0x36, 0xba, 0x0a, 0x85, 0xe1, 0x8b, 0x52, 0x48, 0x7a,
-	0x61, 0x1b, 0x16, 0xe3, 0x29, 0x62, 0x7a, 0x0f, 0x59, 0x23, 0x45, 0x25, 0x07, 0x46, 0xa6, 0x64,
-	0x36, 0xb9, 0x7b, 0x5d, 0x7a, 0x0b, 0x65, 0x10, 0x2b, 0xbf, 0xe2, 0xed, 0xb2, 0xb3, 0xc3, 0x96,
-	0x07, 0x2a, 0x7d, 0x0b, 0xa4, 0x96, 0x96, 0x25, 0x58, 0xc1, 0x4e, 0x2b, 0x1e, 0xa4, 0xf5, 0x74,
-	0x47, 0xa2, 0x73, 0x48, 0x7a, 0x6d, 0x2c, 0x4b, 0x91, 0xfc, 0xea, 0x94, 0xfc, 0xa8, 0x4d, 0x60,
-	0x23, 0xcd, 0x79, 0x5c, 0xe9, 0x6a, 0xcb, 0x32, 0xef, 0xd1, 0x61, 0x97, 0xc2, 0x38, 0xac, 0xd9,
-	0x95, 0x4f, 0x61, 0x1c, 0xd6, 0x37, 0x0f, 0x30, 0x39, 0xf2, 0x75, 0x26, 0xa6, 0x02, 0x52, 0x0c,
-	0x06, 0x67, 0x9d, 0xdc, 0x3d, 0xdb, 0xb5, 0x75, 0xa9, 0x72, 0x7f, 0xf5, 0x29, 0xfe, 0x18, 0xdd,
-	0x7c, 0x81, 0xeb, 0x9d, 0xdd, 0xff, 0x50, 0x59, 0x42, 0xbe, 0x9f, 0xe3, 0xdf, 0x65, 0x8a, 0x1f,
-	0x11, 0x5c, 0x73, 0x69, 0x7a, 0xdd, 0x19, 0x49, 0xdf, 0x00, 0x18, 0x2b, 0xec, 0x68, 0x3e, 0xeb,
-	0x4a, 0xa2, 0x5a, 0xca, 0x8f, 0x4e, 0xe8, 0x87, 0xfd, 0xe2, 0x62, 0x4c, 0xf6, 0xf6, 0x90, 0xac,
-	0x57, 0x38, 0xbb, 0xb9, 0x5d, 0xbc, 0xe4, 0x10, 0xef, 0xc5, 0xc2, 0x2c, 0x7e, 0x45, 0x90, 0x2e,
-	0x37, 0xb2, 0xc3, 0x2d, 0x76, 0xa2, 0x95, 0x41, 0x04, 0x31, 0x7d, 0x0e, 0xb1, 0xaa, 0xc2, 0xdb,
-	0x8b, 0x55, 0x45, 0x6f, 0x21, 0xb7, 0xaa, 0x95, 0xc6, 0x8a, 0xb6, 0x47, 0x3f, 0x84, 0x1f, 0x0e,
-	0xe8, 0xfb, 0xfd, 0x78, 0xc9, 0x9f, 0x0f, 0x07, 0x1b, 0xfc, 0x6d, 0xb6, 0x4a, 0x58, 0xc1, 0x52,
-	0xdf, 0xd4, 0xe1, 0x8b, 0xcd, 0xb6, 0xca, 0xf0, 0x07, 0xbd, 0xff, 0x1d, 0x00, 0x00, 0xff, 0xff,
-	0x97, 0xf3, 0x59, 0x6e, 0xd1, 0x03, 0x00, 0x00,
+var fileDescriptor_2df576b66d12087a = []byte{
+	// 393 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x53, 0xcd, 0xce, 0xd3, 0x30,
+	0x10, 0x54, 0xe2, 0x24, 0x6d, 0xb6, 0x08, 0x21, 0x23, 0x21, 0x53, 0x2a, 0x54, 0xe5, 0x54, 0x21,
+	0x91, 0x42, 0xcb, 0x01, 0x71, 0x85, 0xaa, 0x1c, 0x2b, 0xbf, 0x81, 0xab, 0x58, 0x6d, 0x44, 0x13,
+	0x9b, 0xd8, 0xa9, 0xd4, 0x87, 0xe3, 0xc0, 0x63, 0xf0, 0x36, 0xc8, 0x1b, 0xf7, 0xe7, 0xab, 0xfa,
+	0x5d, 0xbe, 0xaf, 0xb7, 0x89, 0x3d, 0x3b, 0x3b, 0x3b, 0xeb, 0xc0, 0x6b, 0xa1, 0xcb, 0xa9, 0x6e,
+	0x94, 0x55, 0x53, 0xa1, 0xcb, 0x1c, 0x11, 0x4d, 0x36, 0x2a, 0x17, 0xba, 0xcc, 0x3e, 0x41, 0xb4,
+	0x12, 0x65, 0x43, 0x5f, 0x01, 0xf9, 0x25, 0x0f, 0x2c, 0x18, 0x07, 0x93, 0x94, 0x3b, 0x48, 0xdf,
+	0x40, 0xb2, 0x17, 0xbb, 0x56, 0x1a, 0x16, 0x8e, 0xc9, 0x24, 0xe5, 0xfe, 0x2b, 0xfb, 0x4b, 0xa0,
+	0xc7, 0xe5, 0xef, 0x56, 0x1a, 0xeb, 0x38, 0x95, 0xb4, 0x5b, 0x55, 0xf8, 0x42, 0xff, 0x45, 0x29,
+	0x44, 0x5a, 0xd8, 0x2d, 0x0b, 0xf1, 0x14, 0x31, 0x9d, 0x43, 0xb2, 0x95, 0xa2, 0x90, 0x0d, 0x23,
+	0x63, 0x32, 0x19, 0xcc, 0xde, 0xe5, 0x9d, 0x85, 0xdc, 0x8b, 0xe5, 0x3f, 0xf1, 0x76, 0x51, 0xdb,
+	0xe6, 0xc0, 0x3d, 0x95, 0x7e, 0x00, 0xb2, 0x91, 0x96, 0x45, 0x58, 0xc1, 0xae, 0x2b, 0x96, 0xd2,
+	0x76, 0x74, 0x47, 0xa2, 0x1f, 0x21, 0xd2, 0xca, 0x58, 0x16, 0x23, 0xf9, 0xed, 0x35, 0x79, 0xa5,
+	0x8c, 0x67, 0x23, 0xcd, 0x79, 0x5c, 0xab, 0xe2, 0xc0, 0x92, 0xce, 0xa3, 0xc3, 0x2e, 0x85, 0xb6,
+	0xd9, 0xb1, 0x5e, 0x97, 0x42, 0xdb, 0xec, 0x86, 0x4b, 0x18, 0x5c, 0xf8, 0xba, 0x11, 0x53, 0x06,
+	0x31, 0x06, 0x83, 0xb3, 0x0e, 0x66, 0x2f, 0x8e, 0x6d, 0x5d, 0xaa, 0xbc, 0xbb, 0xfa, 0x16, 0x7e,
+	0x0d, 0x86, 0x3f, 0xa0, 0x7f, 0xb4, 0xfb, 0x0c, 0x95, 0x05, 0xa4, 0xa7, 0x39, 0x9e, 0x2e, 0x93,
+	0xfd, 0x09, 0xa0, 0xcf, 0xa5, 0xd1, 0xaa, 0x36, 0x92, 0xbe, 0x07, 0x30, 0x56, 0xd8, 0xd6, 0x7c,
+	0x57, 0x85, 0x44, 0xb5, 0x98, 0x5f, 0x9c, 0xd0, 0x2f, 0xa7, 0xc5, 0x85, 0x98, 0xec, 0xe8, 0x9c,
+	0x6c, 0xa7, 0x70, 0x73, 0x73, 0xc7, 0x78, 0xc9, 0x39, 0xde, 0xbb, 0x85, 0x99, 0xfd, 0x0b, 0x20,
+	0x5e, 0xec, 0x65, 0x8d, 0x5b, 0xac, 0x45, 0x25, 0xbd, 0x08, 0x62, 0xfa, 0x12, 0xc2, 0xb2, 0xf0,
+	0x6f, 0x2f, 0x2c, 0x0b, 0x3a, 0x82, 0xd4, 0x96, 0x95, 0x34, 0x56, 0x54, 0x1a, 0xfd, 0x10, 0x7e,
+	0x3e, 0xa0, 0x9f, 0x4f, 0xe3, 0x45, 0x0f, 0x1f, 0x0e, 0x36, 0x78, 0x6c, 0xb6, 0x42, 0x58, 0xc1,
+	0xe2, 0xae, 0xa9, 0xc3, 0x77, 0x9b, 0x6d, 0x9d, 0xe0, 0x0f, 0x3a, 0xff, 0x1f, 0x00, 0x00, 0xff,
+	0xff, 0xd4, 0x6d, 0x70, 0x51, 0xb7, 0x03, 0x00, 0x00,
 }
--- a/api/proto/api.pb.micro.go
+++ b/api/proto/api.pb.micro.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-micro. DO NOT EDIT.
-// source: github.com/micro/go-micro/v2/api/proto/api.proto
+// source: api/proto/api.proto

 package go_api

--- a/api/resolver/host/host.go
+++ b/api/resolver/host/host.go
@@ -7,7 +7,9 @@ import (
 	"github.com/micro/go-micro/v2/api/resolver"
 )

-type Resolver struct{}
+type Resolver struct {
+	opts resolver.Options
+}

 func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
 	return &resolver.Endpoint{
@@ -23,5 +25,5 @@ func (r *Resolver) String() string {
 }

 func NewResolver(opts ...resolver.Option) resolver.Resolver {
-	return &Resolver{}
+	return &Resolver{opts: resolver.NewOptions(opts...)}
 }
--- a/api/resolver/micro/micro.go
+++ b/api/resolver/micro/micro.go
@@ -1,45 +0,0 @@
-// Package micro provides a micro rpc resolver which prefixes a namespace
-package micro
-
-import (
-	"net/http"
-
-	"github.com/micro/go-micro/v2/api/resolver"
-)
-
-// default resolver for legacy purposes
-// it uses proxy routing to resolve names
-// /foo becomes namespace.foo
-// /v1/foo becomes namespace.v1.foo
-type Resolver struct {
-	Options resolver.Options
-}
-
-func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
-	var name, method string
-
-	switch r.Options.Handler {
-	// internal handlers
-	case "meta", "api", "rpc", "micro":
-		name, method = apiRoute(req.URL.Path)
-	default:
-		method = req.Method
-		name = proxyRoute(req.URL.Path)
-	}
-
-	return &resolver.Endpoint{
-		Name:   name,
-		Method: method,
-	}, nil
-}
-
-func (r *Resolver) String() string {
-	return "micro"
-}
-
-// NewResolver creates a new micro resolver
-func NewResolver(opts ...resolver.Option) resolver.Resolver {
-	return &Resolver{
-		Options: resolver.NewOptions(opts...),
-	}
-}
--- a/api/resolver/micro/route.go
+++ b/api/resolver/micro/route.go
@@ -1,90 +0,0 @@
-package micro
-
-import (
-	"path"
-	"regexp"
-	"strings"
-)
-
-var (
-	proxyRe   = regexp.MustCompile("^[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*$")
-	versionRe = regexp.MustCompilePOSIX("^v[0-9]+$")
-)
-
-// Translates /foo/bar/zool into api service go.micro.api.foo method Bar.Zool
-// Translates /foo/bar into api service go.micro.api.foo method Foo.Bar
-func apiRoute(p string) (string, string) {
-	p = path.Clean(p)
-	p = strings.TrimPrefix(p, "/")
-	parts := strings.Split(p, "/")
-
-	// If we've got two or less parts
-	// Use first part as service
-	// Use all parts as method
-	if len(parts) <= 2 {
-		name := parts[0]
-		return name, methodName(parts)
-	}
-
-	// Treat /v[0-9]+ as versioning where we have 3 parts
-	// /v1/foo/bar => service: v1.foo method: Foo.bar
-	if len(parts) == 3 && versionRe.Match([]byte(parts[0])) {
-		name := strings.Join(parts[:len(parts)-1], ".")
-		return name, methodName(parts[len(parts)-2:])
-	}
-
-	// Service is everything minus last two parts
-	// Method is the last two parts
-	name := strings.Join(parts[:len(parts)-2], ".")
-	return name, methodName(parts[len(parts)-2:])
-}
-
-func proxyRoute(p string) string {
-	parts := strings.Split(p, "/")
-	if len(parts) < 2 {
-		return ""
-	}
-
-	var service string
-	var alias string
-
-	// /[service]/methods
-	if len(parts) > 2 {
-		// /v1/[service]
-		if versionRe.MatchString(parts[1]) {
-			service = parts[1] + "." + parts[2]
-			alias = parts[2]
-		} else {
-			service = parts[1]
-			alias = parts[1]
-		}
-		// /[service]
-	} else {
-		service = parts[1]
-		alias = parts[1]
-	}
-
-	// check service name is valid
-	if !proxyRe.MatchString(alias) {
-		return ""
-	}
-
-	return service
-}
-
-func methodName(parts []string) string {
-	for i, part := range parts {
-		parts[i] = toCamel(part)
-	}
-
-	return strings.Join(parts, ".")
-}
-
-func toCamel(s string) string {
-	words := strings.Split(s, "-")
-	var out string
-	for _, word := range words {
-		out += strings.Title(word)
-	}
-	return out
-}
--- a/api/resolver/micro/route_test.go
+++ b/api/resolver/micro/route_test.go
@@ -1,130 +0,0 @@
-package micro
-
-import (
-	"testing"
-)
-
-func TestApiRoute(t *testing.T) {
-	testData := []struct {
-		path    string
-		service string
-		method  string
-	}{
-		{
-			"/foo/bar",
-			"foo",
-			"Foo.Bar",
-		},
-		{
-			"/foo/foo/bar",
-			"foo",
-			"Foo.Bar",
-		},
-		{
-			"/foo/bar/baz",
-			"foo",
-			"Bar.Baz",
-		},
-		{
-			"/foo/bar/baz-xyz",
-			"foo",
-			"Bar.BazXyz",
-		},
-		{
-			"/foo/bar/baz/cat",
-			"foo.bar",
-			"Baz.Cat",
-		},
-		{
-			"/foo/bar/baz/cat/car",
-			"foo.bar.baz",
-			"Cat.Car",
-		},
-		{
-			"/foo/fooBar/bazCat",
-			"foo",
-			"FooBar.BazCat",
-		},
-		{
-			"/v1/foo/bar",
-			"v1.foo",
-			"Foo.Bar",
-		},
-		{
-			"/v1/foo/bar/baz",
-			"v1.foo",
-			"Bar.Baz",
-		},
-		{
-			"/v1/foo/bar/baz/cat",
-			"v1.foo.bar",
-			"Baz.Cat",
-		},
-	}
-
-	for _, d := range testData {
-		s, m := apiRoute(d.path)
-		if d.service != s {
-			t.Fatalf("Expected service: %s for path: %s got: %s %s", d.service, d.path, s, m)
-		}
-		if d.method != m {
-			t.Fatalf("Expected service: %s for path: %s got: %s", d.method, d.path, m)
-		}
-	}
-}
-
-func TestProxyRoute(t *testing.T) {
-	testData := []struct {
-		path    string
-		service string
-	}{
-		// no namespace
-		{
-			"/f",
-			"f",
-		},
-		{
-			"/f",
-			"f",
-		},
-		{
-			"/f-b",
-			"f-b",
-		},
-		{
-			"/foo/bar",
-			"foo",
-		},
-		{
-			"/foo-bar",
-			"foo-bar",
-		},
-		{
-			"/foo-bar-baz",
-			"foo-bar-baz",
-		},
-		{
-			"/foo/bar/bar",
-			"foo",
-		},
-		{
-			"/v1/foo/bar",
-			"v1.foo",
-		},
-		{
-			"/v1/foo/bar/baz",
-			"v1.foo",
-		},
-		{
-			"/v1/foo/bar/baz/cat",
-			"v1.foo",
-		},
-	}
-
-	for _, d := range testData {
-		s := proxyRoute(d.path)
-		if d.service != s {
-			t.Fatalf("Expected service: %s for path: %s got: %s", d.service, d.path, s)
-		}
-	}
-}
--- a/api/resolver/options.go
+++ b/api/resolver/options.go
@@ -1,11 +1,20 @@
 package resolver

+import (
+	"net/http"
+)
+
 // NewOptions returns new initialised options
 func NewOptions(opts ...Option) Options {
 	var options Options
 	for _, o := range opts {
 		o(&options)
 	}
+
+	if options.Namespace == nil {
+		options.Namespace = StaticNamespace("go.micro")
+	}
+
 	return options
 }

@@ -16,8 +25,8 @@ func WithHandler(h string) Option {
 	}
 }

-// WithNamespace sets the namespace being used
-func WithNamespace(n string) Option {
+// WithNamespace sets the function which determines the namespace for a request
+func WithNamespace(n func(*http.Request) string) Option {
 	return func(o *Options) {
 		o.Namespace = n
 	}
--- a/api/resolver/path/path.go
+++ b/api/resolver/path/path.go
@@ -2,22 +2,26 @@
 package path

 import (
-	"errors"
 	"net/http"
 	"strings"

 	"github.com/micro/go-micro/v2/api/resolver"
 )

-type Resolver struct{}
+type Resolver struct {
+	opts resolver.Options
+}

 func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
 	if req.URL.Path == "/" {
-		return nil, errors.New("unknown name")
+		return nil, resolver.ErrNotFound
 	}
+
 	parts := strings.Split(req.URL.Path[1:], "/")
+	ns := r.opts.Namespace(req)
+
 	return &resolver.Endpoint{
-		Name:   parts[0],
+		Name:   ns + "." + parts[0],
 		Host:   req.Host,
 		Method: req.Method,
 		Path:   req.URL.Path,
@@ -29,5 +33,5 @@ func (r *Resolver) String() string {
 }

 func NewResolver(opts ...resolver.Option) resolver.Resolver {
-	return &Resolver{}
+	return &Resolver{opts: resolver.NewOptions(opts...)}
 }
--- a/api/resolver/resolver.go
+++ b/api/resolver/resolver.go
@@ -2,9 +2,15 @@
 package resolver

 import (
+	"errors"
 	"net/http"
 )

+var (
+	ErrNotFound    = errors.New("not found")
+	ErrInvalidPath = errors.New("invalid path")
+)
+
 // Resolver resolves requests to endpoints
 type Resolver interface {
 	Resolve(r *http.Request) (*Endpoint, error)
@@ -25,7 +31,14 @@ type Endpoint struct {

 type Options struct {
 	Handler   string
-	Namespace string
+	Namespace func(*http.Request) string
 }

 type Option func(o *Options)
+
+// StaticNamespace returns the same namespace for each request
+func StaticNamespace(ns string) func(*http.Request) string {
+	return func(*http.Request) string {
+		return ns
+	}
+}
--- a/api/resolver/vpath/vpath.go
+++ b/api/resolver/vpath/vpath.go
@@ -10,7 +10,13 @@ import (
 	"github.com/micro/go-micro/v2/api/resolver"
 )

-type Resolver struct{}
+func NewResolver(opts ...resolver.Option) resolver.Resolver {
+	return &Resolver{opts: resolver.NewOptions(opts...)}
+}
+
+type Resolver struct {
+	opts resolver.Options
+}

 var (
 	re = regexp.MustCompile("^v[0-9]+$")
@@ -22,10 +28,9 @@ func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
 	}

 	parts := strings.Split(req.URL.Path[1:], "/")
-
 	if len(parts) == 1 {
 		return &resolver.Endpoint{
-			Name:   parts[0],
+			Name:   r.withNamespace(req, parts...),
 			Host:   req.Host,
 			Method: req.Method,
 			Path:   req.URL.Path,
@@ -35,7 +40,7 @@ func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
 	// /v1/foo
 	if re.MatchString(parts[0]) {
 		return &resolver.Endpoint{
-			Name:   parts[1],
+			Name:   r.withNamespace(req, parts[0:2]...),
 			Host:   req.Host,
 			Method: req.Method,
 			Path:   req.URL.Path,
@@ -43,7 +48,7 @@ func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
 	}

 	return &resolver.Endpoint{
-		Name:   parts[0],
+		Name:   r.withNamespace(req, parts[0]),
 		Host:   req.Host,
 		Method: req.Method,
 		Path:   req.URL.Path,
@@ -54,6 +59,11 @@ func (r *Resolver) String() string {
 	return "path"
 }

-func NewResolver(opts ...resolver.Option) resolver.Resolver {
-	return &Resolver{}
+func (r *Resolver) withNamespace(req *http.Request, parts ...string) string {
+	ns := r.opts.Namespace(req)
+	if len(ns) == 0 {
+		return strings.Join(parts, ".")
+	}
+
+	return strings.Join(append([]string{ns}, parts...), ".")
 }
--- a/api/router/options.go
+++ b/api/router/options.go
@@ -2,15 +2,14 @@ package router

 import (
 	"github.com/micro/go-micro/v2/api/resolver"
-	"github.com/micro/go-micro/v2/api/resolver/micro"
+	"github.com/micro/go-micro/v2/api/resolver/vpath"
 	"github.com/micro/go-micro/v2/registry"
 )

 type Options struct {
-	Namespace string
-	Handler   string
-	Registry  registry.Registry
-	Resolver  resolver.Resolver
+	Handler  string
+	Registry registry.Registry
+	Resolver resolver.Resolver
 }

 type Option func(o *Options)
@@ -26,9 +25,8 @@ func NewOptions(opts ...Option) Options {
 	}

 	if options.Resolver == nil {
-		options.Resolver = micro.NewResolver(
+		options.Resolver = vpath.NewResolver(
 			resolver.WithHandler(options.Handler),
-			resolver.WithNamespace(options.Namespace),
 		)
 	}

@@ -41,12 +39,6 @@ func WithHandler(h string) Option {
 	}
 }

-func WithNamespace(ns string) Option {
-	return func(o *Options) {
-		o.Namespace = ns
-	}
-}
-
 func WithRegistry(r registry.Registry) Option {
 	return func(o *Options) {
 		o.Registry = r
--- a/api/router/registry/registry.go
+++ b/api/router/registry/registry.go
@@ -4,7 +4,6 @@ package registry
 import (
 	"errors"
 	"fmt"
-	"log"
 	"net/http"
 	"regexp"
 	"strings"
@@ -13,10 +12,20 @@ import (

 	"github.com/micro/go-micro/v2/api"
 	"github.com/micro/go-micro/v2/api/router"
+	"github.com/micro/go-micro/v2/api/router/util"
+	"github.com/micro/go-micro/v2/logger"
+	"github.com/micro/go-micro/v2/metadata"
 	"github.com/micro/go-micro/v2/registry"
 	"github.com/micro/go-micro/v2/registry/cache"
 )

+// endpoint struct, that holds compiled pcre
+type endpoint struct {
+	hostregs []*regexp.Regexp
+	pathregs []util.Pattern
+	pcreregs []*regexp.Regexp
+}
+
 // router is the default router
 type registryRouter struct {
 	exit chan bool
@@ -27,28 +36,8 @@ type registryRouter struct {

 	sync.RWMutex
 	eps map[string]*api.Service
-}
-
-func setNamespace(ns, name string) string {
-	ns = strings.TrimSpace(ns)
-	name = strings.TrimSpace(name)
-
-	// no namespace
-	if len(ns) == 0 {
-		return name
-	}
-
-	switch {
-	// has - suffix
-	case strings.HasSuffix(ns, "-"):
-		return strings.Replace(ns+name, ".", "-", -1)
-	// has . suffix
-	case strings.HasSuffix(ns, "."):
-		return ns + name
-	}
-
-	// default join .
-	return strings.Join([]string{ns, name}, ".")
+	// compiled regexp for host and path
+	ceps map[string]*endpoint
 }

 func (r *registryRouter) isClosed() bool {
@@ -68,7 +57,9 @@ func (r *registryRouter) refresh() {
 		services, err := r.opts.Registry.ListServices()
 		if err != nil {
 			attempts++
-			log.Println("Error listing endpoints", err)
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Errorf("unable to list services: %v", err)
+			}
 			time.Sleep(time.Duration(attempts) * time.Second)
 			continue
 		}
@@ -77,18 +68,18 @@ func (r *registryRouter) refresh() {

 		// for each service, get service and store endpoints
 		for _, s := range services {
-			// only get services for this namespace
-			if !strings.HasPrefix(s.Name, r.opts.Namespace) {
-				continue
-			}
 			service, err := r.rc.GetService(s.Name)
 			if err != nil {
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Errorf("unable to get service: %v", err)
+				}
 				continue
 			}
 			r.store(service)
 		}

 		// refresh list in 10 minutes... cruft
+		// use registry watching
 		select {
 		case <-time.After(time.Minute * 10):
 		case <-r.exit:
@@ -100,13 +91,16 @@ func (r *registryRouter) refresh() {
 // process watch event
 func (r *registryRouter) process(res *registry.Result) {
 	// skip these things
-	if res == nil || res.Service == nil || !strings.HasPrefix(res.Service.Name, r.opts.Namespace) {
+	if res == nil || res.Service == nil {
 		return
 	}

 	// get entry from cache
 	service, err := r.rc.GetService(res.Service.Name)
 	if err != nil {
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Errorf("unable to get service: %v", err)
+		}
 		return
 	}

@@ -128,14 +122,17 @@ func (r *registryRouter) store(services []*registry.Service) {
 		names[service.Name] = true

 		// map per endpoint
-		for _, endpoint := range service.Endpoints {
+		for _, sep := range service.Endpoints {
 			// create a key service:endpoint_name
-			key := fmt.Sprintf("%s:%s", service.Name, endpoint.Name)
+			key := fmt.Sprintf("%s.%s", service.Name, sep.Name)
 			// decode endpoint
-			end := api.Decode(endpoint.Metadata)
+			end := api.Decode(sep.Metadata)

 			// if we got nothing skip
 			if err := api.Validate(end); err != nil {
+				if logger.V(logger.TraceLevel, logger.DefaultLogger) {
+					logger.Tracef("endpoint validation failed: %v", err)
+				}
 				continue
 			}

@@ -170,8 +167,57 @@ func (r *registryRouter) store(services []*registry.Service) {
 	}

 	// now set the eps we have
-	for name, endpoint := range eps {
-		r.eps[name] = endpoint
+	for name, ep := range eps {
+		r.eps[name] = ep
+		cep := &endpoint{}
+
+		for _, h := range ep.Endpoint.Host {
+			if h == "" || h == "*" {
+				continue
+			}
+			hostreg, err := regexp.CompilePOSIX(h)
+			if err != nil {
+				if logger.V(logger.TraceLevel, logger.DefaultLogger) {
+					logger.Tracef("endpoint have invalid host regexp: %v", err)
+				}
+				continue
+			}
+			cep.hostregs = append(cep.hostregs, hostreg)
+		}
+
+		for _, p := range ep.Endpoint.Path {
+			var pcreok bool
+
+			if p[0] == '^' && p[len(p)-1] == '$' {
+				pcrereg, err := regexp.CompilePOSIX(p)
+				if err == nil {
+					cep.pcreregs = append(cep.pcreregs, pcrereg)
+					pcreok = true
+				}
+			}
+
+			rule, err := util.Parse(p)
+			if err != nil && !pcreok {
+				if logger.V(logger.TraceLevel, logger.DefaultLogger) {
+					logger.Tracef("endpoint have invalid path pattern: %v", err)
+				}
+				continue
+			} else if err != nil && pcreok {
+				continue
+			}
+
+			tpl := rule.Compile()
+			pathreg, err := util.NewPattern(tpl.Version, tpl.OpCodes, tpl.Pool, "")
+			if err != nil {
+				if logger.V(logger.TraceLevel, logger.DefaultLogger) {
+					logger.Tracef("endpoint have invalid path pattern: %v", err)
+				}
+				continue
+			}
+			cep.pathregs = append(cep.pathregs, pathreg)
+		}
+
+		r.ceps[name] = cep
 	}
 }

@@ -188,7 +234,9 @@ func (r *registryRouter) watch() {
 		w, err := r.opts.Registry.Watch()
 		if err != nil {
 			attempts++
-			log.Println("Error watching endpoints", err)
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Errorf("error watching endpoints: %v", err)
+			}
 			time.Sleep(time.Duration(attempts) * time.Second)
 			continue
 		}
@@ -211,7 +259,9 @@ func (r *registryRouter) watch() {
 			// process next event
 			res, err := w.Next()
 			if err != nil {
-				log.Println("Error getting next endpoint", err)
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Errorf("error getting next endoint: %v", err)
+				}
 				close(ch)
 				break
 			}
@@ -235,6 +285,14 @@ func (r *registryRouter) Close() error {
 	return nil
 }

+func (r *registryRouter) Register(ep *api.Endpoint) error {
+	return nil
+}
+
+func (r *registryRouter) Deregister(ep *api.Endpoint) error {
+	return nil
+}
+
 func (r *registryRouter) Endpoint(req *http.Request) (*api.Service, error) {
 	if r.isClosed() {
 		return nil, errors.New("router closed")
@@ -243,60 +301,106 @@ func (r *registryRouter) Endpoint(req *http.Request) (*api.Service, error) {
 	r.RLock()
 	defer r.RUnlock()

+	var idx int
+	if len(req.URL.Path) > 0 && req.URL.Path != "/" {
+		idx = 1
+	}
+	path := strings.Split(req.URL.Path[idx:], "/")
+
 	// use the first match
 	// TODO: weighted matching
-	for _, e := range r.eps {
+	for n, e := range r.eps {
+		cep, ok := r.ceps[n]
+		if !ok {
+			continue
+		}
 		ep := e.Endpoint
-
-		// match
-		var pathMatch, hostMatch, methodMatch bool
-
-		// 1. try method GET, POST, PUT, etc
-		// 2. try host example.com, foobar.com, etc
-		// 3. try path /foo/bar, /bar/baz, etc
-
-		// 1. try match method
+		var mMatch, hMatch, pMatch bool
+		// 1. try method
 		for _, m := range ep.Method {
-			if req.Method == m {
-				methodMatch = true
+			if m == req.Method {
+				mMatch = true
 				break
 			}
 		}
-
-		// no match on method pass
-		if len(ep.Method) > 0 && !methodMatch {
+		if !mMatch {
 			continue
 		}
-
-		// 2. try match host
-		for _, h := range ep.Host {
-			if req.Host == h {
-				hostMatch = true
-				break
-			}
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("api method match %s", req.Method)
 		}

-		// no match on host pass
-		if len(ep.Host) > 0 && !hostMatch {
+		// 2. try host
+		if len(ep.Host) == 0 {
+			hMatch = true
+		} else {
+			for idx, h := range ep.Host {
+				if h == "" || h == "*" {
+					hMatch = true
+					break
+				} else {
+					if cep.hostregs[idx].MatchString(req.URL.Host) {
+						hMatch = true
+						break
+					}
+				}
+			}
+		}
+		if !hMatch {
 			continue
 		}
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("api host match %s", req.URL.Host)
+		}

-		// 3. try match paths
-		for _, p := range ep.Path {
-			re, err := regexp.CompilePOSIX(p)
-			if err == nil && re.MatchString(req.URL.Path) {
-				pathMatch = true
+		// 3. try path via google.api path matching
+		for _, pathreg := range cep.pathregs {
+			matches, err := pathreg.Match(path, "")
+			if err != nil {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("api gpath not match %s != %v", path, pathreg)
+				}
+				continue
+			}
+			if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+				logger.Debugf("api gpath match %s = %v", path, pathreg)
+			}
+			pMatch = true
+			ctx := req.Context()
+			md, ok := metadata.FromContext(ctx)
+			if !ok {
+				md = make(metadata.Metadata)
+			}
+			for k, v := range matches {
+				md[fmt.Sprintf("x-api-field-%s", k)] = v
+			}
+			md["x-api-body"] = ep.Body
+			*req = *req.Clone(metadata.NewContext(ctx, md))
+			break
+		}
+
+		if !pMatch {
+			// 4. try path via pcre path matching
+			for _, pathreg := range cep.pcreregs {
+				if !pathreg.MatchString(req.URL.Path) {
+					if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+						logger.Debugf("api pcre path not match %s != %v", path, pathreg)
+					}
+					continue
+				}
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("api pcre path match %s != %v", path, pathreg)
+				}
+				pMatch = true
 				break
 			}
 		}

-		// no match pass
-		if len(ep.Path) > 0 && !pathMatch {
+		if !pMatch {
 			continue
 		}

 		// TODO: Percentage traffic
-
 		// we got here, so its a match
 		return e, nil
 	}
@@ -327,7 +431,7 @@ func (r *registryRouter) Route(req *http.Request) (*api.Service, error) {
 	}

 	// service name
-	name := setNamespace(r.opts.Namespace, rp.Name)
+	name := rp.Name

 	// get service
 	services, err := r.rc.GetService(name)
@@ -381,6 +485,7 @@ func newRouter(opts ...router.Option) *registryRouter {
 		opts: options,
 		rc:   cache.New(options.Registry),
 		eps:  make(map[string]*api.Service),
+		ceps: make(map[string]*endpoint),
 	}
 	go r.watch()
 	go r.refresh()
--- a/api/router/registry/registry_test.go
+++ b/api/router/registry/registry_test.go
@@ -1,181 +1,34 @@
 package registry

 import (
-	"fmt"
-	"net/http"
-	"net/url"
 	"testing"

-	"github.com/micro/go-micro/v2/api"
+	"github.com/micro/go-micro/v2/registry"
+	"github.com/stretchr/testify/assert"
 )

