diff --git a/.github/workflows/api-tests.yml b/.github/workflows/api-tests.yml
index e95720a8db..dd363b5785 100644
--- a/.github/workflows/api-tests.yml
+++ b/.github/workflows/api-tests.yml
@@ -65,8 +65,8 @@ jobs:
           export DOMAIN_ID=$(curl -sSX POST $DOMAINS_URL -H "Content-Type: application/json" -H "Authorization: Bearer $USER_TOKEN" -d "{\"name\":\"$DOMAIN_NAME\",\"alias\":\"$DOMAIN_NAME\"}" | jq -r .id)
           export USER_TOKEN=$(curl -sSX POST $TOKENS_URL -H "Content-Type: application/json" -d "{\"identity\": \"$USER_IDENTITY\",\"secret\": \"$USER_SECRET\",\"domain_id\": \"$DOMAIN_ID\"}" | jq -r .access_token)
           echo "USER_TOKEN=$USER_TOKEN" >> $GITHUB_ENV
-          export THING_SECRET=$(magistrala-cli provision test | /usr/bin/grep -Eo '"secret": "[^"]+"' | awk 'NR % 2 == 0' | sed 's/"secret": "\(.*\)"/\1/')
-          echo "THING_SECRET=$THING_SECRET" >> $GITHUB_ENV
+          export CLIENT_SECRET=$(magistrala-cli provision test | /usr/bin/grep -Eo '"secret": "[^"]+"' | awk 'NR % 2 == 0' | sed 's/"secret": "\(.*\)"/\1/')
+          echo "CLIENT_SECRET=$CLIENT_SECRET" >> $GITHUB_ENV
 
       - name: Check for changes in specific paths
         uses: dorny/paths-filter@v3
diff --git a/api/asyncapi/mqtt.yml b/api/asyncapi/mqtt.yml
index fcdaea8ef0..fa902a22e8 100644
--- a/api/asyncapi/mqtt.yml
+++ b/api/asyncapi/mqtt.yml
@@ -17,8 +17,8 @@ info:
   license:
     name: Apache 2.0
     url: 'https://github.com/absmach/magistrala/blob/main/LICENSE'
-  
-  
+
+
 defaultContentType: application/json
 
 servers:
@@ -33,7 +33,7 @@ servers:
         enum:
           - '1883'
           - '8883'
-    security: 
+    security:
       - user-password: []
 
 channels:
@@ -45,7 +45,7 @@ channels:
         required: true
       subtopic:
         $ref: '#/components/parameters/subtopic'
-        in: path 
+        in: path
         required: false
 
     publish:
@@ -88,7 +88,7 @@ components:
 
   parameters:
     channelID:
-      description: Channel ID connected to the Thing ID defined in the username.
+      description: Channel ID connected to the Client ID defined in the username.
       schema:
         type: string
         format: uuid
@@ -97,7 +97,7 @@ components:
       schema:
         type: string
         default: ''
-  
+
   securitySchemes:
     user-password:
       type: userPassword
diff --git a/api/asyncapi/websocket.yml b/api/asyncapi/websocket.yml
index d06c1688b5..536b4e30bd 100644
--- a/api/asyncapi/websocket.yml
+++ b/api/asyncapi/websocket.yml
@@ -126,7 +126,7 @@ components:
         ```
   parameters:
     channelID:
-      description: Channel ID connected to the Thing ID defined in the username.
+      description: Channel ID connected to the Client ID defined in the username.
       schema:
         type: string
         format: uuid
@@ -141,4 +141,4 @@ components:
       scheme: bearer
       bearerFormat: uuid
       description: |
-        * Thing access: "Authorization: Thing <client_key>"
+        * Client access: "Authorization: Client <client_key>"
diff --git a/api/openapi/auth.yml b/api/openapi/auth.yml
index 7662bb16b8..0ebe2ce0a3 100644
--- a/api/openapi/auth.yml
+++ b/api/openapi/auth.yml
@@ -596,7 +596,7 @@ components:
         metadata:
           type: object
           example: { "domain": "example.com" }
-          description: Arbitrary, object-encoded thing's data.
+          description: Arbitrary, object-encoded client's data.
         alias:
           type: string
           example: domain alias
diff --git a/api/openapi/bootstrap.yml b/api/openapi/bootstrap.yml
index 2dcd84a944..50ca0123e8 100644
--- a/api/openapi/bootstrap.yml
+++ b/api/openapi/bootstrap.yml
@@ -118,7 +118,7 @@ paths:
       description: |
         Update is performed by replacing the current resource data with values
         provided in a request payload. Note that the owner, ID, external ID,
-        external key, Magistrala Thing ID and key cannot be changed.
+        external key, Magistrala Client ID and key cannot be changed.
       tags:
         - configs
       parameters:
@@ -205,7 +205,7 @@ paths:
       summary: Updates channels the client is connected to
       description: |
         Update connections performs update of the channel list corresponding
-        Thing is connected to.
+        Client is connected to.
       tags:
         - configs
       parameters:
@@ -287,7 +287,7 @@ paths:
       summary: Updates Config state.
       description: |
         Updating state represents enabling/disabling Config, i.e. connecting
-        and disconnecting corresponding Magistrala Thing to the list of Channels.
+        and disconnecting corresponding Magistrala Client to the list of Channels.
       tags:
         - configs
       parameters:
@@ -333,11 +333,11 @@ components:
         client_id:
           type: string
           format: uuid
-          description: Corresponding Magistrala Thing ID.
+          description: Corresponding Magistrala Client ID.
         magistrala_secret:
           type: string
           format: uuid
-          description: Corresponding Magistrala Thing key.
+          description: Corresponding Magistrala Client key.
         channels:
           type: array
           minItems: 0
@@ -405,11 +405,11 @@ components:
         client_id:
           type: string
           format: uuid
-          description: Corresponding Magistrala Thing ID.
-        thing_key:
+          description: Corresponding Magistrala Client ID.
+        client_key:
           type: string
           format: uuid
-          description: Corresponding Magistrala Thing key.
+          description: Corresponding Magistrala Client key.
         channels:
           type: array
           minItems: 0
@@ -429,7 +429,7 @@ components:
           description: Issuing CA certificate.
       required:
         - client_id
-        - thing_key
+        - client_key
         - channels
         - content
     ConfigUpdateCerts:
@@ -438,7 +438,7 @@ components:
         client_id:
           type: string
           format: uuid
-          description: Corresponding Magistrala Thing ID.
+          description: Corresponding Magistrala Client ID.
         client_cert:
           type: string
           description: Client certificate.
@@ -450,14 +450,14 @@ components:
           description: Issuing CA certificate.
       required:
         - client_id
-        - thing_key
+        - client_key
         - channels
         - content
 
