diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag
index e52746e9df..59c142ff2c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag
@@ -23,7 +23,7 @@ var uri = request.getRequestURI();
 var uriMatcher = new URIMatcher(String(uri));
 
 var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
-var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
+var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];
 
 function appendQueryParam (url, queryParam , value) {
     if (url.indexOf("?") > 0) {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag
index 1a163d76e4..a1d496f174 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag
@@ -26,7 +26,7 @@ var deviceModule = require("/app/modules/device.js").deviceModule;
 var utility = require("/app/modules/utility.js").utility;
 var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
 var userModule = require("/app/modules/user.js").userModule;
-var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
+var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];
 
 var user = session.get(constants.USER_SESSION_KEY);
 var result;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag
index d5f9bb2628..46ac2913f5 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/group-api.jag
@@ -24,7 +24,7 @@ var log = new Log("api/device-api.jag");
 var constants = require("/app/modules/constants.js");
 var utility = require("/app/modules/utility.js").utility;
 var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
-var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
+var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];
 
 var user = session.get(constants.USER_SESSION_KEY);
 var result;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag
index 6fa133523e..29da7a76b9 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag
@@ -24,7 +24,7 @@ var uriMatcher = new URIMatcher(String(uri));
 
 var constants = require("/app/modules/constants.js");
 var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
-var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
+var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];
 
 if (uriMatcher.match("/{context}/api/invoker/execute/")) {
     var restAPIRequestDetails = request.getContent();
@@ -97,8 +97,8 @@ if (uriMatcher.match("/{context}/api/invoker/execute/")) {
                 break;
         }
     } catch (e) {
-        log.error("Exception occurred while trying to access backend " +
-            "REST API services from Jaggery API invoker layer", e);
+        throw new Error("Exception occurred while trying to access " +
+                "backend REST API services from Jaggery API invoker layer", e);
     }
 }
 %>
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag
index 46b4595b66..a08a662588 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag
@@ -22,7 +22,7 @@ var uriMatcher = new URIMatcher(String(uri));
 
 var log = new Log("api/operation-api.jag");
 
-var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
+var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];
 var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
 
 if (uriMatcher.match("/{context}/api/operation/paginate")) {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag
index 45210346bb..557d4f5a77 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/token.jag
@@ -21,7 +21,7 @@
  @Deprecated - new
  */
 
-// var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"];
+// var apiWrapperUtil = require("/app/modules/token-handlers.js")["handlers"];
 // var tokenCookie = apiWrapperUtil.refreshToken();
 // print(tokenCookie);
 %>
\ No newline at end of file
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag
index cab3d3a32f..a797c2f3fa 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag
@@ -27,7 +27,7 @@ var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
 var userModule = require("/app/modules/user.js").userModule;
 var deviceModule = require("/app/modules/device.js").deviceModule;
 var utility = require("/app/modules/utility.js").utility;
-var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"];
+var apiWrapperUtil = require("/app/modules/token-handlers.js")["handlers"];
 var util = require("/app/modules/util.js").util;
 