-func TestSetNamespace(t *testing.T) {
-	testCases := []struct {
-		namespace string
-		name      string
-		expected  string
-	}{
-		// default dotted path
+func TestStoreRegex(t *testing.T) {
+	router := newRouter()
+	router.store([]*registry.Service{
 		{
-			"go.micro.api",
-			"foo",
-			"go.micro.api.foo",
+			Name:    "Foobar",
+			Version: "latest",
+			Endpoints: []*registry.Endpoint{
+				{
+					Name: "foo",
+					Metadata: map[string]string{
+						"endpoint":    "FooEndpoint",
+						"description": "Some description",
+						"method":      "POST",
+						"path":        "^/foo/$",
+						"handler":     "rpc",
+					},
+				},
+			},
+			Metadata: map[string]string{},
 		},
-		// dotted end
-		{
-			"go.micro.api.",
-			"foo",
-			"go.micro.api.foo",
-		},
-		// dashed end
-		{
-			"go-micro-api-",
-			"foo",
-			"go-micro-api-foo",
-		},
-		// no namespace
-		{
-			"",
-			"foo",
-			"foo",
-		},
-		{
-			"go-micro-api-",
-			"v2.foo",
-			"go-micro-api-v2-foo",
-		},
-	}
-
-	for _, test := range testCases {
-		name := setNamespace(test.namespace, test.name)
-		if name != test.expected {
-			t.Fatalf("expected name %s got %s", test.expected, name)
-		}
-	}
-}
-
-func TestRouter(t *testing.T) {
-	r := newRouter()
-
-	compare := func(expect, got []string) bool {
-		// no data to compare, return true
-		if len(expect) == 0 && len(got) == 0 {
-			return true
-		}
-		// no data expected but got some return false
-		if len(expect) == 0 && len(got) > 0 {
-			return false
-		}
-
-		// compare expected with what we got
-		for _, e := range expect {
-			var seen bool
-			for _, g := range got {
-				if e == g {
-					seen = true
-					break
-				}
-			}
-			if !seen {
-				return false
-			}
-		}
-
-		// we're done, return true
-		return true
-	}
-
-	testData := []struct {
-		e *api.Endpoint
-		r *http.Request
-		m bool
-	}{
-		{
-			e: &api.Endpoint{
-				Name:   "Foo.Bar",
-				Host:   []string{"example.com"},
-				Method: []string{"GET"},
-				Path:   []string{"/foo"},
-			},
-			r: &http.Request{
-				Host:   "example.com",
-				Method: "GET",
-				URL: &url.URL{
-					Path: "/foo",
-				},
-			},
-			m: true,
-		},
-		{
-			e: &api.Endpoint{
-				Name:   "Bar.Baz",
-				Host:   []string{"example.com", "foo.com"},
-				Method: []string{"GET", "POST"},
-				Path:   []string{"/foo/bar"},
-			},
-			r: &http.Request{
-				Host:   "foo.com",
-				Method: "POST",
-				URL: &url.URL{
-					Path: "/foo/bar",
-				},
-			},
-			m: true,
-		},
-		{
-			e: &api.Endpoint{
-				Name:   "Test.Cruft",
-				Host:   []string{"example.com", "foo.com"},
-				Method: []string{"GET", "POST"},
-				Path:   []string{"/xyz"},
-			},
-			r: &http.Request{
-				Host:   "fail.com",
-				Method: "DELETE",
-				URL: &url.URL{
-					Path: "/test/fail",
-				},
-			},
-			m: false,
-		},
-	}
-
-	for _, d := range testData {
-		key := fmt.Sprintf("%s:%s", "test.service", d.e.Name)
-		r.eps[key] = &api.Service{
-			Endpoint: d.e,
-		}
-	}
-
-	for _, d := range testData {
-		e, err := r.Endpoint(d.r)
-		if d.m && err != nil {
-			t.Fatalf("expected match, got %v", err)
-		}
-		if !d.m && err == nil {
-			t.Fatal("expected error got match")
-		}
-		// skip testing the non match
-		if !d.m {
-			continue
-		}
-
-		ep := e.Endpoint
-
-		// test the match
-		if d.e.Name != ep.Name {
-			t.Fatalf("expected %v got %v", d.e.Name, ep.Name)
-		}
-		if ok := compare(d.e.Method, ep.Method); !ok {
-			t.Fatalf("expected %v got %v", d.e.Method, ep.Method)
-		}
-		if ok := compare(d.e.Path, ep.Path); !ok {
-			t.Fatalf("expected %v got %v", d.e.Path, ep.Path)
-		}
-		if ok := compare(d.e.Host, ep.Host); !ok {
-			t.Fatalf("expected %v got %v", d.e.Host, ep.Host)
-		}
-
-	}
+	},
+	)

+	assert.Len(t, router.ceps["Foobar.foo"].pcreregs, 1)
 }
--- a/api/router/router.go
+++ b/api/router/router.go
@@ -15,6 +15,10 @@ type Router interface {
 	Close() error
 	// Endpoint returns an api.Service endpoint or an error if it does not exist
 	Endpoint(r *http.Request) (*api.Service, error)
+	// Register endpoint in router
+	Register(ep *api.Endpoint) error
+	// Deregister endpoint from router
+	Deregister(ep *api.Endpoint) error
 	// Route returns an api.Service route
 	Route(r *http.Request) (*api.Service, error)
 }
--- a/api/router/router_test.go
+++ b/api/router/router_test.go
@@ -0,0 +1,245 @@
+package router_test
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/micro/go-micro/v2/api"
+	"github.com/micro/go-micro/v2/api/handler"
+	"github.com/micro/go-micro/v2/api/handler/rpc"
+	"github.com/micro/go-micro/v2/api/router"
+	rregistry "github.com/micro/go-micro/v2/api/router/registry"
+	rstatic "github.com/micro/go-micro/v2/api/router/static"
+	"github.com/micro/go-micro/v2/client"
+	gcli "github.com/micro/go-micro/v2/client/grpc"
+	rmemory "github.com/micro/go-micro/v2/registry/memory"
+	"github.com/micro/go-micro/v2/server"
+	gsrv "github.com/micro/go-micro/v2/server/grpc"
+	pb "github.com/micro/go-micro/v2/server/grpc/proto"
+)
+
+// server is used to implement helloworld.GreeterServer.
+type testServer struct {
+	msgCount int
+}
+
+// TestHello implements helloworld.GreeterServer
+func (s *testServer) Call(ctx context.Context, req *pb.Request, rsp *pb.Response) error {
+	rsp.Msg = "Hello " + req.Uuid
+	return nil
+}
+
+// TestHello implements helloworld.GreeterServer
+func (s *testServer) CallPcre(ctx context.Context, req *pb.Request, rsp *pb.Response) error {
+	rsp.Msg = "Hello " + req.Uuid
+	return nil
+}
+
+// TestHello implements helloworld.GreeterServer
+func (s *testServer) CallPcreInvalid(ctx context.Context, req *pb.Request, rsp *pb.Response) error {
+	rsp.Msg = "Hello " + req.Uuid
+	return nil
+}
+
+func initial(t *testing.T) (server.Server, client.Client) {
+	r := rmemory.NewRegistry()
+
+	// create a new client
+	s := gsrv.NewServer(
+		server.Name("foo"),
+		server.Registry(r),
+	)
+
+	// create a new server
+	c := gcli.NewClient(
+		client.Registry(r),
+	)
+
+	h := &testServer{}
+	pb.RegisterTestHandler(s, h)
+
+	if err := s.Start(); err != nil {
+		t.Fatalf("failed to start: %v", err)
+	}
+
+	return s, c
+}
+
+func check(t *testing.T, addr string, path string, expected string) {
+	req, err := http.NewRequest("POST", fmt.Sprintf(path, addr), nil)
+	if err != nil {
+		t.Fatalf("Failed to created http.Request: %v", err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	rsp, err := (&http.Client{}).Do(req)
+	if err != nil {
+		t.Fatalf("Failed to created http.Request: %v", err)
+	}
+	defer rsp.Body.Close()
+
+	buf, err := ioutil.ReadAll(rsp.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	jsonMsg := expected
+	if string(buf) != jsonMsg {
+		t.Fatalf("invalid message received, parsing error %s != %s", buf, jsonMsg)
+	}
+}
+
+func TestRouterRegistryPcre(t *testing.T) {
+	s, c := initial(t)
+	defer s.Stop()
+
+	router := rregistry.NewRouter(
+		router.WithHandler(rpc.Handler),
+		router.WithRegistry(s.Options().Registry),
+	)
+	hrpc := rpc.NewHandler(
+		handler.WithClient(c),
+		handler.WithRouter(router),
+	)
+	hsrv := &http.Server{
+		Handler:        hrpc,
+		Addr:           "127.0.0.1:6543",
+		WriteTimeout:   15 * time.Second,
+		ReadTimeout:    15 * time.Second,
+		IdleTimeout:    20 * time.Second,
+		MaxHeaderBytes: 1024 * 1024 * 1, // 1Mb
+	}
+
+	go func() {
+		log.Println(hsrv.ListenAndServe())
+	}()
+
+	defer hsrv.Close()
+	time.Sleep(1 * time.Second)
+	check(t, hsrv.Addr, "http://%s/api/v0/test/call/TEST", `{"msg":"Hello TEST"}`)
+}
+
+func TestRouterStaticPcre(t *testing.T) {
+	s, c := initial(t)
+	defer s.Stop()
+
+	router := rstatic.NewRouter(
+		router.WithHandler(rpc.Handler),
+		router.WithRegistry(s.Options().Registry),
+	)
+
+	err := router.Register(&api.Endpoint{
+		Name:    "foo.Test.Call",
+		Method:  []string{"POST"},
+		Path:    []string{"^/api/v0/test/call/?$"},
+		Handler: "rpc",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	hrpc := rpc.NewHandler(
+		handler.WithClient(c),
+		handler.WithRouter(router),
+	)
+	hsrv := &http.Server{
+		Handler:        hrpc,
+		Addr:           "127.0.0.1:6543",
+		WriteTimeout:   15 * time.Second,
+		ReadTimeout:    15 * time.Second,
+		IdleTimeout:    20 * time.Second,
+		MaxHeaderBytes: 1024 * 1024 * 1, // 1Mb
+	}
+
+	go func() {
+		log.Println(hsrv.ListenAndServe())
+	}()
+	defer hsrv.Close()
+
+	time.Sleep(1 * time.Second)
+	check(t, hsrv.Addr, "http://%s/api/v0/test/call", `{"msg":"Hello "}`)
+}
+
+func TestRouterStaticGpath(t *testing.T) {
+	s, c := initial(t)
+	defer s.Stop()
+
+	router := rstatic.NewRouter(
+		router.WithHandler(rpc.Handler),
+		router.WithRegistry(s.Options().Registry),
+	)
+
+	err := router.Register(&api.Endpoint{
+		Name:    "foo.Test.Call",
+		Method:  []string{"POST"},
+		Path:    []string{"/api/v0/test/call/{uuid}"},
+		Handler: "rpc",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	hrpc := rpc.NewHandler(
+		handler.WithClient(c),
+		handler.WithRouter(router),
+	)
+	hsrv := &http.Server{
+		Handler:        hrpc,
+		Addr:           "127.0.0.1:6543",
+		WriteTimeout:   15 * time.Second,
+		ReadTimeout:    15 * time.Second,
+		IdleTimeout:    20 * time.Second,
+		MaxHeaderBytes: 1024 * 1024 * 1, // 1Mb
+	}
+
+	go func() {
+		log.Println(hsrv.ListenAndServe())
+	}()
+	defer hsrv.Close()
+
+	time.Sleep(1 * time.Second)
+	check(t, hsrv.Addr, "http://%s/api/v0/test/call/TEST", `{"msg":"Hello TEST"}`)
+}
+
+func TestRouterStaticPcreInvalid(t *testing.T) {
+	var ep *api.Endpoint
+	var err error
+
+	s, c := initial(t)
+	defer s.Stop()
+
+	router := rstatic.NewRouter(
+		router.WithHandler(rpc.Handler),
+		router.WithRegistry(s.Options().Registry),
+	)
+
+	ep = &api.Endpoint{
+		Name:    "foo.Test.Call",
+		Method:  []string{"POST"},
+		Path:    []string{"^/api/v0/test/call/?"},
+		Handler: "rpc",
+	}
+
+	err = router.Register(ep)
+	if err == nil {
+		t.Fatalf("invalid endpoint %v", ep)
+	}
+
+	ep = &api.Endpoint{
+		Name:    "foo.Test.Call",
+		Method:  []string{"POST"},
+		Path:    []string{"/api/v0/test/call/?$"},
+		Handler: "rpc",
+	}
+
+	err = router.Register(ep)
+	if err == nil {
+		t.Fatalf("invalid endpoint %v", ep)
+	}
+
+	_ = c
+}
--- a/api/router/static/static.go
+++ b/api/router/static/static.go
@@ -0,0 +1,356 @@
+package static
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"regexp"
+	"strings"
+	"sync"
+
+	"github.com/micro/go-micro/v2/api"
+	"github.com/micro/go-micro/v2/api/router"
+	"github.com/micro/go-micro/v2/api/router/util"
+	"github.com/micro/go-micro/v2/logger"
+	"github.com/micro/go-micro/v2/metadata"
+	"github.com/micro/go-micro/v2/registry"
+	rutil "github.com/micro/go-micro/v2/util/registry"
+)
+
+type endpoint struct {
+	apiep    *api.Endpoint
+	hostregs []*regexp.Regexp
+	pathregs []util.Pattern
+	pcreregs []*regexp.Regexp
+}
+
+// router is the default router
+type staticRouter struct {
+	exit chan bool
+	opts router.Options
+	sync.RWMutex
+	eps map[string]*endpoint
+}
+
+func (r *staticRouter) isClosed() bool {
+	select {
+	case <-r.exit:
+		return true
+	default:
+		return false
+	}
+}
+
+/*
+// watch for endpoint changes
+func (r *staticRouter) watch() {
+	var attempts int
+
+	for {
+		if r.isClosed() {
+			return
+		}
+
+		// watch for changes
+		w, err := r.opts.Registry.Watch()
+		if err != nil {
+			attempts++
+			log.Println("Error watching endpoints", err)
+			time.Sleep(time.Duration(attempts) * time.Second)
+			continue
+		}
+
+		ch := make(chan bool)
+
+		go func() {
+			select {
+			case <-ch:
+				w.Stop()
+			case <-r.exit:
+				w.Stop()
+			}
+		}()
+
+		// reset if we get here
+		attempts = 0
+
+		for {
+			// process next event
+			res, err := w.Next()
+			if err != nil {
+				log.Println("Error getting next endpoint", err)
+				close(ch)
+				break
+			}
+			r.process(res)
+		}
+	}
+}
+*/
+
+func (r *staticRouter) Register(ep *api.Endpoint) error {
+	if err := api.Validate(ep); err != nil {
+		return err
+	}
+
+	var pathregs []util.Pattern
+	var hostregs []*regexp.Regexp
+	var pcreregs []*regexp.Regexp
+
+	for _, h := range ep.Host {
+		if h == "" || h == "*" {
+			continue
+		}
+		hostreg, err := regexp.CompilePOSIX(h)
+		if err != nil {
+			return err
+		}
+		hostregs = append(hostregs, hostreg)
+	}
+
+	for _, p := range ep.Path {
+		var pcreok bool
+
+		// pcre only when we have start and end markers
+		if p[0] == '^' && p[len(p)-1] == '$' {
+			pcrereg, err := regexp.CompilePOSIX(p)
+			if err == nil {
+				pcreregs = append(pcreregs, pcrereg)
+				pcreok = true
+			}
+		}
+
+		rule, err := util.Parse(p)
+		if err != nil && !pcreok {
+			return err
+		} else if err != nil && pcreok {
+			continue
+		}
+
+		tpl := rule.Compile()
+		pathreg, err := util.NewPattern(tpl.Version, tpl.OpCodes, tpl.Pool, "")
+		if err != nil {
+			return err
+		}
+		pathregs = append(pathregs, pathreg)
+	}
+
+	r.Lock()
+	r.eps[ep.Name] = &endpoint{
+		apiep:    ep,
+		pcreregs: pcreregs,
+		pathregs: pathregs,
+		hostregs: hostregs,
+	}
+	r.Unlock()
+	return nil
+}
+
+func (r *staticRouter) Deregister(ep *api.Endpoint) error {
+	if err := api.Validate(ep); err != nil {
+		return err
+	}
+	r.Lock()
+	delete(r.eps, ep.Name)
+	r.Unlock()
+	return nil
+}
+
+func (r *staticRouter) Options() router.Options {
+	return r.opts
+}
+
+func (r *staticRouter) Close() error {
+	select {
+	case <-r.exit:
+		return nil
+	default:
+		close(r.exit)
+	}
+	return nil
+}
+
+func (r *staticRouter) Endpoint(req *http.Request) (*api.Service, error) {
+	ep, err := r.endpoint(req)
+	if err != nil {
+		return nil, err
+	}
+
+	epf := strings.Split(ep.apiep.Name, ".")
+	services, err := r.opts.Registry.GetService(epf[0])
+	if err != nil {
+		return nil, err
+	}
+
+	// hack for stream endpoint
+	if ep.apiep.Stream {
+		svcs := rutil.Copy(services)
+		for _, svc := range svcs {
+			if len(svc.Endpoints) == 0 {
+				e := &registry.Endpoint{}
+				e.Name = strings.Join(epf[1:], ".")
+				e.Metadata = make(map[string]string)
+				e.Metadata["stream"] = "true"
+				svc.Endpoints = append(svc.Endpoints, e)
+			}
+			for _, e := range svc.Endpoints {
+				e.Name = strings.Join(epf[1:], ".")
+				e.Metadata = make(map[string]string)
+				e.Metadata["stream"] = "true"
+			}
+		}
+
+		services = svcs
+	}
+
+	svc := &api.Service{
+		Name: epf[0],
+		Endpoint: &api.Endpoint{
+			Name:    strings.Join(epf[1:], "."),
+			Handler: "rpc",
+			Host:    ep.apiep.Host,
+			Method:  ep.apiep.Method,
+			Path:    ep.apiep.Path,
+			Body:    ep.apiep.Body,
+			Stream:  ep.apiep.Stream,
+		},
+		Services: services,
+	}
+
+	return svc, nil
+}
+
+func (r *staticRouter) endpoint(req *http.Request) (*endpoint, error) {
+	if r.isClosed() {
+		return nil, errors.New("router closed")
+	}
+
+	r.RLock()
+	defer r.RUnlock()
+
+	var idx int
+	if len(req.URL.Path) > 0 && req.URL.Path != "/" {
+		idx = 1
+	}
+	path := strings.Split(req.URL.Path[idx:], "/")
+	// use the first match
+	// TODO: weighted matching
+
+	for _, ep := range r.eps {
+		var mMatch, hMatch, pMatch bool
+
+		// 1. try method
+		for _, m := range ep.apiep.Method {
+			if m == req.Method {
+				mMatch = true
+				break
+			}
+		}
+		if !mMatch {
+			continue
+		}
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("api method match %s", req.Method)
+		}
+
+		// 2. try host
+		if len(ep.apiep.Host) == 0 {
+			hMatch = true
+		} else {
+			for idx, h := range ep.apiep.Host {
+				if h == "" || h == "*" {
+					hMatch = true
+					break
+				} else {
+					if ep.hostregs[idx].MatchString(req.URL.Host) {
+						hMatch = true
+						break
+					}
+				}
+			}
+		}
+		if !hMatch {
+			continue
+		}
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("api host match %s", req.URL.Host)
+		}
+
+		// 3. try google.api path
+		for _, pathreg := range ep.pathregs {
+			matches, err := pathreg.Match(path, "")
+			if err != nil {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("api gpath not match %s != %v", path, pathreg)
+				}
+				continue
+			}
+			if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+				logger.Debugf("api gpath match %s = %v", path, pathreg)
+			}
+			pMatch = true
+			ctx := req.Context()
+			md, ok := metadata.FromContext(ctx)
+			if !ok {
+				md = make(metadata.Metadata)
+			}
+			for k, v := range matches {
+				md[fmt.Sprintf("x-api-field-%s", k)] = v
+			}
+			md["x-api-body"] = ep.apiep.Body
+			*req = *req.Clone(metadata.NewContext(ctx, md))
+			break
+		}
+
+		if !pMatch {
+			// 4. try path via pcre path matching
+			for _, pathreg := range ep.pcreregs {
+				if !pathreg.MatchString(req.URL.Path) {
+					if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+						logger.Debugf("api pcre path not match %s != %v", req.URL.Path, pathreg)
+					}
+					continue
+				}
+				pMatch = true
+				break
+			}
+		}
+
+		if !pMatch {
+			continue
+		}
+		// TODO: Percentage traffic
+
+		// we got here, so its a match
+		return ep, nil
+	}
+
+	// no match
+	return nil, fmt.Errorf("endpoint not found for %v", req.URL)
+}
+
+func (r *staticRouter) Route(req *http.Request) (*api.Service, error) {
+	if r.isClosed() {
+		return nil, errors.New("router closed")
+	}
+
+	// try get an endpoint
+	ep, err := r.Endpoint(req)
+	if err != nil {
+		return nil, err
+	}
+
+	return ep, nil
+}
+
+func NewRouter(opts ...router.Option) *staticRouter {
+	options := router.NewOptions(opts...)
+	r := &staticRouter{
+		exit: make(chan bool),
+		opts: options,
+		eps:  make(map[string]*endpoint),
+	}
+	//go r.watch()
+	//go r.refresh()
+	return r
+}
--- a/api/router/util/LICENSE.txt
+++ b/api/router/util/LICENSE.txt
@@ -0,0 +1,27 @@
+Copyright (c) 2015, Gengo, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+
+    * Neither the name of Gengo, Inc. nor the names of its
+      contributors may be used to endorse or promote products derived from this
+      software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/api/router/util/compile.go
+++ b/api/router/util/compile.go
@@ -0,0 +1,115 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/compile.go
+
+const (
+	opcodeVersion = 1
+)
+
+// Template is a compiled representation of path templates.
+type Template struct {
+	// Version is the version number of the format.
+	Version int
+	// OpCodes is a sequence of operations.
+	OpCodes []int
+	// Pool is a constant pool
+	Pool []string
+	// Verb is a VERB part in the template.
+	Verb string
+	// Fields is a list of field paths bound in this template.
+	Fields []string
+	// Original template (example: /v1/a_bit_of_everything)
+	Template string
+}
+
+// Compiler compiles utilities representation of path templates into marshallable operations.
+// They can be unmarshalled by runtime.NewPattern.
+type Compiler interface {
+	Compile() Template
+}
+
+type op struct {
+	// code is the opcode of the operation
+	code OpCode
+
+	// str is a string operand of the code.
+	// operand is ignored if str is not empty.
+	str string
+
+	// operand is a numeric operand of the code.
+	operand int
+}
+
+func (w wildcard) compile() []op {
+	return []op{
+		{code: OpPush},
+	}
+}
+
+func (w deepWildcard) compile() []op {
+	return []op{
+		{code: OpPushM},
+	}
+}
+
+func (l literal) compile() []op {
+	return []op{
+		{
+			code: OpLitPush,
+			str:  string(l),
+		},
+	}
+}
+
+func (v variable) compile() []op {
+	var ops []op
+	for _, s := range v.segments {
+		ops = append(ops, s.compile()...)
+	}
+	ops = append(ops, op{
+		code:    OpConcatN,
+		operand: len(v.segments),
+	}, op{
+		code: OpCapture,
+		str:  v.path,
+	})
+
+	return ops
+}
+
+func (t template) Compile() Template {
+	var rawOps []op
+	for _, s := range t.segments {
+		rawOps = append(rawOps, s.compile()...)
+	}
+
+	var (
+		ops    []int
+		pool   []string
+		fields []string
+	)
+	consts := make(map[string]int)
+	for _, op := range rawOps {
+		ops = append(ops, int(op.code))
+		if op.str == "" {
+			ops = append(ops, op.operand)
+		} else {
+			if _, ok := consts[op.str]; !ok {
+				consts[op.str] = len(pool)
+				pool = append(pool, op.str)
+			}
+			ops = append(ops, consts[op.str])
+		}
+		if op.code == OpCapture {
+			fields = append(fields, op.str)
+		}
+	}
+	return Template{
+		Version:  opcodeVersion,
+		OpCodes:  ops,
+		Pool:     pool,
+		Verb:     t.verb,
+		Fields:   fields,
+		Template: t.template,
+	}
+}
--- a/api/router/util/compile_test.go
+++ b/api/router/util/compile_test.go
@@ -0,0 +1,122 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/compile_test.go
+
+import (
+	"reflect"
+	"testing"
+)
+
+const (
+	operandFiller = 0
+)
+
+func TestCompile(t *testing.T) {
+	for _, spec := range []struct {
+		segs []segment
+		verb string
+
+		ops    []int
+		pool   []string
+		fields []string
+	}{
+		{},
+		{
+			segs: []segment{
+				wildcard{},
+			},
+			ops: []int{int(OpPush), operandFiller},
+		},
+		{
+			segs: []segment{
+				deepWildcard{},
+			},
+			ops: []int{int(OpPushM), operandFiller},
+		},
+		{
+			segs: []segment{
+				literal("v1"),
+			},
+			ops:  []int{int(OpLitPush), 0},
+			pool: []string{"v1"},
+		},
+		{
+			segs: []segment{
+				literal("v1"),
+			},
+			verb: "LOCK",
+			ops:  []int{int(OpLitPush), 0},
+			pool: []string{"v1"},
+		},
+		{
+			segs: []segment{
+				variable{
+					path: "name.nested",
+					segments: []segment{
+						wildcard{},
+					},
+				},
+			},
+			ops: []int{
+				int(OpPush), operandFiller,
+				int(OpConcatN), 1,
+				int(OpCapture), 0,
+			},
+			pool:   []string{"name.nested"},
+			fields: []string{"name.nested"},
+		},
+		{
+			segs: []segment{
+				literal("obj"),
+				variable{
+					path: "name.nested",
+					segments: []segment{
+						literal("a"),
+						wildcard{},
+						literal("b"),
+					},
+				},
+				variable{
+					path: "obj",
+					segments: []segment{
+						deepWildcard{},
+					},
+				},
+			},
+			ops: []int{
+				int(OpLitPush), 0,
+				int(OpLitPush), 1,
+				int(OpPush), operandFiller,
+				int(OpLitPush), 2,
+				int(OpConcatN), 3,
+				int(OpCapture), 3,
+				int(OpPushM), operandFiller,
+				int(OpConcatN), 1,
+				int(OpCapture), 0,
+			},
+			pool:   []string{"obj", "a", "b", "name.nested"},
+			fields: []string{"name.nested", "obj"},
+		},
+	} {
+		tmpl := template{
+			segments: spec.segs,
+			verb:     spec.verb,
+		}
+		compiled := tmpl.Compile()
+		if got, want := compiled.Version, opcodeVersion; got != want {
+			t.Errorf("tmpl.Compile().Version = %d; want %d; segs=%#v, verb=%q", got, want, spec.segs, spec.verb)
+		}
+		if got, want := compiled.OpCodes, spec.ops; !reflect.DeepEqual(got, want) {
+			t.Errorf("tmpl.Compile().OpCodes = %v; want %v; segs=%#v, verb=%q", got, want, spec.segs, spec.verb)
+		}
+		if got, want := compiled.Pool, spec.pool; !reflect.DeepEqual(got, want) {
+			t.Errorf("tmpl.Compile().Pool = %q; want %q; segs=%#v, verb=%q", got, want, spec.segs, spec.verb)
+		}
+		if got, want := compiled.Verb, spec.verb; got != want {
+			t.Errorf("tmpl.Compile().Verb = %q; want %q; segs=%#v, verb=%q", got, want, spec.segs, spec.verb)
+		}
+		if got, want := compiled.Fields, spec.fields; !reflect.DeepEqual(got, want) {
+			t.Errorf("tmpl.Compile().Fields = %q; want %q; segs=%#v, verb=%q", got, want, spec.segs, spec.verb)
+		}
+	}
+}
--- a/api/router/util/parse.go
+++ b/api/router/util/parse.go
@@ -0,0 +1,363 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/parse.go
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/micro/go-micro/v2/logger"
+)
+
+// InvalidTemplateError indicates that the path template is not valid.
+type InvalidTemplateError struct {
+	tmpl string
+	msg  string
+}
+
+func (e InvalidTemplateError) Error() string {
+	return fmt.Sprintf("%s: %s", e.msg, e.tmpl)
+}
+
+// Parse parses the string representation of path template
+func Parse(tmpl string) (Compiler, error) {
+	if !strings.HasPrefix(tmpl, "/") {
+		return template{}, InvalidTemplateError{tmpl: tmpl, msg: "no leading /"}
+	}
+	tokens, verb := tokenize(tmpl[1:])
+
+	p := parser{tokens: tokens}
+	segs, err := p.topLevelSegments()
+	if err != nil {
+		return template{}, InvalidTemplateError{tmpl: tmpl, msg: err.Error()}
+	}
+
+	return template{
+		segments: segs,
+		verb:     verb,
+		template: tmpl,
+	}, nil
+}
+
+func tokenize(path string) (tokens []string, verb string) {
+	if path == "" {
+		return []string{eof}, ""
+	}
+
+	const (
+		init = iota
+		field
+		nested
+	)
+	var (
+		st = init
+	)
+	for path != "" {
+		var idx int
+		switch st {
+		case init:
+			idx = strings.IndexAny(path, "/{")
+		case field:
+			idx = strings.IndexAny(path, ".=}")
+		case nested:
+			idx = strings.IndexAny(path, "/}")
+		}
+		if idx < 0 {
+			tokens = append(tokens, path)
+			break
+		}
+		switch r := path[idx]; r {
+		case '/', '.':
+		case '{':
+			st = field
+		case '=':
+			st = nested
+		case '}':
+			st = init
+		}
+		if idx == 0 {
+			tokens = append(tokens, path[idx:idx+1])
+		} else {
+			tokens = append(tokens, path[:idx], path[idx:idx+1])
+		}
+		path = path[idx+1:]
+	}
+
+	l := len(tokens)
+	t := tokens[l-1]
+	if idx := strings.LastIndex(t, ":"); idx == 0 {
+		tokens, verb = tokens[:l-1], t[1:]
+	} else if idx > 0 {
+		tokens[l-1], verb = t[:idx], t[idx+1:]
+	}
+	tokens = append(tokens, eof)
+	return tokens, verb
+}
+
+// parser is a parser of the template syntax defined in github.com/googleapis/googleapis/google/api/http.proto.
+type parser struct {
+	tokens   []string
+	accepted []string
+}
+
+// topLevelSegments is the target of this parser.
+func (p *parser) topLevelSegments() ([]segment, error) {
+	if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+		logger.Debugf("Parsing %q", p.tokens)
+	}
+	segs, err := p.segments()
+	if err != nil {
+		return nil, err
+	}
+	if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+		logger.Debugf("accept segments: %q; %q", p.accepted, p.tokens)
+	}
+	if _, err := p.accept(typeEOF); err != nil {
+		return nil, fmt.Errorf("unexpected token %q after segments %q", p.tokens[0], strings.Join(p.accepted, ""))
+	}
+	if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+		logger.Debugf("accept eof: %q; %q", p.accepted, p.tokens)
+	}
+	return segs, nil
+}
+
+func (p *parser) segments() ([]segment, error) {
+	s, err := p.segment()
+	if err != nil {
+		return nil, err
+	}
+
+	if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+		logger.Debugf("accept segment: %q; %q", p.accepted, p.tokens)
+	}
+	segs := []segment{s}
+	for {
+		if _, err := p.accept("/"); err != nil {
+			return segs, nil
+		}
+		s, err := p.segment()
+		if err != nil {
+			return segs, err
+		}
+		segs = append(segs, s)
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("accept segment: %q; %q", p.accepted, p.tokens)
+		}
+	}
+}
+
+func (p *parser) segment() (segment, error) {
+	if _, err := p.accept("*"); err == nil {
+		return wildcard{}, nil
+	}
+	if _, err := p.accept("**"); err == nil {
+		return deepWildcard{}, nil
+	}
+	if l, err := p.literal(); err == nil {
+		return l, nil
+	}
+
+	v, err := p.variable()
+	if err != nil {
+		return nil, fmt.Errorf("segment neither wildcards, literal or variable: %v", err)
+	}
+	return v, err
+}
+
+func (p *parser) literal() (segment, error) {
+	lit, err := p.accept(typeLiteral)
+	if err != nil {
+		return nil, err
+	}
+	return literal(lit), nil
+}
+
+func (p *parser) variable() (segment, error) {
+	if _, err := p.accept("{"); err != nil {
+		return nil, err
+	}
+
+	path, err := p.fieldPath()
+	if err != nil {
+		return nil, err
+	}
+
+	var segs []segment
+	if _, err := p.accept("="); err == nil {
+		segs, err = p.segments()
+		if err != nil {
+			return nil, fmt.Errorf("invalid segment in variable %q: %v", path, err)
+		}
+	} else {
+		segs = []segment{wildcard{}}
+	}
+
+	if _, err := p.accept("}"); err != nil {
+		return nil, fmt.Errorf("unterminated variable segment: %s", path)
+	}
+	return variable{
+		path:     path,
+		segments: segs,
+	}, nil
+}
+
+func (p *parser) fieldPath() (string, error) {
+	c, err := p.accept(typeIdent)
+	if err != nil {
+		return "", err
+	}
+	components := []string{c}
+	for {
+		if _, err = p.accept("."); err != nil {
+			return strings.Join(components, "."), nil
+		}
+		c, err := p.accept(typeIdent)
+		if err != nil {
+			return "", fmt.Errorf("invalid field path component: %v", err)
+		}
+		components = append(components, c)
+	}
+}
+
+// A termType is a type of terminal symbols.
+type termType string
+
+// These constants define some of valid values of termType.
+// They improve readability of parse functions.
+//
+// You can also use "/", "*", "**", "." or "=" as valid values.
+const (
+	typeIdent   = termType("ident")
+	typeLiteral = termType("literal")
+	typeEOF     = termType("$")
+)
+
+const (
+	// eof is the terminal symbol which always appears at the end of token sequence.
+	eof = "\u0000"
+)
+
+// accept tries to accept a token in "p".
+// This function consumes a token and returns it if it matches to the specified "term".
+// If it doesn't match, the function does not consume any tokens and return an error.
+func (p *parser) accept(term termType) (string, error) {
+	t := p.tokens[0]
+	switch term {
+	case "/", "*", "**", ".", "=", "{", "}":
+		if t != string(term) && t != "/" {
+			return "", fmt.Errorf("expected %q but got %q", term, t)
+		}
+	case typeEOF:
+		if t != eof {
+			return "", fmt.Errorf("expected EOF but got %q", t)
+		}
+	case typeIdent:
+		if err := expectIdent(t); err != nil {
+			return "", err
+		}
+	case typeLiteral:
+		if err := expectPChars(t); err != nil {
+			return "", err
+		}
+	default:
+		return "", fmt.Errorf("unknown termType %q", term)
+	}
+	p.tokens = p.tokens[1:]
+	p.accepted = append(p.accepted, t)
+	return t, nil
+}
+
+// expectPChars determines if "t" consists of only pchars defined in RFC3986.
+//
+// https://www.ietf.org/rfc/rfc3986.txt, P.49
+//   pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
+//   unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
+//   sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
+//                 / "*" / "+" / "," / ";" / "="
+//   pct-encoded   = "%" HEXDIG HEXDIG
+func expectPChars(t string) error {
+	const (
+		init = iota
+		pct1
+		pct2
+	)
+	st := init
+	for _, r := range t {
+		if st != init {
+			if !isHexDigit(r) {
+				return fmt.Errorf("invalid hexdigit: %c(%U)", r, r)
+			}
+			switch st {
+			case pct1:
+				st = pct2
+			case pct2:
+				st = init
+			}
+			continue
+		}
+
+		// unreserved
+		switch {
+		case 'A' <= r && r <= 'Z':
+			continue
+		case 'a' <= r && r <= 'z':
+			continue
+		case '0' <= r && r <= '9':
+			continue
+		}
+		switch r {
+		case '-', '.', '_', '~':
+			// unreserved
+		case '!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=':
+			// sub-delims
+		case ':', '@':
+			// rest of pchar
+		case '%':
+			// pct-encoded
+			st = pct1
+		default:
+			return fmt.Errorf("invalid character in path segment: %q(%U)", r, r)
+		}
+	}
+	if st != init {
+		return fmt.Errorf("invalid percent-encoding in %q", t)
+	}
+	return nil
+}
+
+// expectIdent determines if "ident" is a valid identifier in .proto schema ([[:alpha:]_][[:alphanum:]_]*).
+func expectIdent(ident string) error {
+	if ident == "" {
+		return fmt.Errorf("empty identifier")
+	}
+	for pos, r := range ident {
+		switch {
+		case '0' <= r && r <= '9':
+			if pos == 0 {
+				return fmt.Errorf("identifier starting with digit: %s", ident)
+			}
+			continue
+		case 'A' <= r && r <= 'Z':
+			continue
+		case 'a' <= r && r <= 'z':
+			continue
+		case r == '_':
+			continue
+		default:
+			return fmt.Errorf("invalid character %q(%U) in identifier: %s", r, r, ident)
+		}
+	}
+	return nil
+}
+
+func isHexDigit(r rune) bool {
+	switch {
+	case '0' <= r && r <= '9':
+		return true
+	case 'A' <= r && r <= 'F':
+		return true
+	case 'a' <= r && r <= 'f':
+		return true
+	}
+	return false
+}
--- a/api/router/util/parse_test.go
+++ b/api/router/util/parse_test.go
@@ -0,0 +1,321 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/parse_test.go
+
+import (
+	"flag"
+	"fmt"
+	"reflect"
+	"testing"
+
+	"github.com/micro/go-micro/v2/logger"
+)
+
+func TestTokenize(t *testing.T) {
+	for _, spec := range []struct {
+		src    string
+		tokens []string
+	}{
+		{
+			src:    "",
+			tokens: []string{eof},
+		},
+		{
+			src:    "v1",
+			tokens: []string{"v1", eof},
+		},
+		{
+			src:    "v1/b",
+			tokens: []string{"v1", "/", "b", eof},
+		},
+		{
+			src:    "v1/endpoint/*",
+			tokens: []string{"v1", "/", "endpoint", "/", "*", eof},
+		},
+		{
+			src:    "v1/endpoint/**",
+			tokens: []string{"v1", "/", "endpoint", "/", "**", eof},
+		},
+		{
+			src: "v1/b/{bucket_name=*}",
+			tokens: []string{
+				"v1", "/",
+				"b", "/",
+				"{", "bucket_name", "=", "*", "}",
+				eof,
+			},
+		},
+		{
+			src: "v1/b/{bucket_name=buckets/*}",
+			tokens: []string{
+				"v1", "/",
+				"b", "/",
+				"{", "bucket_name", "=", "buckets", "/", "*", "}",
+				eof,
+			},
+		},
+		{
+			src: "v1/b/{bucket_name=buckets/*}/o",
+			tokens: []string{
+				"v1", "/",
+				"b", "/",
+				"{", "bucket_name", "=", "buckets", "/", "*", "}", "/",
+				"o",
+				eof,
+			},
+		},
+		{
+			src: "v1/b/{bucket_name=buckets/*}/o/{name}",
+			tokens: []string{
+				"v1", "/",
+				"b", "/",
+				"{", "bucket_name", "=", "buckets", "/", "*", "}", "/",
+				"o", "/", "{", "name", "}",
+				eof,
+			},
+		},
+		{
+			src: "v1/a=b&c=d;e=f:g/endpoint.rdf",
+			tokens: []string{
+				"v1", "/",
+				"a=b&c=d;e=f:g", "/",
+				"endpoint.rdf",
+				eof,
+			},
+		},
+	} {
+		tokens, verb := tokenize(spec.src)
+		if got, want := tokens, spec.tokens; !reflect.DeepEqual(got, want) {
+			t.Errorf("tokenize(%q) = %q, _; want %q, _", spec.src, got, want)
+		}
+		if got, want := verb, ""; got != want {
+			t.Errorf("tokenize(%q) = _, %q; want _, %q", spec.src, got, want)
+		}
+
+		src := fmt.Sprintf("%s:%s", spec.src, "LOCK")
+		tokens, verb = tokenize(src)
+		if got, want := tokens, spec.tokens; !reflect.DeepEqual(got, want) {
+			t.Errorf("tokenize(%q) = %q, _; want %q, _", src, got, want)
+		}
+		if got, want := verb, "LOCK"; got != want {
+			t.Errorf("tokenize(%q) = _, %q; want _, %q", src, got, want)
+		}
+	}
+}
+
+func TestParseSegments(t *testing.T) {
+	flag.Set("v", "3")
+	for _, spec := range []struct {
+		tokens []string
+		want   []segment
+	}{
+		{
+			tokens: []string{"v1", eof},
+			want: []segment{
+				literal("v1"),
+			},
+		},
+		{
+			tokens: []string{"/", eof},
+			want: []segment{
+				wildcard{},
+			},
+		},
+		{
+			tokens: []string{"-._~!$&'()*+,;=:@", eof},
+			want: []segment{
+				literal("-._~!$&'()*+,;=:@"),
+			},
+		},
+		{
+			tokens: []string{"%e7%ac%ac%e4%b8%80%e7%89%88", eof},
+			want: []segment{
+				literal("%e7%ac%ac%e4%b8%80%e7%89%88"),
+			},
+		},
+		{
+			tokens: []string{"v1", "/", "*", eof},
+			want: []segment{
+				literal("v1"),
+				wildcard{},
+			},
+		},
+		{
+			tokens: []string{"v1", "/", "**", eof},
+			want: []segment{
+				literal("v1"),
+				deepWildcard{},
+			},
+		},
+		{
+			tokens: []string{"{", "name", "}", eof},
+			want: []segment{
+				variable{
+					path: "name",
+					segments: []segment{
+						wildcard{},
+					},
+				},
+			},
+		},
+		{
+			tokens: []string{"{", "name", "=", "*", "}", eof},
+			want: []segment{
+				variable{
+					path: "name",
+					segments: []segment{
+						wildcard{},
+					},
+				},
+			},
+		},
+		{
+			tokens: []string{"{", "field", ".", "nested", ".", "nested2", "=", "*", "}", eof},
+			want: []segment{
+				variable{
+					path: "field.nested.nested2",
+					segments: []segment{
+						wildcard{},
+					},
+				},
+			},
+		},
+		{
+			tokens: []string{"{", "name", "=", "a", "/", "b", "/", "*", "}", eof},
+			want: []segment{
+				variable{
+					path: "name",
+					segments: []segment{
+						literal("a"),
+						literal("b"),
+						wildcard{},
+					},
+				},
+			},
+		},
+		{
+			tokens: []string{
+				"v1", "/",
+				"{",
+				"name", ".", "nested", ".", "nested2",
+				"=",
+				"a", "/", "b", "/", "*",
+				"}", "/",
+				"o", "/",
+				"{",
+				"another_name",
+				"=",
+				"a", "/", "b", "/", "*", "/", "c",
+				"}", "/",
+				"**",
+				eof},
+			want: []segment{
+				literal("v1"),
+				variable{
+					path: "name.nested.nested2",
+					segments: []segment{
+						literal("a"),
+						literal("b"),
+						wildcard{},
+					},
+				},
+				literal("o"),
+				variable{
+					path: "another_name",
+					segments: []segment{
+						literal("a"),
+						literal("b"),
+						wildcard{},
+						literal("c"),
+					},
+				},
+				deepWildcard{},
+			},
+		},
+	} {
+		p := parser{tokens: spec.tokens}
+		segs, err := p.topLevelSegments()
+		if err != nil {
+			t.Errorf("parser{%q}.segments() failed with %v; want success", spec.tokens, err)
+			continue
+		}
+		if got, want := segs, spec.want; !reflect.DeepEqual(got, want) {
+			t.Errorf("parser{%q}.segments() = %#v; want %#v", spec.tokens, got, want)
+		}
+		if got := p.tokens; len(got) > 0 {
+			t.Errorf("p.tokens = %q; want []; spec.tokens=%q", got, spec.tokens)
+		}
+	}
+}
+
+func TestParseSegmentsWithErrors(t *testing.T) {
+	flag.Set("v", "3")
+	for _, spec := range []struct {
+		tokens []string
+	}{
+		{
+			// double slash
+			tokens: []string{"//", eof},
+		},
+		{
+			// invalid literal
+			tokens: []string{"a?b", eof},
+		},
+		{
+			// invalid percent-encoding
+			tokens: []string{"%", eof},
+		},
+		{
+			// invalid percent-encoding
+			tokens: []string{"%2", eof},
+		},
+		{
+			// invalid percent-encoding
+			tokens: []string{"a%2z", eof},
+		},
+		{
+			// empty segments
+			tokens: []string{eof},
+		},
+		{
+			// unterminated variable
+			tokens: []string{"{", "name", eof},
+		},
+		{
+			// unterminated variable
+			tokens: []string{"{", "name", "=", eof},
+		},
+		{
+			// unterminated variable
+			tokens: []string{"{", "name", "=", "*", eof},
+		},
+		{
+			// empty component in field path
+			tokens: []string{"{", "name", ".", "}", eof},
+		},
+		{
+			// empty component in field path
+			tokens: []string{"{", "name", ".", ".", "nested", "}", eof},
+		},
+		{
+			// invalid character in identifier
+			tokens: []string{"{", "field-name", "}", eof},
+		},
+		{
+			// no slash between segments
+			tokens: []string{"v1", "endpoint", eof},
+		},
+		{
+			// no slash between segments
+			tokens: []string{"v1", "{", "name", "}", eof},
+		},
+	} {
+		p := parser{tokens: spec.tokens}
+		segs, err := p.topLevelSegments()
+		if err == nil {
+			t.Errorf("parser{%q}.segments() succeeded; want InvalidTemplateError; accepted %#v", spec.tokens, segs)
+			continue
+		}
+		logger.Info(err)
+	}
+}
--- a/api/router/util/pattern.go
+++ b/api/router/util/pattern.go
@@ -0,0 +1,24 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/utilities/pattern.go
+
+// An OpCode is a opcode of compiled path patterns.
+type OpCode int
+
+// These constants are the valid values of OpCode.
+const (
+	// OpNop does nothing
+	OpNop = OpCode(iota)
+	// OpPush pushes a component to stack
+	OpPush
+	// OpLitPush pushes a component to stack if it matches to the literal
+	OpLitPush
+	// OpPushM concatenates the remaining components and pushes it to stack
+	OpPushM
+	// OpConcatN pops N items from stack, concatenates them and pushes it back to stack
+	OpConcatN
+	// OpCapture pops an item and binds it to the variable
+	OpCapture
+	// OpEnd is the least positive invalid opcode.
+	OpEnd
+)
--- a/api/router/util/runtime.go
+++ b/api/router/util/runtime.go
@@ -0,0 +1,283 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/runtime/pattern.go
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/micro/go-micro/v2/logger"
+)
+
+var (
+	// ErrNotMatch indicates that the given HTTP request path does not match to the pattern.
+	ErrNotMatch = errors.New("not match to the path pattern")
+	// ErrInvalidPattern indicates that the given definition of Pattern is not valid.
+	ErrInvalidPattern = errors.New("invalid pattern")
+)
+
+type rop struct {
+	code    OpCode
+	operand int
+}
+
+// Pattern is a template pattern of http request paths defined in github.com/googleapis/googleapis/google/api/http.proto.
+type Pattern struct {
+	// ops is a list of operations
+	ops []rop
+	// pool is a constant pool indexed by the operands or vars.
+	pool []string
+	// vars is a list of variables names to be bound by this pattern
+	vars []string
+	// stacksize is the max depth of the stack
+	stacksize int
+	// tailLen is the length of the fixed-size segments after a deep wildcard
+	tailLen int
+	// verb is the VERB part of the path pattern. It is empty if the pattern does not have VERB part.
+	verb string
+	// assumeColonVerb indicates whether a path suffix after a final
+	// colon may only be interpreted as a verb.
+	assumeColonVerb bool
+}
+
+type patternOptions struct {
+	assumeColonVerb bool
+}
+
+// PatternOpt is an option for creating Patterns.
+type PatternOpt func(*patternOptions)
+
+// NewPattern returns a new Pattern from the given definition values.
+// "ops" is a sequence of op codes. "pool" is a constant pool.
+// "verb" is the verb part of the pattern. It is empty if the pattern does not have the part.
+// "version" must be 1 for now.
+// It returns an error if the given definition is invalid.
+func NewPattern(version int, ops []int, pool []string, verb string, opts ...PatternOpt) (Pattern, error) {
+	options := patternOptions{
+		assumeColonVerb: true,
+	}
+	for _, o := range opts {
+		o(&options)
+	}
+
+	if version != 1 {
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("unsupported version: %d", version)
+		}
+		return Pattern{}, ErrInvalidPattern
+	}
+
+	l := len(ops)
+	if l%2 != 0 {
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("odd number of ops codes: %d", l)
+		}
+		return Pattern{}, ErrInvalidPattern
+	}
+
+	var (
+		typedOps        []rop
+		stack, maxstack int
+		tailLen         int
+		pushMSeen       bool
+		vars            []string
+	)
+	for i := 0; i < l; i += 2 {
+		op := rop{code: OpCode(ops[i]), operand: ops[i+1]}
+		switch op.code {
+		case OpNop:
+			continue
+		case OpPush:
+			if pushMSeen {
+				tailLen++
+			}
+			stack++
+		case OpPushM:
+			if pushMSeen {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debug("pushM appears twice")
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+			pushMSeen = true
+			stack++
+		case OpLitPush:
+			if op.operand < 0 || len(pool) <= op.operand {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("negative literal index: %d", op.operand)
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+			if pushMSeen {
+				tailLen++
+			}
+			stack++
+		case OpConcatN:
+			if op.operand <= 0 {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("negative concat size: %d", op.operand)
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+			stack -= op.operand
+			if stack < 0 {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debug("stack underflow")
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+			stack++
+		case OpCapture:
+			if op.operand < 0 || len(pool) <= op.operand {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("variable name index out of bound: %d", op.operand)
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+			v := pool[op.operand]
+			op.operand = len(vars)
+			vars = append(vars, v)
+			stack--
+			if stack < 0 {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debug("stack underflow")
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+		default:
+			if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+				logger.Debugf("invalid opcode: %d", op.code)
+			}
+			return Pattern{}, ErrInvalidPattern
+		}
+
+		if maxstack < stack {
+			maxstack = stack
+		}
+		typedOps = append(typedOps, op)
+	}
+	return Pattern{
+		ops:             typedOps,
+		pool:            pool,
+		vars:            vars,
+		stacksize:       maxstack,
+		tailLen:         tailLen,
+		verb:            verb,
+		assumeColonVerb: options.assumeColonVerb,
+	}, nil
+}
+
+// MustPattern is a helper function which makes it easier to call NewPattern in variable initialization.
+func MustPattern(p Pattern, err error) Pattern {
+	if err != nil {
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Fatalf("Pattern initialization failed: %v", err)
+		}
+	}
+	return p
+}
+
+// Match examines components if it matches to the Pattern.
+// If it matches, the function returns a mapping from field paths to their captured values.
+// If otherwise, the function returns an error.
+func (p Pattern) Match(components []string, verb string) (map[string]string, error) {
+	if p.verb != verb {
+		if p.assumeColonVerb || p.verb != "" {
+			return nil, ErrNotMatch
+		}
+		if len(components) == 0 {
+			components = []string{":" + verb}
+		} else {
+			components = append([]string{}, components...)
+			components[len(components)-1] += ":" + verb
+		}
+		verb = ""
+	}
+
+	var pos int
+	stack := make([]string, 0, p.stacksize)
+	captured := make([]string, len(p.vars))
+	l := len(components)
+	for _, op := range p.ops {
+		switch op.code {
+		case OpNop:
+			continue
+		case OpPush, OpLitPush:
+			if pos >= l {
+				return nil, ErrNotMatch
+			}
+			c := components[pos]
+			if op.code == OpLitPush {
+				if lit := p.pool[op.operand]; c != lit {
+					return nil, ErrNotMatch
+				}
+			}
+			stack = append(stack, c)
+			pos++
+		case OpPushM:
+			end := len(components)
+			if end < pos+p.tailLen {
+				return nil, ErrNotMatch
+			}
+			end -= p.tailLen
+			stack = append(stack, strings.Join(components[pos:end], "/"))
+			pos = end
+		case OpConcatN:
+			n := op.operand
+			l := len(stack) - n
+			stack = append(stack[:l], strings.Join(stack[l:], "/"))
+		case OpCapture:
+			n := len(stack) - 1
+			captured[op.operand] = stack[n]
+			stack = stack[:n]
+		}
+	}
+	if pos < l {
+		return nil, ErrNotMatch
+	}
+	bindings := make(map[string]string)
+	for i, val := range captured {
+		bindings[p.vars[i]] = val
+	}
+	return bindings, nil
+}
+
+// Verb returns the verb part of the Pattern.
+func (p Pattern) Verb() string { return p.verb }
+
+func (p Pattern) String() string {
+	var stack []string
+	for _, op := range p.ops {
+		switch op.code {
+		case OpNop:
+			continue
+		case OpPush:
+			stack = append(stack, "*")
+		case OpLitPush:
+			stack = append(stack, p.pool[op.operand])
+		case OpPushM:
+			stack = append(stack, "**")
+		case OpConcatN:
+			n := op.operand
+			l := len(stack) - n
+			stack = append(stack[:l], strings.Join(stack[l:], "/"))
+		case OpCapture:
+			n := len(stack) - 1
+			stack[n] = fmt.Sprintf("{%s=%s}", p.vars[op.operand], stack[n])
+		}
+	}
+	segs := strings.Join(stack, "/")
+	if p.verb != "" {
+		return fmt.Sprintf("/%s:%s", segs, p.verb)
+	}
+	return "/" + segs
+}
+
+// AssumeColonVerbOpt indicates whether a path suffix after a final
+// colon may only be interpreted as a verb.
+func AssumeColonVerbOpt(val bool) PatternOpt {
+	return PatternOpt(func(o *patternOptions) {
+		o.assumeColonVerb = val
+	})
+}
--- a/api/router/util/types.go
+++ b/api/router/util/types.go
@@ -0,0 +1,62 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/types.go
+
+import (
+	"fmt"
+	"strings"
+)
+
+type template struct {
+	segments []segment
+	verb     string
+	template string
+}
+
+type segment interface {
+	fmt.Stringer
+	compile() (ops []op)
+}
+
+type wildcard struct{}
+
+type deepWildcard struct{}
+
+type literal string
+
+type variable struct {
+	path     string
+	segments []segment
+}
+
+func (wildcard) String() string {
+	return "*"
+}
+
+func (deepWildcard) String() string {
+	return "**"
+}
+
+func (l literal) String() string {
+	return string(l)
+}
+
+func (v variable) String() string {
+	var segs []string
+	for _, s := range v.segments {
+		segs = append(segs, s.String())
+	}
+	return fmt.Sprintf("{%s=%s}", v.path, strings.Join(segs, "/"))
+}
+
+func (t template) String() string {
+	var segs []string
+	for _, s := range t.segments {
+		segs = append(segs, s.String())
+	}
+	str := strings.Join(segs, "/")
+	if t.verb != "" {
+		str = fmt.Sprintf("%s:%s", str, t.verb)
+	}
+	return "/" + str
+}
--- a/api/router/util/types_test.go
+++ b/api/router/util/types_test.go
@@ -0,0 +1,93 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/types_test.go
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestTemplateStringer(t *testing.T) {
+	for _, spec := range []struct {
+		segs []segment
+		want string
+	}{
+		{
+			segs: []segment{
+				literal("v1"),
+			},
+			want: "/v1",
+		},
+		{
+			segs: []segment{
+				wildcard{},
+			},
+			want: "/*",
+		},
+		{
+			segs: []segment{
+				deepWildcard{},
+			},
+			want: "/**",
+		},
+		{
+			segs: []segment{
+				variable{
+					path: "name",
+					segments: []segment{
+						literal("a"),
+					},
+				},
+			},
+			want: "/{name=a}",
+		},
+		{
+			segs: []segment{
+				variable{
+					path: "name",
+					segments: []segment{
+						literal("a"),
+						wildcard{},
+						literal("b"),
+					},
+				},
+			},
+			want: "/{name=a/*/b}",
+		},
+		{
+			segs: []segment{
+				literal("v1"),
+				variable{
+					path: "name",
+					segments: []segment{
+						literal("a"),
+						wildcard{},
+						literal("b"),
+					},
+				},
+				literal("c"),
+				variable{
+					path: "field.nested",
+					segments: []segment{
+						wildcard{},
+						literal("d"),
+					},
+				},
+				wildcard{},
+				literal("e"),
+				deepWildcard{},
+			},
+			want: "/v1/{name=a/*/b}/c/{field.nested=*/d}/*/e/**",
+		},
+	} {
+		tmpl := template{segments: spec.segs}
+		if got, want := tmpl.String(), spec.want; got != want {
+			t.Errorf("%#v.String() = %q; want %q", tmpl, got, want)
+		}
+
+		tmpl.verb = "LOCK"
+		if got, want := tmpl.String(), fmt.Sprintf("%s:LOCK", spec.want); got != want {
+			t.Errorf("%#v.String() = %q; want %q", tmpl, got, want)
+		}
+	}
+}
--- a/api/server/acme/autocert/autocert.go
+++ b/api/server/acme/autocert/autocert.go
@@ -4,11 +4,11 @@ package autocert