   parameters:
     ConfigId:
       name: configId
-      description: Unique Config identifier. It's the ID of the corresponding Thing.
+      description: Unique Config identifier. It's the ID of the corresponding Client.
       in: path
       schema:
         type: string
@@ -522,7 +522,7 @@ components:
               client_id:
                 type: string
                 format: uuid
-                description: ID of the corresponding Magistrala Thing.
+                description: ID of the corresponding Magistrala Client.
               channels:
                 type: array
                 minItems: 0
@@ -535,17 +535,17 @@ components:
                 type: string
               client_cert:
                 type: string
-                description: Thing Certificate.
+                description: Client Certificate.
               client_key:
                 type: string
-                description: Thing Private Key.
+                description: Client Private Key.
               ca_cert:
                 type: string
             required:
               - external_id
               - external_key
     ConfigUpdateReq:
-      description: JSON-formatted document describing the updated thing.
+      description: JSON-formatted document describing the updated client.
       content:
         application/json:
           schema:
@@ -559,7 +559,7 @@ components:
               - content
               - name
     ConfigCertUpdateReq:
-      description: JSON-formatted document describing the updated thing.
+      description: JSON-formatted document describing the updated client.
       content:
         application/json:
           schema:
@@ -673,14 +673,14 @@ components:
       scheme: bearer
       bearerFormat: string
       description: |
-        * Clients access: "Authorization: Thing <external_key>"
+        * Clients access: "Authorization: Client <external_key>"
 
     bootstrapEncAuth:
       type: http
       scheme: bearer
       bearerFormat: aes-sha256-uuid
       description: |
-        * Clients access: "Authorization: Thing <external_enc_key>"
+        * Clients access: "Authorization: Client <external_enc_key>"
         Hex-encoded configuration external key encrypted using
         the AES algorithm and SHA256 sum of the external key
         itself as an encryption key.
diff --git a/api/openapi/certs.yml b/api/openapi/certs.yml
index 1f52be6409..a7b49baa9c 100644
--- a/api/openapi/certs.yml
+++ b/api/openapi/certs.yml
@@ -30,8 +30,8 @@ paths:
   /{domainID}/certs:
     post:
       operationId: createCert
-      summary: Creates a certificate for thing
-      description: Creates a certificate for thing
+      summary: Creates a certificate for client
+      description: Creates a certificate for client
       tags:
         - certs
       parameters:
@@ -171,7 +171,7 @@ components:
         client_id:
           type: string
           format: uuid
-          description: Corresponding Magistrala Thing ID.
+          description: Corresponding Magistrala Client ID.
         client_cert:
           type: string
           description: Client Certificate.
@@ -240,7 +240,7 @@ components:
   requestBodies:
     CertReq:
       description: |
-        Issues a certificate that is required for mTLS. To create a certificate for a thing
+        Issues a certificate that is required for mTLS. To create a certificate for a client
         provide a client id, data identifying particular client will be embedded into the Certificate.
         x509 and ECC certificates are supported when using when Vault is used as PKI.
       content:
@@ -271,7 +271,7 @@ components:
         serial:
           operationId: getSerials
           parameters:
-            thingID: $response.body#/client_id
+            clientID: $response.body#/client_id
         delete:
           operationId: revokeCert
           parameters:
diff --git a/api/openapi/http.yml b/api/openapi/http.yml
index 29933b0361..44beb7d33d 100644
--- a/api/openapi/http.yml
+++ b/api/openapi/http.yml
@@ -169,13 +169,13 @@ components:
       scheme: bearer
       bearerFormat: uuid
       description: |
-        * Thing access: "Authorization: Thing <client_key>"
+        * Client access: "Authorization: Client <client_key>"
 
     basicAuth:
       type: http
       scheme: basic
       description: |
-        * Things access: "Authorization: Basic <base64-encoded_credentials>"
+        * Clients access: "Authorization: Basic <base64-encoded_credentials>"
 
 security:
   - bearerAuth: []
diff --git a/api/openapi/journal.yml b/api/openapi/journal.yml
index 1652227449..5770058ca8 100644
--- a/api/openapi/journal.yml
+++ b/api/openapi/journal.yml
@@ -148,14 +148,14 @@ components:
   parameters:
     entity_type:
       name: entity_type
-      description: Type of entity, e.g. user, group, thing, etc.
+      description: Type of entity, e.g. user, group, client, etc.
       in: path
       schema:
         type: string
         enum:
           - user
           - group
-          - thing
+          - client
           - channel
       required: true
       example: user
diff --git a/api/openapi/readers.yml b/api/openapi/readers.yml
index 0a4e8797c0..f84d4356a6 100644
--- a/api/openapi/readers.yml
+++ b/api/openapi/readers.yml
@@ -293,13 +293,13 @@ components:
       description: |
         * Users access: "Authorization: Bearer <user_token>"
 
-    thingAuth:
+    clientAuth:
       type: http
       scheme: bearer
       bearerFormat: uuid
       description: |
-        * Things access: "Authorization: Thing <client_key>"
+        * Clients access: "Authorization: Client <client_key>"
 
 security:
   - bearerAuth: []
-  - thingAuth: []
+  - clientAuth: []
diff --git a/auth/README.md b/auth/README.md
index e516c88054..3a35172ad6 100644
--- a/auth/README.md
+++ b/auth/README.md
@@ -25,7 +25,7 @@ Authentication keys are represented and distributed by the corresponding [JWT](j
 
 User keys are issued when user logs in. Each user request (other than `registration` and `login`) contains user key that is used to authenticate the user.
 
-API keys are similar to the User keys. The main difference is that API keys have configurable expiration time. If no time is set, the key will never expire. For that reason, API keys are _the only key type that can be revoked_. This also means that, despite being used as a JWT, it requires a query to the database to validate the API key. The user with API key can perform all the same actions as the user with login key (can act on behalf of the user for Thing, Channel, or user profile management), _except issuing new API keys_.
+API keys are similar to the User keys. The main difference is that API keys have configurable expiration time. If no time is set, the key will never expire. For that reason, API keys are _the only key type that can be revoked_. This also means that, despite being used as a JWT, it requires a query to the database to validate the API key. The user with API key can perform all the same actions as the user with login key (can act on behalf of the user for Client, Channel, or user profile management), _except issuing new API keys_.
 
 Recovery key is the password recovery key. It's short-lived token used for password recovery process.
 
diff --git a/bootstrap/README.md b/bootstrap/README.md
index a7b99e4b66..26a9c009ed 100644
--- a/bootstrap/README.md
+++ b/bootstrap/README.md
@@ -2,34 +2,34 @@
 
 New devices need to be configured properly and connected to the Magistrala. Bootstrap service is used in order to accomplish that. This service provides the following features:
 
-1. Creating new Magistrala Things
-2. Providing basic configuration for the newly created Things
-3. Enabling/disabling Things
+1. Creating new Magistrala Clients
+2. Providing basic configuration for the newly created Clients
+3. Enabling/disabling Clients
 
-Pre-provisioning a new Thing is as simple as sending Configuration data to the Bootstrap service. Once the Thing is online, it sends a request for initial config to Bootstrap service. Bootstrap service provides an API for enabling and disabling Things. Only enabled Things can exchange messages over Magistrala. Bootstrapping does not implicitly enable Things, it has to be done manually.
+Pre-provisioning a new Client is as simple as sending Configuration data to the Bootstrap service. Once the Client is online, it sends a request for initial config to Bootstrap service. Bootstrap service provides an API for enabling and disabling Clients. Only enabled Clients can exchange messages over Magistrala. Bootstrapping does not implicitly enable Clients, it has to be done manually.
 