 var responseProcessor = require('utils').response;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
index 8c732e33cd..ad95aa01d6 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json
@@ -1,68 +1,89 @@
 {
-  "appContext" : "/devicemgt/",
-  "webAgentContext" : "/devicemgt-web-agent/",
-  "apiContext" : "api",
-  "httpsURL" : "https://localhost:8243",
-  "httpURL" : "%http.ip%",
-  "httpsWebURL" : "%https.ip%",
-  "wssURL" : "%https.ip%",
-  "wsURL" : "%http.ip%",
-  "dashboardserverURL" : "%https.ip%",
-  "enrollmentDir": "/emm-web-agent/enrollment",
-  "iOSConfigRoot" : "%https.ip%/ios-enrollment/",
-  "iOSAPIRoot" : "%https.ip%/ios/",
-  "dynamicClientRegistrationEndPoint" : "https://localhost:8243/dynamic-client-web/register/",
-  "adminService":"%https.ip%",
-  "idPServer":"https://localhost:8243",
-  "callBackUrl":"%https.ip%/devicemgt_admin",
-  "adminUser":"admin@carbon.super",
-  "adminRole":"admin",
-  "usernameLength":30,
-  "ssoConfiguration" : {
-    "enabled" : false,
-    "issuer" : "devicemgt",
-    "appName" : "devicemgt",
-    "identityProviderURL" : "%https.ip%/sso/samlsso.jag",
-    "responseSigningEnabled" : "true",
-    "keyStorePassword" : "wso2carbon",
-    "identityAlias" : "wso2carbon",
-    "keyStoreName" : "/repository/resources/security/wso2carbon.jks"
-  },
-  "userValidationConfig" : {
-    "usernameJSRegEx" : "^[\\S]{3,30}$",
-    "usernameRegExViolationErrorMsg" : "Provided username is invalid.",
-    "usernameHelpMsg" : "Should be in minimum 3 characters long and do not include any whitespaces.",
-    "firstnameJSRegEx" : "^[\\S]{3,30}$",
-    "firstnameRegExViolationErrorMsg" : "Provided first name is invalid.",
-    "lastnameJSRegEx" : "^[\\S]{3,30}$",
-    "lastnameRegExViolationErrorMsg" : "Provided last name is invalid.",
-    "emailJSRegEx" : "/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/",
-    "emailRegExViolationErrorMsg" : "Provided email is invalid."
-  },
-  "groupValidationConfig": {
-    "groupNameJSRegEx": "^[\\S]{3,30}$",
-    "groupNameRegExViolationErrorMsg": "Provided group name is invalid.",
-    "groupNameHelpMsg": "Should be in minimum 3 characters long and should not include any whitespaces."
-  },
-  "roleValidationConfig" : {
-    "rolenameJSRegEx" : "^[\\S]{3,30}$",
-    "rolenameRegExViolationErrorMsg" : "Provided role name is invalid.",
-    "rolenameHelpMsg" : "should be in minimum 3 characters long and do not include any whitespaces."
-  },
-  "generalConfig" : {
-    "host" : "https://localhost:9443",
-    "companyName" : "WSO2 Carbon Device Manager",
-    "browserTitle" : "WSO2 Device Manager",
-    "copyrightPrefix" : "\u00A9 %date-year%, ",
-    "copyrightOwner" : "WSO2 Inc.",
-    "copyrightOwnersSite" : "http://www.wso2.org",
-    "copyrightSuffix" : " All Rights Reserved."
-  },
-  "scopes" : ["license-add", "license-view", "device-view", "device-info", "device-list", "device-view-own",
-    "device-modify", "device-search", "operation-install", "operation-view", "operation-modify", "operation-uninstall",
-    "group-add", "group-share", "group-modify", "group-view", "group-remove", "certificate-modify", "certificate-view",
-    "configuration-view", "configuration-modify", "policy-view", "policy-modify", "device-notification-view",
-    "device-notification-modify", "feature-view", "arduino_device", "arduino_user", " android_sense_user",
-    "virtual_firealarm_user", "raspberrypi_user", "roles-view", "roles-modify", "roles-remove", "roles-add",
-    "user-password-reset", "user-password-modify", "user-modify", "user-view", "user-invite", "user-remove", "user-add"]
+    "appContext": "/emm/",
+    "webAgentContext" : "/emm-web-agent/",
+    "apiContext": "api",
+    "httpsURL" : "%https.ip%",
+    "httpURL" : "%http.ip%",
+    "httpsWebURL" : "%https.ip%",
+    "wssURL" : "%https.ip%",
+    "wsURL" : "%http.ip%",
+    "dashboardServerURL" : "%https.ip%",
+    "enrollmentDir": "/emm-web-agent/enrollment",
+    "iOSConfigRoot" : "%https.ip%/ios-enrollment/",
+    "iOSAPIRoot" : "%https.ip%/ios/",
+    "adminService": "%https.ip%",
+    "oauthProvider": {
+        "appRegistration": {
+            "appType": "webapp",
+            "clientName": "emm",
+            "owner": "admin@carbon.super",
+            "dynamicClientAppRegistrationServiceURL": "%https.ip%/dynamic-client-web/register",
+            "apiManagerClientAppRegistrationServiceURL": "%https.ip%/api-application-registration/register/tenants",
+            "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer",
+            "tokenScope": "admin",
+            "callbackUrl": "%https.ip%/api/device-mgt/v1.0"
+        },
+        "tokenServiceURL": "%https.ip%/oauth2/token"
+    },
+    "adminUser":"admin@carbon.super",
+    "adminRole":"admin",
+    "usernameLength":30,
+    "pageSize":10,
+    "ssoConfiguration" : {
+        "enabled" : false,
+        "issuer" : "devicemgt",
+        "appName" : "devicemgt",
+        "identityProviderURL" : "%https.ip%/sso/samlsso.jag",
+        "responseSigningEnabled" : "true",
+        "keyStorePassword" : "wso2carbon",
+        "identityAlias" : "wso2carbon",
+        "keyStoreName" : "/repository/resources/security/wso2carbon.jks"
+    },
+    "userValidationConfig" : {
+        "usernameJSRegEx" : "^[\\S]{3,30}$",
+        "usernameRegExViolationErrorMsg" : "Provided username is invalid.",
+        "usernameHelpMsg" : "Should be in minimum 3 characters long and do not include any whitespaces.",
+        "firstnameJSRegEx" : "^[\\S]{3,30}$",
+        "firstnameRegExViolationErrorMsg" : "Provided first name is invalid.",
+        "lastnameJSRegEx" : "^[\\S]{3,30}$",
+        "lastnameRegExViolationErrorMsg" : "Provided last name is invalid.",
+        "emailJSRegEx" : "/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/",
+        "emailRegExViolationErrorMsg" : "Provided email is invalid."
+    },
+    "groupValidationConfig": {
+        "groupNameJSRegEx": "^[\\S]{3,30}$",
+        "groupNameRegExViolationErrorMsg": "Provided group name is invalid.",
+        "groupNameHelpMsg": "Should be in minimum 3 characters long and should not include any whitespaces."
+    },
+    "roleValidationConfig" : {
+        "roleNameJSRegEx" : "^[\\S]{3,30}$",
+        "roleNameRegExViolationErrorMsg" : "Provided role name is invalid.",
+        "roleNameHelpMsg" : "should be in minimum 3 characters long and do not include any whitespaces."
+    },
+    "generalConfig" : {
+        "host" : "https://localhost:9443",
+        "companyName" : "WSO2 Carbon Device Manager",
+        "browserTitle" : "WSO2 Device Manager",
+        "copyrightPrefix" : "\u00A9 %date-year%, ",
+        "copyrightOwner" : "WSO2 Inc.",
+        "copyrightOwnersSite" : "http://www.wso2.org",
+        "copyrightSuffix" : " All Rights Reserved."
+    },
+    "scopes" : [
+        "license-add", "license-view", "device-view",
+        "device-info", "device-list", "device-view-own", "device-modify", "device-search",
+        "operation-install", "operation-view", "operation-modify", "operation-uninstall",
+        "group-add", "group-share", "group-modify", "group-view", "group-remove",
+        "certificate-modify", "certificate-view",
+        "configuration-view", "configuration-modify",
+        "policy-view", "policy-modify",
+        "device-notification-view", "device-notification-modify",
+        "feature-view",
+        "roles-view", "roles-modify", "roles-remove", "roles-add",
+        "user-password-reset", "user-password-modify", "user-modify", "user-view", "user-invite", "user-remove", "user-add"
+    ],
+    "isOAuthEnabled" : true,
+    "backendRestEndpoints" : {
+        "deviceMgt" : "/api/device-mgt/v1.0"
+    }
 }
\ No newline at end of file
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js
index 464093343d..d6f24bd913 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/device.js
@@ -23,7 +23,7 @@ deviceModule = function () {
     var utility = require('/app/modules/utility.js').utility;
     var constants = require('/app/modules/constants.js');
     var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
-    var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
+    var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];
 