 import (
 	"crypto/tls"
-	"log"
 	"net"
 	"os"

 	"github.com/micro/go-micro/v2/api/server/acme"
+	"github.com/micro/go-micro/v2/logger"
 	"golang.org/x/crypto/acme/autocert"
 )

@@ -31,7 +31,9 @@ func (a *autocertProvider) TLSConfig(hosts ...string) (*tls.Config, error) {
 	}
 	dir := cacheDir()
 	if err := os.MkdirAll(dir, 0700); err != nil {
-		log.Printf("warning: autocert not using a cache: %v", err)
+		if logger.V(logger.InfoLevel, logger.DefaultLogger) {
+			logger.Infof("warning: autocert not using a cache: %v", err)
+		}
 	} else {
 		m.Cache = autocert.DirCache(dir)
 	}
--- a/api/server/acme/certmagic/certmagic.go
+++ b/api/server/acme/certmagic/certmagic.go
@@ -1,16 +1,15 @@
-// Package certmagic is the ACME provider from github.com/mholt/certmagic
+// Package certmagic is the ACME provider from github.com/caddyserver/certmagic
 package certmagic

 import (
 	"crypto/tls"
-	"log"
 	"math/rand"
 	"net"
 	"time"

-	"github.com/mholt/certmagic"
-
+	"github.com/caddyserver/certmagic"
 	"github.com/micro/go-micro/v2/api/server/acme"
+	"github.com/micro/go-micro/v2/logger"
 )

 type certmagicProvider struct {
@@ -19,10 +18,10 @@ type certmagicProvider struct {

 // TODO: set self-contained options
 func (c *certmagicProvider) setup() {
-	certmagic.Default.CA = c.opts.CA
+	certmagic.DefaultACME.CA = c.opts.CA
 	if c.opts.ChallengeProvider != nil {
 		// Enabling DNS Challenge disables the other challenges
-		certmagic.Default.DNSProvider = c.opts.ChallengeProvider
+		certmagic.DefaultACME.DNSProvider = c.opts.ChallengeProvider
 	}
 	if c.opts.OnDemand {
 		certmagic.Default.OnDemand = new(certmagic.OnDemandConfig)
@@ -33,9 +32,10 @@ func (c *certmagicProvider) setup() {
 	}
 	// If multiple instances of the provider are running, inject some
 	// randomness so they don't collide
+	// RenewalWindowRatio [0.33 - 0.50)
 	rand.Seed(time.Now().UnixNano())
-	randomDuration := (7 * 24 * time.Hour) + (time.Duration(rand.Intn(504)) * time.Hour)
-	certmagic.Default.RenewDurationBefore = randomDuration
+	randomRatio := float64(rand.Intn(17)+33) * 0.01
+	certmagic.Default.RenewalWindowRatio = randomRatio
 }

 func (c *certmagicProvider) Listen(hosts ...string) (net.Listener, error) {
@@ -48,7 +48,7 @@ func (c *certmagicProvider) TLSConfig(hosts ...string) (*tls.Config, error) {
 	return certmagic.TLS(hosts)
 }

-// New returns a certmagic provider
+// NewProvider returns a certmagic provider
 func NewProvider(options ...acme.Option) acme.Provider {
 	opts := acme.DefaultOptions()

@@ -58,7 +58,7 @@ func NewProvider(options ...acme.Option) acme.Provider {

 	if opts.Cache != nil {
 		if _, ok := opts.Cache.(certmagic.Storage); !ok {
-			log.Fatal("ACME: cache provided doesn't implement certmagic's Storage interface")
+			logger.Fatal("ACME: cache provided doesn't implement certmagic's Storage interface")
 		}
 	}

--- a/api/server/acme/certmagic/certmagic_test.go
+++ b/api/server/acme/certmagic/certmagic_test.go
@@ -1,228 +0,0 @@
-package certmagic
-
-import (
-	"net"
-	"net/http"
-	"os"
-	"reflect"
-	"sort"
-	"testing"
-	"time"
-
-	"github.com/go-acme/lego/v3/providers/dns/cloudflare"
-	"github.com/mholt/certmagic"
-	"github.com/micro/go-micro/v2/api/server/acme"
-	cfstore "github.com/micro/go-micro/v2/store/cloudflare"
-	"github.com/micro/go-micro/v2/sync/lock/memory"
-)
-
-func TestCertMagic(t *testing.T) {
-	if len(os.Getenv("IN_TRAVIS_CI")) != 0 {
-		t.Skip("Travis doesn't let us bind :443")
-	}
-	l, err := NewProvider().Listen()
-	if err != nil {
-		if _, ok := err.(*net.OpError); ok {
-			t.Skip("Run under non privileged user")
-		}
-		t.Fatal(err.Error())
-	}
-	l.Close()
-
-	c := cloudflare.NewDefaultConfig()
-	c.AuthEmail = ""
-	c.AuthKey = ""
-	c.AuthToken = "test"
-	c.ZoneToken = "test"
-
-	p, err := cloudflare.NewDNSProviderConfig(c)
-	if err != nil {
-		t.Fatal(err.Error())
-	}
-
-	l, err = NewProvider(acme.AcceptToS(true),
-		acme.CA(acme.LetsEncryptStagingCA),
-		acme.ChallengeProvider(p),
-	).Listen()
-
-	if err != nil {
-		t.Fatal(err.Error())
-	}
-	l.Close()
-}
-
-func TestStorageImplementation(t *testing.T) {
-	apiToken, accountID := os.Getenv("CF_API_TOKEN"), os.Getenv("CF_ACCOUNT_ID")
-	kvID := os.Getenv("KV_NAMESPACE_ID")
-	if len(apiToken) == 0 || len(accountID) == 0 || len(kvID) == 0 {
-		t.Skip("No Cloudflare API keys available, skipping test")
-	}
-
-	var s certmagic.Storage
-	st := cfstore.NewStore(
-		cfstore.Token(apiToken),
-		cfstore.Account(accountID),
-		cfstore.Namespace(kvID),
-	)
-	s = &storage{
-		lock:  memory.NewLock(),
-		store: st,
-	}
-
-	// Test Lock
-	if err := s.Lock("test"); err != nil {
-		t.Fatal(err)
-	}
-
-	// Test Unlock
-	if err := s.Unlock("test"); err != nil {
-		t.Fatal(err)
-	}
-
-	// Test data
-	testdata := []struct {
-		key   string
-		value []byte
-	}{
-		{key: "/foo/a", value: []byte("lorem")},
-		{key: "/foo/b", value: []byte("ipsum")},
-		{key: "/foo/c", value: []byte("dolor")},
-		{key: "/foo/d", value: []byte("sit")},
-		{key: "/bar/a", value: []byte("amet")},
-		{key: "/bar/b", value: []byte("consectetur")},
-		{key: "/bar/c", value: []byte("adipiscing")},
-		{key: "/bar/d", value: []byte("elit")},
-		{key: "/foo/bar/a", value: []byte("sed")},
-		{key: "/foo/bar/b", value: []byte("do")},
-		{key: "/foo/bar/c", value: []byte("eiusmod")},
-		{key: "/foo/bar/d", value: []byte("tempor")},
-		{key: "/foo/bar/baz/a", value: []byte("incididunt")},
-		{key: "/foo/bar/baz/b", value: []byte("ut")},
-		{key: "/foo/bar/baz/c", value: []byte("labore")},
-		{key: "/foo/bar/baz/d", value: []byte("et")},
-		// a duplicate just in case there's any edge cases
-		{key: "/foo/a", value: []byte("lorem")},
-	}
-
-	// Test Store
-	for _, d := range testdata {
-		if err := s.Store(d.key, d.value); err != nil {
-			t.Fatal(err.Error())
-		}
-	}
-
-	// Test Load
-	for _, d := range testdata {
-		if value, err := s.Load(d.key); err != nil {
-			t.Fatal(err.Error())
-		} else {
-			if !reflect.DeepEqual(value, d.value) {
-				t.Fatalf("Load %s: expected %v, got %v", d.key, d.value, value)
-			}
-		}
-	}
-
-	// Test Exists
-	for _, d := range testdata {
-		if !s.Exists(d.key) {
-			t.Fatalf("%s should exist, but doesn't\n", d.key)
-		}
-	}
-
-	// Test List
-	if list, err := s.List("/", true); err != nil {
-		t.Fatal(err.Error())
-	} else {
-		var expected []string
-		for i, d := range testdata {
-			if i != len(testdata)-1 {
-				// Don't store the intentionally duplicated key
-				expected = append(expected, d.key)
-			}
-		}
-		sort.Strings(expected)
-		sort.Strings(list)
-		if !reflect.DeepEqual(expected, list) {
-			t.Fatalf("List: Expected %v, got %v\n", expected, list)
-		}
-	}
-	if list, err := s.List("/foo", false); err != nil {
-		t.Fatal(err.Error())
-	} else {
-		sort.Strings(list)
-		expected := []string{"/foo/a", "/foo/b", "/foo/bar", "/foo/c", "/foo/d"}
-		if !reflect.DeepEqual(expected, list) {
-			t.Fatalf("List: expected %s, got %s\n", expected, list)
-		}
-	}
-
-	// Test Stat
-	for _, d := range testdata {
-		info, err := s.Stat(d.key)
-		if err != nil {
-			t.Fatal(err.Error())
-		} else {
-			if info.Key != d.key {
-				t.Fatalf("Stat().Key: expected %s, got %s\n", d.key, info.Key)
-			}
-			if info.Size != int64(len(d.value)) {
-				t.Fatalf("Stat().Size: expected %d, got %d\n", len(d.value), info.Size)
-			}
-			if time.Since(info.Modified) > time.Minute {
-				t.Fatalf("Stat().Modified: expected time since last modified to be < 1 minute, got %v\n", time.Since(info.Modified))
-			}
-		}
-
-	}
-
-	// Test Delete
-	for _, d := range testdata {
-		if err := s.Delete(d.key); err != nil {
-			t.Fatal(err.Error())
-		}
-	}
-
-	// New interface doesn't return an error, so call it in case any log.Fatal
-	// happens
-	NewProvider(acme.Cache(s))
-}
-
-// Full test with a real zone, with  against LE staging
-func TestE2e(t *testing.T) {
-	apiToken, accountID := os.Getenv("CF_API_TOKEN"), os.Getenv("CF_ACCOUNT_ID")
-	kvID := os.Getenv("KV_NAMESPACE_ID")
-	if len(apiToken) == 0 || len(accountID) == 0 || len(kvID) == 0 {
-		t.Skip("No Cloudflare API keys available, skipping test")
-	}
-
-	testLock := memory.NewLock()
-	testStore := cfstore.NewStore(
-		cfstore.Token(apiToken),
-		cfstore.Account(accountID),
-		cfstore.Namespace(kvID),
-	)
-	testStorage := NewStorage(testLock, testStore)
-
-	conf := cloudflare.NewDefaultConfig()
-	conf.AuthToken = apiToken
-	conf.ZoneToken = apiToken
-	testChallengeProvider, err := cloudflare.NewDNSProviderConfig(conf)
-	if err != nil {
-		t.Fatal(err.Error())
-	}
-
-	testProvider := NewProvider(
-		acme.AcceptToS(true),
-		acme.Cache(testStorage),
-		acme.CA(acme.LetsEncryptStagingCA),
-		acme.ChallengeProvider(testChallengeProvider),
-		acme.OnDemand(false),
-	)
-
-	listener, err := testProvider.Listen("*.micro.mu", "micro.mu")
-	if err != nil {
-		t.Fatal(err.Error())
-	}
-	go http.Serve(listener, http.NotFoundHandler())
-	time.Sleep(10 * time.Minute)
-}
--- a/api/server/acme/certmagic/storage.go
+++ b/api/server/acme/certmagic/storage.go
@@ -9,9 +9,9 @@ import (
 	"strings"
 	"time"