-In order to bootstrap successfully, the Thing needs to send bootstrapping request to the specific URL, as well as a secret key. This key and URL are pre-provisioned during the manufacturing process. If the Thing is provisioned on the Bootstrap service side, the corresponding configuration will be sent as a response. Otherwise, the Thing will be saved so that it can be provisioned later.
+In order to bootstrap successfully, the Client needs to send bootstrapping request to the specific URL, as well as a secret key. This key and URL are pre-provisioned during the manufacturing process. If the Client is provisioned on the Bootstrap service side, the corresponding configuration will be sent as a response. Otherwise, the Client will be saved so that it can be provisioned later.
 
-## Thing Configuration Entity
+## Client Configuration Entity
 
-Thing Configuration consists of two logical parts: the custom configuration that can be interpreted by the Thing itself and Magistrala-related configuration. Magistrala config contains:
+Client Configuration consists of two logical parts: the custom configuration that can be interpreted by the Client itself and Magistrala-related configuration. Magistrala config contains:
 
-1. corresponding Magistrala Thing ID
-2. corresponding Magistrala Thing key
-3. list of the Magistrala channels the Thing is connected to
+1. corresponding Magistrala Client ID
+2. corresponding Magistrala Client key
+3. list of the Magistrala channels the Client is connected to
 
-> Note: list of channels contains IDs of the Magistrala channels. These channels are _pre-provisioned_ on the Magistrala side and, unlike corresponding Magistrala Thing, Bootstrap service is not able to create Magistrala Channels.
+> Note: list of channels contains IDs of the Magistrala channels. These channels are _pre-provisioned_ on the Magistrala side and, unlike corresponding Magistrala Client, Bootstrap service is not able to create Magistrala Channels.
 
-Enabling and disabling Thing (adding Thing to/from whitelist) is as simple as connecting corresponding Magistrala Thing to the given list of Channels. Configuration keeps _state_ of the Thing:
+Enabling and disabling Client (adding Client to/from whitelist) is as simple as connecting corresponding Magistrala Client to the given list of Channels. Configuration keeps _state_ of the Client:
 
 | State    | What it means                                 |
 | -------- | --------------------------------------------- |
-| Inactive | Thing is created, but isn't enabled           |
-| Active   | Thing is able to communicate using Magistrala |
+| Inactive | Client is created, but isn't enabled           |
+| Active   | Client is able to communicate using Magistrala |
 
-Switching between states `Active` and `Inactive` enables and disables Thing, respectively.
+Switching between states `Active` and `Inactive` enables and disables Client, respectively.
 
-Thing configuration also contains the so-called `external ID` and `external key`. An external ID is a unique identifier of corresponding Thing. For example, a device MAC address is a good choice for external ID. External key is a secret key that is used for authentication during the bootstrapping procedure.
+Client configuration also contains the so-called `external ID` and `external key`. An external ID is a unique identifier of corresponding Client. For example, a device MAC address is a good choice for external ID. External key is a secret key that is used for authentication during the bootstrapping procedure.
 
 ## Configuration
 
diff --git a/bootstrap/api/endpoint.go b/bootstrap/api/endpoint.go
index 4893b23e67..4bc1f5eca6 100644
--- a/bootstrap/api/endpoint.go
+++ b/bootstrap/api/endpoint.go
@@ -70,7 +70,7 @@ func updateCertEndpoint(svc bootstrap.Service) endpoint.Endpoint {
 			return nil, svcerr.ErrAuthorization
 		}
 
-		cfg, err := svc.UpdateCert(ctx, session, req.thingID, req.ClientCert, req.ClientKey, req.CACert)
+		cfg, err := svc.UpdateCert(ctx, session, req.clientID, req.ClientCert, req.ClientKey, req.CACert)
 		if err != nil {
 			return nil, err
 		}
diff --git a/bootstrap/api/endpoint_test.go b/bootstrap/api/endpoint_test.go
index fc4ee5afe0..cc2c66b803 100644
--- a/bootstrap/api/endpoint_test.go
+++ b/bootstrap/api/endpoint_test.go
@@ -1185,7 +1185,7 @@ func TestBootstrap(t *testing.T) {
 		err         error
 	}{
 		{
-			desc:        "bootstrap a Thing with unknown ID",
+			desc:        "bootstrap a Client with unknown ID",
 			externalID:  unknown,
 			externalKey: c.ExternalKey,
 			status:      http.StatusNotFound,
@@ -1194,7 +1194,7 @@ func TestBootstrap(t *testing.T) {
 			err:         bootstrap.ErrBootstrap,
 		},
 		{
-			desc:        "bootstrap a Thing with an empty ID",
+			desc:        "bootstrap a Client with an empty ID",
 			externalID:  "",
 			externalKey: c.ExternalKey,
 			status:      http.StatusBadRequest,
@@ -1203,7 +1203,7 @@ func TestBootstrap(t *testing.T) {
 			err:         errors.Wrap(bootstrap.ErrBootstrap, svcerr.ErrMalformedEntity),
 		},
 		{
-			desc:        "bootstrap a Thing with unknown key",
+			desc:        "bootstrap a Client with unknown key",
 			externalID:  c.ExternalID,
 			externalKey: unknown,
 			status:      http.StatusForbidden,
@@ -1212,7 +1212,7 @@ func TestBootstrap(t *testing.T) {
 			err:         errors.Wrap(bootstrap.ErrExternalKey, errors.New("")),
 		},
 		{
-			desc:        "bootstrap a Thing with an empty key",
+			desc:        "bootstrap a Client with an empty key",
 			externalID:  c.ExternalID,
 			externalKey: "",
 			status:      http.StatusBadRequest,
@@ -1221,7 +1221,7 @@ func TestBootstrap(t *testing.T) {
 			err:         errors.Wrap(bootstrap.ErrBootstrap, svcerr.ErrAuthentication),
 		},
 		{
-			desc:        "bootstrap known Thing",
+			desc:        "bootstrap known Client",
 			externalID:  c.ExternalID,
 			externalKey: c.ExternalKey,
 			status:      http.StatusOK,
diff --git a/bootstrap/api/requests.go b/bootstrap/api/requests.go
index 56dc7105a7..dd3fb62fed 100644
--- a/bootstrap/api/requests.go
+++ b/bootstrap/api/requests.go
@@ -76,14 +76,14 @@ func (req updateReq) validate() error {
 }
 
 type updateCertReq struct {
-	thingID    string
+	clientID    string
 	ClientCert string `json:"client_cert"`
 	ClientKey  string `json:"client_key"`
 	CACert     string `json:"ca_cert"`
 }
 