     var ArrayList = Packages.java.util.ArrayList;
     var Properties = Packages.java.util.Properties;
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js
index 61bfe9f4b7..06b8dcbf3d 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/group.js
@@ -24,7 +24,7 @@ var groupModule = {};
     var constants = require('/app/modules/constants.js');
     var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
     var utility = require("/app/modules/utility.js").utility;
-    var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
+    var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];
 
     var groupServiceEndpoint = devicemgtProps["httpsURL"] + constants.ADMIN_SERVICE_CONTEXT + "/groups";
 
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/invoker-request-wrapper.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/invoker-request-wrapper.js
index d191b1868d..cc88752ada 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/invoker-request-wrapper.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/invoker-request-wrapper.js
@@ -26,7 +26,7 @@
 //var invokerRequestWrapper = function () {
 //
 //    var constants = require("/modules/constants.js");
-//    var serviceInvokers = require("/modules/backend-service-invoker.js").backendServiceInvoker;
+//    var serviceInvokers = require("/modules/token-protected-service-invokers.js").backendServiceInvoker;
 //
 //    var publicWrappers = [];
 //
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
index 429a6b9c1c..d282333644 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
@@ -24,7 +24,7 @@ var onFail;
     var constants = require("/app/modules/constants.js");
     onSuccess = function (context) {
         var utility = require("/app/modules/utility.js").utility;
-        var apiWrapperUtil = require("/app/modules/api-wrapper-util.js")["handlers"];
+        var apiWrapperUtil = require("/app/modules/token-handlers.js")["handlers"];
         if (context.input.samlToken) {
             apiWrapperUtil.setupAccessTokenPairBySamlGrantType(context.input.username, context.input.samlToken);
         } else {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js
index 981a58f5ce..dac693543b 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/operation.js
@@ -21,7 +21,7 @@ var operationModule = function () {
     var utility = require('/app/modules/utility.js').utility;
     var constants = require('/app/modules/constants.js');
     var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
-    var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];;
+    var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];;
 
     var publicMethods = {};
     var privateMethods = {};
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js
index a46ce90b7c..60e53b3ae3 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/policy.js
@@ -26,7 +26,7 @@ policyModule = function () {
     var constants = require('/app/modules/constants.js');
     var utility = require("/app/modules/utility.js")["utility"];
     var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
-    var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
+    var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];
 
     var publicMethods = {};
     var privateMethods = {};
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-handlers.js
similarity index 91%
rename from components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js
rename to components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-handlers.js
index 02df5fb3a1..8883cd6eed 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/api-wrapper-util.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-handlers.js
@@ -17,11 +17,10 @@
  */
 