-	"github.com/mholt/certmagic"
+	"github.com/caddyserver/certmagic"
 	"github.com/micro/go-micro/v2/store"
-	"github.com/micro/go-micro/v2/sync/lock"
+	"github.com/micro/go-micro/v2/sync"
 )

 // File represents a "File" that will be stored in store.Store - the contents and last modified time
@@ -26,16 +26,16 @@ type File struct {
 // As certmagic storage expects a filesystem (with stat() abilities) we have to implement
 // the bare minimum of metadata.
 type storage struct {
-	lock  lock.Lock
+	lock  sync.Sync
 	store store.Store
 }

 func (s *storage) Lock(key string) error {
-	return s.lock.Acquire(key, lock.TTL(10*time.Minute))
+	return s.lock.Lock(key, sync.LockTTL(10*time.Minute))
 }

 func (s *storage) Unlock(key string) error {
-	return s.lock.Release(key)
+	return s.lock.Unlock(key)
 }

 func (s *storage) Store(key string, value []byte) error {
@@ -88,16 +88,16 @@ func (s *storage) Exists(key string) bool {
 }

 func (s *storage) List(prefix string, recursive bool) ([]string, error) {
-	records, err := s.store.List()
+	keys, err := s.store.List()
 	if err != nil {
 		return nil, err
 	}

 	//nolint:prealloc
 	var results []string
-	for _, r := range records {
-		if strings.HasPrefix(r.Key, prefix) {
-			results = append(results, r.Key)
+	for _, k := range keys {
+		if strings.HasPrefix(k, prefix) {
+			results = append(results, k)
 		}
 	}
 	if recursive {
@@ -139,7 +139,7 @@ func (s *storage) Stat(key string) (certmagic.KeyInfo, error) {
 }

 // NewStorage returns a certmagic.Storage backed by a go-micro/lock and go-micro/store
-func NewStorage(lock lock.Lock, store store.Store) certmagic.Storage {
+func NewStorage(lock sync.Sync, store store.Store) certmagic.Storage {
 	return &storage{
 		lock:  lock,
 		store: store,
--- a/api/server/cors/cors.go
+++ b/api/server/cors/cors.go
@@ -0,0 +1,44 @@
+package cors
+
+import (
+	"net/http"
+)
+
+// CombinedCORSHandler wraps a server and provides CORS headers
+func CombinedCORSHandler(h http.Handler) http.Handler {
+	return corsHandler{h}
+}
+
+type corsHandler struct {
+	handler http.Handler
+}
+
+func (c corsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	SetHeaders(w, r)
+
+	if r.Method == "OPTIONS" {
+		return
+	}
+
+	c.handler.ServeHTTP(w, r)
+}
+
+// SetHeaders sets the CORS headers
+func SetHeaders(w http.ResponseWriter, r *http.Request) {
+	set := func(w http.ResponseWriter, k, v string) {
+		if v := w.Header().Get(k); len(v) > 0 {
+			return
+		}
+		w.Header().Set(k, v)
+	}
+
+	if origin := r.Header.Get("Origin"); len(origin) > 0 {
+		set(w, "Access-Control-Allow-Origin", origin)
+	} else {
+		set(w, "Access-Control-Allow-Origin", "*")
+	}
+
+	set(w, "Access-Control-Allow-Credentials", "true")
+	set(w, "Access-Control-Allow-Methods", "POST, PATCH, GET, OPTIONS, PUT, DELETE")
+	set(w, "Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
+}
--- a/api/server/http/http.go
+++ b/api/server/http/http.go
@@ -10,7 +10,8 @@ import (

 	"github.com/gorilla/handlers"
 	"github.com/micro/go-micro/v2/api/server"
-	log "github.com/micro/go-micro/v2/logger"
+	"github.com/micro/go-micro/v2/api/server/cors"
+	"github.com/micro/go-micro/v2/logger"
 )

 type httpServer struct {
@@ -22,9 +23,14 @@ type httpServer struct {
 	exit    chan chan error
 }

-func NewServer(address string) server.Server {
+func NewServer(address string, opts ...server.Option) server.Server {
+	var options server.Options
+	for _, o := range opts {
+		o(&options)
+	}
+
 	return &httpServer{
-		opts:    server.Options{},
+		opts:    options,
 		mux:     http.NewServeMux(),
 		address: address,
 		exit:    make(chan chan error),
@@ -45,7 +51,22 @@ func (s *httpServer) Init(opts ...server.Option) error {
 }

 func (s *httpServer) Handle(path string, handler http.Handler) {
-	s.mux.Handle(path, handlers.CombinedLoggingHandler(os.Stdout, handler))
+	// TODO: move this stuff out to one place with ServeHTTP
+
+	// apply the wrappers, e.g. auth
+	for _, wrapper := range s.opts.Wrappers {
+		handler = wrapper(handler)
+	}
+
+	// wrap with cors
+	if s.opts.EnableCORS {
+		handler = cors.CombinedCORSHandler(handler)
+	}
+
+	// wrap with logger
+	handler = handlers.CombinedLoggingHandler(os.Stdout, handler)
+
+	s.mux.Handle(path, handler)
 }

 func (s *httpServer) Start() error {
@@ -65,7 +86,9 @@ func (s *httpServer) Start() error {
 		return err
 	}

-	log.Infof("HTTP API Listening on %s", l.Addr().String())
+	if logger.V(logger.InfoLevel, logger.DefaultLogger) {
+		logger.Infof("HTTP API Listening on %s", l.Addr().String())
+	}

 	s.mtx.Lock()
 	s.address = l.Addr().String()
@@ -74,7 +97,7 @@ func (s *httpServer) Start() error {
 	go func() {
 		if err := http.Serve(l, s.mux); err != nil {
 			// temporary fix
-			//log.Fatal(err)
+			//logger.Fatal(err)
 		}
 	}()

--- a/api/server/options.go
+++ b/api/server/options.go
@@ -2,7 +2,9 @@ package server

 import (
 	"crypto/tls"
+	"net/http"

+	"github.com/micro/go-micro/v2/api/resolver"
 	"github.com/micro/go-micro/v2/api/server/acme"
 )

@@ -10,10 +12,27 @@ type Option func(o *Options)

 type Options struct {
 	EnableACME   bool
+	EnableCORS   bool
 	ACMEProvider acme.Provider
 	EnableTLS    bool
 	ACMEHosts    []string
 	TLSConfig    *tls.Config
+	Resolver     resolver.Resolver
+	Wrappers     []Wrapper
+}
+
+type Wrapper func(h http.Handler) http.Handler
+
+func WrapHandler(w Wrapper) Option {
+	return func(o *Options) {
+		o.Wrappers = append(o.Wrappers, w)
+	}
+}
+
+func EnableCORS(b bool) Option {
+	return func(o *Options) {
+		o.EnableCORS = b
+	}
 }

 func EnableACME(b bool) Option {
@@ -45,3 +64,9 @@ func TLSConfig(t *tls.Config) Option {
 		o.TLSConfig = t
 	}
 }
+
+func Resolver(r resolver.Resolver) Option {
+	return func(o *Options) {
+		o.Resolver = r
+	}
+}
--- a/api/service/proto/api.pb.go
+++ b/api/service/proto/api.pb.go
@@ -0,0 +1,268 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: api/service/proto/api.proto
+
+package go_micro_api
+
+import (
+	context "context"
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type Endpoint struct {
+	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Host                 []string `protobuf:"bytes,2,rep,name=host,proto3" json:"host,omitempty"`
+	Path                 []string `protobuf:"bytes,3,rep,name=path,proto3" json:"path,omitempty"`
+	Method               []string `protobuf:"bytes,4,rep,name=method,proto3" json:"method,omitempty"`
+	Stream               bool     `protobuf:"varint,5,opt,name=stream,proto3" json:"stream,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Endpoint) Reset()         { *m = Endpoint{} }
+func (m *Endpoint) String() string { return proto.CompactTextString(m) }
+func (*Endpoint) ProtoMessage()    {}
+func (*Endpoint) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c4a48b6b680b5c31, []int{0}
+}
+
+func (m *Endpoint) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Endpoint.Unmarshal(m, b)
+}
+func (m *Endpoint) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Endpoint.Marshal(b, m, deterministic)
+}
+func (m *Endpoint) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Endpoint.Merge(m, src)
+}
+func (m *Endpoint) XXX_Size() int {
+	return xxx_messageInfo_Endpoint.Size(m)
+}
+func (m *Endpoint) XXX_DiscardUnknown() {
+	xxx_messageInfo_Endpoint.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Endpoint proto.InternalMessageInfo
+
+func (m *Endpoint) GetName() string {
+	if m != nil {
+		return m.Name
+	}
+	return ""
+}
+
+func (m *Endpoint) GetHost() []string {
+	if m != nil {
+		return m.Host
+	}
+	return nil
+}
+
+func (m *Endpoint) GetPath() []string {
+	if m != nil {
+		return m.Path
+	}
+	return nil
+}
+
+func (m *Endpoint) GetMethod() []string {
+	if m != nil {
+		return m.Method
+	}
+	return nil
+}
+
+func (m *Endpoint) GetStream() bool {
+	if m != nil {
+		return m.Stream
+	}
+	return false
+}
+
+type EmptyResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *EmptyResponse) Reset()         { *m = EmptyResponse{} }
+func (m *EmptyResponse) String() string { return proto.CompactTextString(m) }
+func (*EmptyResponse) ProtoMessage()    {}
+func (*EmptyResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c4a48b6b680b5c31, []int{1}
+}
+
+func (m *EmptyResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_EmptyResponse.Unmarshal(m, b)
+}
+func (m *EmptyResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_EmptyResponse.Marshal(b, m, deterministic)
+}
+func (m *EmptyResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_EmptyResponse.Merge(m, src)
+}
+func (m *EmptyResponse) XXX_Size() int {
+	return xxx_messageInfo_EmptyResponse.Size(m)
+}
+func (m *EmptyResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_EmptyResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_EmptyResponse proto.InternalMessageInfo
+
+func init() {
+	proto.RegisterType((*Endpoint)(nil), "go.micro.api.Endpoint")
+	proto.RegisterType((*EmptyResponse)(nil), "go.micro.api.EmptyResponse")
+}
+
+func init() { proto.RegisterFile("api/service/proto/api.proto", fileDescriptor_c4a48b6b680b5c31) }
+
+var fileDescriptor_c4a48b6b680b5c31 = []byte{
+	// 212 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0xd0, 0xc1, 0x4a, 0x03, 0x31,
+	0x10, 0x80, 0x61, 0xd7, 0xad, 0x65, 0x1d, 0x14, 0x21, 0x87, 0x12, 0xec, 0x65, 0xd9, 0x53, 0x4f,
+	0x59, 0xd0, 0x27, 0x28, 0xda, 0x17, 0xd8, 0x37, 0x88, 0xed, 0xd0, 0x9d, 0x43, 0x32, 0x43, 0x32,
+	0x14, 0x7c, 0x08, 0xdf, 0x59, 0x12, 0x2b, 0x2c, 0x5e, 0xbd, 0xfd, 0xf3, 0x1d, 0x86, 0x61, 0x60,
+	0xeb, 0x85, 0xc6, 0x8c, 0xe9, 0x42, 0x47, 0x1c, 0x25, 0xb1, 0xf2, 0xe8, 0x85, 0x5c, 0x2d, 0xf3,
+	0x70, 0x66, 0x17, 0xe8, 0x98, 0xd8, 0x79, 0xa1, 0xe1, 0x02, 0xdd, 0x21, 0x9e, 0x84, 0x29, 0xaa,
+	0x31, 0xb0, 0x8a, 0x3e, 0xa0, 0x6d, 0xfa, 0x66, 0x77, 0x3f, 0xd5, 0x2e, 0x36, 0x73, 0x56, 0x7b,
+	0xdb, 0xb7, 0xc5, 0x4a, 0x17, 0x13, 0xaf, 0xb3, 0x6d, 0x7f, 0xac, 0xb4, 0xd9, 0xc0, 0x3a, 0xa0,
+	0xce, 0x7c, 0xb2, 0xab, 0xaa, 0xd7, 0xa9, 0x78, 0xd6, 0x84, 0x3e, 0xd8, 0xbb, 0xbe, 0xd9, 0x75,
+	0xd3, 0x75, 0x1a, 0x9e, 0xe0, 0xf1, 0x10, 0x44, 0x3f, 0x27, 0xcc, 0xc2, 0x31, 0xe3, 0xcb, 0x57,
+	0x03, 0xed, 0x5e, 0xc8, 0xec, 0xa1, 0x9b, 0xf0, 0x4c, 0x59, 0x31, 0x99, 0x8d, 0x5b, 0xde, 0xea,
+	0x7e, 0x0f, 0x7d, 0xde, 0xfe, 0xf1, 0xe5, 0xa2, 0xe1, 0xc6, 0xbc, 0x01, 0xbc, 0x63, 0xfa, 0xdf,
+	0x92, 0x8f, 0x75, 0xfd, 0xd6, 0xeb, 0x77, 0x00, 0x00, 0x00, 0xff, 0xff, 0x46, 0x62, 0x67, 0x30,
+	0x4c, 0x01, 0x00, 0x00,
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// ApiClient is the client API for Api service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type ApiClient interface {
+	Register(ctx context.Context, in *Endpoint, opts ...grpc.CallOption) (*EmptyResponse, error)
+	Deregister(ctx context.Context, in *Endpoint, opts ...grpc.CallOption) (*EmptyResponse, error)
+}
+
+type apiClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewApiClient(cc *grpc.ClientConn) ApiClient {
+	return &apiClient{cc}
+}
+
+func (c *apiClient) Register(ctx context.Context, in *Endpoint, opts ...grpc.CallOption) (*EmptyResponse, error) {
+	out := new(EmptyResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.api.Api/Register", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *apiClient) Deregister(ctx context.Context, in *Endpoint, opts ...grpc.CallOption) (*EmptyResponse, error) {
+	out := new(EmptyResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.api.Api/Deregister", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// ApiServer is the server API for Api service.
+type ApiServer interface {
+	Register(context.Context, *Endpoint) (*EmptyResponse, error)
+	Deregister(context.Context, *Endpoint) (*EmptyResponse, error)
+}
+
+// UnimplementedApiServer can be embedded to have forward compatible implementations.
+type UnimplementedApiServer struct {
+}
+
+func (*UnimplementedApiServer) Register(ctx context.Context, req *Endpoint) (*EmptyResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Register not implemented")
+}
+func (*UnimplementedApiServer) Deregister(ctx context.Context, req *Endpoint) (*EmptyResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Deregister not implemented")
+}
+
+func RegisterApiServer(s *grpc.Server, srv ApiServer) {
+	s.RegisterService(&_Api_serviceDesc, srv)
+}
+
+func _Api_Register_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(Endpoint)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ApiServer).Register(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.api.Api/Register",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ApiServer).Register(ctx, req.(*Endpoint))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Api_Deregister_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(Endpoint)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ApiServer).Deregister(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.api.Api/Deregister",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ApiServer).Deregister(ctx, req.(*Endpoint))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Api_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "go.micro.api.Api",
+	HandlerType: (*ApiServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Register",
+			Handler:    _Api_Register_Handler,
+		},
+		{
+			MethodName: "Deregister",
+			Handler:    _Api_Deregister_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "api/service/proto/api.proto",
+}
--- a/api/service/proto/api.pb.micro.go
+++ b/api/service/proto/api.pb.micro.go
@@ -0,0 +1,110 @@
+// Code generated by protoc-gen-micro. DO NOT EDIT.
+// source: api/service/proto/api.proto
+
+package go_micro_api
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
+
+import (
+	context "context"
+	api "github.com/micro/go-micro/v2/api"
+	client "github.com/micro/go-micro/v2/client"
+	server "github.com/micro/go-micro/v2/server"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
+var _ context.Context
+var _ client.Option
+var _ server.Option
+
+// Api Endpoints for Api service
+
+func NewApiEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
+// Client API for Api service
+
+type ApiService interface {
+	Register(ctx context.Context, in *Endpoint, opts ...client.CallOption) (*EmptyResponse, error)
+	Deregister(ctx context.Context, in *Endpoint, opts ...client.CallOption) (*EmptyResponse, error)
+}
+
+type apiService struct {
+	c    client.Client
+	name string
+}
+
+func NewApiService(name string, c client.Client) ApiService {
+	return &apiService{
+		c:    c,
+		name: name,
+	}
+}
+
+func (c *apiService) Register(ctx context.Context, in *Endpoint, opts ...client.CallOption) (*EmptyResponse, error) {
+	req := c.c.NewRequest(c.name, "Api.Register", in)
+	out := new(EmptyResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *apiService) Deregister(ctx context.Context, in *Endpoint, opts ...client.CallOption) (*EmptyResponse, error) {
+	req := c.c.NewRequest(c.name, "Api.Deregister", in)
+	out := new(EmptyResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// Server API for Api service
+
+type ApiHandler interface {
+	Register(context.Context, *Endpoint, *EmptyResponse) error
+	Deregister(context.Context, *Endpoint, *EmptyResponse) error
+}
+
+func RegisterApiHandler(s server.Server, hdlr ApiHandler, opts ...server.HandlerOption) error {
+	type api interface {
+		Register(ctx context.Context, in *Endpoint, out *EmptyResponse) error
+		Deregister(ctx context.Context, in *Endpoint, out *EmptyResponse) error
+	}
+	type Api struct {
+		api
+	}
+	h := &apiHandler{hdlr}
+	return s.Handle(s.NewHandler(&Api{h}, opts...))
+}
+
+type apiHandler struct {
+	ApiHandler
+}
+
+func (h *apiHandler) Register(ctx context.Context, in *Endpoint, out *EmptyResponse) error {
+	return h.ApiHandler.Register(ctx, in, out)
+}
+
+func (h *apiHandler) Deregister(ctx context.Context, in *Endpoint, out *EmptyResponse) error {
+	return h.ApiHandler.Deregister(ctx, in, out)
+}
--- a/api/service/proto/api.proto
+++ b/api/service/proto/api.proto
@@ -0,0 +1,18 @@
+syntax = "proto3";
+
+package go.micro.api;
+
+service Api {
+  rpc Register(Endpoint) returns (EmptyResponse) {};
+  rpc Deregister(Endpoint) returns (EmptyResponse) {};
+}
+
+message Endpoint {
+  string name = 1;
+  repeated string host = 2;
+  repeated string path = 3;
+  repeated string method = 4;
+  bool stream = 5;
+}
+
+message EmptyResponse {}
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -2,51 +2,132 @@
 package auth

 import (
+	"context"
+	"errors"
 	"time"
 )

-// Auth providers authentication and authorization
+const (
+	// BearerScheme used for Authorization header
+	BearerScheme = "Bearer "
+	// ScopePublic is the scope applied to a rule to allow access to the public
+	ScopePublic = ""
+	// ScopeAccount is the scope applied to a rule to limit to users with any valid account
+	ScopeAccount = "*"
+)
+
+var (
+	// ErrInvalidToken is when the token provided is not valid
+	ErrInvalidToken = errors.New("invalid token provided")
+	// ErrForbidden is when a user does not have the necessary scope to access a resource
+	ErrForbidden = errors.New("resource forbidden")
+)
+
+// Auth provides authentication and authorization
 type Auth interface {
-	// Init the auth package
-	Init(opts ...Option) error
-	// Options returns the options set
+	// Init the auth
+	Init(opts ...Option)
+	// Options set for auth
 	Options() Options
-	// Generate a new auth Account
+	// Generate a new account
 	Generate(id string, opts ...GenerateOption) (*Account, error)
-	// Revoke an authorization Account
-	Revoke(token string) error
-	// Validate an account token
-	Validate(token string) (*Account, error)
-	// String returns the implementation
+	// Verify an account has access to a resource using the rules
+	Verify(acc *Account, res *Resource, opts ...VerifyOption) error
+	// Inspect a token
+	Inspect(token string) (*Account, error)
+	// Token generated using refresh token or credentials
+	Token(opts ...TokenOption) (*Token, error)
+	// Grant access to a resource
+	Grant(rule *Rule) error
+	// Revoke access to a resource
+	Revoke(rule *Rule) error
+	// Rules returns all the rules used to verify requests
+	Rules(...RulesOption) ([]*Rule, error)
+	// String returns the name of the implementation
 	String() string
 }

-// Resource is an entity such as a user or
-type Resource struct {
-	// Name of the resource
-	Name string
-	// Type of resource, e.g.
-	Type string
-}
-
-// Role an account has
-type Role struct {
-	Name     string
-	Resource *Resource
-}
-
 // Account provided by an auth provider
 type Account struct {
-	// ID of the account (UUID or email)
-	Id string `json:"id"`
-	// Token used to authenticate
-	Token string `json:"token"`
-	// Time of Account creation
-	Created time.Time `json:"created"`
-	// Time of Account expiry
-	Expiry time.Time `json:"expiry"`
-	// Roles associated with the Account
-	Roles []*Role `json:"roles"`
+	// ID of the account e.g. email
+	ID string `json:"id"`
+	// Type of the account, e.g. service
+	Type string `json:"type"`
+	// Issuer of the account
+	Issuer string `json:"issuer"`
 	// Any other associated metadata
 	Metadata map[string]string `json:"metadata"`
+	// Scopes the account has access to
+	Scopes []string `json:"scopes"`
+	// Secret for the account, e.g. the password
+	Secret string `json:"secret"`
+}
+
+// Token can be short or long lived
+type Token struct {
+	// The token to be used for accessing resources
+	AccessToken string `json:"access_token"`
+	// RefreshToken to be used to generate a new token
+	RefreshToken string `json:"refresh_token"`
+	// Time of token creation
+	Created time.Time `json:"created"`
+	// Time of token expiry
+	Expiry time.Time `json:"expiry"`
+}
+
+// Expired returns a boolean indicating if the token needs to be refreshed
+func (t *Token) Expired() bool {
+	return t.Expiry.Unix() < time.Now().Unix()
+}
+
+// Resource is an entity such as a user or
+type Resource struct {
+	// Name of the resource, e.g. go.micro.service.notes
+	Name string `json:"name"`
+	// Type of resource, e.g. service
+	Type string `json:"type"`
+	// Endpoint resource e.g NotesService.Create
+	Endpoint string `json:"endpoint"`
+}
+
+// Access defines the type of access a rule grants
+type Access int
+
+const (
+	// AccessGranted to a resource
+	AccessGranted Access = iota
+	// AccessDenied to a resource
+	AccessDenied
+)
+
+// Rule is used to verify access to a resource
+type Rule struct {
+	// ID of the rule, e.g. "public"
+	ID string
+	// Scope the rule requires, a blank scope indicates open to the public and * indicates the rule
+	// applies to any valid account
+	Scope string
+	// Resource the rule applies to
+	Resource *Resource
+	// Access determines if the rule grants or denies access to the resource
+	Access Access
+	// Priority the rule should take when verifying a request, the higher the value the sooner the
+	// rule will be applied
+	Priority int32
+}
+
+type accountKey struct{}
+
+// AccountFromContext gets the account from the context, which
+// is set by the auth wrapper at the start of a call. If the account
+// is not set, a nil account will be returned. The error is only returned
+// when there was a problem retrieving an account
+func AccountFromContext(ctx context.Context) (*Account, bool) {
+	acc, ok := ctx.Value(accountKey{}).(*Account)
+	return acc, ok
+}
+
+// ContextWithAccount sets the account in the context
+func ContextWithAccount(ctx context.Context, account *Account) context.Context {
+	return context.WithValue(ctx, accountKey{}, account)
 }
--- a/auth/default.go
+++ b/auth/default.go
@@ -1,36 +1,88 @@
 package auth

+import (
+	"github.com/google/uuid"
+	"github.com/micro/go-micro/v2/auth/provider/basic"
+)
+
 var (
 	DefaultAuth = NewAuth()
 )

-// NewAuth returns a new default registry which is noop
 func NewAuth(opts ...Option) Auth {
-	return noop{}
+	options := Options{
+		Provider: basic.NewProvider(),
+	}
+
+	for _, o := range opts {
+		o(&options)
+	}
+
+	return &noop{
+		opts: options,
+	}
 }

-type noop struct{}
-
-func (noop) Init(opts ...Option) error {
-	return nil
+type noop struct {
+	opts Options
 }

-func (noop) Options() Options {
-	return Options{}
-}
-
-func (noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
-	return nil, nil
-}
-
-func (noop) Revoke(token string) error {
-	return nil
-}
-
-func (noop) Validate(token string) (*Account, error) {
-	return nil, nil
-}
-
-func (noop) String() string {
+// String returns the name of the implementation
+func (n *noop) String() string {
 	return "noop"
 }
+
+// Init the auth
+func (n *noop) Init(opts ...Option) {
+	for _, o := range opts {
+		o(&n.opts)
+	}
+}
+
+// Options set for auth
+func (n *noop) Options() Options {
+	return n.opts
+}
+
+// Generate a new account
+func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
+	options := NewGenerateOptions(opts...)
+
+	return &Account{
+		ID:       id,
+		Secret:   options.Secret,
+		Metadata: options.Metadata,
+		Scopes:   options.Scopes,
+		Issuer:   n.Options().Namespace,
+	}, nil
+}
+
+// Grant access to a resource
+func (n *noop) Grant(rule *Rule) error {
+	return nil
+}
+
+// Revoke access to a resource
+func (n *noop) Revoke(rule *Rule) error {
+	return nil
+}
+
+// Rules used to verify requests
+func (n *noop) Rules(opts ...RulesOption) ([]*Rule, error) {
+	return []*Rule{}, nil
+}
+
+// Verify an account has access to a resource
+func (n *noop) Verify(acc *Account, res *Resource, opts ...VerifyOption) error {
+	return nil
+}
+
+// Inspect a token
+func (n *noop) Inspect(token string) (*Account, error) {
+	return &Account{ID: uuid.New().String(), Issuer: n.Options().Namespace}, nil
+}
+
+// Token generation using an account id and secret
+func (n *noop) Token(opts ...TokenOption) (*Token, error) {
+	return &Token{}, nil
+}
--- a/auth/jwt/jwt.go
+++ b/auth/jwt/jwt.go
@@ -1,120 +1,147 @@
 package jwt

 import (
-	"errors"
+	"sync"
 	"time"

-	"github.com/dgrijalva/jwt-go"
 	"github.com/micro/go-micro/v2/auth"
+	"github.com/micro/go-micro/v2/auth/rules"
+	"github.com/micro/go-micro/v2/auth/token"
+	jwtToken "github.com/micro/go-micro/v2/auth/token/jwt"
 )

-// ErrInvalidPrivateKey is returned when the service provided an invalid private key
-var ErrInvalidPrivateKey = errors.New("An invalid private key was provided")
-
-// ErrEncodingToken is returned when the service encounters an error during encoding
-var ErrEncodingToken = errors.New("An error occured while encoding the JWT")
-
-// ErrInvalidToken is returned when the token provided is not valid
-var ErrInvalidToken = errors.New("An invalid token was provided")
-
-// ErrMissingToken is returned when no token is provided
-var ErrMissingToken = errors.New("A valid JWT is required")
-
 // NewAuth returns a new instance of the Auth service
 func NewAuth(opts ...auth.Option) auth.Auth {
-	svc := new(svc)
-	svc.Init(opts...)
-	return svc
+	j := new(jwt)
+	j.Init(opts...)
+	return j
 }

-// svc is the JWT implementation of the Auth interface
-type svc struct {
+type jwt struct {
 	options auth.Options
+	jwt     token.Provider
+	rules   []*auth.Rule
+
+	sync.Mutex
 }

-func (s *svc) String() string {
+func (j *jwt) String() string {
 	return "jwt"
 }

-func (s *svc) Options() auth.Options {
-	return s.options
-}
+func (j *jwt) Init(opts ...auth.Option) {
+	j.Lock()
+	defer j.Unlock()

-func (s *svc) Init(opts ...auth.Option) error {
 	for _, o := range opts {
-		o(&s.options)
+		o(&j.options)
 	}

-	return nil
+	j.jwt = jwtToken.NewTokenProvider(
+		token.WithPrivateKey(j.options.PrivateKey),
+		token.WithPublicKey(j.options.PublicKey),
+	)
 }

-// AuthClaims to be encoded in the JWT
-type AuthClaims struct {
-	Id       string            `json:"id"`
-	Roles    []*auth.Role      `json:"roles"`
-	Metadata map[string]string `json:"metadata"`
-
-	jwt.StandardClaims
+func (j *jwt) Options() auth.Options {
+	j.Lock()
+	defer j.Unlock()
+	return j.options
 }

-// Generate a new JWT
-func (s *svc) Generate(id string, ops ...auth.GenerateOption) (*auth.Account, error) {
-	key, err := jwt.ParseRSAPrivateKeyFromPEM(s.options.PrivateKey)
-	if err != nil {
-		return nil, ErrEncodingToken
-	}
-
-	options := auth.NewGenerateOptions(ops...)
-	account := jwt.NewWithClaims(jwt.SigningMethodRS256, AuthClaims{
-		id, options.Roles, options.Metadata, jwt.StandardClaims{
-			Subject:   id,
-			ExpiresAt: time.Now().Add(time.Hour * 24).Unix(),
-		},
-	})
-
-	token, err := account.SignedString(key)
-	if err != nil {
-		return nil, err
-	}
-
-	return &auth.Account{
-		Id:       id,
-		Token:    token,
-		Roles:    options.Roles,
+func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
+	options := auth.NewGenerateOptions(opts...)
+	account := &auth.Account{
+		ID:       id,
+		Type:     options.Type,
+		Scopes:   options.Scopes,
 		Metadata: options.Metadata,
-	}, nil
+		Issuer:   j.Options().Namespace,
+	}
+
+	// generate a JWT secret which can be provided to the Token() method
+	// and exchanged for an access token
+	secret, err := j.jwt.Generate(account)
+	if err != nil {
+		return nil, err
+	}
+	account.Secret = secret.Token
+
+	// return the account
+	return account, nil
 }

-// Revoke an authorization account
-func (s *svc) Revoke(token string) error {
+func (j *jwt) Grant(rule *auth.Rule) error {
+	j.Lock()
+	defer j.Unlock()
+	j.rules = append(j.rules, rule)
 	return nil
 }

-// Validate a JWT
-func (s *svc) Validate(token string) (*auth.Account, error) {
-	if token == "" {
-		return nil, ErrMissingToken
+func (j *jwt) Revoke(rule *auth.Rule) error {
+	j.Lock()
+	defer j.Unlock()
+
+	rules := []*auth.Rule{}
+	for _, r := range j.rules {
+		if r.ID != rule.ID {
+			rules = append(rules, r)
+		}
 	}

-	res, err := jwt.ParseWithClaims(token, &AuthClaims{}, func(token *jwt.Token) (interface{}, error) {
-		return jwt.ParseRSAPublicKeyFromPEM(s.options.PublicKey)
-	})
+	j.rules = rules
+	return nil
+}
+
+func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
+	j.Lock()
+	defer j.Unlock()
+
+	var options auth.VerifyOptions
+	for _, o := range opts {
+		o(&options)
+	}
+
+	return rules.Verify(j.rules, acc, res)
+}
+
+func (j *jwt) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
+	j.Lock()
+	defer j.Unlock()
+	return j.rules, nil
+}
+
+func (j *jwt) Inspect(token string) (*auth.Account, error) {
+	return j.jwt.Inspect(token)
+}
+
+func (j *jwt) Token(opts ...auth.TokenOption) (*auth.Token, error) {
+	options := auth.NewTokenOptions(opts...)
+
+	secret := options.RefreshToken
+	if len(options.Secret) > 0 {
+		secret = options.Secret
+	}
+
+	account, err := j.jwt.Inspect(secret)
 	if err != nil {
 		return nil, err
 	}

-	if !res.Valid {
-		return nil, ErrInvalidToken
+	access, err := j.jwt.Generate(account, token.WithExpiry(options.Expiry))
+	if err != nil {
+		return nil, err
 	}

-	claims, ok := res.Claims.(*AuthClaims)
-	if !ok {
-		return nil, ErrInvalidToken
+	refresh, err := j.jwt.Generate(account, token.WithExpiry(options.Expiry+time.Hour))
+	if err != nil {
+		return nil, err
 	}

-	return &auth.Account{
-		Id:       claims.Id,
-		Metadata: claims.Metadata,
-		Roles:    claims.Roles,
+	return &auth.Token{
+		Created:      access.Created,
+		Expiry:       access.Expiry,
+		AccessToken:  access.Token,
+		RefreshToken: refresh.Token,
 	}, nil
 }
--- a/auth/options.go
+++ b/auth/options.go
@@ -1,56 +1,171 @@
 package auth

 import (
-	b64 "encoding/base64"
+	"context"
+	"time"
+
+	"github.com/micro/go-micro/v2/auth/provider"
+	"github.com/micro/go-micro/v2/client"
+	"github.com/micro/go-micro/v2/store"
 )