 func (req updateCertReq) validate() error {
-	if req.thingID == "" {
+	if req.clientID == "" {
 		return apiutil.ErrMissingID
 	}
 
diff --git a/bootstrap/api/requests_test.go b/bootstrap/api/requests_test.go
index 6c10f24fe3..a24ea78f0f 100644
--- a/bootstrap/api/requests_test.go
+++ b/bootstrap/api/requests_test.go
@@ -152,19 +152,19 @@ func TestUpdateReqValidation(t *testing.T) {
 func TestUpdateCertReqValidation(t *testing.T) {
 	cases := []struct {
 		desc    string
-		thingID string
+		clientID string
 		err     error
 	}{
 		{
 			desc:    "empty client id",
-			thingID: "",
+			clientID: "",
 			err:     apiutil.ErrMissingID,
 		},
 	}
 
 	for _, tc := range cases {
 		req := updateCertReq{
-			thingID: tc.thingID,
+			clientID: tc.clientID,
 		}
 
 		err := req.validate()
diff --git a/bootstrap/api/transport.go b/bootstrap/api/transport.go
index 50628a1058..24c7c2dbc5 100644
--- a/bootstrap/api/transport.go
+++ b/bootstrap/api/transport.go
@@ -33,7 +33,7 @@ const (
 )
 
 var (
-	fullMatch    = []string{"state", "external_id", "client_id", "thing_key"}
+	fullMatch    = []string{"state", "external_id", "client_id", "client_key"}
 	partialMatch = []string{"name"}
 	// ErrBootstrap indicates error in getting bootstrap configuration.
 	ErrBootstrap = errors.New("failed to read bootstrap configuration")
@@ -96,7 +96,7 @@ func MakeHandler(svc bootstrap.Service, authn mgauthn.Authentication, reader boo
 			})
 		})
 
-		r.With(api.AuthenticateMiddleware(authn, true)).Put("/state/{thingID}", otelhttp.NewHandler(kithttp.NewServer(
+		r.With(api.AuthenticateMiddleware(authn, true)).Put("/state/{clientID}", otelhttp.NewHandler(kithttp.NewServer(
 			stateEndpoint(svc),
 			decodeStateRequest,
 			api.EncodeResponse,
@@ -163,7 +163,7 @@ func decodeUpdateCertRequest(_ context.Context, r *http.Request) (interface{}, e
 	}
 
 	req := updateCertReq{
-		thingID: chi.URLParam(r, "certID"),
+		clientID: chi.URLParam(r, "certID"),
 	}
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		return nil, errors.Wrap(apiutil.ErrValidation, errors.Wrap(err, errors.ErrMalformedEntity))
diff --git a/bootstrap/configs.go b/bootstrap/configs.go
index 6c3ace924e..70fde8c9a3 100644
--- a/bootstrap/configs.go
+++ b/bootstrap/configs.go
@@ -12,9 +12,9 @@ import (
 
 // Config represents Configuration entity. It wraps information about external entity
 // as well as info about corresponding Magistrala entities.
-// MGThing represents corresponding Magistrala Thing ID.
-// MGKey is key of corresponding Magistrala Thing.
-// MGChannels is a list of Magistrala Channels corresponding Magistrala Thing connects to.
+// MGClient represents corresponding Magistrala Client ID.
+// MGKey is key of corresponding Magistrala Client.
+// MGChannels is a list of Magistrala Channels corresponding Magistrala Client connects to.
 type Config struct {
 	ClientID     string    `json:"client_id"`
 	ClientSecret string    `json:"client_secret"`
@@ -30,7 +30,7 @@ type Config struct {
 	State        State     `json:"state"`
 }
 
-// Channel represents Magistrala channel corresponding Magistrala Thing is connected to.
+// Channel represents Magistrala channel corresponding Magistrala Client is connected to.
 type Channel struct {
 	ID          string                 `json:"id"`
 	Name        string                 `json:"name,omitempty"`
@@ -100,7 +100,7 @@ type ConfigRepository interface {
 	// ListExisting retrieves those channels from the given list that exist in DB.
 	ListExisting(ctx context.Context, domainID string, ids []string) ([]Channel, error)
 
-	// Methods RemoveThing, UpdateChannel, and RemoveChannel are related to
+	// Methods RemoveClient, UpdateChannel, and RemoveChannel are related to
 	// event sourcing. That's why these methods surpass ownership check.
 
 	// RemoveClient removes Config of the Client with the given ID.
@@ -113,8 +113,8 @@ type ConfigRepository interface {
 	RemoveChannel(ctx context.Context, id string) error
 
 	// ConnectClient changes state of the Config when the corresponding Client is connected to the Channel.
-	ConnectClient(ctx context.Context, channelID, thingID string) error
+	ConnectClient(ctx context.Context, channelID, clientID string) error
 
 	// DisconnectClient changes state of the Config when the corresponding Client is disconnected from the Channel.
-	DisconnectClient(ctx context.Context, channelID, thingID string) error
+	DisconnectClient(ctx context.Context, channelID, clientID string) error
 }
diff --git a/bootstrap/events/consumer/streams.go b/bootstrap/events/consumer/streams.go
index 6d946f46e8..d6031dc08c 100644
--- a/bootstrap/events/consumer/streams.go
+++ b/bootstrap/events/consumer/streams.go
@@ -13,11 +13,11 @@ import (
 )
 
 const (
-	thingRemove     = "thing.remove"
-	thingConnect    = "group.assign"
-	thingDisconnect = "group.unassign"
+	clientRemove     = "client.remove"
+	clientConnect    = "group.assign"
+	clientDisconnect = "group.unassign"
 
-	channelPrefix = "group."
+	channelPrefix = "channels."
 	channelUpdate = channelPrefix + "update"
 	channelRemove = channelPrefix + "remove"
 
@@ -43,10 +43,10 @@ func (es *eventHandler) Handle(ctx context.Context, event events.Event) error {
 	}
 
 	switch msg["operation"] {
-	case thingRemove:
+	case clientRemove:
 		rte := decodeRemoveClient(msg)
 		err = es.svc.RemoveConfigHandler(ctx, rte.id)
-	case thingConnect:
+	case clientConnect:
 		cte := decodeConnectClient(msg)
 		if cte.channelID == "" || len(cte.clientIDs) == 0 {
 			return svcerr.ErrMalformedEntity
@@ -59,13 +59,13 @@ func (es *eventHandler) Handle(ctx context.Context, event events.Event) error {
 				return err
 			}
 		}
-	case thingDisconnect:
+	case clientDisconnect:
 		dte := decodeDisconnectClient(msg)
 		if dte.channelID == "" || len(dte.clientIDs) == 0 {
 			return svcerr.ErrMalformedEntity
 		}
-		for _, thingID := range dte.clientIDs {
-			if thingID == "" {
+		for _, clientID := range dte.clientIDs {
+			if clientID == "" {
 				return svcerr.ErrMalformedEntity
 			}
 		}
diff --git a/bootstrap/events/producer/events.go b/bootstrap/events/producer/events.go
index 73ae8d4df6..0e99259071 100644
--- a/bootstrap/events/producer/events.go
+++ b/bootstrap/events/producer/events.go
@@ -17,12 +17,12 @@ const (
 	configList          = configPrefix + "list"
 	configHandlerRemove = configPrefix + "remove_handler"
 