 /**
- * ----------------------------------------------------------------------------
- * Following module includes invokers
- * at Jaggery Layer for calling Backend Services, protected by OAuth Tokens.
- * These Services include both REST and SOAP Services.
- * ----------------------------------------------------------------------------
+ * -----------------------------------------------------
+ * Following module includes handlers
+ * at Jaggery Layer for handling OAuth tokens.
+ * -----------------------------------------------------
  */
 var handlers = function () {
     var log = new Log("/app/modules/token-handlers.js");
@@ -39,19 +38,20 @@ var handlers = function () {
                 "client credentials to session context. No username is found as " +
                 "input - setUpEncodedTenantBasedClientCredentials(x)");
         } else {
-            var dynamicClientCredentials = tokenUtil.getDynamicClientCredentials();
+            var dynamicClientCredentials = tokenUtil.getDynamicClientAppCredentials();
             if (!dynamicClientCredentials) {
                 throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant based " +
                     "client credentials to session context as the server is unable to obtain " +
                     "dynamic client credentials - setUpEncodedTenantBasedClientCredentials(x)");
             } else {
-                var jwtToken = tokenUtil.getTokenWithJWTGrantType(dynamicClientCredentials);
+                var jwtToken = tokenUtil.getAccessTokenByJWTGrantType(dynamicClientCredentials);
                 if (!jwtToken) {
                     throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant based " +
                         "client credentials to session context as the server is unable to obtain " +
                         "a jwt token - setUpEncodedTenantBasedClientCredentials(x)");
                 } else {
-                    var tenantBasedClientCredentials = tokenUtil.getTenantBasedAppCredentials(username, jwtToken);
+                    var tenantBasedClientCredentials = tokenUtil.
+                        getTenantBasedClientAppCredentials(username, jwtToken);
                     if (!tenantBasedClientCredentials) {
                         throw new Error("{/app/modules/token-handlers.js} Could not set up encoded tenant " +
                             "based client credentials to session context as the server is unable " +
@@ -89,7 +89,7 @@ var handlers = function () {
                     stringOfScopes += entry + " ";
                 });
                 accessTokenPair = tokenUtil.
-                    getTokenWithPasswordGrantType(username,
+                    getAccessTokenByPasswordGrantType(username,
                     encodeURIComponent(password), encodedClientCredentials, stringOfScopes);
                 if (!accessTokenPair) {
                     throw new Error("{/app/modules/token-handlers.js} Could not set up access " +
@@ -119,7 +119,7 @@ var handlers = function () {
                 var accessTokenPair;
                 // accessTokenPair will include current access token as well as current refresh token
                 accessTokenPair = tokenUtil.
-                    getTokenWithSAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION");
+                    getAccessTokenBySAMLGrantType(samlToken, encodedClientCredentials, "PRODUCTION");
                 if (!accessTokenPair) {
                     throw new Error("{/app/modules/token-handlers.js} Could not set up access token " +
                         "pair by password grant type. Error in token " +
@@ -141,7 +141,7 @@ var handlers = function () {
                 "token pair, encoded client credentials or both input are not found under " +
                 "session context - refreshToken()");
         } else {
-            var newAccessTokenPair = tokenUtil.refreshToken(accessTokenPair, encodedClientCredentials);
+            var newAccessTokenPair = tokenUtil.refreshToken(accessTokenPair["refreshToken"], encodedClientCredentials);
             if (!newAccessTokenPair) {
                 log.error("{/app/modules/token-handlers.js} Error in refreshing tokens. Unable to update " +
                     "session context with new access token pair - refreshToken()");
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-protected-service-invokers.js
similarity index 99%
rename from components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js
rename to components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-protected-service-invokers.js
index 5fd0277d5d..f4688327c7 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/token-protected-service-invokers.js
@@ -24,7 +24,7 @@
  * ----------------------------------------------------------------------------
  */
 var invokers = function () {
-    var log = new Log("/app/modules/backend-service-invoker.js");
+    var log = new Log("/app/modules/token-protected-service-invokers.js");
 
     var publicXMLHTTPInvokers = {};
     var publicHTTPClientInvokers = {};
@@ -38,7 +38,7 @@ var invokers = function () {
     var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
     var constants = require("/app/modules/constants.js");
     var userModule = require("/app/modules/user.js")["userModule"];
-    var tokenUtil = require("/app/modules/api-wrapper-util.js")["handlers"];
+    var tokenUtil = require("/app/modules/token-handlers.js")["handlers"];
 
     /**
      * This method reads the token pair from the session and return the access token.
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js
index b2c840aae8..0cf67c3213 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/user.js
@@ -25,7 +25,7 @@ var userModule = function () {
     var constants = require("/app/modules/constants.js");
     var utility = require("/app/modules/utility.js")["utility"];
     var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
-    var serviceInvokers = require("/app/modules/backend-service-invoker.js")["invokers"];
+    var serviceInvokers = require("/app/modules/token-protected-service-invokers.js")["invokers"];
 