+func NewOptions(opts ...Option) Options {
+	var options Options
+	for _, o := range opts {
+		o(&options)
+	}
+	if options.Client == nil {
+		options.Client = client.DefaultClient
+	}
+
+	return options
+}
+
 type Options struct {
-	PublicKey  []byte
-	PrivateKey []byte
-	Excludes   []string
+	// Namespace the service belongs to
+	Namespace string
+	// ID is the services auth ID
+	ID string
+	// Secret is used to authenticate the service
+	Secret string
+	// Token is the services token used to authenticate itself
+	Token *Token
+	// PublicKey for decoding JWTs
+	PublicKey string
+	// PrivateKey for encoding JWTs
+	PrivateKey string
+	// Provider is an auth provider
+	Provider provider.Provider
+	// LoginURL is the relative url path where a user can login
+	LoginURL string
+	// Store to back auth
+	Store store.Store
+	// Client to use for RPC
+	Client client.Client
+	// Addrs sets the addresses of auth
+	Addrs []string
 }

 type Option func(o *Options)

-// Excludes endpoints from auth
-func Excludes(excludes ...string) Option {
+// Addrs is the auth addresses to use
+func Addrs(addrs ...string) Option {
 	return func(o *Options) {
-		o.Excludes = excludes
+		o.Addrs = addrs
+	}
+}
+
+// Namespace the service belongs to
+func Namespace(n string) Option {
+	return func(o *Options) {
+		o.Namespace = n
+	}
+}
+
+// Store to back auth
+func Store(s store.Store) Option {
+	return func(o *Options) {
+		o.Store = s
 	}
 }

 // PublicKey is the JWT public key
 func PublicKey(key string) Option {
 	return func(o *Options) {
-		o.PublicKey, _ = b64.StdEncoding.DecodeString(key)
+		o.PublicKey = key
 	}
 }

 // PrivateKey is the JWT private key
 func PrivateKey(key string) Option {
 	return func(o *Options) {
-		o.PrivateKey, _ = b64.StdEncoding.DecodeString(key)
+		o.PrivateKey = key
+	}
+}
+
+// Credentials sets the auth credentials
+func Credentials(id, secret string) Option {
+	return func(o *Options) {
+		o.ID = id
+		o.Secret = secret
+	}
+}
+
+// ClientToken sets the auth token to use when making requests
+func ClientToken(token *Token) Option {
+	return func(o *Options) {
+		o.Token = token
+	}
+}
+
+// Provider set the auth provider
+func Provider(p provider.Provider) Option {
+	return func(o *Options) {
+		o.Provider = p
+	}
+}
+
+// LoginURL sets the auth LoginURL
+func LoginURL(url string) Option {
+	return func(o *Options) {
+		o.LoginURL = url
+	}
+}
+
+// WithClient sets the client to use when making requests
+func WithClient(c client.Client) Option {
+	return func(o *Options) {
+		o.Client = c
 	}
 }

 type GenerateOptions struct {
+	// Metadata associated with the account
 	Metadata map[string]string
-	Roles    []*Role
+	// Scopes the account has access too
+	Scopes []string
+	// Provider of the account, e.g. oauth
+	Provider string
+	// Type of the account, e.g. user
+	Type string
+	// Secret used to authenticate the account
+	Secret string
 }

 type GenerateOption func(o *GenerateOptions)

-// Metadata for the generated account
-func Metadata(md map[string]string) func(o *GenerateOptions) {
+// WithSecret for the generated account
+func WithSecret(s string) GenerateOption {
+	return func(o *GenerateOptions) {
+		o.Secret = s
+	}
+}
+
+// WithType for the generated account
+func WithType(t string) GenerateOption {
+	return func(o *GenerateOptions) {
+		o.Type = t
+	}
+}
+
+// WithMetadata for the generated account
+func WithMetadata(md map[string]string) GenerateOption {
 	return func(o *GenerateOptions) {
 		o.Metadata = md
 	}
 }

-// Roles for the generated account
-func Roles(rs []*Role) func(o *GenerateOptions) {
+// WithProvider for the generated account
+func WithProvider(p string) GenerateOption {
 	return func(o *GenerateOptions) {
-		o.Roles = rs
+		o.Provider = p
+	}
+}
+
+// WithScopes for the generated account
+func WithScopes(s ...string) GenerateOption {
+	return func(o *GenerateOptions) {
+		o.Scopes = s
 	}
 }

@@ -60,6 +175,77 @@ func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
 	for _, o := range opts {
 		o(&options)
 	}
+	return options
+}
+
+type TokenOptions struct {
+	// ID for the account
+	ID string
+	// Secret for the account
+	Secret string
+	// RefreshToken is used to refesh a token
+	RefreshToken string
+	// Expiry is the time the token should live for
+	Expiry time.Duration
+}
+
+type TokenOption func(o *TokenOptions)
+
+// WithExpiry for the token
+func WithExpiry(ex time.Duration) TokenOption {
+	return func(o *TokenOptions) {
+		o.Expiry = ex
+	}
+}
+
+func WithCredentials(id, secret string) TokenOption {
+	return func(o *TokenOptions) {
+		o.ID = id
+		o.Secret = secret
+	}
+}
+
+func WithToken(rt string) TokenOption {
+	return func(o *TokenOptions) {
+		o.RefreshToken = rt
+	}
+}
+
+// NewTokenOptions from a slice of options
+func NewTokenOptions(opts ...TokenOption) TokenOptions {
+	var options TokenOptions
+	for _, o := range opts {
+		o(&options)
+	}
+
+	// set defualt expiry of token
+	if options.Expiry == 0 {
+		options.Expiry = time.Minute
+	}

 	return options
 }
+
+type VerifyOptions struct {
+	Context context.Context
+}
+
+type VerifyOption func(o *VerifyOptions)
+
+func VerifyContext(ctx context.Context) VerifyOption {
+	return func(o *VerifyOptions) {
+		o.Context = ctx
+	}
+}
+
+type RulesOptions struct {
+	Context context.Context
+}
+
+type RulesOption func(o *RulesOptions)
+
+func RulesContext(ctx context.Context) RulesOption {
+	return func(o *RulesOptions) {
+		o.Context = ctx
+	}
+}
--- a/auth/provider/basic/basic.go
+++ b/auth/provider/basic/basic.go
@@ -0,0 +1,34 @@
+package basic
+
+import (
+	"github.com/micro/go-micro/v2/auth/provider"
+)
+
+// NewProvider returns an initialised basic provider
+func NewProvider(opts ...provider.Option) provider.Provider {
+	var options provider.Options
+	for _, o := range opts {
+		o(&options)
+	}
+	return &basic{options}
+}
+
+type basic struct {
+	opts provider.Options
+}
+
+func (b *basic) String() string {
+	return "basic"
+}
+
+func (b *basic) Options() provider.Options {
+	return b.opts
+}
+
+func (b *basic) Endpoint(...provider.EndpointOption) string {
+	return ""
+}
+
+func (b *basic) Redirect() string {
+	return ""
+}
--- a/auth/provider/oauth/oauth.go
+++ b/auth/provider/oauth/oauth.go
@@ -0,0 +1,65 @@
+package oauth
+
+import (
+	"fmt"
+	"net/url"
+
+	"github.com/micro/go-micro/v2/auth/provider"
+)
+
+// NewProvider returns an initialised oauth provider
+func NewProvider(opts ...provider.Option) provider.Provider {
+	var options provider.Options
+	for _, o := range opts {
+		o(&options)
+	}
+	return &oauth{options}
+}
+
+type oauth struct {
+	opts provider.Options
+}
+
+func (o *oauth) String() string {
+	return "oauth"
+}
+
+func (o *oauth) Options() provider.Options {
+	return o.opts
+}
+
+func (o *oauth) Endpoint(opts ...provider.EndpointOption) string {
+	var options provider.EndpointOptions
+	for _, o := range opts {
+		o(&options)
+	}
+
+	params := make(url.Values)
+	params.Add("response_type", "code")
+
+	if len(options.State) > 0 {
+		params.Add("state", options.State)
+	}
+
+	if len(options.LoginHint) > 0 {
+		params.Add("login_hint", options.LoginHint)
+	}
+
+	if clientID := o.opts.ClientID; len(clientID) > 0 {
+		params.Add("client_id", clientID)
+	}
+
+	if scope := o.opts.Scope; len(scope) > 0 {
+		params.Add("scope", scope)
+	}
+
+	if redir := o.Redirect(); len(redir) > 0 {
+		params.Add("redirect_uri", redir)
+	}
+
+	return fmt.Sprintf("%v?%v", o.opts.Endpoint, params.Encode())
+}
+
+func (o *oauth) Redirect() string {
+	return o.opts.Redirect
+}
--- a/auth/provider/options.go
+++ b/auth/provider/options.go
@@ -0,0 +1,47 @@
+package provider
+
+// Option returns a function which sets an option
+type Option func(*Options)
+
+// Options a provider can have
+type Options struct {
+	// ClientID is the application's ID.
+	ClientID string
+	// ClientSecret is the application's secret.
+	ClientSecret string
+	// Endpoint for the provider
+	Endpoint string
+	// Redirect url incase of UI
+	Redirect string
+	// Scope of the oauth request
+	Scope string
+}
+
+// Credentials is an option which sets the client id and secret
+func Credentials(id, secret string) Option {
+	return func(o *Options) {
+		o.ClientID = id
+		o.ClientSecret = secret
+	}
+}
+
+// Endpoint sets the endpoint option
+func Endpoint(e string) Option {
+	return func(o *Options) {
+		o.Endpoint = e
+	}
+}
+
+// Redirect sets the Redirect option
+func Redirect(r string) Option {
+	return func(o *Options) {
+		o.Redirect = r
+	}
+}
+
+// Scope sets the oauth scope
+func Scope(s string) Option {
+	return func(o *Options) {
+		o.Scope = s
+	}
+}
--- a/auth/provider/provider.go
+++ b/auth/provider/provider.go
@@ -0,0 +1,49 @@
+// Package provider is an external auth provider e.g oauth
+package provider
+
+import (
+	"time"
+)
+
+// Provider is an auth provider
+type Provider interface {
+	// String returns the name of the provider
+	String() string
+	// Options returns the options of a provider
+	Options() Options
+	// Endpoint for the provider
+	Endpoint(...EndpointOption) string
+	// Redirect url incase of UI
+	Redirect() string
+}
+
+// Grant is a granted authorisation
+type Grant struct {
+	// token for reuse
+	Token string
+	// Expiry of the token
+	Expiry time.Time
+	// Scopes associated with grant
+	Scopes []string
+}
+
+type EndpointOptions struct {
+	// State is a code to verify the req
+	State string
+	// LoginHint prefils the user id on oauth clients
+	LoginHint string
+}
+
+type EndpointOption func(*EndpointOptions)
+
+func WithState(c string) EndpointOption {
+	return func(o *EndpointOptions) {
+		o.State = c
+	}
+}
+
+func WithLoginHint(hint string) EndpointOption {
+	return func(o *EndpointOptions) {
+		o.LoginHint = hint
+	}
+}
--- a/auth/rules/rules.go
+++ b/auth/rules/rules.go
@@ -0,0 +1,93 @@
+package rules
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+
+	"github.com/micro/go-micro/v2/auth"
+)
+
+// Verify an account has access to a resource using the rules provided. If the account does not have
+// access an error will be returned. If there are no rules provided which match the resource, an error
+// will be returned
+func Verify(rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error {
+	// the rule is only to be applied if the type matches the resource or is catch-all (*)
+	validTypes := []string{"*", res.Type}
+
+	// the rule is only to be applied if the name matches the resource or is catch-all (*)
+	validNames := []string{"*", res.Name}
+
+	// rules can have wildcard excludes on endpoints since this can also be a path for web services,
+	// e.g. /foo/* would include /foo/bar. We also want to check for wildcards and the exact endpoint
+	validEndpoints := []string{"*", res.Endpoint}
+	if comps := strings.Split(res.Endpoint, "/"); len(comps) > 1 {
+		for i := 1; i < len(comps)+1; i++ {
+			wildcard := fmt.Sprintf("%v/*", strings.Join(comps[0:i], "/"))
+			validEndpoints = append(validEndpoints, wildcard)
+		}
+	}
+
+	// filter the rules to the ones which match the criteria above
+	filteredRules := make([]*auth.Rule, 0)
+	for _, rule := range rules {
+		if !include(validTypes, rule.Resource.Type) {
+			continue
+		}
+		if !include(validNames, rule.Resource.Name) {
+			continue
+		}
+		if !include(validEndpoints, rule.Resource.Endpoint) {
+			continue
+		}
+		filteredRules = append(filteredRules, rule)
+	}
+
+	// sort the filtered rules by priority, highest to lowest
+	sort.SliceStable(filteredRules, func(i, j int) bool {
+		return filteredRules[i].Priority > filteredRules[j].Priority
+	})
+
+	// loop through the rules and check for a rule which applies to this account
+	for _, rule := range filteredRules {
+		// a blank scope indicates the rule applies to everyone, even nil accounts
+		if rule.Scope == auth.ScopePublic && rule.Access == auth.AccessDenied {
+			return auth.ErrForbidden
+		} else if rule.Scope == auth.ScopePublic && rule.Access == auth.AccessGranted {
+			return nil
+		}
+
+		// all further checks require an account
+		if acc == nil {
+			continue
+		}
+
+		// this rule applies to any account
+		if rule.Scope == auth.ScopeAccount && rule.Access == auth.AccessDenied {
+			return auth.ErrForbidden
+		} else if rule.Scope == auth.ScopeAccount && rule.Access == auth.AccessGranted {
+			return nil
+		}
+
+		// if the account has the necessary scope
+		if include(acc.Scopes, rule.Scope) && rule.Access == auth.AccessDenied {
+			return auth.ErrForbidden
+		} else if include(acc.Scopes, rule.Scope) && rule.Access == auth.AccessGranted {
+			return nil
+		}
+	}
+
+	// if no rules matched then return forbidden
+	return auth.ErrForbidden
+}
+
+// include is a helper function which checks to see if the slice contains the value. includes is
+// not case sensitive.
+func include(slice []string, val string) bool {
+	for _, s := range slice {
+		if strings.ToLower(s) == strings.ToLower(val) {
+			return true
+		}
+	}
+	return false
+}
--- a/auth/rules/rules_test.go
+++ b/auth/rules/rules_test.go
@@ -0,0 +1,290 @@
+package rules
+
+import (
+	"testing"
+
+	"github.com/micro/go-micro/v2/auth"
+)
+
+func TestVerify(t *testing.T) {
+	srvResource := &auth.Resource{
+		Type:     "service",
+		Name:     "go.micro.service.foo",
+		Endpoint: "Foo.Bar",
+	}
+
+	webResource := &auth.Resource{
+		Type:     "service",
+		Name:     "go.micro.web.foo",
+		Endpoint: "/foo/bar",
+	}
+
+	catchallResource := &auth.Resource{
+		Type:     "*",
+		Name:     "*",
+		Endpoint: "*",
+	}
+
+	tt := []struct {
+		Name     string
+		Rules    []*auth.Rule
+		Account  *auth.Account
+		Resource *auth.Resource
+		Error    error
+	}{
+		{
+			Name:     "NoRules",
+			Rules:    []*auth.Rule{},
+			Account:  nil,
+			Resource: srvResource,
+			Error:    auth.ErrForbidden,
+		},
+		{
+			Name:     "CatchallPublicAccount",
+			Account:  &auth.Account{},
+			Resource: srvResource,
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "",
+					Resource: catchallResource,
+				},
+			},
+		},
+		{
+			Name:     "CatchallPublicNoAccount",
+			Resource: srvResource,
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "",
+					Resource: catchallResource,
+				},
+			},
+		},
+		{
+			Name:     "CatchallPrivateAccount",
+			Account:  &auth.Account{},
+			Resource: srvResource,
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "*",
+					Resource: catchallResource,
+				},
+			},
+		},
+		{
+			Name:     "CatchallPrivateNoAccount",
+			Resource: srvResource,
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "*",
+					Resource: catchallResource,
+				},
+			},
+			Error: auth.ErrForbidden,
+		},
+		{
+			Name:     "CatchallServiceRuleMatch",
+			Resource: srvResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope: "*",
+					Resource: &auth.Resource{
+						Type:     srvResource.Type,
+						Name:     srvResource.Name,
+						Endpoint: "*",
+					},
+				},
+			},
+		},
+		{
+			Name:     "CatchallServiceRuleNoMatch",
+			Resource: srvResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope: "*",
+					Resource: &auth.Resource{
+						Type:     srvResource.Type,
+						Name:     "wrongname",
+						Endpoint: "*",
+					},
+				},
+			},
+			Error: auth.ErrForbidden,
+		},
+		{
+			Name:     "ExactRuleValidScope",
+			Resource: srvResource,
+			Account: &auth.Account{
+				Scopes: []string{"neededscope"},
+			},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "neededscope",
+					Resource: srvResource,
+				},
+			},
+		},
+		{
+			Name:     "ExactRuleInvalidScope",
+			Resource: srvResource,
+			Account: &auth.Account{
+				Scopes: []string{"neededscope"},
+			},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "invalidscope",
+					Resource: srvResource,
+				},
+			},
+			Error: auth.ErrForbidden,
+		},
+		{
+			Name:     "CatchallDenyWithAccount",
+			Resource: srvResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "*",
+					Resource: catchallResource,
+					Access:   auth.AccessDenied,
+				},
+			},
+			Error: auth.ErrForbidden,
+		},
+		{
+			Name:     "CatchallDenyWithNoAccount",
+			Resource: srvResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "*",
+					Resource: catchallResource,
+					Access:   auth.AccessDenied,
+				},
+			},
+			Error: auth.ErrForbidden,
+		},
+		{
+			Name:     "RulePriorityGrantFirst",
+			Resource: srvResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "*",
+					Resource: catchallResource,
+					Access:   auth.AccessGranted,
+					Priority: 1,
+				},
+				&auth.Rule{
+					Scope:    "*",
+					Resource: catchallResource,
+					Access:   auth.AccessDenied,
+					Priority: 0,
+				},
+			},
+		},
+		{
+			Name:     "RulePriorityDenyFirst",
+			Resource: srvResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "*",
+					Resource: catchallResource,
+					Access:   auth.AccessGranted,
+					Priority: 0,
+				},
+				&auth.Rule{
+					Scope:    "*",
+					Resource: catchallResource,
+					Access:   auth.AccessDenied,
+					Priority: 1,
+				},
+			},
+			Error: auth.ErrForbidden,
+		},
+		{
+			Name:     "WebExactEndpointValid",
+			Resource: webResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope:    "*",
+					Resource: webResource,
+				},
+			},
+		},
+		{
+			Name:     "WebExactEndpointInalid",
+			Resource: webResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope: "*",
+					Resource: &auth.Resource{
+						Type:     webResource.Type,
+						Name:     webResource.Name,
+						Endpoint: "invalidendpoint",
+					},
+				},
+			},
+			Error: auth.ErrForbidden,
+		},
+		{
+			Name:     "WebWildcardEndpoint",
+			Resource: webResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope: "*",
+					Resource: &auth.Resource{
+						Type:     webResource.Type,
+						Name:     webResource.Name,
+						Endpoint: "*",
+					},
+				},
+			},
+		},
+		{
+			Name:     "WebWildcardPathEndpointValid",
+			Resource: webResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope: "*",
+					Resource: &auth.Resource{
+						Type:     webResource.Type,
+						Name:     webResource.Name,
+						Endpoint: "/foo/*",
+					},
+				},
+			},
+		},
+		{
+			Name:     "WebWildcardPathEndpointInvalid",
+			Resource: webResource,
+			Account:  &auth.Account{},
+			Rules: []*auth.Rule{
+				&auth.Rule{
+					Scope: "*",
+					Resource: &auth.Resource{
+						Type:     webResource.Type,
+						Name:     webResource.Name,
+						Endpoint: "/bar/*",
+					},
+				},
+			},
+			Error: auth.ErrForbidden,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.Name, func(t *testing.T) {
+			if err := Verify(tc.Rules, tc.Account, tc.Resource); err != tc.Error {
+				t.Errorf("Expected %v but got %v", tc.Error, err)
+			}
+		})
+	}
+}
--- a/auth/service/proto/auth.pb.go
+++ b/auth/service/proto/auth.pb.go
--- a/auth/service/proto/auth.pb.micro.go
+++ b/auth/service/proto/auth.pb.micro.go
@@ -5,12 +5,13 @@ package go_micro_auth

 import (
 	fmt "fmt"
-	math "math"
-
-	context "context"
-
 	proto "github.com/golang/protobuf/proto"
+	math "math"
+)

+import (
+	context "context"
+	api "github.com/micro/go-micro/v2/api"
 	client "github.com/micro/go-micro/v2/client"
 	server "github.com/micro/go-micro/v2/server"
 )
@@ -27,16 +28,23 @@ var _ = math.Inf
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package

 // Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
 var _ context.Context
 var _ client.Option
 var _ server.Option

+// Api Endpoints for Auth service
+
+func NewAuthEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
 // Client API for Auth service

 type AuthService interface {
 	Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
-	Validate(ctx context.Context, in *ValidateRequest, opts ...client.CallOption) (*ValidateResponse, error)
-	Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error)
+	Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error)
+	Token(ctx context.Context, in *TokenRequest, opts ...client.CallOption) (*TokenResponse, error)
 }

 type authService struct {
@@ -45,12 +53,6 @@ type authService struct {
 }

 func NewAuthService(name string, c client.Client) AuthService {
-	if c == nil {
-		c = client.NewClient()
-	}
-	if len(name) == 0 {
-		name = "go.micro.auth"
-	}
 	return &authService{
 		c:    c,
 		name: name,
@@ -67,9 +69,9 @@ func (c *authService) Generate(ctx context.Context, in *GenerateRequest, opts ..
 	return out, nil
 }

-func (c *authService) Validate(ctx context.Context, in *ValidateRequest, opts ...client.CallOption) (*ValidateResponse, error) {
-	req := c.c.NewRequest(c.name, "Auth.Validate", in)
-	out := new(ValidateResponse)
+func (c *authService) Inspect(ctx context.Context, in *InspectRequest, opts ...client.CallOption) (*InspectResponse, error) {
+	req := c.c.NewRequest(c.name, "Auth.Inspect", in)
+	out := new(InspectResponse)
 	err := c.c.Call(ctx, req, out, opts...)
 	if err != nil {
 		return nil, err
@@ -77,9 +79,9 @@ func (c *authService) Validate(ctx context.Context, in *ValidateRequest, opts ..
 	return out, nil
 }

-func (c *authService) Revoke(ctx context.Context, in *RevokeRequest, opts ...client.CallOption) (*RevokeResponse, error) {
-	req := c.c.NewRequest(c.name, "Auth.Revoke", in)
-	out := new(RevokeResponse)
+func (c *authService) Token(ctx context.Context, in *TokenRequest, opts ...client.CallOption) (*TokenResponse, error) {
+	req := c.c.NewRequest(c.name, "Auth.Token", in)
+	out := new(TokenResponse)
 	err := c.c.Call(ctx, req, out, opts...)
 	if err != nil {
 		return nil, err
@@ -91,15 +93,15 @@ func (c *authService) Revoke(ctx context.Context, in *RevokeRequest, opts ...cli

 type AuthHandler interface {
 	Generate(context.Context, *GenerateRequest, *GenerateResponse) error
-	Validate(context.Context, *ValidateRequest, *ValidateResponse) error
-	Revoke(context.Context, *RevokeRequest, *RevokeResponse) error
+	Inspect(context.Context, *InspectRequest, *InspectResponse) error
+	Token(context.Context, *TokenRequest, *TokenResponse) error
 }

 func RegisterAuthHandler(s server.Server, hdlr AuthHandler, opts ...server.HandlerOption) error {
 	type auth interface {
 		Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
-		Validate(ctx context.Context, in *ValidateRequest, out *ValidateResponse) error
-		Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error
+		Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error
+		Token(ctx context.Context, in *TokenRequest, out *TokenResponse) error
 	}
 	type Auth struct {
 		auth
@@ -116,10 +118,162 @@ func (h *authHandler) Generate(ctx context.Context, in *GenerateRequest, out *Ge
 	return h.AuthHandler.Generate(ctx, in, out)
 }

-func (h *authHandler) Validate(ctx context.Context, in *ValidateRequest, out *ValidateResponse) error {
-	return h.AuthHandler.Validate(ctx, in, out)
+func (h *authHandler) Inspect(ctx context.Context, in *InspectRequest, out *InspectResponse) error {
+	return h.AuthHandler.Inspect(ctx, in, out)
 }

-func (h *authHandler) Revoke(ctx context.Context, in *RevokeRequest, out *RevokeResponse) error {
-	return h.AuthHandler.Revoke(ctx, in, out)
+func (h *authHandler) Token(ctx context.Context, in *TokenRequest, out *TokenResponse) error {
+	return h.AuthHandler.Token(ctx, in, out)
+}
+
+// Api Endpoints for Accounts service
+
+func NewAccountsEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
+// Client API for Accounts service
+
+type AccountsService interface {
+	List(ctx context.Context, in *ListAccountsRequest, opts ...client.CallOption) (*ListAccountsResponse, error)
+}
+
+type accountsService struct {
+	c    client.Client
+	name string
+}
+
+func NewAccountsService(name string, c client.Client) AccountsService {
+	return &accountsService{
+		c:    c,
+		name: name,
+	}
+}
+
+func (c *accountsService) List(ctx context.Context, in *ListAccountsRequest, opts ...client.CallOption) (*ListAccountsResponse, error) {
+	req := c.c.NewRequest(c.name, "Accounts.List", in)
+	out := new(ListAccountsResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// Server API for Accounts service
+
+type AccountsHandler interface {
+	List(context.Context, *ListAccountsRequest, *ListAccountsResponse) error
+}
+
+func RegisterAccountsHandler(s server.Server, hdlr AccountsHandler, opts ...server.HandlerOption) error {
+	type accounts interface {
+		List(ctx context.Context, in *ListAccountsRequest, out *ListAccountsResponse) error
+	}
+	type Accounts struct {
+		accounts
+	}
+	h := &accountsHandler{hdlr}
+	return s.Handle(s.NewHandler(&Accounts{h}, opts...))
+}
+
+type accountsHandler struct {
+	AccountsHandler
+}
+
+func (h *accountsHandler) List(ctx context.Context, in *ListAccountsRequest, out *ListAccountsResponse) error {
+	return h.AccountsHandler.List(ctx, in, out)
+}
+
+// Api Endpoints for Rules service
+
+func NewRulesEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
+// Client API for Rules service
+
+type RulesService interface {
+	Create(ctx context.Context, in *CreateRequest, opts ...client.CallOption) (*CreateResponse, error)
+	Delete(ctx context.Context, in *DeleteRequest, opts ...client.CallOption) (*DeleteResponse, error)
+	List(ctx context.Context, in *ListRequest, opts ...client.CallOption) (*ListResponse, error)
+}
+
+type rulesService struct {
+	c    client.Client
+	name string
+}
+
+func NewRulesService(name string, c client.Client) RulesService {
+	return &rulesService{
+		c:    c,
+		name: name,
+	}
+}
+
+func (c *rulesService) Create(ctx context.Context, in *CreateRequest, opts ...client.CallOption) (*CreateResponse, error) {
+	req := c.c.NewRequest(c.name, "Rules.Create", in)
+	out := new(CreateResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rulesService) Delete(ctx context.Context, in *DeleteRequest, opts ...client.CallOption) (*DeleteResponse, error) {
+	req := c.c.NewRequest(c.name, "Rules.Delete", in)
+	out := new(DeleteResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rulesService) List(ctx context.Context, in *ListRequest, opts ...client.CallOption) (*ListResponse, error) {
+	req := c.c.NewRequest(c.name, "Rules.List", in)
+	out := new(ListResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// Server API for Rules service
+
+type RulesHandler interface {
+	Create(context.Context, *CreateRequest, *CreateResponse) error
+	Delete(context.Context, *DeleteRequest, *DeleteResponse) error
+	List(context.Context, *ListRequest, *ListResponse) error
+}
+
+func RegisterRulesHandler(s server.Server, hdlr RulesHandler, opts ...server.HandlerOption) error {
+	type rules interface {
+		Create(ctx context.Context, in *CreateRequest, out *CreateResponse) error
+		Delete(ctx context.Context, in *DeleteRequest, out *DeleteResponse) error
+		List(ctx context.Context, in *ListRequest, out *ListResponse) error
+	}
+	type Rules struct {
+		rules
+	}
+	h := &rulesHandler{hdlr}
+	return s.Handle(s.NewHandler(&Rules{h}, opts...))
+}
+
+type rulesHandler struct {
+	RulesHandler
+}
+
+func (h *rulesHandler) Create(ctx context.Context, in *CreateRequest, out *CreateResponse) error {
+	return h.RulesHandler.Create(ctx, in, out)
+}
+
+func (h *rulesHandler) Delete(ctx context.Context, in *DeleteRequest, out *DeleteResponse) error {
+	return h.RulesHandler.Delete(ctx, in, out)
+}
+
+func (h *rulesHandler) List(ctx context.Context, in *ListRequest, out *ListResponse) error {
+	return h.RulesHandler.List(ctx, in, out)
 }
--- a/auth/service/proto/auth.proto
+++ b/auth/service/proto/auth.proto
@@ -3,48 +3,125 @@ syntax = "proto3";
 package go.micro.auth;

 service Auth {
-    rpc Generate(GenerateRequest) returns (GenerateResponse) {};
-    rpc Validate(ValidateRequest) returns (ValidateResponse) {};
-    rpc Revoke(RevokeRequest)  returns (RevokeResponse) {};
+	rpc Generate(GenerateRequest) returns (GenerateResponse) {};
+	rpc Inspect(InspectRequest) returns (InspectResponse) {};		
+	rpc Token(TokenRequest) returns (TokenResponse) {};
 }

-message Account{
-    string id = 1;
-    string token = 2;
-    int64 created = 3;
-    int64 expiry = 4;
-    repeated Role roles = 5;
-	map<string, string> metadata = 6;
+service Accounts {
+	rpc List(ListAccountsRequest) returns (ListAccountsResponse) {};
 }

-message Role {
-    string name = 1;
-    Resource resource = 2;
+service Rules {
+	rpc Create(CreateRequest) returns (CreateResponse) {};
+	rpc Delete(DeleteRequest) returns (DeleteResponse) {};
+	rpc List(ListRequest) returns (ListResponse) {};
+}
+
+message ListAccountsRequest {
+}
+
+message ListAccountsResponse {
+	repeated Account accounts = 1;
+}
+
+message Token {
+	string access_token = 1;
+	string refresh_token = 2;
+	int64 created = 3;
+	int64 expiry = 4;
+}
+
+message Account {
+	string id = 1;
+	string type = 2;
+	map<string, string> metadata = 4;
+	repeated string scopes = 5;
+	string issuer = 6;
+	string secret = 7;
 }

 message Resource{
-    string name = 1;
-    string type = 2;
+	string name = 1;
+	string type = 2;
+	string endpoint = 3;
 }

 message GenerateRequest {
-    Account account = 1;
+	string id = 1;
+	map<string, string> metadata = 3;
+	repeated string scopes = 4;
+	string secret = 5;
+	string type = 6;
+	string provider = 7;
 }

 message GenerateResponse {
-    Account account = 1;
+	Account account = 1;
 }

-message ValidateRequest {
-    string token = 1;
+message GrantRequest {
+	string scope = 1;
+	Resource resource = 2;
 }

-message ValidateResponse {
-    Account account = 1;
-}
+message GrantResponse {}

 message RevokeRequest {
-    string token = 1;
+	string scope = 1;
+	Resource resource = 2;
 }

 message RevokeResponse {}
+
+message InspectRequest {
+	string token = 1;
+}
+
+message InspectResponse {
+	Account account = 1;
+}
+
+message TokenRequest {
+	string id = 1;
+	string secret = 2;
+	string refresh_token = 3;
+	int64 token_expiry = 4;
+}
+
+message TokenResponse {
+	Token token = 1;
+}
+
+enum Access {
+	UNKNOWN = 0;
+	GRANTED = 1;
+	DENIED = 2;
+}
+
+message Rule {
+	string id = 1;
+	string scope = 2;
+	Resource resource = 3;
+	Access access = 4;
+	int32 priority = 5;
+}
+
+message CreateRequest {
+	Rule rule = 1;
+}
+
+message CreateResponse {}
+
+message DeleteRequest {
+	string id = 1;
+}
+
+message DeleteResponse {}
+
+message ListRequest {
+}
+
+message ListResponse {
+	repeated Rule rules = 1;
+}
--- a/auth/service/service.go
+++ b/auth/service/service.go
@@ -2,131 +2,227 @@ package service

 import (
 	"context"
+	"strings"
 	"time"

 	"github.com/micro/go-micro/v2/auth"
+	"github.com/micro/go-micro/v2/auth/rules"
 	pb "github.com/micro/go-micro/v2/auth/service/proto"
+	"github.com/micro/go-micro/v2/auth/token"
+	"github.com/micro/go-micro/v2/auth/token/jwt"
 	"github.com/micro/go-micro/v2/client"
 )

-// NewAuth returns a new instance of the Auth service
-func NewAuth(opts ...auth.Option) auth.Auth {
-	svc := new(svc)
-	svc.Init(opts...)
-	return svc
-}
-
 // svc is the service implementation of the Auth interface
 type svc struct {
 	options auth.Options
 	auth    pb.AuthService
+	rules   pb.RulesService
+	jwt     token.Provider
 }

 func (s *svc) String() string {
 	return "service"
 }

-func (s *svc) Init(opts ...auth.Option) error {
+func (s *svc) Init(opts ...auth.Option) {
 	for _, o := range opts {
 		o(&s.options)
 	}