-	thingPrefix            = "bootstrap.thing."
-	thingBootstrap         = thingPrefix + "bootstrap"
-	thingStateChange       = thingPrefix + "change_state"
-	thingUpdateConnections = thingPrefix + "update_connections"
-	thingConnect           = thingPrefix + "connect"
-	thingDisconnect        = thingPrefix + "disconnect"
+	clientPrefix            = "bootstrap.client."
+	clientBootstrap         = clientPrefix + "bootstrap"
+	clientStateChange       = clientPrefix + "change_state"
+	clientUpdateConnections = clientPrefix + "update_connections"
+	clientConnect           = clientPrefix + "connect"
+	clientDisconnect        = clientPrefix + "disconnect"
 
 	channelPrefix        = "bootstrap.channel."
 	channelHandlerRemove = channelPrefix + "remove_handler"
@@ -134,7 +134,7 @@ func (be bootstrapEvent) Encode() (map[string]interface{}, error) {
 	val := map[string]interface{}{
 		"external_id": be.externalID,
 		"success":     be.success,
-		"operation":   thingBootstrap,
+		"operation":   clientBootstrap,
 	}
 
 	if be.ClientID != "" {
@@ -175,28 +175,28 @@ func (be bootstrapEvent) Encode() (map[string]interface{}, error) {
 }
 
 type changeStateEvent struct {
-	mgThing string
-	state   bootstrap.State
+	mgClient string
+	state    bootstrap.State
 }
 
 func (cse changeStateEvent) Encode() (map[string]interface{}, error) {
 	return map[string]interface{}{
-		"client_id": cse.mgThing,
+		"client_id": cse.mgClient,
 		"state":     cse.state.String(),
-		"operation": thingStateChange,
+		"operation": clientStateChange,
 	}, nil
 }
 
 type updateConnectionsEvent struct {
-	mgThing    string
+	mgClient   string
 	mgChannels []string
 }
 
 func (uce updateConnectionsEvent) Encode() (map[string]interface{}, error) {
 	return map[string]interface{}{
-		"client_id": uce.mgThing,
+		"client_id": uce.mgClient,
 		"channels":  uce.mgChannels,
-		"operation": thingUpdateConnections,
+		"operation": clientUpdateConnections,
 	}, nil
 }
 
@@ -250,28 +250,28 @@ func (uche updateChannelHandlerEvent) Encode() (map[string]interface{}, error) {
 	return val, nil
 }
 
-type connectThingEvent struct {
-	thingID   string
+type connectClientEvent struct {
+	clientID  string
 	channelID string
 }
 
-func (cte connectThingEvent) Encode() (map[string]interface{}, error) {
+func (cte connectClientEvent) Encode() (map[string]interface{}, error) {
 	return map[string]interface{}{
-		"client_id":  cte.thingID,
+		"client_id":  cte.clientID,
 		"channel_id": cte.channelID,
-		"operation":  thingConnect,
+		"operation":  clientConnect,
 	}, nil
 }
 
-type disconnectThingEvent struct {
-	thingID   string
+type disconnectClientEvent struct {
+	clientID  string
 	channelID string
 }
 
-func (dte disconnectThingEvent) Encode() (map[string]interface{}, error) {
+func (dte disconnectClientEvent) Encode() (map[string]interface{}, error) {
 	return map[string]interface{}{
-		"client_id":  dte.thingID,
+		"client_id":  dte.clientID,
 		"channel_id": dte.channelID,
-		"operation":  thingDisconnect,
+		"operation":  clientDisconnect,
 	}, nil
 }
diff --git a/bootstrap/events/producer/streams.go b/bootstrap/events/producer/streams.go
index 238784e8ba..5501c00d72 100644
--- a/bootstrap/events/producer/streams.go
+++ b/bootstrap/events/producer/streams.go
@@ -98,7 +98,7 @@ func (es *eventStore) UpdateConnections(ctx context.Context, session mgauthn.Ses
 	}
 
 	ev := updateConnectionsEvent{
-		mgThing:    id,
+		mgClient:   id,
 		mgChannels: connections,
 	}
 
@@ -163,8 +163,8 @@ func (es *eventStore) ChangeState(ctx context.Context, session mgauthn.Session,
 	}
 
 	ev := changeStateEvent{
-		mgThing: id,
-		state:   state,
+		mgClient: id,
+		state:    state,
 	}
 
 	return es.Publish(ctx, ev)
@@ -213,8 +213,8 @@ func (es *eventStore) ConnectClientHandler(ctx context.Context, channelID, clien
 		return err
 	}
 
-	ev := connectThingEvent{
-		thingID:   clientID,
+	ev := connectClientEvent{
+		clientID:  clientID,
 		channelID: channelID,
 	}
 
@@ -226,8 +226,8 @@ func (es *eventStore) DisconnectClientHandler(ctx context.Context, channelID, cl
 		return err
 	}
 
-	ev := disconnectThingEvent{
-		thingID:   clientID,
+	ev := disconnectClientEvent{
+		clientID:  clientID,
 		channelID: channelID,
 	}
 
diff --git a/bootstrap/events/producer/streams_test.go b/bootstrap/events/producer/streams_test.go
index faee6a8365..15bb197f9a 100644
--- a/bootstrap/events/producer/streams_test.go
+++ b/bootstrap/events/producer/streams_test.go
@@ -48,12 +48,12 @@ const (
 	configList          = configPrefix + "list"
 	configHandlerRemove = configPrefix + "remove_handler"
 
-	thingPrefix            = "thing."
-	thingBootstrap         = thingPrefix + "bootstrap"
-	thingStateChange       = thingPrefix + "change_state"
-	thingUpdateConnections = thingPrefix + "update_connections"
-	thingConnect           = thingPrefix + "connect"
-	thingDisconnect        = thingPrefix + "disconnect"
+	clientPrefix            = "client."
+	clientBootstrap         = clientPrefix + "bootstrap"
+	clientStateChange       = clientPrefix + "change_state"
+	clientUpdateConnections = clientPrefix + "update_connections"
+	clientConnect           = clientPrefix + "connect"
+	clientDisconnect        = clientPrefix + "disconnect"
 
 	channelPrefix        = "group."
 	channelHandlerRemove = channelPrefix + "remove_handler"
@@ -125,18 +125,18 @@ func TestAdd(t *testing.T) {
 	invalidConfig.Channels = []bootstrap.Channel{{ID: "empty"}}
 