     /* Initializing user manager */
     var carbon = require("carbon");
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js
index d1afc795d3..f9b6bb77b7 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/util.js
@@ -1,226 +1,285 @@
 /*
- * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
  *
  * WSO2 Inc. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License.
  * You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 
 var util = function () {
     var log = new Log("/app/modules/util.js");
-    var module = {};
+
+    var privateMethods = {};
+    var publicMethods = {};
+
     var Base64 = Packages.org.apache.commons.codec.binary.Base64;
     var String = Packages.java.lang.String;
-    var devicemgtProps = require("/app/conf/reader/main.js")["conf"];
-    var carbon = require('carbon');
+    var deviceMgtProps = require("/app/conf/reader/main.js")["conf"];
+
+    var adminUser = deviceMgtProps["adminUser"];
+
     var constants = require("/app/modules/constants.js");
-    var adminUser = devicemgtProps["adminUser"];
-    var clientName = devicemgtProps["clientName"];
-
-    module.getDynamicClientCredentials = function () {
-        var payload = {
-            "callbackUrl": devicemgtProps.callBackUrl,
-            "clientName": clientName,
-            "tokenScope": "admin",
-            "owner": adminUser,
-            "applicationType": "webapp",
-            "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer",
-            "saasApp" :true
+    var carbon = require("carbon");
+
+    publicMethods.encode = function (payload) {
+        return new String(Base64.encodeBase64(new String(payload).getBytes()));
+    };
+
+    publicMethods.decode = function (payload) {
+        return new String(Base64.decodeBase64(new String(payload).getBytes()));
+    };
+
+    publicMethods.getDynamicClientAppCredentials = function () {
+        // setting up dynamic client application properties
+        var dcAppProperties = {
+            "applicationType": deviceMgtProps["oauthProvider"]["appRegistration"]["appType"],
+            "clientName": deviceMgtProps["oauthProvider"]["appRegistration"]["clientName"],
+            "owner": deviceMgtProps["oauthProvider"]["appRegistration"]["owner"],
+            "tokenScope": deviceMgtProps["oauthProvider"]["appRegistration"]["tokenScope"],
+            "grantType": deviceMgtProps["oauthProvider"]["appRegistration"]["grantType"],
+            "callbackUrl": deviceMgtProps["oauthProvider"]["appRegistration"]["callbackUrl"],
+            "saasApp" : true
         };
+        // calling dynamic client app registration service endpoint
+        var requestURL = deviceMgtProps["oauthProvider"]["appRegistration"]
+            ["dynamicClientAppRegistrationServiceURL"];
+        var requestPayload = dcAppProperties;
+
         var xhr = new XMLHttpRequest();
-        var tokenEndpoint = devicemgtProps.dynamicClientRegistrationEndPoint;
-        xhr.open("POST", tokenEndpoint, false);
+        xhr.open("POST", requestURL, false);
         xhr.setRequestHeader("Content-Type", "application/json");
-        xhr.send(payload);
-        var clientData = {};
-        if (xhr.status == 201) {
-            var data = parse(xhr.responseText);
-            clientData.clientId = data.client_id;
-            clientData.clientSecret = data.client_secret;
-
-        } else if (xhr.status == 400) {
-            throw "Invalid client meta data";
+        xhr.send(stringify(requestPayload));
+
+        var dynamicClientCredentials = {};
+        if (xhr["status"] == 201 && xhr["responseText"]) {
+            var responsePayload = parse(xhr["responseText"]);
+            dynamicClientCredentials["clientId"] = responsePayload["client_id"];
+            dynamicClientCredentials["clientSecret"] = responsePayload["client_secret"];
+        } else if (xhr["status"] == 400) {
+            log.error("{/app/modules/util.js - getDynamicClientAppCredentials()} " +
+                "Bad request. Invalid data provided as dynamic client application properties.");
+            dynamicClientCredentials = null;
         } else {
-            throw "Error in obtaining client id and secret";
+            log.error("{/app/modules/util.js - getDynamicClientAppCredentials()} " +
+                "Error in retrieving dynamic client credentials.");
+            dynamicClientCredentials = null;
         }
-        return clientData;
+        // returning dynamic client credentials
+        return dynamicClientCredentials;
     };
 