-	dc := client.DefaultClient
-	s.auth = pb.NewAuthService("go.micro.auth", dc)
+	if s.options.Client == nil {
+		s.options.Client = client.DefaultClient
+	}

-	return nil
+	s.auth = pb.NewAuthService("go.micro.auth", s.options.Client)
+	s.rules = pb.NewRulesService("go.micro.auth", s.options.Client)
+
+	// if we have a JWT public key passed as an option,
+	// we can decode tokens with the type "JWT" locally
+	// and not have to make an RPC call
+	if key := s.options.PublicKey; len(key) > 0 {
+		s.jwt = jwt.NewTokenProvider(token.WithPublicKey(key))
+	}
 }

 func (s *svc) Options() auth.Options {
 	return s.options
 }

-// Generate a new auth account
+// Generate a new account
 func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
-	// construct the request
 	options := auth.NewGenerateOptions(opts...)
-	sa := &auth.Account{
-		Id:       id,
-		Roles:    options.Roles,
-		Metadata: options.Metadata,
-	}
-	req := &pb.GenerateRequest{Account: serializeAccount(sa)}

-	// execute the request
-	resp, err := s.auth.Generate(context.Background(), req)
+	rsp, err := s.auth.Generate(context.TODO(), &pb.GenerateRequest{
+		Id:       id,
+		Type:     options.Type,
+		Secret:   options.Secret,
+		Scopes:   options.Scopes,
+		Metadata: options.Metadata,
+		Provider: options.Provider,
+	})
 	if err != nil {
 		return nil, err
 	}

-	// format the response
-	return deserializeAccount(resp.Account), nil
+	return serializeAccount(rsp.Account), nil
 }

-// Revoke an authorization account
-func (s *svc) Revoke(token string) error {
-	// contruct the request
-	req := &pb.RevokeRequest{Token: token}
+// Grant access to a resource
+func (s *svc) Grant(rule *auth.Rule) error {
+	access := pb.Access_UNKNOWN
+	if rule.Access == auth.AccessGranted {
+		access = pb.Access_GRANTED
+	} else if rule.Access == auth.AccessDenied {
+		access = pb.Access_DENIED
+	}
+
+	_, err := s.rules.Create(context.TODO(), &pb.CreateRequest{
+		Rule: &pb.Rule{
+			Id:       rule.ID,
+			Scope:    rule.Scope,
+			Priority: rule.Priority,
+			Access:   access,
+			Resource: &pb.Resource{
+				Type:     rule.Resource.Type,
+				Name:     rule.Resource.Name,
+				Endpoint: rule.Resource.Endpoint,
+			},
+		},
+	})

-	// execute the request
-	_, err := s.auth.Revoke(context.Background(), req)
 	return err
 }

-// Validate an account token
-func (s *svc) Validate(token string) (*auth.Account, error) {
-	resp, err := s.auth.Validate(context.Background(), &pb.ValidateRequest{Token: token})
+// Revoke access to a resource
+func (s *svc) Revoke(rule *auth.Rule) error {
+	_, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{
+		Id: rule.ID,
+	})
+
+	return err
+}
+
+func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
+	var options auth.RulesOptions
+	for _, o := range opts {
+		o(&options)
+	}
+	if options.Context == nil {
+		options.Context = context.TODO()
+	}
+
+	rsp, err := s.rules.List(options.Context, &pb.ListRequest{}, client.WithCache(time.Second*30))
 	if err != nil {
 		return nil, err
 	}

-	return deserializeAccount(resp.Account), nil
-}
-
-func serializeAccount(sa *auth.Account) *pb.Account {
-	roles := make([]*pb.Role, len(sa.Roles))
-	for i, r := range sa.Roles {
-		roles[i] = &pb.Role{
-			Name: r.Name,
-		}
-
-		if r.Resource != nil {
-			roles[i].Resource = &pb.Resource{
-				Name: r.Resource.Name,
-				Type: r.Resource.Type,
-			}
-		}
+	rules := make([]*auth.Rule, len(rsp.Rules))
+	for i, r := range rsp.Rules {
+		rules[i] = serializeRule(r)
 	}

-	return &pb.Account{
-		Id:       sa.Id,
-		Roles:    roles,
-		Metadata: sa.Metadata,
+	return rules, nil
+}
+
+// Verify an account has access to a resource
+func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
+	var options auth.VerifyOptions
+	for _, o := range opts {
+		o(&options)
+	}
+
+	rs, err := s.Rules(auth.RulesContext(options.Context))
+	if err != nil {
+		return err
+	}
+
+	return rules.Verify(rs, acc, res)
+}
+
+// Inspect a token
+func (s *svc) Inspect(token string) (*auth.Account, error) {
+	// try to decode JWT locally and fall back to srv if an error occurs
+	if len(strings.Split(token, ".")) == 3 && s.jwt != nil {
+		return s.jwt.Inspect(token)
+	}
+
+	// the token is not a JWT or we do not have the keys to decode it,
+	// fall back to the auth service
+	rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token})
+	if err != nil {
+		return nil, err
+	}
+	return serializeAccount(rsp.Account), nil
+}
+
+// Token generation using an account ID and secret
+func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
+	options := auth.NewTokenOptions(opts...)
+
+	rsp, err := s.auth.Token(context.Background(), &pb.TokenRequest{
+		Id:           options.ID,
+		Secret:       options.Secret,
+		RefreshToken: options.RefreshToken,
+		TokenExpiry:  int64(options.Expiry.Seconds()),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return serializeToken(rsp.Token), nil
+}
+
+func serializeToken(t *pb.Token) *auth.Token {
+	return &auth.Token{
+		AccessToken:  t.AccessToken,
+		RefreshToken: t.RefreshToken,
+		Created:      time.Unix(t.Created, 0),
+		Expiry:       time.Unix(t.Expiry, 0),
 	}
 }

-func deserializeAccount(a *pb.Account) *auth.Account {
-	// format the response
-	sa := &auth.Account{
-		Id:       a.Id,
-		Token:    a.Token,
-		Created:  time.Unix(a.Created, 0),
-		Expiry:   time.Unix(a.Expiry, 0),
+func serializeAccount(a *pb.Account) *auth.Account {
+	return &auth.Account{
+		ID:       a.Id,
+		Secret:   a.Secret,
+		Issuer:   a.Issuer,
 		Metadata: a.Metadata,
+		Scopes:   a.Scopes,
+	}
+}
+
+func serializeRule(r *pb.Rule) *auth.Rule {
+	var access auth.Access
+	if r.Access == pb.Access_GRANTED {
+		access = auth.AccessGranted
+	} else {
+		access = auth.AccessDenied
+	}
+
+	return &auth.Rule{
+		ID:       r.Id,
+		Scope:    r.Scope,
+		Access:   access,
+		Priority: r.Priority,
+		Resource: &auth.Resource{
+			Type:     r.Resource.Type,
+			Name:     r.Resource.Name,
+			Endpoint: r.Resource.Endpoint,
+		},
+	}
+}
+
+// NewAuth returns a new instance of the Auth service
+func NewAuth(opts ...auth.Option) auth.Auth {
+	options := auth.NewOptions(opts...)
+	if options.Client == nil {
+		options.Client = client.DefaultClient
+	}
+
+	return &svc{
+		auth:    pb.NewAuthService("go.micro.auth", options.Client),
+		rules:   pb.NewRulesService("go.micro.auth", options.Client),
+		options: options,
 	}
-
-	sa.Roles = make([]*auth.Role, len(a.Roles))
-	for i, r := range a.Roles {
-		sa.Roles[i] = &auth.Role{
-			Name: r.Name,
-		}
-
-		if r.Resource != nil {
-			sa.Roles[i].Resource = &auth.Resource{
-				Name: r.Resource.Name,
-				Type: r.Resource.Type,
-			}
-		}
-	}
-
-	return sa
 }
--- a/auth/store/store.go
+++ b/auth/store/store.go
@@ -1,128 +0,0 @@
-package store
-
-import (
-	"bytes"
-	"encoding/gob"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/micro/go-micro/v2/auth"
-
-	"github.com/micro/go-micro/v2/errors"
-	"github.com/micro/go-micro/v2/store"
-)
-
-// NewAuth returns an instance of store auth
-func NewAuth(opts ...auth.Option) auth.Auth {
-	options := auth.Options{}
-	for _, o := range opts {
-		o(&options)
-	}
-
-	return &Auth{
-		store: store.DefaultStore,
-		opts:  options,
-	}
-}
-
-type Auth struct {
-	store store.Store
-	opts  auth.Options
-}
-
-// Init the auth package
-func (a *Auth) Init(opts ...auth.Option) error {
-	for _, o := range opts {
-		o(&a.opts)
-	}
-	return nil
-}
-
-// Options returns the options set
-func (a *Auth) Options() auth.Options {
-	return a.opts
-}
-
-// Generate a new auth Account
-func (a *Auth) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
-	// generate the token
-	token, err := uuid.NewUUID()
-	if err != nil {
-		return nil, err
-	}
-
-	// parse the options
-	options := auth.NewGenerateOptions(opts...)
-
-	// construct the account
-	sa := auth.Account{
-		Id:       id,
-		Token:    token.String(),
-		Created:  time.Now(),
-		Metadata: options.Metadata,
-		Roles:    options.Roles,
-	}
-
-	// encode the data to bytes
-	buf := &bytes.Buffer{}
-	e := gob.NewEncoder(buf)
-	if err := e.Encode(sa); err != nil {
-		return nil, err
-	}
-
-	// write to the store
-	err = a.store.Write(&store.Record{
-		Key:   token.String(),
-		Value: buf.Bytes(),
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	// return the result
-	return &sa, nil
-}
-
-// Revoke an authorization Account
-func (a *Auth) Revoke(token string) error {
-	records, err := a.store.Read(token, store.ReadSuffix())
-	if err != nil {
-		return err
-	}
-	if len(records) == 0 {
-		return errors.BadRequest("go.micro.auth", "token not found")
-	}
-
-	for _, r := range records {
-		if err := a.store.Delete(r.Key); err != nil {
-			return errors.InternalServerError("go.micro.auth", "error deleting from store")
-		}
-	}
-
-	return nil
-}
-
-// Validate an account token
-func (a *Auth) Validate(token string) (*auth.Account, error) {
-	// lookup the record by token
-	records, err := a.store.Read(token, store.ReadSuffix())
-	if err == store.ErrNotFound || len(records) == 0 {
-		return nil, errors.Unauthorized("go.micro.auth", "invalid token")
-	} else if err != nil {
-		return nil, errors.InternalServerError("go.micro.auth", "error reading store")
-	}
-
-	// decode the result
-	b := bytes.NewBuffer(records[0].Value)
-	decoder := gob.NewDecoder(b)
-	var sa auth.Account
-	err = decoder.Decode(&sa)
-
-	// return the result
-	return &sa, err
-}
-
-// String returns the implementation
-func (a *Auth) String() string {
-	return "store"
-}
--- a/auth/token/basic/basic.go
+++ b/auth/token/basic/basic.go
@@ -0,0 +1,89 @@
+package basic
+
+import (
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/micro/go-micro/v2/auth"
+	"github.com/micro/go-micro/v2/auth/token"
+	"github.com/micro/go-micro/v2/store"
+)
+
+// Basic implementation of token provider, backed by the store
+type Basic struct {
+	store store.Store
+}
+
+var (
+	// StorePrefix to isolate tokens
+	StorePrefix = "tokens/"
+)
+
+// NewTokenProvider returns an initialized basic provider
+func NewTokenProvider(opts ...token.Option) token.Provider {
+	options := token.NewOptions(opts...)
+
+	if options.Store == nil {
+		options.Store = store.DefaultStore
+	}
+
+	return &Basic{
+		store: options.Store,
+	}
+}
+
+// Generate a token for an account
+func (b *Basic) Generate(acc *auth.Account, opts ...token.GenerateOption) (*token.Token, error) {
+	options := token.NewGenerateOptions(opts...)
+
+	// marshal the account to bytes
+	bytes, err := json.Marshal(acc)
+	if err != nil {
+		return nil, err
+	}
+
+	// write to the store
+	key := uuid.New().String()
+	err = b.store.Write(&store.Record{
+		Key:    fmt.Sprintf("%v%v", StorePrefix, key),
+		Value:  bytes,
+		Expiry: options.Expiry,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	// return the token
+	return &token.Token{
+		Token:   key,
+		Created: time.Now(),
+		Expiry:  time.Now().Add(options.Expiry),
+	}, nil
+}
+
+// Inspect a token
+func (b *Basic) Inspect(t string) (*auth.Account, error) {
+	// lookup the token in the store
+	recs, err := b.store.Read(StorePrefix + t)
+	if err == store.ErrNotFound {
+		return nil, token.ErrInvalidToken
+	} else if err != nil {
+		return nil, err
+	}
+	bytes := recs[0].Value
+
+	// unmarshal the bytes
+	var acc *auth.Account
+	if err := json.Unmarshal(bytes, &acc); err != nil {
+		return nil, err
+	}
+
+	return acc, nil
+}
+
+// String returns basic
+func (b *Basic) String() string {
+	return "basic"
+}
--- a/auth/token/basic/basic_test.go
+++ b/auth/token/basic/basic_test.go
@@ -0,0 +1,64 @@
+package basic
+
+import (
+	"testing"
+
+	"github.com/micro/go-micro/v2/auth"
+	"github.com/micro/go-micro/v2/auth/token"
+	"github.com/micro/go-micro/v2/store/memory"
+)
+
+func TestGenerate(t *testing.T) {
+	store := memory.NewStore()
+	b := NewTokenProvider(token.WithStore(store))
+
+	_, err := b.Generate(&auth.Account{ID: "test"})
+	if err != nil {
+		t.Fatalf("Generate returned %v error, expected nil", err)
+	}
+
+	recs, err := store.List()
+	if err != nil {
+		t.Fatalf("Unable to read from store: %v", err)
+	}
+	if len(recs) != 1 {
+		t.Errorf("Generate didn't write to the store, expected 1 record, got %v", len(recs))
+	}
+}
+
+func TestInspect(t *testing.T) {
+	store := memory.NewStore()
+	b := NewTokenProvider(token.WithStore(store))
+
+	t.Run("Valid token", func(t *testing.T) {
+		md := map[string]string{"foo": "bar"}
+		scopes := []string{"admin"}
+		subject := "test"
+
+		tok, err := b.Generate(&auth.Account{ID: subject, Scopes: scopes, Metadata: md})
+		if err != nil {
+			t.Fatalf("Generate returned %v error, expected nil", err)
+		}
+
+		tok2, err := b.Inspect(tok.Token)
+		if err != nil {
+			t.Fatalf("Inspect returned %v error, expected nil", err)
+		}
+		if tok2.ID != subject {
+			t.Errorf("Inspect returned %v as the token subject, expected %v", tok2.ID, subject)
+		}
+		if len(tok2.Scopes) != len(scopes) {
+			t.Errorf("Inspect returned %v scopes, expected %v", len(tok2.Scopes), len(scopes))
+		}
+		if len(tok2.Metadata) != len(md) {
+			t.Errorf("Inspect returned %v as the token metadata, expected %v", tok2.Metadata, md)
+		}
+	})
+
+	t.Run("Invalid token", func(t *testing.T) {
+		_, err := b.Inspect("Invalid token")
+		if err != token.ErrInvalidToken {
+			t.Fatalf("Inspect returned %v error, expected %v", err, token.ErrInvalidToken)
+		}
+	})
+}
--- a/auth/token/jwt/jwt.go
+++ b/auth/token/jwt/jwt.go
@@ -0,0 +1,110 @@
+package jwt
+
+import (
+	"encoding/base64"
+	"time"
+
+	"github.com/dgrijalva/jwt-go"
+	"github.com/micro/go-micro/v2/auth"
+	"github.com/micro/go-micro/v2/auth/token"
+)
+
+// authClaims to be encoded in the JWT
+type authClaims struct {
+	Type     string            `json:"type"`
+	Scopes   []string          `json:"scopes"`
+	Metadata map[string]string `json:"metadata"`
+
+	jwt.StandardClaims
+}
+
+// JWT implementation of token provider
+type JWT struct {
+	opts token.Options
+}
+
+// NewTokenProvider returns an initialized basic provider
+func NewTokenProvider(opts ...token.Option) token.Provider {
+	return &JWT{
+		opts: token.NewOptions(opts...),
+	}
+}
+
+// Generate a new JWT
+func (j *JWT) Generate(acc *auth.Account, opts ...token.GenerateOption) (*token.Token, error) {
+	// decode the private key
+	priv, err := base64.StdEncoding.DecodeString(j.opts.PrivateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	// parse the private key
+	key, err := jwt.ParseRSAPrivateKeyFromPEM(priv)
+	if err != nil {
+		return nil, token.ErrEncodingToken
+	}
+
+	// parse the options
+	options := token.NewGenerateOptions(opts...)
+
+	// generate the JWT
+	expiry := time.Now().Add(options.Expiry)
+	t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{
+		acc.Type, acc.Scopes, acc.Metadata, jwt.StandardClaims{
+			Subject:   acc.ID,
+			Issuer:    acc.Issuer,
+			ExpiresAt: expiry.Unix(),
+		},
+	})
+	tok, err := t.SignedString(key)
+	if err != nil {
+		return nil, err
+	}
+
+	// return the token
+	return &token.Token{
+		Token:   tok,
+		Expiry:  expiry,
+		Created: time.Now(),
+	}, nil
+}
+
+// Inspect a JWT
+func (j *JWT) Inspect(t string) (*auth.Account, error) {
+	// decode the public key
+	pub, err := base64.StdEncoding.DecodeString(j.opts.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	// parse the public key
+	res, err := jwt.ParseWithClaims(t, &authClaims{}, func(token *jwt.Token) (interface{}, error) {
+		return jwt.ParseRSAPublicKeyFromPEM(pub)
+	})
+	if err != nil {
+		return nil, token.ErrInvalidToken
+	}
+
+	// validate the token
+	if !res.Valid {
+		return nil, token.ErrInvalidToken
+	}
+	claims, ok := res.Claims.(*authClaims)
+	if !ok {
+		return nil, token.ErrInvalidToken
+	}
+
+	// return the token
+	return &auth.Account{
+		ID:       claims.Subject,
+		Issuer:   claims.Issuer,
+		Type:     claims.Type,
+		Scopes:   claims.Scopes,
+		Metadata: claims.Metadata,
+	}, nil
+}
+
+// String returns JWT
+func (j *JWT) String() string {
+	return "jwt"
+}
--- a/auth/token/jwt/jwt_test.go
+++ b/auth/token/jwt/jwt_test.go
@@ -0,0 +1,87 @@
+package jwt
+
+import (
+	"io/ioutil"
+	"testing"
+	"time"
+
+	"github.com/micro/go-micro/v2/auth"
+	"github.com/micro/go-micro/v2/auth/token"
+)
+
+func TestGenerate(t *testing.T) {
+	privKey, err := ioutil.ReadFile("test/sample_key")
+	if err != nil {
+		t.Fatalf("Unable to read private key: %v", err)
+	}
+
+	j := NewTokenProvider(
+		token.WithPrivateKey(string(privKey)),
+	)
+
+	_, err = j.Generate(&auth.Account{ID: "test"})
+	if err != nil {
+		t.Fatalf("Generate returned %v error, expected nil", err)
+	}
+}
+
+func TestInspect(t *testing.T) {
+	pubKey, err := ioutil.ReadFile("test/sample_key.pub")
+	if err != nil {
+		t.Fatalf("Unable to read public key: %v", err)
+	}
+	privKey, err := ioutil.ReadFile("test/sample_key")
+	if err != nil {
+		t.Fatalf("Unable to read private key: %v", err)
+	}
+
+	j := NewTokenProvider(
+		token.WithPublicKey(string(pubKey)),
+		token.WithPrivateKey(string(privKey)),
+	)
+
+	t.Run("Valid token", func(t *testing.T) {
+		md := map[string]string{"foo": "bar"}
+		scopes := []string{"admin"}
+		subject := "test"
+
+		acc := &auth.Account{ID: subject, Scopes: scopes, Metadata: md}
+		tok, err := j.Generate(acc)
+		if err != nil {
+			t.Fatalf("Generate returned %v error, expected nil", err)
+		}
+
+		tok2, err := j.Inspect(tok.Token)
+		if err != nil {
+			t.Fatalf("Inspect returned %v error, expected nil", err)
+		}
+		if acc.ID != subject {
+			t.Errorf("Inspect returned %v as the token subject, expected %v", acc.ID, subject)
+		}
+		if len(tok2.Scopes) != len(scopes) {
+			t.Errorf("Inspect returned %v scopes, expected %v", len(tok2.Scopes), len(scopes))
+		}
+		if len(tok2.Metadata) != len(md) {
+			t.Errorf("Inspect returned %v as the token metadata, expected %v", tok2.Metadata, md)
+		}
+	})
+
+	t.Run("Expired token", func(t *testing.T) {
+		tok, err := j.Generate(&auth.Account{}, token.WithExpiry(-10*time.Second))
+		if err != nil {
+			t.Fatalf("Generate returned %v error, expected nil", err)
+		}
+
+		if _, err = j.Inspect(tok.Token); err != token.ErrInvalidToken {
+			t.Fatalf("Inspect returned %v error, expected %v", err, token.ErrInvalidToken)
+		}
+	})
+
+	t.Run("Invalid token", func(t *testing.T) {
+		_, err := j.Inspect("Invalid token")
+		if err != token.ErrInvalidToken {
+			t.Fatalf("Inspect returned %v error, expected %v", err, token.ErrInvalidToken)
+		}
+	})
+
+}
--- a/auth/token/jwt/test/sample_key
+++ b/auth/token/jwt/test/sample_key
@@ -0,0 +1 @@
+LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBOFNiSlA1WGJFaWRSbTViMnNOcExHbzJlV2ZVNU9KZTBpemdySHdEOEg3RjZQa1BkCi9SbDkvMXBNVjdNaU8zTEh3dGhIQzJCUllxcisxd0Zkb1pDR0JZckxhWHVYRnFLMHZ1WmhQcUUzYXpqdUlIUXUKMEJIL2xYUU1xeUVxRjVNSTJ6ZWpDNHpNenIxNU9OK2dFNEpuaXBqcC9DZGpPUEFEbUpHK0JKOXFlRS9RUGVtLwptVWRJVC9MYUY3a1F4eVlLNVZLbitOZ09Xek1sektBQXBDbjdUVEtCVWU4RlpHNldTWDdMVjBlTEdIc29pYnhsCm85akRqbFk1b0JPY3pmcWVOV0hLNUdYQjdRd3BMTmg5NDZQelpucW9hcFdVZStZL1JPaUhpekpUY3I1Wk1TTDUKd2xFcThoTmhtaG01Tk5lL08rR2dqQkROU2ZVaDA2K3E0bmdtYm1OWDVoODM4QmJqUmN5YzM2ZHd6NkpVK2R1bwpSdFFoZ2lZOTEwcFBmOWJhdVhXcXdVQ1VhNHFzSHpqS1IwTC9OMVhYQXlsQ0RqeWVnWnp6Y093MkNIOFNrZkZVCnJnTHJQYkVCOWVnY0drMzgrYnBLczNaNlJyNSt0bkQxQklQSUZHTGVJMFVPQzAreGlCdjBvenhJRE9GbldhOVUKVEdEeFV4OG9qOFZJZVJuV0RxNk1jMWlKcDhVeWNpQklUUnR3NGRabzcweG1mbmVJV3pyM0tTTmFoU29nSmRSMApsYVF6QXVQM2FpV1hJTXAyc2M4U2MrQmwrTGpYbUJveEJyYUJIaDlLa0pKRWNnQUZ3czJib2pDbEpPWXhvRi9YCmdGS1NzSW5IRHJIVk95V1BCZTNmYWRFYzc3YituYi9leE96cjFFcnhoR2c5akZtcmtPK3M0eEdodjZNQ0F3RUEKQVFLQ0FnRUFqUzc1Q2VvUlRRcUtBNzZaaFNiNGEzNVlKRENtcEpSazFsRTNKYnFzNFYxRnhXaDBjZmJYeG9VMgpSdTRRYjUrZWhsdWJGSFQ2a1BxdG9uRWhRVExjMUNmVE9WbHJOb3hocDVZM2ZyUmlQcnNnNXcwK1R3RUtrcFJUCnltanJQTXdQbGxCM2U0NmVaYmVXWGc3R3FFVmptMGcxVFRRK0tocVM4R0w3VGJlTFhRN1ZTem9ydTNCNVRKMVEKeEN6TVB0dnQ2eDYrU3JrcmhvZG1iT3VNRkpDam1TbWxmck9pZzQ4Zkc3NUpERHRObXpLWHBEUVJpYUNodFJhVQpQRHpmUTlTamhYdFFqdkZvWFFFT3BqdkZVRjR2WldNUWNQNUw1VklDM3JRSWp4MFNzQTN6S0FwakVUbjJHNjN2CktZby8zVWttbzhkUCtGRHA3NCs5a3pLNHFFaFJycEl3bEtiN0VOZWtDUXZqUFl1K3pyKzMyUXdQNTJ2L2FveWQKdjJJaUY3M2laTU1vZDhhYjJuQStyVEI2T0cvOVlSYk5kV21tay9VTi9jUHYrN214TmZ6Y1d1ZU1XcThxMXh4eAptNTNpR0NSQ29PQ1lDQk4zcUFkb1JwYW5xd3lCOUxrLzFCQjBHUld3MjgxK3VhNXNYRnZBVDBKeTVURnduMncvClU1MlJKWFlNOXVhMFBvd214b0RDUWRuNFZYVkdNZGdXaHN4aXhHRlYwOUZObWJJQWJaN0xaWGtkS1gzc1ZVbTcKWU1WYWIzVVo2bEhtdXYzT1NzcHNVUlRqN1hiRzZpaVVlaDU1aW91OENWbnRndWtFcnEzQTQwT05FVzhjNDBzOQphVTBGaSs4eWZpQTViaVZHLzF0bWlucUVERkhuQStnWk1xNEhlSkZxcWZxaEZKa1JwRGtDZ2dFQkFQeGR1NGNKCm5Da1duZDdPWFlHMVM3UDdkVWhRUzgwSDlteW9uZFc5bGFCQm84RWRPeTVTZzNOUmsxQ2pNZFZ1a3FMcjhJSnkKeStLWk15SVpvSlJvbllaMEtIUUVMR3ZLbzFOS2NLQ1FJbnYvWHVCdFJpRzBVb1pQNVkwN0RpRFBRQWpYUjlXUwpBc0EzMmQ1eEtFOC91Y3h0MjVQVzJFakNBUmtVeHQ5d0tKazN3bC9JdXVYRlExTDdDWjJsOVlFUjlHeWxUbzhNCmxXUEY3YndtUFV4UVNKaTNVS0FjTzZweTVUU1lkdWQ2aGpQeXJwSXByNU42VGpmTlRFWkVBeU9LbXVpOHVkUkoKMUg3T3RQVEhGZElKQjNrNEJnRDZtRE1HbjB2SXBLaDhZN3NtRUZBbFkvaXlCZjMvOHk5VHVMb1BycEdqR3RHbgp4Y2RpMHFud2p0SGFNbFVDZ2dFQkFQU2Z0dVFCQ2dTU2JLUSswUEFSR2VVeEQyTmlvZk1teENNTmdHUzJ5Ull3CjRGaGV4ZWkwMVJoaFk1NjE3UjduR1dzb0czd1RQa3dvRTJtbE1aQkoxeWEvUU9RRnQ3WG02OVl0RGh0T2FWbDgKL0o4dlVuSTBtWmxtT2pjTlRoYnVPZDlNSDlRdGxIRUMxMlhYdHJNb3Fsb0U2a05TT0pJalNxYm9wcDRXc1BqcApvZTZ0Nkdyd1RhOHBHeUJWWS90Mi85Ym5ORHVPVlpjODBaODdtY2gzcDNQclBqU3h5di9saGxYMFMwYUdHTkhTCk1XVjdUa25OaGo1TWlIRXFnZ1pZemtBWTkyd1JoVENnU1A2M0VNcitUWXFudXVuMXJHbndPYm95TDR2aFRpV0UKcU42UDNCTFlCZ1FpMllDTDludEJrOEl6RHZyd096dW5GVnhhZ0g5SVVoY0NnZ0VCQUwzQXlLa1BlOENWUmR6cQpzL284VkJDZmFSOFhhUGRnSGxTek1BSXZpNXEwNENqckRyMlV3MHZwTVdnM1hOZ0xUT3g5bFJpd3NrYk9SRmxHCmhhd3hRUWlBdkk0SE9WTlBTU0R1WHVNTG5USTQ0S0RFNlMrY2cxU0VMS2pWbDVqcDNFOEpkL1RJMVpLc0xBQUsKZTNHakM5UC9ZbE8xL21ndW4xNjVkWk01cFAwWHBPb2FaeFV2RHFFTktyekR0V1g0RngyOTZlUzdaSFJodFpCNwovQ2t1VUhlcmxrN2RDNnZzdWhTaTh2eTM3c0tPbmQ0K3c4cVM4czhZYVZxSDl3ZzVScUxxakp0bmJBUnc3alVDCm9KQ053M1hNdnc3clhaYzRTbnhVQUNMRGJNV2lLQy9xL1ZGWW9oTEs2WkpUVkJscWd5cjBSYzBRWmpDMlNJb0kKMjRwRWt3VUNnZ0VCQUpqb0FJVVNsVFY0WlVwaExXN3g4WkxPa01UWjBVdFFyd2NPR0hSYndPUUxGeUNGMVFWNQppejNiR2s4SmZyZHpVdk1sTmREZm9uQXVHTHhQa3VTVEUxWlg4L0xVRkJveXhyV3dvZ0cxaUtwME11QTV6em90CjROai9DbUtCQVkvWnh2anA5M2RFS21aZGxWQkdmeUFMeWpmTW5MWUovZXh5L09YSnhPUktZTUttSHg4M08zRWsKMWhvb0FwbTZabTIzMjRGME1iVU1ham5Idld2ZjhHZGJTNk5zcHd4L0dkbk1tYVMrdUJMVUhVMkNLbmc1bEIwVAp4OWJITmY0dXlPbTR0dXRmNzhCd1R5V3UreEdrVW0zZ2VZMnkvR1hqdDZyY2l1ajFGNzFDenZzcXFmZThTcDdJCnd6SHdxcTNzVHR5S2lCYTZuYUdEYWpNR1pKYSt4MVZJV204Q2dnRUJBT001ajFZR25Ba0pxR0czQWJSVDIvNUMKaVVxN0loYkswOGZsSGs5a2YwUlVjZWc0ZVlKY3dIRXJVaE4rdWQyLzE3MC81dDYra0JUdTVZOUg3bkpLREtESQpoeEg5SStyamNlVkR0RVNTRkluSXdDQ1lrOHhOUzZ0cHZMV1U5b0pibGFKMlZsalV2NGRFWGVQb0hkREh1Zk9ZClVLa0lsV2E3Uit1QzNEOHF5U1JrQnFLa3ZXZ1RxcFNmTVNkc1ZTeFIzU2Q4SVhFSHFjTDNUNEtMWGtYNEdEamYKMmZOSTFpZkx6ekhJMTN3Tk5IUTVRNU9SUC9pell2QzVzZkx4U2ZIUXJiMXJZVkpKWkI5ZjVBUjRmWFpHSVFsbApjMG8xd0JmZFlqMnZxVDlpR09IQnNSSTlSL2M2RzJQcUt3aFRpSzJVR2lmVFNEUVFuUkF6b2tpQVkrbE8vUjQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
--- a/auth/token/jwt/test/sample_key.pub
+++ b/auth/token/jwt/test/sample_key.pub
@@ -0,0 +1 @@
+LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE4U2JKUDVYYkVpZFJtNWIyc05wTApHbzJlV2ZVNU9KZTBpemdySHdEOEg3RjZQa1BkL1JsOS8xcE1WN01pTzNMSHd0aEhDMkJSWXFyKzF3RmRvWkNHCkJZckxhWHVYRnFLMHZ1WmhQcUUzYXpqdUlIUXUwQkgvbFhRTXF5RXFGNU1JMnplakM0ek16cjE1T04rZ0U0Sm4KaXBqcC9DZGpPUEFEbUpHK0JKOXFlRS9RUGVtL21VZElUL0xhRjdrUXh5WUs1VktuK05nT1d6TWx6S0FBcENuNwpUVEtCVWU4RlpHNldTWDdMVjBlTEdIc29pYnhsbzlqRGpsWTVvQk9jemZxZU5XSEs1R1hCN1F3cExOaDk0NlB6ClpucW9hcFdVZStZL1JPaUhpekpUY3I1Wk1TTDV3bEVxOGhOaG1obTVOTmUvTytHZ2pCRE5TZlVoMDYrcTRuZ20KYm1OWDVoODM4QmJqUmN5YzM2ZHd6NkpVK2R1b1J0UWhnaVk5MTBwUGY5YmF1WFdxd1VDVWE0cXNIempLUjBMLwpOMVhYQXlsQ0RqeWVnWnp6Y093MkNIOFNrZkZVcmdMclBiRUI5ZWdjR2szOCticEtzM1o2UnI1K3RuRDFCSVBJCkZHTGVJMFVPQzAreGlCdjBvenhJRE9GbldhOVVUR0R4VXg4b2o4VkllUm5XRHE2TWMxaUpwOFV5Y2lCSVRSdHcKNGRabzcweG1mbmVJV3pyM0tTTmFoU29nSmRSMGxhUXpBdVAzYWlXWElNcDJzYzhTYytCbCtMalhtQm94QnJhQgpIaDlLa0pKRWNnQUZ3czJib2pDbEpPWXhvRi9YZ0ZLU3NJbkhEckhWT3lXUEJlM2ZhZEVjNzdiK25iL2V4T3pyCjFFcnhoR2c5akZtcmtPK3M0eEdodjZNQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=
--- a/auth/token/options.go
+++ b/auth/token/options.go
@@ -0,0 +1,78 @@
+package token
+
+import (
+	"time"
+
+	"github.com/micro/go-micro/v2/store"
+)
+
+type Options struct {
+	// Store to persist the tokens
+	Store store.Store
+	// PublicKey base64 encoded, used by JWT
+	PublicKey string
+	// PrivateKey base64 encoded, used by JWT
+	PrivateKey string
+}
+
+type Option func(o *Options)
+
+// WithStore sets the token providers store
+func WithStore(s store.Store) Option {
+	return func(o *Options) {
+		o.Store = s
+	}
+}
+
+// WithPublicKey sets the JWT public key
+func WithPublicKey(key string) Option {
+	return func(o *Options) {
+		o.PublicKey = key
+	}
+}
+
+// WithPrivateKey sets the JWT private key
+func WithPrivateKey(key string) Option {
+	return func(o *Options) {
+		o.PrivateKey = key
+	}
+}
+
+func NewOptions(opts ...Option) Options {
+	var options Options
+	for _, o := range opts {
+		o(&options)
+	}
+	//set default store
+	if options.Store == nil {
+		options.Store = store.DefaultStore
+	}
+	return options
+}
+
+type GenerateOptions struct {
+	// Expiry for the token
+	Expiry time.Duration
+}
+
+type GenerateOption func(o *GenerateOptions)
+
+// WithExpiry for the generated account's token expires
+func WithExpiry(d time.Duration) GenerateOption {
+	return func(o *GenerateOptions) {
+		o.Expiry = d
+	}
+}
+
+// NewGenerateOptions from a slice of options
+func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
+	var options GenerateOptions
+	for _, o := range opts {
+		o(&options)
+	}
+	//set default Expiry of token
+	if options.Expiry == 0 {
+		options.Expiry = time.Minute * 15
+	}
+	return options
+}
--- a/auth/token/token.go
+++ b/auth/token/token.go
@@ -0,0 +1,33 @@
+package token
+
+import (
+	"errors"
+	"time"
+
+	"github.com/micro/go-micro/v2/auth"
+)
+
+var (
+	// ErrNotFound is returned when a token cannot be found
+	ErrNotFound = errors.New("token not found")
+	// ErrEncodingToken is returned when the service encounters an error during encoding
+	ErrEncodingToken = errors.New("error encoding the token")
+	// ErrInvalidToken is returned when the token provided is not valid
+	ErrInvalidToken = errors.New("invalid token provided")
+)
+
+// Provider generates and inspects tokens
+type Provider interface {
+	Generate(account *auth.Account, opts ...GenerateOption) (*Token, error)
+	Inspect(token string) (*auth.Account, error)
+	String() string
+}
+
+type Token struct {
+	// The actual token
+	Token string `json:"token"`
+	// Time of token creation
+	Created time.Time `json:"created"`
+	// Time of token expiry
+	Expiry time.Time `json:"expiry"`
+}
--- a/broker/broker.go
+++ b/broker/broker.go
@@ -28,6 +28,7 @@ type Event interface {
 	Topic() string
 	Message() *Message
 	Ack() error
+	Error() error
 }