 	cases := []struct {
-		desc     string
-		config   bootstrap.Config
-		token    string
-		session  mgauthn.Session
-		id       string
-		domainID string
-		thingErr error
-		channel  []bootstrap.Channel
-		listErr  error
-		saveErr  error
-		err      error
-		event    map[string]interface{}
+		desc      string
+		config    bootstrap.Config
+		token     string
+		session   mgauthn.Session
+		id        string
+		domainID  string
+		clientErr error
+		channel   []bootstrap.Channel
+		listErr   error
+		saveErr   error
+		err       error
+		event     map[string]interface{}
 	}{
 		{
 			desc:     "create config successfully",
@@ -158,14 +158,14 @@ func TestAdd(t *testing.T) {
 			err: nil,
 		},
 		{
-			desc:     "create config with failed to fetch thing",
-			config:   config,
-			token:    validToken,
-			id:       validID,
-			domainID: domainID,
-			event:    nil,
-			thingErr: svcerr.ErrNotFound,
-			err:      svcerr.ErrNotFound,
+			desc:      "create config with failed to fetch client",
+			config:    config,
+			token:     validToken,
+			id:        validID,
+			domainID:  domainID,
+			event:     nil,
+			clientErr: svcerr.ErrNotFound,
+			err:       svcerr.ErrNotFound,
 		},
 		{
 			desc:     "create config with failed to list existing",
@@ -192,7 +192,7 @@ func TestAdd(t *testing.T) {
 	lastID := "0"
 	for _, tc := range cases {
 		tc.session = mgauthn.Session{UserID: validID, DomainID: tc.domainID, DomainUserID: validID}
-		sdkCall := tv.sdk.On("Thing", tc.config.ClientID, tc.domainID, tc.token).Return(mgsdk.Client{ID: tc.config.ClientID, Credentials: mgsdk.ClientCredentials{Secret: tc.config.ClientSecret}}, errors.NewSDKError(tc.thingErr))
+		sdkCall := tv.sdk.On("Client", tc.config.ClientID, tc.domainID, tc.token).Return(mgsdk.Client{ID: tc.config.ClientID, Credentials: mgsdk.ClientCredentials{Secret: tc.config.ClientSecret}}, errors.NewSDKError(tc.clientErr))
 		repoCall := tv.boot.On("ListExisting", context.Background(), domainID, mock.Anything).Return(tc.config.Channels, tc.listErr)
 		repoCall1 := tv.boot.On("Save", context.Background(), mock.Anything, mock.Anything).Return(mock.Anything, tc.saveErr)
 
@@ -403,7 +403,7 @@ func TestUpdateConnections(t *testing.T) {
 		token       string
 		session     mgauthn.Session
 		connections []string
-		thingErr    error
+		clientErr   error
 		channelErr  error
 		retrieveErr error
 		listErr     error
@@ -423,7 +423,7 @@ func TestUpdateConnections(t *testing.T) {
 				"client_id": config.ClientID,
 				"channels":  "2",
 				"timestamp": time.Now().Unix(),
-				"operation": thingUpdateConnections,
+				"operation": clientUpdateConnections,
 			},
 		},
 		{
@@ -533,11 +533,11 @@ func TestUpdateCert(t *testing.T) {
 			caCert:     "caCert",
 			err:        nil,
 			event: map[string]interface{}{
-				"thing_key":   config.ClientSecret,
-				"client_cert": "clientCert",
-				"client_key":  "clientKey",
-				"ca_cert":     "caCert",
-				"operation":   certUpdate,
+				"client_secret": config.ClientSecret,
+				"client_cert":   "clientCert",
+				"client_key":    "clientKey",
+				"ca_cert":       "caCert",
+				"operation":     certUpdate,
 			},
 		},
 		{
@@ -600,12 +600,12 @@ func TestUpdateCert(t *testing.T) {
 			caCert:     "",
 			err:        nil,
 			event: map[string]interface{}{
-				"thing_key":   config.ClientSecret,
-				"client_cert": "clientCert",
-				"client_key":  "clientKey",
-				"ca_cert":     "caCert",
-				"operation":   certUpdate,
-				"timestamp":   time.Now().Unix(),
+				"client_secret": config.ClientSecret,
+				"client_cert":   "clientCert",
+				"client_key":    "clientKey",
+				"ca_cert":       "caCert",
+				"operation":     certUpdate,
+				"timestamp":     time.Now().Unix(),
 			},
 		},
 	}
@@ -639,10 +639,10 @@ func TestUpdateCert(t *testing.T) {
 func TestList(t *testing.T) {
 	tv := newTestVariable(t, redisURL)
 
-	numThings := 101
+	numClients := 101
 	var c bootstrap.Config
 	saved := make([]bootstrap.Config, 0)
-	for i := 0; i < numThings; i++ {
+	for i := 0; i < numClients; i++ {
 		c := config
 		c.ExternalID = testsutil.GenerateUUID(t)
 		c.ExternalKey = testsutil.GenerateUUID(t)
@@ -936,7 +936,7 @@ func TestBootstrap(t *testing.T) {
 				"external_id": config.ExternalID,
 				"success":     "1",
 				"timestamp":   time.Now().Unix(),
-				"operation":   thingBootstrap,
+				"operation":   clientBootstrap,
 			},
 		},
 		{
@@ -949,7 +949,7 @@ func TestBootstrap(t *testing.T) {
 				"external_id": "external_id",
 				"success":     "0",
 				"timestamp":   time.Now().Unix(),
-				"operation":   thingBootstrap,
+				"operation":   clientBootstrap,
 			},
 		},
 	}
@@ -1012,7 +1012,7 @@ func TestChangeState(t *testing.T) {
 				"client_id": config.ClientID,
 				"state":     bootstrap.Active.String(),
 				"timestamp": time.Now().Unix(),
-				"operation": thingStateChange,
+				"operation": clientStateChange,
 			},
 		},
 		{
@@ -1261,7 +1261,7 @@ func TestRemoveConfigHandler(t *testing.T) {
 
 	lastID := "0"
 	for _, tc := range cases {
-		repoCall := tv.boot.On("RemoveThing", context.Background(), mock.Anything).Return(tc.err)
+		repoCall := tv.boot.On("RemoveClient", context.Background(), mock.Anything).Return(tc.err)
 		err := tv.svc.RemoveConfigHandler(context.Background(), tc.configID)
 		assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 
@@ -1284,7 +1284,7 @@ func TestRemoveConfigHandler(t *testing.T) {
 	}
 }
 
-func TestConnectThingHandler(t *testing.T) {
+func TestConnectClientHandler(t *testing.T) {
 	err := redisClient.FlushAll(context.Background()).Err()
 	assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
 