-    /**
-     * Encode the payload in Base64
-     * @param payload
-     * @returns {Packages.java.lang.String}
-     */
-    module.encode = function (payload) {
-        return new String(Base64.encodeBase64(new String(payload).getBytes()));
-    }
-
-    module.decode = function (payload) {
-        return new String(Base64.decodeBase64(new String(payload).getBytes()));
-    }
-
-    /**
-     * Get an AccessToken pair based on username and password
-     * @param username
-     * @param password
-     * @param clientId
-     * @param clientSecret
-     * @param scope
-     * @returns {{accessToken: "", refreshToken: ""}}
-     */
-    module.getTokenWithPasswordGrantType = function (username, password, encodedClientKeys, scope) {
-        var xhr = new XMLHttpRequest();
-        var tokenEndpoint = devicemgtProps.idPServer;
-        xhr.open("POST", tokenEndpoint, false);
-        xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
-        xhr.setRequestHeader("Authorization", "Basic " + encodedClientKeys);
-        xhr.send("grant_type=password&username=" + username + "&password=" + password + "&scope=" + scope);
-        delete password, delete clientSecret, delete encodedClientKeys;
-        var tokenPair = {};
-        if (xhr.status == 200) {
-            var data = parse(xhr.responseText);
-            tokenPair.refreshToken = data.refresh_token;
-            tokenPair.accessToken = data.access_token;
-        } else if (xhr.status == 403) {
-            log.error("Error in obtaining token with Password grant type");
+    publicMethods.getAccessTokenByPasswordGrantType = function (username, password, encodedClientCredentials, scopes) {
+        if (!username || !password || !encodedClientCredentials || !scopes) {
+            log.error("{/app/modules/util.js} Error in retrieving access token by password " +
+                "grant type. No username, password, encoded client credentials or scopes are " +
+                "found - getAccessTokenByPasswordGrantType(a, b, c, d)");
             return null;
         } else {
-            log.error("Error in obtaining token with Password grant type");
-            return null;
+            // calling oauth provider token service endpoint
+            var requestURL = deviceMgtProps["oauthProvider"]["tokenServiceURL"];
+            var requestPayload = "grant_type=password&username=" +
+                username + "&password=" + password + "&scope=" + scopes;
+
+            var xhr = new XMLHttpRequest();
+            xhr.open("POST", requestURL, false);
+            xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+            xhr.setRequestHeader("Authorization", "Basic " + encodedClientCredentials);
+            xhr.send(requestPayload);
+
+            if (xhr["status"] == 200 && xhr["responseText"]) {
+                var responsePayload = parse(xhr["responseText"]);
+                var tokenPair = {};
+                tokenPair["accessToken"] = responsePayload["access_token"];
+                tokenPair["refreshToken"] = responsePayload["refresh_token"];
+                return tokenPair;
+            } else {
+                log.error("{/app/modules/util.js} Error in retrieving access token by password " +
+                    "grant type - getAccessTokenByPasswordGrantType(a, b, c, d)");
+                return null;
+            }
         }
-        return tokenPair;
     };
-    module.getTokenWithSAMLGrantType = function (assertion, clientKeys, scope) {
-
-        var assertionXML = module.decode(assertion) ;
-        var encodedExtractedAssertion;
-        var extractedAssertion;
-        //TODO: make assertion extraction with proper parsing. Since Jaggery XML parser seem to add formatting
-        //which causes signature verification to fail.
-        var assertionStartMarker = "<saml2:Assertion";
-        var assertionEndMarker = "<\/saml2:Assertion>";
-        var assertionStartIndex = assertionXML.indexOf(assertionStartMarker);
-        var assertionEndIndex = assertionXML.indexOf(assertionEndMarker);
-        if (assertionStartIndex != -1 && assertionEndIndex != -1) {
-            extractedAssertion = assertionXML.substring(assertionStartIndex, assertionEndIndex) + assertionEndMarker;
+
+    publicMethods.getAccessTokenBySAMLGrantType = function (assertion, encodedClientCredentials, scopes) {
+        if (!assertion || !encodedClientCredentials || !scopes) {
+            log.error("{/app/modules/util.js} Error in retrieving access token by saml " +
+                "grant type. No assertion, encoded client credentials or scopes are " +
+                "found - getAccessTokenBySAMLGrantType(x, y, z)");
+            return null;
         } else {
-            throw "Invalid SAML response. SAML response has no valid assertion string";
-        }
+            var assertionXML = publicMethods.decode(assertion);
+            /*
+             TODO: make assertion extraction with proper parsing. Since Jaggery XML parser seem
+             to add formatting which causes signature verification to fail.
+             */
+            var assertionStartMarker = "<saml2:Assertion";
+            var assertionEndMarker = "<\/saml2:Assertion>";
+            var assertionStartIndex = assertionXML.indexOf(assertionStartMarker);
+            var assertionEndIndex = assertionXML.indexOf(assertionEndMarker);
 
-        encodedExtractedAssertion = this.encode(extractedAssertion);
+            var extractedAssertion;
+            if (assertionStartIndex == -1 || assertionEndIndex == -1) {
+                log.error("{/app/modules/util.js} Error in retrieving access token by saml grant type. " +
+                    "Issue in assertion format - getAccessTokenBySAMLGrantType(x, y, z)");
+                return null;
+            } else {
+                extractedAssertion = assertionXML.
+                    substring(assertionStartIndex, assertionEndIndex) + assertionEndMarker;
+                var encodedAssertion = publicMethods.encode(extractedAssertion);
 