 // Subscriber is a convenience return type for the Subscribe method
--- a/broker/default.go
+++ b/broker/default.go
@@ -1,475 +0,0 @@
-package broker
-
-import (
-	"context"
-	"errors"
-	"net"
-	"net/url"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/micro/go-micro/v2/codec/json"
-	log "github.com/micro/go-micro/v2/logger"
-	"github.com/micro/go-micro/v2/registry"
-	"github.com/micro/go-micro/v2/util/addr"
-	"github.com/nats-io/nats-server/v2/server"
-	nats "github.com/nats-io/nats.go"
-)
-
-type natsBroker struct {
-	sync.Once
-	sync.RWMutex
-
-	// indicate if we're connected
-	connected bool
-
-	// address to bind routes to
-	addrs []string
-	// servers for the client
-	servers []string
-
-	// client connection and nats opts
-	conn  *nats.Conn
-	opts  Options
-	nopts nats.Options
-
-	// should we drain the connection
-	drain   bool
-	closeCh chan (error)
-
-	// embedded server
-	server *server.Server
-	// configure to use local server
-	local bool
-	// server exit channel
-	exit chan bool
-}
-
-type subscriber struct {
-	s    *nats.Subscription
-	opts SubscribeOptions
-}
-
-type publication struct {
-	t string
-	m *Message
-}
-
-func (p *publication) Topic() string {
-	return p.t
-}
-
-func (p *publication) Message() *Message {
-	return p.m
-}
-
-func (p *publication) Ack() error {
-	// nats does not support acking
-	return nil
-}
-
-func (s *subscriber) Options() SubscribeOptions {
-	return s.opts
-}
-
-func (s *subscriber) Topic() string {
-	return s.s.Subject
-}
-
-func (s *subscriber) Unsubscribe() error {
-	return s.s.Unsubscribe()
-}
-
-func (n *natsBroker) Address() string {
-	n.RLock()
-	defer n.RUnlock()
-
-	if n.server != nil {
-		return n.server.ClusterAddr().String()
-	}
-
-	if n.conn != nil && n.conn.IsConnected() {
-		return n.conn.ConnectedUrl()
-	}
-
-	if len(n.addrs) > 0 {
-		return n.addrs[0]
-	}
-
-	return "127.0.0.1:-1"
-}
-
-func (n *natsBroker) setAddrs(addrs []string) []string {
-	//nolint:prealloc
-	var cAddrs []string
-	for _, addr := range addrs {
-		if len(addr) == 0 {
-			continue
-		}
-		if !strings.HasPrefix(addr, "nats://") {
-			addr = "nats://" + addr
-		}
-		cAddrs = append(cAddrs, addr)
-	}
-	// if there's no address and we weren't told to
-	// embed a local server then use the default url
-	if len(cAddrs) == 0 && !n.local {
-		cAddrs = []string{nats.DefaultURL}
-	}
-	return cAddrs
-}
-
-// serve stats a local nats server if needed
-func (n *natsBroker) serve(exit chan bool) error {
-	// local server address
-	host := "127.0.0.1"
-	port := -1
-
-	// cluster address
-	caddr := "0.0.0.0"
-	cport := -1
-
-	// with no address we just default it
-	// this is a local client address
-	if len(n.addrs) > 0 {
-		address := n.addrs[0]
-		if strings.HasPrefix(address, "nats://") {
-			address = strings.TrimPrefix(address, "nats://")
-		}
-
-		// parse out the address
-		h, p, err := net.SplitHostPort(address)
-		if err == nil {
-			caddr = h
-			cport, _ = strconv.Atoi(p)
-		}
-	}
-
-	// 1. create new server
-	// 2. register the server
-	// 3. connect to other servers
-
-	// set cluster opts
-	cOpts := server.ClusterOpts{
-		Host: caddr,
-		Port: cport,
-	}
-
-	// get the routes for other nodes
-	var routes []*url.URL
-
-	// get existing nats servers to connect to
-	services, err := n.opts.Registry.GetService("go.micro.nats.broker")
-	if err == nil {
-		for _, service := range services {
-			for _, node := range service.Nodes {
-				u, err := url.Parse("nats://" + node.Address)
-				if err != nil {
-					log.Info(err)
-					continue
-				}
-				// append to the cluster routes
-				routes = append(routes, u)
-			}
-		}
-	}
-
-	// try get existing server
-	s := n.server
-
-	if s != nil {
-		// stop the existing server
-		s.Shutdown()
-	}
-
-	s, err = server.NewServer(&server.Options{
-		// Specify the host
-		Host: host,
-		// Use a random port
-		Port: port,
-		// Set the cluster ops
-		Cluster: cOpts,
-		// Set the routes
-		Routes:         routes,
-		NoLog:          true,
-		NoSigs:         true,
-		MaxControlLine: 2048,
-		TLSConfig:      n.opts.TLSConfig,
-	})
-	if err != nil {
-		return err
-	}
-
-	// save the server
-	n.server = s
-
-	// start the server
-	go s.Start()
-
-	var ready bool
-
-	// wait till its ready for connections
-	for i := 0; i < 3; i++ {
-		if s.ReadyForConnections(time.Second) {
-			ready = true
-			break
-		}
-	}
-
-	if !ready {
-		return errors.New("server not ready")
-	}
-
-	// set the client address
-	n.servers = []string{s.ClientURL()}
-
-	go func() {
-		var advertise string
-
-		// parse out the address
-		_, port, err := net.SplitHostPort(s.ClusterAddr().String())
-		if err == nil {
-			addr, _ := addr.Extract("")
-			advertise = net.JoinHostPort(addr, port)
-		} else {
-			s.ClusterAddr().String()
-		}
-
-		// register the cluster address
-		for {
-			select {
-			case err := <-n.closeCh:
-				if err != nil {
-					log.Info(err)
-				}
-			case <-exit:
-				// deregister on exit
-				n.opts.Registry.Deregister(&registry.Service{
-					Name:    "go.micro.nats.broker",
-					Version: "v2",
-					Nodes: []*registry.Node{
-						{Id: s.ID(), Address: advertise},
-					},
-				})
-				s.Shutdown()
-				return
-			default:
-				// register the broker
-				n.opts.Registry.Register(&registry.Service{
-					Name:    "go.micro.nats.broker",
-					Version: "v2",
-					Nodes: []*registry.Node{
-						{Id: s.ID(), Address: advertise},
-					},
-				}, registry.RegisterTTL(time.Minute))
-				time.Sleep(time.Minute)
-			}
-		}
-	}()
-
-	return nil
-}
-
-func (n *natsBroker) Connect() error {
-	n.Lock()
-	defer n.Unlock()
-
-	if !n.connected {
-		// create exit chan
-		n.exit = make(chan bool)
-
-		// start the local server
-		if err := n.serve(n.exit); err != nil {
-			return err
-		}
-
-		// set to connected
-	}
-
-	status := nats.CLOSED
-	if n.conn != nil {
-		status = n.conn.Status()
-	}
-
-	switch status {
-	case nats.CONNECTED, nats.RECONNECTING, nats.CONNECTING:
-		return nil
-	default: // DISCONNECTED or CLOSED or DRAINING
-		opts := n.nopts
-		opts.DrainTimeout = 1 * time.Second
-		opts.AsyncErrorCB = n.onAsyncError
-		opts.DisconnectedErrCB = n.onDisconnectedError
-		opts.ClosedCB = n.onClose
-		opts.Servers = n.servers
-		opts.Secure = n.opts.Secure
-		opts.TLSConfig = n.opts.TLSConfig
-
-		// secure might not be set
-		if n.opts.TLSConfig != nil {
-			opts.Secure = true
-		}
-
-		c, err := opts.Connect()
-		if err != nil {
-			return err
-		}
-		n.conn = c
-
-		n.connected = true
-
-		return nil
-	}
-}
-
-func (n *natsBroker) Disconnect() error {
-	n.RLock()
-	defer n.RUnlock()
-
-	if !n.connected {
-		return nil
-	}
-
-	// drain the connection if specified
-	if n.drain {
-		n.conn.Drain()
-	}
-
-	// close the client connection
-	n.conn.Close()
-
-	// shutdown the local server
-	// and deregister
-	if n.server != nil {
-		select {
-		case <-n.exit:
-		default:
-			close(n.exit)
-		}
-	}
-
-	// set not connected
-	n.connected = false
-
-	return nil
-}
-
-func (n *natsBroker) Init(opts ...Option) error {
-	n.setOption(opts...)
-	return nil
-}
-
-func (n *natsBroker) Options() Options {
-	return n.opts
-}
-
-func (n *natsBroker) Publish(topic string, msg *Message, opts ...PublishOption) error {
-	b, err := n.opts.Codec.Marshal(msg)
-	if err != nil {
-		return err
-	}
-	n.RLock()
-	defer n.RUnlock()
-	return n.conn.Publish(topic, b)
-}
-
-func (n *natsBroker) Subscribe(topic string, handler Handler, opts ...SubscribeOption) (Subscriber, error) {
-	if n.conn == nil {
-		return nil, errors.New("not connected")
-	}
-
-	opt := SubscribeOptions{
-		AutoAck: true,
-		Context: context.Background(),
-	}
-
-	for _, o := range opts {
-		o(&opt)
-	}
-
-	fn := func(msg *nats.Msg) {
-		var m Message
-		if err := n.opts.Codec.Unmarshal(msg.Data, &m); err != nil {
-			return
-		}
-		handler(&publication{m: &m, t: msg.Subject})
-	}
-
-	var sub *nats.Subscription
-	var err error
-
-	n.RLock()
-	if len(opt.Queue) > 0 {
-		sub, err = n.conn.QueueSubscribe(topic, opt.Queue, fn)
-	} else {
-		sub, err = n.conn.Subscribe(topic, fn)
-	}
-	n.RUnlock()
-	if err != nil {
-		return nil, err
-	}
-	return &subscriber{s: sub, opts: opt}, nil
-}
-
-func (n *natsBroker) String() string {
-	return "eats"
-}
-
-func (n *natsBroker) setOption(opts ...Option) {
-	for _, o := range opts {
-		o(&n.opts)
-	}
-
-	n.Once.Do(func() {
-		n.nopts = nats.GetDefaultOptions()
-	})
-
-	// local embedded server
-	n.local = true
-	// set to drain
-	n.drain = true
-
-	if !n.opts.Secure {
-		n.opts.Secure = n.nopts.Secure
-	}
-
-	if n.opts.TLSConfig == nil {
-		n.opts.TLSConfig = n.nopts.TLSConfig
-	}
-
-	n.addrs = n.setAddrs(n.opts.Addrs)
-}
-
-func (n *natsBroker) onClose(conn *nats.Conn) {
-	n.closeCh <- nil
-}
-
-func (n *natsBroker) onDisconnectedError(conn *nats.Conn, err error) {
-	n.closeCh <- err
-}
-
-func (n *natsBroker) onAsyncError(conn *nats.Conn, sub *nats.Subscription, err error) {
-	// There are kinds of different async error nats might callback, but we are interested
-	// in ErrDrainTimeout only here.
-	if err == nats.ErrDrainTimeout {
-		n.closeCh <- err
-	}
-}
-
-func NewBroker(opts ...Option) Broker {
-	options := Options{
-		// Default codec
-		Codec:    json.Marshaler{},
-		Context:  context.Background(),
-		Registry: registry.DefaultRegistry,
-	}
-
-	n := &natsBroker{
-		opts:    options,
-		closeCh: make(chan error),
-	}
-	n.setOption(opts...)
-
-	return n
-}
--- a/broker/http.go
+++ b/broker/http.go
@@ -0,0 +1,711 @@
+// Package http provides a http based message broker
+package broker
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"math/rand"
+	"net"
+	"net/http"
+	"net/url"
+	"runtime"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/micro/go-micro/v2/codec/json"
+	merr "github.com/micro/go-micro/v2/errors"
+	"github.com/micro/go-micro/v2/registry"
+	"github.com/micro/go-micro/v2/registry/cache"
+	maddr "github.com/micro/go-micro/v2/util/addr"
+	mnet "github.com/micro/go-micro/v2/util/net"
+	mls "github.com/micro/go-micro/v2/util/tls"
+	"golang.org/x/net/http2"
+)
+
+// HTTP Broker is a point to point async broker
+type httpBroker struct {
+	id      string
+	address string
+	opts    Options
+
+	mux *http.ServeMux
+
+	c *http.Client
+	r registry.Registry
+
+	sync.RWMutex
+	subscribers map[string][]*httpSubscriber
+	running     bool
+	exit        chan chan error
+
+	// offline message inbox
+	mtx   sync.RWMutex
+	inbox map[string][][]byte
+}
+
+type httpSubscriber struct {
+	opts  SubscribeOptions
+	id    string
+	topic string
+	fn    Handler
+	svc   *registry.Service
+	hb    *httpBroker
+}
+
+type httpEvent struct {
+	m   *Message
+	t   string
+	err error
+}
+
+var (
+	DefaultPath      = "/"
+	DefaultAddress   = "127.0.0.1:0"
+	serviceName      = "micro.http.broker"
+	broadcastVersion = "ff.http.broadcast"
+	registerTTL      = time.Minute
+	registerInterval = time.Second * 30
+)
+
+func init() {
+	rand.Seed(time.Now().Unix())
+}
+
+func newTransport(config *tls.Config) *http.Transport {
+	if config == nil {
+		config = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
+	dialTLS := func(network string, addr string) (net.Conn, error) {
+		return tls.Dial(network, addr, config)
+	}
+
+	t := &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout: 10 * time.Second,
+		DialTLS:             dialTLS,
+	}
+	runtime.SetFinalizer(&t, func(tr **http.Transport) {
+		(*tr).CloseIdleConnections()
+	})
+
+	// setup http2
+	http2.ConfigureTransport(t)
+
+	return t
+}
+
+func newHttpBroker(opts ...Option) Broker {
+	options := Options{
+		Codec:    json.Marshaler{},
+		Context:  context.TODO(),
+		Registry: registry.DefaultRegistry,
+	}
+
+	for _, o := range opts {
+		o(&options)
+	}
+
+	// set address
+	addr := DefaultAddress
+
+	if len(options.Addrs) > 0 && len(options.Addrs[0]) > 0 {
+		addr = options.Addrs[0]
+	}
+
+	h := &httpBroker{
+		id:          uuid.New().String(),
+		address:     addr,
+		opts:        options,
+		r:           options.Registry,
+		c:           &http.Client{Transport: newTransport(options.TLSConfig)},
+		subscribers: make(map[string][]*httpSubscriber),
+		exit:        make(chan chan error),
+		mux:         http.NewServeMux(),
+		inbox:       make(map[string][][]byte),
+	}
+
+	// specify the message handler
+	h.mux.Handle(DefaultPath, h)
+
+	// get optional handlers
+	if h.opts.Context != nil {
+		handlers, ok := h.opts.Context.Value("http_handlers").(map[string]http.Handler)
+		if ok {
+			for pattern, handler := range handlers {
+				h.mux.Handle(pattern, handler)
+			}
+		}
+	}
+
+	return h
+}
+
+func (h *httpEvent) Ack() error {
+	return nil
+}
+
+func (h *httpEvent) Error() error {
+	return h.err
+}
+
+func (h *httpEvent) Message() *Message {
+	return h.m
+}
+
+func (h *httpEvent) Topic() string {
+	return h.t
+}
+
+func (h *httpSubscriber) Options() SubscribeOptions {
+	return h.opts
+}
+
+func (h *httpSubscriber) Topic() string {
+	return h.topic
+}
+
+func (h *httpSubscriber) Unsubscribe() error {
+	return h.hb.unsubscribe(h)
+}
+
+func (h *httpBroker) saveMessage(topic string, msg []byte) {
+	h.mtx.Lock()
+	defer h.mtx.Unlock()
+
+	// get messages
+	c := h.inbox[topic]
+
+	// save message
+	c = append(c, msg)
+
+	// max length 64
+	if len(c) > 64 {
+		c = c[:64]
+	}
+
+	// save inbox
+	h.inbox[topic] = c
+}
+
+func (h *httpBroker) getMessage(topic string, num int) [][]byte {
+	h.mtx.Lock()
+	defer h.mtx.Unlock()
+
+	// get messages
+	c, ok := h.inbox[topic]
+	if !ok {
+		return nil
+	}
+
+	// more message than requests
+	if len(c) >= num {
+		msg := c[:num]
+		h.inbox[topic] = c[num:]
+		return msg
+	}
+
+	// reset inbox
+	h.inbox[topic] = nil
+
+	// return all messages
+	return c
+}
+
+func (h *httpBroker) subscribe(s *httpSubscriber) error {
+	h.Lock()
+	defer h.Unlock()
+
+	if err := h.r.Register(s.svc, registry.RegisterTTL(registerTTL)); err != nil {
+		return err
+	}
+
+	h.subscribers[s.topic] = append(h.subscribers[s.topic], s)
+	return nil
+}
+
+func (h *httpBroker) unsubscribe(s *httpSubscriber) error {
+	h.Lock()
+	defer h.Unlock()
+
+	//nolint:prealloc
+	var subscribers []*httpSubscriber
+
+	// look for subscriber
+	for _, sub := range h.subscribers[s.topic] {
+		// deregister and skip forward
+		if sub == s {
+			_ = h.r.Deregister(sub.svc)
+			continue
+		}
+		// keep subscriber
+		subscribers = append(subscribers, sub)
+	}
+
+	// set subscribers
+	h.subscribers[s.topic] = subscribers
+
+	return nil
+}
+
+func (h *httpBroker) run(l net.Listener) {
+	t := time.NewTicker(registerInterval)
+	defer t.Stop()
+
+	for {
+		select {
+		// heartbeat for each subscriber
+		case <-t.C:
+			h.RLock()
+			for _, subs := range h.subscribers {
+				for _, sub := range subs {
+					_ = h.r.Register(sub.svc, registry.RegisterTTL(registerTTL))
+				}
+			}
+			h.RUnlock()
+		// received exit signal
+		case ch := <-h.exit:
+			ch <- l.Close()
+			h.RLock()
+			for _, subs := range h.subscribers {
+				for _, sub := range subs {
+					_ = h.r.Deregister(sub.svc)
+				}
+			}
+			h.RUnlock()
+			return
+		}
+	}
+}
+
+func (h *httpBroker) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	if req.Method != "POST" {
+		err := merr.BadRequest("go.micro.broker", "Method not allowed")
+		http.Error(w, err.Error(), http.StatusMethodNotAllowed)
+		return
+	}
+	defer req.Body.Close()
+
+	req.ParseForm()
+
+	b, err := ioutil.ReadAll(req.Body)
+	if err != nil {
+		errr := merr.InternalServerError("go.micro.broker", "Error reading request body: %v", err)
+		w.WriteHeader(500)
+		w.Write([]byte(errr.Error()))
+		return
+	}
+
+	var m *Message
+	if err = h.opts.Codec.Unmarshal(b, &m); err != nil {
+		errr := merr.InternalServerError("go.micro.broker", "Error parsing request body: %v", err)
+		w.WriteHeader(500)
+		w.Write([]byte(errr.Error()))
+		return
+	}
+
+	topic := m.Header["Micro-Topic"]
+	//delete(m.Header, ":topic")
+
+	if len(topic) == 0 {
+		errr := merr.InternalServerError("go.micro.broker", "Topic not found")
+		w.WriteHeader(500)
+		w.Write([]byte(errr.Error()))
+		return
+	}
+
+	p := &httpEvent{m: m, t: topic}
+	id := req.Form.Get("id")
+
+	//nolint:prealloc
+	var subs []Handler
+
+	h.RLock()
+	for _, subscriber := range h.subscribers[topic] {
+		if id != subscriber.id {
+			continue
+		}
+		subs = append(subs, subscriber.fn)
+	}
+	h.RUnlock()
+
+	// execute the handler
+	for _, fn := range subs {
+		p.err = fn(p)
+	}
+}
+
+func (h *httpBroker) Address() string {
+	h.RLock()
+	defer h.RUnlock()
+	return h.address
+}
+
+func (h *httpBroker) Connect() error {
+	h.RLock()
+	if h.running {
+		h.RUnlock()
+		return nil
+	}
+	h.RUnlock()
+
+	h.Lock()
+	defer h.Unlock()
+
+	var l net.Listener
+	var err error
+
+	if h.opts.Secure || h.opts.TLSConfig != nil {
+		config := h.opts.TLSConfig
+
+		fn := func(addr string) (net.Listener, error) {
+			if config == nil {
+				hosts := []string{addr}
+
+				// check if its a valid host:port
+				if host, _, err := net.SplitHostPort(addr); err == nil {
+					if len(host) == 0 {
+						hosts = maddr.IPs()
+					} else {
+						hosts = []string{host}
+					}
+				}
+
+				// generate a certificate
+				cert, err := mls.Certificate(hosts...)
+				if err != nil {
+					return nil, err
+				}
+				config = &tls.Config{Certificates: []tls.Certificate{cert}}
+			}
+			return tls.Listen("tcp", addr, config)
+		}
+
+		l, err = mnet.Listen(h.address, fn)
+	} else {
+		fn := func(addr string) (net.Listener, error) {
+			return net.Listen("tcp", addr)
+		}
+
+		l, err = mnet.Listen(h.address, fn)
+	}
+
+	if err != nil {
+		return err
+	}
+
+	addr := h.address
+	h.address = l.Addr().String()
+
+	go http.Serve(l, h.mux)
+	go func() {
+		h.run(l)
+		h.Lock()
+		h.opts.Addrs = []string{addr}
+		h.address = addr
+		h.Unlock()
+	}()
+
+	// get registry
+	reg := h.opts.Registry
+	if reg == nil {
+		reg = registry.DefaultRegistry
+	}
+	// set cache
+	h.r = cache.New(reg)
+
+	// set running
+	h.running = true
+	return nil
+}
+
+func (h *httpBroker) Disconnect() error {
+	h.RLock()
+	if !h.running {
+		h.RUnlock()
+		return nil
+	}
+	h.RUnlock()
+
+	h.Lock()
+	defer h.Unlock()
+
+	// stop cache
+	rc, ok := h.r.(cache.Cache)
+	if ok {
+		rc.Stop()
+	}
+
+	// exit and return err
+	ch := make(chan error)
+	h.exit <- ch
+	err := <-ch
+
+	// set not running
+	h.running = false
+	return err
+}
+
+func (h *httpBroker) Init(opts ...Option) error {
+	h.RLock()
+	if h.running {
+		h.RUnlock()
+		return errors.New("cannot init while connected")
+	}
+	h.RUnlock()
+
+	h.Lock()
+	defer h.Unlock()
+
+	for _, o := range opts {
+		o(&h.opts)
+	}
+
+	if len(h.opts.Addrs) > 0 && len(h.opts.Addrs[0]) > 0 {
+		h.address = h.opts.Addrs[0]
+	}
+
+	if len(h.id) == 0 {
+		h.id = "go.micro.http.broker-" + uuid.New().String()
+	}
+
+	// get registry
+	reg := h.opts.Registry
+	if reg == nil {
+		reg = registry.DefaultRegistry
+	}
+
+	// get cache
+	if rc, ok := h.r.(cache.Cache); ok {
+		rc.Stop()
+	}
+
+	// set registry
+	h.r = cache.New(reg)
+
+	// reconfigure tls config
+	if c := h.opts.TLSConfig; c != nil {
+		h.c = &http.Client{
+			Transport: newTransport(c),
+		}
+	}
+
+	return nil
+}
+
+func (h *httpBroker) Options() Options {
+	return h.opts
+}
+
+func (h *httpBroker) Publish(topic string, msg *Message, opts ...PublishOption) error {
+	// create the message first
+	m := &Message{
+		Header: make(map[string]string),
+		Body:   msg.Body,
+	}
+
+	for k, v := range msg.Header {
+		m.Header[k] = v
+	}
+
+	m.Header["Micro-Topic"] = topic
+
+	// encode the message
+	b, err := h.opts.Codec.Marshal(m)
+	if err != nil {
+		return err
+	}
+
+	// save the message
+	h.saveMessage(topic, b)
+
+	// now attempt to get the service
+	h.RLock()
+	s, err := h.r.GetService(serviceName)
+	if err != nil {
+		h.RUnlock()
+		return err
+	}
+	h.RUnlock()
+
+	pub := func(node *registry.Node, t string, b []byte) error {
+		scheme := "http"
+
+		// check if secure is added in metadata
+		if node.Metadata["secure"] == "true" {
+			scheme = "https"
+		}
+
+		vals := url.Values{}
+		vals.Add("id", node.Id)
+
+		uri := fmt.Sprintf("%s://%s%s?%s", scheme, node.Address, DefaultPath, vals.Encode())
+		r, err := h.c.Post(uri, "application/json", bytes.NewReader(b))
+		if err != nil {
+			return err
+		}
+
+		// discard response body
+		io.Copy(ioutil.Discard, r.Body)
+		r.Body.Close()
+		return nil
+	}
+
+	srv := func(s []*registry.Service, b []byte) {
+		for _, service := range s {
+			var nodes []*registry.Node
+
+			for _, node := range service.Nodes {
+				// only use nodes tagged with broker http
+				if node.Metadata["broker"] != "http" {
+					continue
+				}
+
+				// look for nodes for the topic
+				if node.Metadata["topic"] != topic {
+					continue
+				}
+
+				nodes = append(nodes, node)
+			}
+
+			// only process if we have nodes
+			if len(nodes) == 0 {
+				continue
+			}
+
+			switch service.Version {
+			// broadcast version means broadcast to all nodes
+			case broadcastVersion:
+				var success bool
+
+				// publish to all nodes
+				for _, node := range nodes {
+					// publish async
+					if err := pub(node, topic, b); err == nil {
+						success = true
+					}
+				}
+
+				// save if it failed to publish at least once
+				if !success {
+					h.saveMessage(topic, b)
+				}
+			default:
+				// select node to publish to
+				node := nodes[rand.Int()%len(nodes)]
+
+				// publish async to one node
+				if err := pub(node, topic, b); err != nil {
+					// if failed save it
+					h.saveMessage(topic, b)
+				}
+			}
+		}
+	}
+
+	// do the rest async
+	go func() {
+		// get a third of the backlog
+		messages := h.getMessage(topic, 8)
+		delay := (len(messages) > 1)
+
+		// publish all the messages
+		for _, msg := range messages {
+			// serialize here
+			srv(s, msg)
+
+			// sending a backlog of messages
+			if delay {
+				time.Sleep(time.Millisecond * 100)
+			}
+		}
+	}()
+
+	return nil
+}
+
+func (h *httpBroker) Subscribe(topic string, handler Handler, opts ...SubscribeOption) (Subscriber, error) {
+	var err error
+	var host, port string
+	options := NewSubscribeOptions(opts...)
+
+	// parse address for host, port
+	host, port, err = net.SplitHostPort(h.Address())
+	if err != nil {
+		return nil, err
+	}
+
+	addr, err := maddr.Extract(host)
+	if err != nil {
+		return nil, err
+	}
+
+	var secure bool
+
+	if h.opts.Secure || h.opts.TLSConfig != nil {
+		secure = true
+	}
+
+	// register service
+	node := &registry.Node{
+		Id:      topic + "-" + h.id,
+		Address: mnet.HostPort(addr, port),
+		Metadata: map[string]string{
+			"secure": fmt.Sprintf("%t", secure),
+			"broker": "http",
+			"topic":  topic,
+		},
+	}
+
+	// check for queue group or broadcast queue
+	version := options.Queue
+	if len(version) == 0 {
+		version = broadcastVersion
+	}
+
+	service := &registry.Service{
+		Name:    serviceName,
+		Version: version,
+		Nodes:   []*registry.Node{node},
+	}
+
+	// generate subscriber
+	subscriber := &httpSubscriber{
+		opts:  options,
+		hb:    h,
+		id:    node.Id,
+		topic: topic,
+		fn:    handler,
+		svc:   service,
+	}
+
+	// subscribe now
+	if err := h.subscribe(subscriber); err != nil {
+		return nil, err
+	}
+
+	// return the subscriber
+	return subscriber, nil
+}
+
+func (h *httpBroker) String() string {
+	return "http"
+}
+
+// NewBroker returns a new http broker
+func NewBroker(opts ...Option) Broker {
+	return newHttpBroker(opts...)
+}
--- a/broker/http/http.go
+++ b/broker/http/http.go
@@ -0,0 +1,11 @@
+// Package http provides a http based message broker
+package http
+
+import (
+	"github.com/micro/go-micro/v2/broker"
+)
+
+// NewBroker returns a new http broker
+func NewBroker(opts ...broker.Option) broker.Broker {
+	return broker.NewBroker(opts...)
+}
--- a/broker/http/options.go
+++ b/broker/http/options.go
@@ -0,0 +1,23 @@
+package http
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/micro/go-micro/v2/broker"
+)
+
+// Handle registers the handler for the given pattern.
+func Handle(pattern string, handler http.Handler) broker.Option {
+	return func(o *broker.Options) {
+		if o.Context == nil {
+			o.Context = context.Background()
+		}
+		handlers, ok := o.Context.Value("http_handlers").(map[string]http.Handler)
+		if !ok {
+			handlers = make(map[string]http.Handler)
+		}
+		handlers[pattern] = handler
+		o.Context = context.WithValue(o.Context, "http_handlers", handlers)
+	}
+}
--- a/broker/http_test.go
+++ b/broker/http_test.go
@@ -0,0 +1,384 @@
+package broker_test
+
+import (
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/micro/go-micro/v2/broker"
+	"github.com/micro/go-micro/v2/registry"
+	"github.com/micro/go-micro/v2/registry/memory"
+)
+
+var (
+	// mock data
+	testData = map[string][]*registry.Service{
+		"foo": {
+			{
+				Name:    "foo",
+				Version: "1.0.0",
+				Nodes: []*registry.Node{
+					{
+						Id:      "foo-1.0.0-123",
+						Address: "localhost:9999",
+					},
+					{
+						Id:      "foo-1.0.0-321",
+						Address: "localhost:9999",
+					},
+				},
+			},
+			{
+				Name:    "foo",
+				Version: "1.0.1",
+				Nodes: []*registry.Node{
+					{
+						Id:      "foo-1.0.1-321",
+						Address: "localhost:6666",
+					},
+				},
+			},
+			{
+				Name:    "foo",
+				Version: "1.0.3",
+				Nodes: []*registry.Node{
+					{
+						Id:      "foo-1.0.3-345",
+						Address: "localhost:8888",
+					},
+				},
+			},
+		},
+	}
+)
+
+func newTestRegistry() registry.Registry {
+	return memory.NewRegistry(memory.Services(testData))
+}
+
+func sub(be *testing.B, c int) {
+	be.StopTimer()
+	m := newTestRegistry()
+
+	b := broker.NewBroker(broker.Registry(m))
+	topic := uuid.New().String()
+
+	if err := b.Init(); err != nil {
+		be.Fatalf("Unexpected init error: %v", err)
+	}
+
+	if err := b.Connect(); err != nil {
+		be.Fatalf("Unexpected connect error: %v", err)
+	}
+
+	msg := &broker.Message{
+		Header: map[string]string{
+			"Content-Type": "application/json",
+		},
+		Body: []byte(`{"message": "Hello World"}`),
+	}
+
+	var subs []broker.Subscriber
+	done := make(chan bool, c)
+
+	for i := 0; i < c; i++ {
+		sub, err := b.Subscribe(topic, func(p broker.Event) error {
+			done <- true
+			m := p.Message()
+
+			if string(m.Body) != string(msg.Body) {
+				be.Fatalf("Unexpected msg %s, expected %s", string(m.Body), string(msg.Body))
+			}
+
+			return nil
+		}, broker.Queue("shared"))
+		if err != nil {
+			be.Fatalf("Unexpected subscribe error: %v", err)
+		}
+		subs = append(subs, sub)
+	}
+
+	for i := 0; i < be.N; i++ {
+		be.StartTimer()
+		if err := b.Publish(topic, msg); err != nil {
+			be.Fatalf("Unexpected publish error: %v", err)
+		}
+		<-done
+		be.StopTimer()
+	}
+
+	for _, sub := range subs {
+		sub.Unsubscribe()
+	}
+
+	if err := b.Disconnect(); err != nil {
+		be.Fatalf("Unexpected disconnect error: %v", err)
+	}
+}
+
+func pub(be *testing.B, c int) {
+	be.StopTimer()
+	m := newTestRegistry()
+	b := broker.NewBroker(broker.Registry(m))
+	topic := uuid.New().String()
+
+	if err := b.Init(); err != nil {
+		be.Fatalf("Unexpected init error: %v", err)
+	}
+
+	if err := b.Connect(); err != nil {
+		be.Fatalf("Unexpected connect error: %v", err)
+	}
+
+	msg := &broker.Message{
+		Header: map[string]string{
+			"Content-Type": "application/json",
+		},
+		Body: []byte(`{"message": "Hello World"}`),
+	}
+
+	done := make(chan bool, c*4)
+
+	sub, err := b.Subscribe(topic, func(p broker.Event) error {
+		done <- true
+		m := p.Message()
+		if string(m.Body) != string(msg.Body) {
+			be.Fatalf("Unexpected msg %s, expected %s", string(m.Body), string(msg.Body))
+		}
+		return nil
+	}, broker.Queue("shared"))
+	if err != nil {
+		be.Fatalf("Unexpected subscribe error: %v", err)
+	}
+
+	var wg sync.WaitGroup
+	ch := make(chan int, c*4)
+	be.StartTimer()
+
+	for i := 0; i < c; i++ {
+		go func() {
+			for range ch {
+				if err := b.Publish(topic, msg); err != nil {
+					be.Fatalf("Unexpected publish error: %v", err)
+				}
+				select {
+				case <-done:
+				case <-time.After(time.Second):
+				}
+				wg.Done()
+			}
+		}()
+	}
+
+	for i := 0; i < be.N; i++ {
+		wg.Add(1)
+		ch <- i
+	}
+
+	wg.Wait()
+	be.StopTimer()
+	sub.Unsubscribe()
+	close(ch)
+	close(done)
+
+	if err := b.Disconnect(); err != nil {
+		be.Fatalf("Unexpected disconnect error: %v", err)
+	}
+}
+
+func TestBroker(t *testing.T) {
+	m := newTestRegistry()
+	b := broker.NewBroker(broker.Registry(m))
+
+	if err := b.Init(); err != nil {
+		t.Fatalf("Unexpected init error: %v", err)
+	}
+
+	if err := b.Connect(); err != nil {
+		t.Fatalf("Unexpected connect error: %v", err)
+	}
+
+	msg := &broker.Message{
+		Header: map[string]string{
+			"Content-Type": "application/json",
+		},
+		Body: []byte(`{"message": "Hello World"}`),
+	}
+
+	done := make(chan bool)
+
+	sub, err := b.Subscribe("test", func(p broker.Event) error {
+		m := p.Message()
+
+		if string(m.Body) != string(msg.Body) {
+			t.Fatalf("Unexpected msg %s, expected %s", string(m.Body), string(msg.Body))
+		}
+
+		close(done)
+		return nil
+	})
+	if err != nil {
+		t.Fatalf("Unexpected subscribe error: %v", err)
+	}
+
+	if err := b.Publish("test", msg); err != nil {
+		t.Fatalf("Unexpected publish error: %v", err)
+	}
+
+	<-done
+	sub.Unsubscribe()
+
+	if err := b.Disconnect(); err != nil {
+		t.Fatalf("Unexpected disconnect error: %v", err)
+	}
+}
+
+func TestConcurrentSubBroker(t *testing.T) {
+	m := newTestRegistry()
+	b := broker.NewBroker(broker.Registry(m))
+
+	if err := b.Init(); err != nil {
+		t.Fatalf("Unexpected init error: %v", err)
+	}
+
+	if err := b.Connect(); err != nil {
+		t.Fatalf("Unexpected connect error: %v", err)
+	}
+
+	msg := &broker.Message{
+		Header: map[string]string{
+			"Content-Type": "application/json",
+		},
+		Body: []byte(`{"message": "Hello World"}`),
+	}
+
+	var subs []broker.Subscriber
+	var wg sync.WaitGroup
+
+	for i := 0; i < 10; i++ {
+		sub, err := b.Subscribe("test", func(p broker.Event) error {
+			defer wg.Done()
+
+			m := p.Message()
+
+			if string(m.Body) != string(msg.Body) {
+				t.Fatalf("Unexpected msg %s, expected %s", string(m.Body), string(msg.Body))
+			}
+
+			return nil
+		})
+		if err != nil {
+			t.Fatalf("Unexpected subscribe error: %v", err)
+		}
+
+		wg.Add(1)
+		subs = append(subs, sub)
+	}
+
+	if err := b.Publish("test", msg); err != nil {
+		t.Fatalf("Unexpected publish error: %v", err)
+	}
+
+	wg.Wait()
+
+	for _, sub := range subs {
+		sub.Unsubscribe()
+	}
+
+	if err := b.Disconnect(); err != nil {
+		t.Fatalf("Unexpected disconnect error: %v", err)
+	}
+}
+
+func TestConcurrentPubBroker(t *testing.T) {
+	m := newTestRegistry()
+	b := broker.NewBroker(broker.Registry(m))
+
+	if err := b.Init(); err != nil {
+		t.Fatalf("Unexpected init error: %v", err)
+	}
+
+	if err := b.Connect(); err != nil {
+		t.Fatalf("Unexpected connect error: %v", err)
+	}
+
+	msg := &broker.Message{
+		Header: map[string]string{
+			"Content-Type": "application/json",
+		},
+		Body: []byte(`{"message": "Hello World"}`),
+	}
+
+	var wg sync.WaitGroup
+
+	sub, err := b.Subscribe("test", func(p broker.Event) error {
+		defer wg.Done()
+
+		m := p.Message()
+
+		if string(m.Body) != string(msg.Body) {
+			t.Fatalf("Unexpected msg %s, expected %s", string(m.Body), string(msg.Body))
+		}
+
+		return nil
+	})
+	if err != nil {
+		t.Fatalf("Unexpected subscribe error: %v", err)
+	}
+
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+
+		if err := b.Publish("test", msg); err != nil {
+			t.Fatalf("Unexpected publish error: %v", err)
+		}
+	}
+
+	wg.Wait()
+
+	sub.Unsubscribe()
+
+	if err := b.Disconnect(); err != nil {
+		t.Fatalf("Unexpected disconnect error: %v", err)
+	}
+}
+
+func BenchmarkSub1(b *testing.B) {
+	sub(b, 1)
+}
+func BenchmarkSub8(b *testing.B) {
+	sub(b, 8)
+}
+
+func BenchmarkSub32(b *testing.B) {
+	sub(b, 32)
+}
+
+func BenchmarkSub64(b *testing.B) {
+	sub(b, 64)
+}
+
+func BenchmarkSub128(b *testing.B) {
+	sub(b, 128)
+}
+
+func BenchmarkPub1(b *testing.B) {
+	pub(b, 1)
+}
+
+func BenchmarkPub8(b *testing.B) {
+	pub(b, 8)
+}
+
+func BenchmarkPub32(b *testing.B) {
+	pub(b, 32)
+}
+
+func BenchmarkPub64(b *testing.B) {
+	pub(b, 64)
+}
+
+func BenchmarkPub128(b *testing.B) {
+	pub(b, 128)
+}
--- a/broker/memory/memory.go
+++ b/broker/memory/memory.go
@@ -2,6 +2,7 @@
 package memory