@@ -1293,19 +1293,19 @@ func TestConnectThingHandler(t *testing.T) {
 	cases := []struct {
 		desc      string
 		channelID string
-		thingID   string
+		clientID  string
 		err       error
 		event     map[string]interface{}
 	}{
 		{
 			desc:      "connect client handler successfully",
 			channelID: channel.ID,
-			thingID:   "1",
+			clientID:  "1",
 			err:       nil,
 			event: map[string]interface{}{
 				"channel_id":  channel.ID,
 				"client_id":   "1",
-				"operation":   thingConnect,
+				"operation":   clientConnect,
 				"timestamp":   time.Now().UnixNano(),
 				"occurred_at": time.Now().UnixNano(),
 			},
@@ -1313,21 +1313,21 @@ func TestConnectThingHandler(t *testing.T) {
 		{
 			desc:      "connect non-existing client handler",
 			channelID: channel.ID,
-			thingID:   "unknown",
+			clientID:  "unknown",
 			err:       nil,
 			event:     nil,
 		},
 		{
 			desc:      "connect client handler with empty client ID",
 			channelID: channel.ID,
-			thingID:   "",
+			clientID:  "",
 			err:       nil,
 			event:     nil,
 		},
 		{
 			desc:      "connect client handler with empty channel ID",
 			channelID: "",
-			thingID:   "1",
+			clientID:  "1",
 			err:       nil,
 			event:     nil,
 		},
@@ -1335,8 +1335,8 @@ func TestConnectThingHandler(t *testing.T) {
 
 	lastID := "0"
 	for _, tc := range cases {
-		repoCall := tv.boot.On("ConnectThing", context.Background(), mock.Anything, mock.Anything).Return(tc.err)
-		err := tv.svc.ConnectThingHandler(context.Background(), tc.channelID, tc.thingID)
+		repoCall := tv.boot.On("ConnectClient", context.Background(), mock.Anything, mock.Anything).Return(tc.err)
+		err := tv.svc.ConnectClientHandler(context.Background(), tc.channelID, tc.clientID)
 		assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 
 		streams := redisClient.XRead(context.Background(), &redis.XReadArgs{
@@ -1358,7 +1358,7 @@ func TestConnectThingHandler(t *testing.T) {
 	}
 }
 
-func TestDisconnectThingHandler(t *testing.T) {
+func TestDisconnectClientHandler(t *testing.T) {
 	err := redisClient.FlushAll(context.Background()).Err()
 	assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err))
 
@@ -1367,19 +1367,19 @@ func TestDisconnectThingHandler(t *testing.T) {
 	cases := []struct {
 		desc      string
 		channelID string
-		thingID   string
+		clientID  string
 		err       error
 		event     map[string]interface{}
 	}{
 		{
 			desc:      "disconnect client handler successfully",
 			channelID: channel.ID,
-			thingID:   "1",
+			clientID:  "1",
 			err:       nil,
 			event: map[string]interface{}{
 				"channel_id":  channel.ID,
 				"client_id":   "1",
-				"operation":   thingDisconnect,
+				"operation":   clientDisconnect,
 				"timestamp":   time.Now().UnixNano(),
 				"occurred_at": time.Now().UnixNano(),
 			},
@@ -1392,7 +1392,7 @@ func TestDisconnectThingHandler(t *testing.T) {
 		{
 			desc:      "remove client handler with empty client ID",
 			channelID: channel.ID,
-			thingID:   "",
+			clientID:  "",
 			err:       nil,
 			event:     nil,
 		},
@@ -1405,12 +1405,12 @@ func TestDisconnectThingHandler(t *testing.T) {
 		{
 			desc:      "remove client handler successfully",
 			channelID: channel.ID,
-			thingID:   "1",
+			clientID:  "1",
 			err:       nil,
 			event: map[string]interface{}{
 				"channel_id":  channel.ID,
 				"client_id":   "1",
-				"operation":   thingDisconnect,
+				"operation":   clientDisconnect,
 				"timestamp":   time.Now().UnixNano(),
 				"occurred_at": time.Now().UnixNano(),
 			},
@@ -1419,8 +1419,8 @@ func TestDisconnectThingHandler(t *testing.T) {
 
 	lastID := "0"
 	for _, tc := range cases {
-		repoCall := tv.boot.On("DisconnectThing", context.Background(), tc.channelID, tc.thingID).Return(tc.err)
-		err := tv.svc.DisconnectThingHandler(context.Background(), tc.channelID, tc.thingID)
+		repoCall := tv.boot.On("DisconnectClient", context.Background(), tc.channelID, tc.clientID).Return(tc.err)
+		err := tv.svc.DisconnectClientHandler(context.Background(), tc.channelID, tc.clientID)
 		assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 
 		streams := redisClient.XRead(context.Background(), &redis.XReadArgs{
diff --git a/bootstrap/middleware/authorization.go b/bootstrap/middleware/authorization.go
index 5d961eb7a9..8207477d12 100644
--- a/bootstrap/middleware/authorization.go
+++ b/bootstrap/middleware/authorization.go
@@ -52,12 +52,12 @@ func (am *authorizationMiddleware) Update(ctx context.Context, session mgauthn.S
 	return am.svc.Update(ctx, session, cfg)
 }
 
-func (am *authorizationMiddleware) UpdateCert(ctx context.Context, session mgauthn.Session, thingID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
-	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, policies.EditPermission, policies.ClientType, thingID); err != nil {
+func (am *authorizationMiddleware) UpdateCert(ctx context.Context, session mgauthn.Session, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
+	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, policies.EditPermission, policies.ClientType, clientID); err != nil {
 		return bootstrap.Config{}, err
 	}
 
-	return am.svc.UpdateCert(ctx, session, thingID, clientCert, clientKey, caCert)
+	return am.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert)
 }
 
 func (am *authorizationMiddleware) UpdateConnections(ctx context.Context, session mgauthn.Session, token, id string, connections []string) error {
diff --git a/bootstrap/middleware/logging.go b/bootstrap/middleware/logging.go
index fdcca98cdf..36edba6723 100644
--- a/bootstrap/middleware/logging.go
+++ b/bootstrap/middleware/logging.go
@@ -88,7 +88,7 @@ func (lm *loggingMiddleware) Update(ctx context.Context, session mgauthn.Session
 
 // UpdateCert logs the update_cert request. It logs client ID and the time it took to complete the request.
 // If the request fails, it logs the error.
-func (lm *loggingMiddleware) UpdateCert(ctx context.Context, session mgauthn.Session, thingID, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) {
+func (lm *loggingMiddleware) UpdateCert(ctx context.Context, session mgauthn.Session, clientID, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) {
 	defer func(begin time.Time) {
 		args := []any{
 			slog.String("duration", time.Since(begin).String()),
@@ -102,7 +102,7 @@ func (lm *loggingMiddleware) UpdateCert(ctx context.Context, session mgauthn.Ses
 		lm.logger.Info("Update bootstrap config certificate completed successfully", args...)
 	}(time.Now())
 
-	return lm.svc.UpdateCert(ctx, session, thingID, clientCert, clientKey, caCert)
+	return lm.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert)
 }
 