-        var xhr = new XMLHttpRequest();
-        var tokenEndpoint = devicemgtProps.idPServer;
-        xhr.open("POST", tokenEndpoint, false);
-        xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
-        xhr.setRequestHeader("Authorization", "Basic " + clientKeys);
-        xhr.send("grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=" +
-            encodeURIComponent(encodedExtractedAssertion) + "&scope=" + "PRODUCTION");
-        var tokenPair = {};
-        if (xhr.status == 200) {
-            var data = parse(xhr.responseText);
-            tokenPair.refreshToken = data.refresh_token;
-            tokenPair.accessToken = data.access_token;
-        } else if (xhr.status == 403) {
-            throw "Error in obtaining token with SAML extension grant type";
-        } else {
-            throw "Error in obtaining token with SAML extension grant type";
+                // calling oauth provider token service endpoint
+                var requestURL = deviceMgtProps["oauthProvider"]["tokenServiceURL"];
+                var requestPayload = "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&" +
+                    "assertion=" + encodeURIComponent(encodedAssertion) + "&scope=" + scopes;
+
+                var xhr = new XMLHttpRequest();
+                xhr.open("POST", requestURL, false);
+                xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+                xhr.setRequestHeader("Authorization", "Basic " + encodedClientCredentials);
+                xhr.send(requestPayload);
+
+                if (xhr["status"] == 200 && xhr["responseText"]) {
+                    var responsePayload = parse(xhr["responseText"]);
+                    var tokenPair = {};
+                    tokenPair["accessToken"] = responsePayload["access_token"];
+                    tokenPair["refreshToken"] = responsePayload["refresh_token"];
+                    return tokenPair;
+                } else {
+                    log.error("{/app/modules/util.js} Error in retrieving access token by password " +
+                        "grant type - getAccessTokenBySAMLGrantType(x, y, z)");
+                    return null;
+                }
+            }
         }
-        return tokenPair;
     };
 
-    module.refreshToken = function (tokenPair, clientData, scope) {
-        var xhr = new XMLHttpRequest();
-        var tokenEndpoint = devicemgtProps.idPServer;
-        xhr.open("POST", tokenEndpoint, false);
-        xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
-        xhr.setRequestHeader("Authorization", "Basic " + clientData);
-        var url = "grant_type=refresh_token&refresh_token=" + tokenPair.refreshToken;
-        if (scope) {
-            url = url + "&scope=" + scope
-        }
-        xhr.send(url);
-        delete clientData;
-        var tokenPair = {};
-        if (xhr.status == 200) {
-            var data = parse(xhr.responseText);
-            tokenPair.refreshToken = data.refresh_token;
-            tokenPair.accessToken = data.access_token;
-        } else if (xhr.status == 400) {
-            tokenPair =  session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER);
-        } else if (xhr.status == 403) {
-            throw "Error in obtaining token with Refresh Token  Grant Type";
+    publicMethods.getNewAccessTokenByRefreshToken = function (refreshToken, encodedClientCredentials, scopes) {
+        if (!refreshToken || !encodedClientCredentials) {
+            log.error("{/app/modules/util.js} Error in retrieving new access token by current " +
+                "refresh token. No refresh token or encoded client credentials are " +
+                "found - getNewAccessTokenByRefreshToken(x, y, z)");
+            return null;
         } else {
-            throw "Error in obtaining token with  Refresh Token Type";
+            var requestURL = deviceMgtProps["oauthProvider"]["tokenServiceURL"];
+            var requestPayload = "grant_type=refresh_token&refresh_token=" + refreshToken;
+            if (scopes) {
+                requestPayload = requestPayload + "&scope=" + scopes;
+            }
+
+            var xhr = new XMLHttpRequest();
+            xhr.open("POST", requestURL, false);
+            xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+            xhr.setRequestHeader("Authorization", "Basic " + encodedClientCredentials);
+            xhr.send(requestPayload);
+
+            if (xhr["status"] == 200 && xhr["responseText"]) {
+                var responsePayload = parse(xhr["responseText"]);
+                var tokenPair = {};
+                tokenPair["accessToken"] = responsePayload["access_token"];
+                tokenPair["refreshToken"] = responsePayload["refresh_token"];
+                return tokenPair;
+            } else {
+                log.error("{/app/modules/util.js} Error in retrieving new access token by " +
+                    "current refresh token - getNewAccessTokenByRefreshToken(x, y, z)");
+                return null;
+            }
         }
-        return tokenPair;
     };
 
-    module.getTokenWithJWTGrantType =  function (clientData) {
-        var jwtService = carbon.server.osgiService('org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService');
-        var jwtClient = jwtService.getJWTClient();
-        var jwtToken = jwtClient.getAccessToken(clientData.clientId, clientData.clientSecret, adminUser, null);
-        return jwtToken;
+    publicMethods.getAccessTokenByJWTGrantType =  function (clientCredentials) {
+        if (!clientCredentials) {
+            log.error("{/app/modules/util.js} Error in retrieving new access token by current refresh " +
+                "token. No client credentials are found as input - getAccessTokenByJWTGrantType(x)");
+            return null;
+        } else {
+            var JWTClientManagerServicePackagePath =
+                "org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
+            var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
+            var jwtClient = JWTClientManagerService.getJWTClient();
+            // returning access token by JWT grant type
+            return jwtClient.getAccessToken(clientCredentials["clientId"], clientCredentials["clientSecret"],
+                deviceMgtProps["oauthProvider"]["appRegistration"]["owner"], null)["accessToken"];
+        }
     };
 