 import (
+	"context"
 	"errors"
 	"math/rand"
 	"sync"
@@ -9,6 +10,7 @@ import (

 	"github.com/google/uuid"
 	"github.com/micro/go-micro/v2/broker"
+	"github.com/micro/go-micro/v2/logger"
 	maddr "github.com/micro/go-micro/v2/util/addr"
 	mnet "github.com/micro/go-micro/v2/util/net"
 )
@@ -23,8 +25,10 @@ type memoryBroker struct {
 }

 type memoryEvent struct {
+	opts    broker.Options
 	topic   string
-	message *broker.Message
+	err     error
+	message interface{}
 }

 type memorySubscriber struct {
@@ -51,7 +55,8 @@ func (m *memoryBroker) Connect() error {
 		return nil
 	}

-	addr, err := maddr.Extract("::")
+	// use 127.0.0.1 to avoid scan of all network interfaces
+	addr, err := maddr.Extract("127.0.0.1")
 	if err != nil {
 		return err
 	}
@@ -85,7 +90,7 @@ func (m *memoryBroker) Init(opts ...broker.Option) error {
 	return nil
 }

-func (m *memoryBroker) Publish(topic string, message *broker.Message, opts ...broker.PublishOption) error {
+func (m *memoryBroker) Publish(topic string, msg *broker.Message, opts ...broker.PublishOption) error {
 	m.RLock()
 	if !m.connected {
 		m.RUnlock()
@@ -98,13 +103,30 @@ func (m *memoryBroker) Publish(topic string, message *broker.Message, opts ...br
 		return nil
 	}

+	var v interface{}
+	if m.opts.Codec != nil {
+		buf, err := m.opts.Codec.Marshal(msg)
+		if err != nil {
+			return err
+		}
+		v = buf
+	} else {
+		v = msg
+	}
+
 	p := &memoryEvent{
 		topic:   topic,
-		message: message,
+		message: v,
+		opts:    m.opts,
 	}

 	for _, sub := range subs {
 		if err := sub.handler(p); err != nil {
+			p.err = err
+			if eh := m.opts.ErrorHandler; eh != nil {
+				eh(p)
+				continue
+			}
 			return err
 		}
 	}
@@ -163,13 +185,31 @@ func (m *memoryEvent) Topic() string {
 }

 func (m *memoryEvent) Message() *broker.Message {
-	return m.message
+	switch v := m.message.(type) {
+	case *broker.Message:
+		return v
+	case []byte:
+		msg := &broker.Message{}
+		if err := m.opts.Codec.Unmarshal(v, msg); err != nil {
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Errorf("[memory]: failed to unmarshal: %v\n", err)
+			}
+			return nil
+		}
+		return msg
+	}
+
+	return nil
 }

 func (m *memoryEvent) Ack() error {
 	return nil
 }

+func (m *memoryEvent) Error() error {
+	return m.err
+}
+
 func (m *memorySubscriber) Options() broker.SubscribeOptions {
 	return m.opts
 }
@@ -184,7 +224,10 @@ func (m *memorySubscriber) Unsubscribe() error {
 }

 func NewBroker(opts ...broker.Option) broker.Broker {
-	var options broker.Options
+	options := broker.Options{
+		Context: context.Background(),
+	}
+
 	rand.Seed(time.Now().UnixNano())
 	for _, o := range opts {
 		o(&options)
--- a/broker/nats/nats.go
+++ b/broker/nats/nats.go
@@ -4,19 +4,13 @@ package nats
 import (
 	"context"
 	"errors"
-	"net"
-	"net/url"
-	"strconv"
 	"strings"
 	"sync"
-	"time"

 	"github.com/micro/go-micro/v2/broker"
 	"github.com/micro/go-micro/v2/codec/json"
-	log "github.com/micro/go-micro/v2/logger"
+	"github.com/micro/go-micro/v2/logger"
 	"github.com/micro/go-micro/v2/registry"
-	"github.com/micro/go-micro/v2/util/addr"
-	"github.com/nats-io/nats-server/v2/server"
 	nats "github.com/nats-io/nats.go"
 )

@@ -35,13 +29,6 @@ type natsBroker struct {
 	// should we drain the connection
 	drain   bool
 	closeCh chan (error)
-
-	// embedded server
-	server *server.Server
-	// configure to use local server
-	local bool
-	// server exit channel
-	exit chan bool
 }

 type subscriber struct {
@@ -50,8 +37,9 @@ type subscriber struct {
 }

 type publication struct {
-	t string
-	m *broker.Message
+	t   string
+	err error
+	m   *broker.Message
 }

 func (p *publication) Topic() string {
@@ -67,6 +55,10 @@ func (p *publication) Ack() error {
 	return nil
 }

+func (p *publication) Error() error {
+	return p.err
+}
+
 func (s *subscriber) Options() broker.SubscribeOptions {
 	return s.opts
 }
@@ -103,184 +95,18 @@ func (n *natsBroker) setAddrs(addrs []string) []string {
 		}
 		cAddrs = append(cAddrs, addr)
 	}
-	// if there's no address and we weren't told to
-	// embed a local server then use the default url
-	if len(cAddrs) == 0 && !n.local {
+	if len(cAddrs) == 0 {
 		cAddrs = []string{nats.DefaultURL}
 	}
 	return cAddrs
 }

-// serve stats a local nats server if needed
-func (n *natsBroker) serve(exit chan bool) error {
-	var host string
-	var port int
-	var local bool
-
-	// with no address we just default it
-	// this is a local client address
-	if len(n.addrs) == 0 {
-		// find an advertiseable ip
-		if h, err := addr.Extract(""); err != nil {
-			host = "127.0.0.1"
-		} else {
-			host = h
-		}
-
-		port = -1
-		local = true
-	} else {
-		address := n.addrs[0]
-		if strings.HasPrefix(address, "nats://") {
-			address = strings.TrimPrefix(address, "nats://")
-		}
-
-		// check if its a local address and only then embed
-		if addr.IsLocal(address) {
-			h, p, err := net.SplitHostPort(address)
-			if err == nil {
-				host = h
-				port, _ = strconv.Atoi(p)
-				local = true
-			}
-		}
-	}
-
-	// we only setup a server for local things
-	if !local {
-		return nil
-	}
-
-	// 1. create new server
-	// 2. register the server
-	// 3. connect to other servers
-	var cOpts server.ClusterOpts
-	var routes []*url.URL
-
-	// get existing nats servers to connect to
-	services, err := n.opts.Registry.GetService("go.micro.nats.broker")
-	if err == nil {
-		for _, service := range services {
-			for _, node := range service.Nodes {
-				u, err := url.Parse("nats://" + node.Address)
-				if err != nil {
-					log.Error(err)
-					continue
-				}
-				// append to the cluster routes
-				routes = append(routes, u)
-			}
-		}
-	}
-
-	// try get existing server
-	s := n.server
-
-	// get a host address
-	caddr, err := addr.Extract("")
-	if err != nil {
-		caddr = "0.0.0.0"
-	}
-
-	// set cluster opts
-	cOpts = server.ClusterOpts{
-		Host: caddr,
-		Port: -1,
-	}
-
-	if s == nil {
-		var err error
-		s, err = server.NewServer(&server.Options{
-			// Specify the host
-			Host: host,
-			// Use a random port
-			Port: port,
-			// Set the cluster ops
-			Cluster: cOpts,
-			// Set the routes
-			Routes:         routes,
-			NoLog:          true,
-			NoSigs:         true,
-			MaxControlLine: 2048,
-			TLSConfig:      n.opts.TLSConfig,
-		})
-		if err != nil {
-			return err
-		}
-
-		// save the server
-		n.server = s
-	}
-
-	// start the server
-	go s.Start()
-
-	var ready bool
-
-	// wait till its ready for connections
-	for i := 0; i < 3; i++ {
-		if s.ReadyForConnections(time.Second) {
-			ready = true
-			break
-		}
-	}
-
-	if !ready {
-		return errors.New("server not ready")
-	}
-
-	// set the client address
-	n.addrs = []string{s.ClientURL()}
-
-	go func() {
-		// register the cluster address
-		for {
-			select {
-			case <-exit:
-				// deregister on exit
-				n.opts.Registry.Deregister(&registry.Service{
-					Name:    "go.micro.nats.broker",
-					Version: "v2",
-					Nodes: []*registry.Node{
-						{Id: s.ID(), Address: s.ClusterAddr().String()},
-					},
-				})
-				s.Shutdown()
-				return
-			default:
-				// register the broker
-				n.opts.Registry.Register(&registry.Service{
-					Name:    "go.micro.nats.broker",
-					Version: "v2",
-					Nodes: []*registry.Node{
-						{Id: s.ID(), Address: s.ClusterAddr().String()},
-					},
-				}, registry.RegisterTTL(time.Minute))
-				time.Sleep(time.Minute)
-			}
-		}
-	}()
-
-	return nil
-}
-
 func (n *natsBroker) Connect() error {
 	n.Lock()
 	defer n.Unlock()

-	if !n.connected {
-		// create exit chan
-		n.exit = make(chan bool)
-
-		// start embedded server if asked to
-		if n.local {
-			if err := n.serve(n.exit); err != nil {
-				return err
-			}
-		}
-
-		// set to connected
-		n.connected = true
+	if n.connected {
+		return nil
 	}

 	status := nats.CLOSED
@@ -290,6 +116,7 @@ func (n *natsBroker) Connect() error {

 	switch status {
 	case nats.CONNECTED, nats.RECONNECTING, nats.CONNECTING:
+		n.connected = true
 		return nil
 	default: // DISCONNECTED or CLOSED or DRAINING
 		opts := n.nopts
@@ -307,13 +134,14 @@ func (n *natsBroker) Connect() error {
 			return err
 		}
 		n.conn = c
+		n.connected = true
 		return nil
 	}
 }

 func (n *natsBroker) Disconnect() error {
-	n.RLock()
-	defer n.RUnlock()
+	n.Lock()
+	defer n.Unlock()

 	// drain the connection if specified
 	if n.drain {
@@ -324,16 +152,6 @@ func (n *natsBroker) Disconnect() error {
 	// close the client connection
 	n.conn.Close()

-	// shutdown the local server
-	// and deregister
-	if n.server != nil {
-		select {
-		case <-n.exit:
-		default:
-			close(n.exit)
-		}
-	}
-
 	// set not connected
 	n.connected = false

@@ -350,19 +168,27 @@ func (n *natsBroker) Options() broker.Options {
 }

 func (n *natsBroker) Publish(topic string, msg *broker.Message, opts ...broker.PublishOption) error {
+	n.RLock()
+	defer n.RUnlock()
+
+	if n.conn == nil {
+		return errors.New("not connected")
+	}
+
 	b, err := n.opts.Codec.Marshal(msg)
 	if err != nil {
 		return err
 	}
-	n.RLock()
-	defer n.RUnlock()
 	return n.conn.Publish(topic, b)
 }

 func (n *natsBroker) Subscribe(topic string, handler broker.Handler, opts ...broker.SubscribeOption) (broker.Subscriber, error) {
+	n.RLock()
 	if n.conn == nil {
+		n.RUnlock()
 		return nil, errors.New("not connected")
 	}
+	n.RUnlock()

 	opt := broker.SubscribeOptions{
 		AutoAck: true,
@@ -375,10 +201,30 @@ func (n *natsBroker) Subscribe(topic string, handler broker.Handler, opts ...bro

 	fn := func(msg *nats.Msg) {
 		var m broker.Message
-		if err := n.opts.Codec.Unmarshal(msg.Data, &m); err != nil {
+		pub := &publication{t: msg.Subject}
+		eh := n.opts.ErrorHandler
+		err := n.opts.Codec.Unmarshal(msg.Data, &m)
+		pub.err = err
+		pub.m = &m
+		if err != nil {
+			m.Body = msg.Data
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Error(err)
+			}
+			if eh != nil {
+				eh(pub)
+			}
 			return
 		}
-		handler(&publication{m: &m, t: msg.Subject})
+		if err := handler(pub); err != nil {
+			pub.err = err
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Error(err)
+			}
+			if eh != nil {
+				eh(pub)
+			}
+		}
 	}

 	var sub *nats.Subscription
@@ -414,15 +260,10 @@ func (n *natsBroker) setOption(opts ...broker.Option) {
 		n.nopts = nopts
 	}

-	local, ok := n.opts.Context.Value(localServerKey{}).(bool)
-	if ok {
-		n.local = local
-	}
-
 	// broker.Options have higher priority than nats.Options
 	// only if Addrs, Secure or TLSConfig were not set through a broker.Option
 	// we read them from nats.Option
-	if len(n.opts.Addrs) == 0 && !n.local {
+	if len(n.opts.Addrs) == 0 {
 		n.opts.Addrs = n.nopts.Servers
 	}

--- a/broker/nats/options.go
+++ b/broker/nats/options.go
@@ -7,18 +7,12 @@ import (

 type optionsKey struct{}
 type drainConnectionKey struct{}
-type localServerKey struct{}

 // Options accepts nats.Options
 func Options(opts nats.Options) broker.Option {
 	return setBrokerOption(optionsKey{}, opts)
 }

-// LocalServer embeds a local server rather than connecting to one
-func LocalServer() broker.Option {
-	return setBrokerOption(localServerKey{}, true)
-}
-
 // DrainConnection will drain subscription on close
 func DrainConnection() broker.Option {
 	return setBrokerOption(drainConnectionKey{}, struct{}{})
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBOFNiSlA1WGJFaWRSbTViMnNOcExHbzJlV2ZVNU9KZTBpemdySHdEOEg3RjZQa1BkCi9SbDkvMXBNVjdNaU8zTEh3dGhIQzJCUllxcisxd0Zkb1pDR0JZckxhWHVYRnFLMHZ1WmhQcUUzYXpqdUlIUXUKMEJIL2xYUU1xeUVxRjVNSTJ6ZWpDNHpNenIxNU9OK2dFNEpuaXBqcC9DZGpPUEFEbUpHK0JKOXFlRS9RUGVtLwptVWRJVC9MYUY3a1F4eVlLNVZLbitOZ09Xek1sektBQXBDbjdUVEtCVWU4RlpHNldTWDdMVjBlTEdIc29pYnhsCm85akRqbFk1b0JPY3pmcWVOV0hLNUdYQjdRd3BMTmg5NDZQelpucW9hcFdVZStZL1JPaUhpekpUY3I1Wk1TTDUKd2xFcThoTmhtaG01Tk5lL08rR2dqQkROU2ZVaDA2K3E0bmdtYm1OWDVoODM4QmJqUmN5YzM2ZHd6NkpVK2R1bwpSdFFoZ2lZOTEwcFBmOWJhdVhXcXdVQ1VhNHFzSHpqS1IwTC9OMVhYQXlsQ0RqeWVnWnp6Y093MkNIOFNrZkZVCnJnTHJQYkVCOWVnY0drMzgrYnBLczNaNlJyNSt0bkQxQklQSUZHTGVJMFVPQzAreGlCdjBvenhJRE9GbldhOVUKVEdEeFV4OG9qOFZJZVJuV0RxNk1jMWlKcDhVeWNpQklUUnR3NGRabzcweG1mbmVJV3pyM0tTTmFoU29nSmRSMApsYVF6QXVQM2FpV1hJTXAyc2M4U2MrQmwrTGpYbUJveEJyYUJIaDlLa0pKRWNnQUZ3czJib2pDbEpPWXhvRi9YCmdGS1NzSW5IRHJIVk95V1BCZTNmYWRFYzc3YituYi9leE96cjFFcnhoR2c5akZtcmtPK3M0eEdodjZNQ0F3RUEKQVFLQ0FnRUFqUzc1Q2VvUlRRcUtBNzZaaFNiNGEzNVlKRENtcEpSazFsRTNKYnFzNFYxRnhXaDBjZmJYeG9VMgpSdTRRYjUrZWhsdWJGSFQ2a1BxdG9uRWhRVExjMUNmVE9WbHJOb3hocDVZM2ZyUmlQcnNnNXcwK1R3RUtrcFJUCnltanJQTXdQbGxCM2U0NmVaYmVXWGc3R3FFVmptMGcxVFRRK0tocVM4R0w3VGJlTFhRN1ZTem9ydTNCNVRKMVEKeEN6TVB0dnQ2eDYrU3JrcmhvZG1iT3VNRkpDam1TbWxmck9pZzQ4Zkc3NUpERHRObXpLWHBEUVJpYUNodFJhVQpQRHpmUTlTamhYdFFqdkZvWFFFT3BqdkZVRjR2WldNUWNQNUw1VklDM3JRSWp4MFNzQTN6S0FwakVUbjJHNjN2CktZby8zVWttbzhkUCtGRHA3NCs5a3pLNHFFaFJycEl3bEtiN0VOZWtDUXZqUFl1K3pyKzMyUXdQNTJ2L2FveWQKdjJJaUY3M2laTU1vZDhhYjJuQStyVEI2T0cvOVlSYk5kV21tay9VTi9jUHYrN214TmZ6Y1d1ZU1XcThxMXh4eAptNTNpR0NSQ29PQ1lDQk4zcUFkb1JwYW5xd3lCOUxrLzFCQjBHUld3MjgxK3VhNXNYRnZBVDBKeTVURnduMncvClU1MlJKWFlNOXVhMFBvd214b0RDUWRuNFZYVkdNZGdXaHN4aXhHRlYwOUZObWJJQWJaN0xaWGtkS1gzc1ZVbTcKWU1WYWIzVVo2bEhtdXYzT1NzcHNVUlRqN1hiRzZpaVVlaDU1aW91OENWbnRndWtFcnEzQTQwT05FVzhjNDBzOQphVTBGaSs4eWZpQTViaVZHLzF0bWlucUVERkhuQStnWk1xNEhlSkZxcWZxaEZKa1JwRGtDZ2dFQkFQeGR1NGNKCm5Da1duZDdPWFlHMVM3UDdkVWhRUzgwSDlteW9uZFc5bGFCQm84RWRPeTVTZzNOUmsxQ2pNZFZ1a3FMcjhJSnkKeStLWk15SVpvSlJvbllaMEtIUUVMR3ZLbzFOS2NLQ1FJbnYvWHVCdFJpRzBVb1pQNVkwN0RpRFBRQWpYUjlXUwpBc0EzMmQ1eEtFOC91Y3h0MjVQVzJFakNBUmtVeHQ5d0tKazN3bC9JdXVYRlExTDdDWjJsOVlFUjlHeWxUbzhNCmxXUEY3YndtUFV4UVNKaTNVS0FjTzZweTVUU1lkdWQ2aGpQeXJwSXByNU42VGpmTlRFWkVBeU9LbXVpOHVkUkoKMUg3T3RQVEhGZElKQjNrNEJnRDZtRE1HbjB2SXBLaDhZN3NtRUZBbFkvaXlCZjMvOHk5VHVMb1BycEdqR3RHbgp4Y2RpMHFud2p0SGFNbFVDZ2dFQkFQU2Z0dVFCQ2dTU2JLUSswUEFSR2VVeEQyTmlvZk1teENNTmdHUzJ5Ull3CjRGaGV4ZWkwMVJoaFk1NjE3UjduR1dzb0czd1RQa3dvRTJtbE1aQkoxeWEvUU9RRnQ3WG02OVl0RGh0T2FWbDgKL0o4dlVuSTBtWmxtT2pjTlRoYnVPZDlNSDlRdGxIRUMxMlhYdHJNb3Fsb0U2a05TT0pJalNxYm9wcDRXc1BqcApvZTZ0Nkdyd1RhOHBHeUJWWS90Mi85Ym5ORHVPVlpjODBaODdtY2gzcDNQclBqU3h5di9saGxYMFMwYUdHTkhTCk1XVjdUa25OaGo1TWlIRXFnZ1pZemtBWTkyd1JoVENnU1A2M0VNcitUWXFudXVuMXJHbndPYm95TDR2aFRpV0UKcU42UDNCTFlCZ1FpMllDTDludEJrOEl6RHZyd096dW5GVnhhZ0g5SVVoY0NnZ0VCQUwzQXlLa1BlOENWUmR6cQpzL284VkJDZmFSOFhhUGRnSGxTek1BSXZpNXEwNENqckRyMlV3MHZwTVdnM1hOZ0xUT3g5bFJpd3NrYk9SRmxHCmhhd3hRUWlBdkk0SE9WTlBTU0R1WHVNTG5USTQ0S0RFNlMrY2cxU0VMS2pWbDVqcDNFOEpkL1RJMVpLc0xBQUsKZTNHakM5UC9ZbE8xL21ndW4xNjVkWk01cFAwWHBPb2FaeFV2RHFFTktyekR0V1g0RngyOTZlUzdaSFJodFpCNwovQ2t1VUhlcmxrN2RDNnZzdWhTaTh2eTM3c0tPbmQ0K3c4cVM4czhZYVZxSDl3ZzVScUxxakp0bmJBUnc3alVDCm9KQ053M1hNdnc3clhaYzRTbnhVQUNMRGJNV2lLQy9xL1ZGWW9oTEs2WkpUVkJscWd5cjBSYzBRWmpDMlNJb0kKMjRwRWt3VUNnZ0VCQUpqb0FJVVNsVFY0WlVwaExXN3g4WkxPa01UWjBVdFFyd2NPR0hSYndPUUxGeUNGMVFWNQppejNiR2s4SmZyZHpVdk1sTmREZm9uQXVHTHhQa3VTVEUxWlg4L0xVRkJveXhyV3dvZ0cxaUtwME11QTV6em90CjROai9DbUtCQVkvWnh2anA5M2RFS21aZGxWQkdmeUFMeWpmTW5MWUovZXh5L09YSnhPUktZTUttSHg4M08zRWsKMWhvb0FwbTZabTIzMjRGME1iVU1ham5Idld2ZjhHZGJTNk5zcHd4L0dkbk1tYVMrdUJMVUhVMkNLbmc1bEIwVAp4OWJITmY0dXlPbTR0dXRmNzhCd1R5V3UreEdrVW0zZ2VZMnkvR1hqdDZyY2l1ajFGNzFDenZzcXFmZThTcDdJCnd6SHdxcTNzVHR5S2lCYTZuYUdEYWpNR1pKYSt4MVZJV204Q2dnRUJBT001ajFZR25Ba0pxR0czQWJSVDIvNUMKaVVxN0loYkswOGZsSGs5a2YwUlVjZWc0ZVlKY3dIRXJVaE4rdWQyLzE3MC81dDYra0JUdTVZOUg3bkpLREtESQpoeEg5SStyamNlVkR0RVNTRkluSXdDQ1lrOHhOUzZ0cHZMV1U5b0pibGFKMlZsalV2NGRFWGVQb0hkREh1Zk9ZClVLa0lsV2E3Uit1QzNEOHF5U1JrQnFLa3ZXZ1RxcFNmTVNkc1ZTeFIzU2Q4SVhFSHFjTDNUNEtMWGtYNEdEamYKMmZOSTFpZkx6ekhJMTN3Tk5IUTVRNU9SUC9pell2QzVzZkx4U2ZIUXJiMXJZVkpKWkI5ZjVBUjRmWFpHSVFsbApjMG8xd0JmZFlqMnZxVDlpR09IQnNSSTlSL2M2RzJQcUt3aFRpSzJVR2lmVFNEUVFuUkF6b2tpQVkrbE8vUjQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
				`@@ -0,0 +1 @@`
				LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE4U2JKUDVYYkVpZFJtNWIyc05wTApHbzJlV2ZVNU9KZTBpemdySHdEOEg3RjZQa1BkL1JsOS8xcE1WN01pTzNMSHd0aEhDMkJSWXFyKzF3RmRvWkNHCkJZckxhWHVYRnFLMHZ1WmhQcUUzYXpqdUlIUXUwQkgvbFhRTXF5RXFGNU1JMnplakM0ek16cjE1T04rZ0U0Sm4KaXBqcC9DZGpPUEFEbUpHK0JKOXFlRS9RUGVtL21VZElUL0xhRjdrUXh5WUs1VktuK05nT1d6TWx6S0FBcENuNwpUVEtCVWU4RlpHNldTWDdMVjBlTEdIc29pYnhsbzlqRGpsWTVvQk9jemZxZU5XSEs1R1hCN1F3cExOaDk0NlB6ClpucW9hcFdVZStZL1JPaUhpekpUY3I1Wk1TTDV3bEVxOGhOaG1obTVOTmUvTytHZ2pCRE5TZlVoMDYrcTRuZ20KYm1OWDVoODM4QmJqUmN5YzM2ZHd6NkpVK2R1b1J0UWhnaVk5MTBwUGY5YmF1WFdxd1VDVWE0cXNIempLUjBMLwpOMVhYQXlsQ0RqeWVnWnp6Y093MkNIOFNrZkZVcmdMclBiRUI5ZWdjR2szOCticEtzM1o2UnI1K3RuRDFCSVBJCkZHTGVJMFVPQzAreGlCdjBvenhJRE9GbldhOVVUR0R4VXg4b2o4VkllUm5XRHE2TWMxaUpwOFV5Y2lCSVRSdHcKNGRabzcweG1mbmVJV3pyM0tTTmFoU29nSmRSMGxhUXpBdVAzYWlXWElNcDJzYzhTYytCbCtMalhtQm94QnJhQgpIaDlLa0pKRWNnQUZ3czJib2pDbEpPWXhvRi9YZ0ZLU3NJbkhEckhWT3lXUEJlM2ZhZEVjNzdiK25iL2V4T3pyCjFFcnhoR2c5akZtcmtPK3M0eEdodjZNQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=