-    module.getTenantBasedAppCredentials = function (uname, token) {
-        var tenantDomain = carbonModule.server.tenantDomain({
-            username: uname
-        });
-        var clientData = this.getCachedCredentials(tenantDomain);
-        if (!clientData) {
-            var applicationName = "webapp_" + tenantDomain;
-            var xhr = new XMLHttpRequest();
-            var endpoint = devicemgtProps["adminService"] + "/api-application-registration/register/tenants?tenantDomain=" +
-                tenantDomain + "&applicationName=" + applicationName;
-            xhr.open("POST", endpoint, false);
-            xhr.setRequestHeader("Content-Type", "application/json");
-            xhr.setRequestHeader("Authorization", "Bearer " + token.accessToken);
-            xhr.send();
-
-            if (xhr.status == 201) {
-                var data = parse(xhr.responseText);
-                clientData = {};
-                clientData.clientId = data.client_id;
-                clientData.clientSecret = data.client_secret;
-                this.setTenantBasedAppCredentials(tenantDomain, clientData);
-            } else if (xhr.status == 400) {
-                throw "Invalid client meta data";
+    publicMethods.getTenantBasedClientAppCredentials = function (username, jwtToken) {
+        if (!username || !jwtToken) {
+            log.error("{/app/modules/util.js} Error in retrieving tenant based client application credentials. " +
+                "No username or jwt token is found as input - getTenantBasedClientAppCredentials(x, y)");
+            return null;
+        } else {
+            var tenantDomain = carbon.server.tenantDomain({username: username});
+            if (!tenantDomain) {
+                log.error("{/app/modules/util.js} Error in retrieving tenant based client application " +
+                    "credentials. Unable to obtain a valid tenant domain for provided " +
+                    "username - getTenantBasedClientAppCredentials(x, y)");
+                return null;
             } else {
-                throw "Error in obtaining client id and secret from APIM";
+                var cachedTenantBasedClientAppCredentials = publicMethods.
+                    getCachedTenantBasedClientAppCredentials(tenantDomain);
+                if (cachedTenantBasedClientAppCredentials) {
+                    return cachedTenantBasedClientAppCredentials;
+                } else {
+                    // register a tenant based client app at API Manager
+                    var applicationName = "webapp_" + tenantDomain;
+                    var requestURL = deviceMgtProps["oauthProvider"]["appRegistration"]
+                        ["apiManagerClientAppRegistrationServiceURL"] +
+                        "?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
+
+                    var xhr = new XMLHttpRequest();
+                    xhr.open("POST", requestURL, false);
+                    xhr.setRequestHeader("Content-Type", "application/json");
+                    xhr.setRequestHeader("Authorization", "Bearer " + jwtToken);
+                    xhr.send();
+
+                    if (xhr["status"] == 201 && xhr["responseText"]) {
+                        var responsePayload = parse(xhr["responseText"]);
+                        var tenantBasedClientAppCredentials = {};
+                        tenantBasedClientAppCredentials["clientId"] = responsePayload["client_id"];
+                        tenantBasedClientAppCredentials["clientSecret"] = responsePayload["client_secret"];
+                        publicMethods.
+                            setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials);
+                        return tenantBasedClientAppCredentials;
+                    } else {
+                        log.error("{/app/modules/util.js} Error in retrieving tenant based client " +
+                            "application credentials from API Manager - getTenantBasedClientAppCredentials(x, y)");
+                        return null;
+                    }
+                }
             }
         }
-        return clientData;
     };
 
-    module.setTenantBasedAppCredentials = function (tenantDomain, clientData) {
-        var cachedMap = application.get(constants.CACHED_CREDENTIALS);
-        if (!cachedMap) {
-            cachedMap = new Object();
-            cachedMap[tenantDomain] = clientData;
-            application.put(constants.CACHED_CREDENTIALS, cachedMap);
-        } else {
-            cachedMap[tenantDomain] = clientData;
+    publicMethods.setCachedTenantBasedClientAppCredentials = function (tenantDomain, clientCredentials) {
+        var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS"]);
+        if (!cachedTenantBasedClientAppCredentialsMap) {
+            cachedTenantBasedClientAppCredentialsMap = {};
+            cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientCredentials;
+            application.put(constants["CACHED_CREDENTIALS"], cachedTenantBasedClientAppCredentialsMap);
+        } else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
+            cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientCredentials;
         }
     };
 
-    module.getCachedCredentials = function(tenantDomain) {
-        var cachedMap = application.get(constants.CACHED_CREDENTIALS);
-        if (cachedMap) {
-            return cachedMap[tenantDomain];
+    publicMethods.getCachedTenantBasedClientAppCredentials = function (tenantDomain) {
+        var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS"]);
+        if (!cachedTenantBasedClientAppCredentialsMap ||
+            !cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
+            return null;
+        } else {
+            return cachedTenantBasedClientAppCredentialsMap[tenantDomain];
         }
-        return null;
     };
 
-    return module;
+    return publicMethods;
 }();