 // UpdateConnections logs the update_connections request. It logs bootstrap ID and the time it took to complete the request.
diff --git a/bootstrap/middleware/metrics.go b/bootstrap/middleware/metrics.go
index 4a7082f9c5..47c8f4422c 100644
--- a/bootstrap/middleware/metrics.go
+++ b/bootstrap/middleware/metrics.go
@@ -62,13 +62,13 @@ func (mm *metricsMiddleware) Update(ctx context.Context, session mgauthn.Session
 }
 
 // UpdateCert instruments UpdateCert method with metrics.
-func (mm *metricsMiddleware) UpdateCert(ctx context.Context, session mgauthn.Session, thingKey, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) {
+func (mm *metricsMiddleware) UpdateCert(ctx context.Context, session mgauthn.Session, clientID, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) {
 	defer func(begin time.Time) {
 		mm.counter.With("method", "update_cert").Add(1)
 		mm.latency.With("method", "update_cert").Observe(time.Since(begin).Seconds())
 	}(time.Now())
 
-	return mm.svc.UpdateCert(ctx, session, thingKey, clientCert, clientKey, caCert)
+	return mm.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert)
 }
 
 // UpdateConnections instruments UpdateConnections method with metrics.
diff --git a/bootstrap/mocks/configs.go b/bootstrap/mocks/configs.go
index 8095308343..679460c940 100644
--- a/bootstrap/mocks/configs.go
+++ b/bootstrap/mocks/configs.go
@@ -35,9 +35,9 @@ func (_m *ConfigRepository) ChangeState(ctx context.Context, domainID string, id
 	return r0
 }
 
-// ConnectClient provides a mock function with given fields: ctx, channelID, thingID
-func (_m *ConfigRepository) ConnectClient(ctx context.Context, channelID string, thingID string) error {
-	ret := _m.Called(ctx, channelID, thingID)
+// ConnectClient provides a mock function with given fields: ctx, channelID, clientID
+func (_m *ConfigRepository) ConnectClient(ctx context.Context, channelID string, clientID string) error {
+	ret := _m.Called(ctx, channelID, clientID)
 
 	if len(ret) == 0 {
 		panic("no return value specified for ConnectClient")
@@ -45,7 +45,7 @@ func (_m *ConfigRepository) ConnectClient(ctx context.Context, channelID string,
 
 	var r0 error
 	if rf, ok := ret.Get(0).(func(context.Context, string, string) error); ok {
-		r0 = rf(ctx, channelID, thingID)
+		r0 = rf(ctx, channelID, clientID)
 	} else {
 		r0 = ret.Error(0)
 	}
@@ -53,9 +53,9 @@ func (_m *ConfigRepository) ConnectClient(ctx context.Context, channelID string,
 	return r0
 }
 
-// DisconnectClient provides a mock function with given fields: ctx, channelID, thingID
-func (_m *ConfigRepository) DisconnectClient(ctx context.Context, channelID string, thingID string) error {
-	ret := _m.Called(ctx, channelID, thingID)
+// DisconnectClient provides a mock function with given fields: ctx, channelID, clientID
+func (_m *ConfigRepository) DisconnectClient(ctx context.Context, channelID string, clientID string) error {
+	ret := _m.Called(ctx, channelID, clientID)
 
 	if len(ret) == 0 {
 		panic("no return value specified for DisconnectClient")
@@ -63,7 +63,7 @@ func (_m *ConfigRepository) DisconnectClient(ctx context.Context, channelID stri
 
 	var r0 error
 	if rf, ok := ret.Get(0).(func(context.Context, string, string) error); ok {
-		r0 = rf(ctx, channelID, thingID)
+		r0 = rf(ctx, channelID, clientID)
 	} else {
 		r0 = ret.Error(0)
 	}
@@ -155,7 +155,7 @@ func (_m *ConfigRepository) RemoveClient(ctx context.Context, id string) error {
 	return r0
 }
 
-// RetrieveAll provides a mock function with given fields: ctx, domainID, thingIDs, filter, offset, limit
+// RetrieveAll provides a mock function with given fields: ctx, domainID, clientIDs, filter, offset, limit
 func (_m *ConfigRepository) RetrieveAll(ctx context.Context, domainID string, clientIDs []string, filter bootstrap.Filter, offset uint64, limit uint64) bootstrap.ConfigsPage {
 	ret := _m.Called(ctx, domainID, clientIDs, filter, offset, limit)
 
@@ -275,9 +275,9 @@ func (_m *ConfigRepository) Update(ctx context.Context, cfg bootstrap.Config) er
 	return r0
 }
 
-// UpdateCert provides a mock function with given fields: ctx, domainID, thingID, clientCert, clientKey, caCert
-func (_m *ConfigRepository) UpdateCert(ctx context.Context, domainID string, thingID string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error) {
-	ret := _m.Called(ctx, domainID, thingID, clientCert, clientKey, caCert)
+// UpdateCert provides a mock function with given fields: ctx, domainID, clientID, clientCert, clientKey, caCert
+func (_m *ConfigRepository) UpdateCert(ctx context.Context, domainID string, clientID string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error) {
+	ret := _m.Called(ctx, domainID, clientID, clientCert, clientKey, caCert)
 
 	if len(ret) == 0 {
 		panic("no return value specified for UpdateCert")
@@ -286,16 +286,16 @@ func (_m *ConfigRepository) UpdateCert(ctx context.Context, domainID string, thi
 	var r0 bootstrap.Config
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, string, string, string, string, string) (bootstrap.Config, error)); ok {
-		return rf(ctx, domainID, thingID, clientCert, clientKey, caCert)
+		return rf(ctx, domainID, clientID, clientCert, clientKey, caCert)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, string, string, string, string, string) bootstrap.Config); ok {
-		r0 = rf(ctx, domainID, thingID, clientCert, clientKey, caCert)
+		r0 = rf(ctx, domainID, clientID, clientCert, clientKey, caCert)
 	} else {
 		r0 = ret.Get(0).(bootstrap.Config)
 	}
 
 	if rf, ok := ret.Get(1).(func(context.Context, string, string, string, string, string) error); ok {
-		r1 = rf(ctx, domainID, thingID, clientCert, clientKey, caCert)
+		r1 = rf(ctx, domainID, clientID, clientCert, clientKey, caCert)
 	} else {
 		r1 = ret.Error(1)
 	}
diff --git a/bootstrap/mocks/service.go b/bootstrap/mocks/service.go
index b18c82678b..52ca35b98d 100644
--- a/bootstrap/mocks/service.go
+++ b/bootstrap/mocks/service.go
@@ -228,9 +228,9 @@ func (_m *Service) Update(ctx context.Context, session authn.Session, cfg bootst
 	return r0
 }
 
-// UpdateCert provides a mock function with given fields: ctx, session, thingID, clientCert, clientKey, caCert
-func (_m *Service) UpdateCert(ctx context.Context, session authn.Session, thingID string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error) {
-	ret := _m.Called(ctx, session, thingID, clientCert, clientKey, caCert)
+// UpdateCert provides a mock function with given fields: ctx, session, clientID, clientCert, clientKey, caCert
+func (_m *Service) UpdateCert(ctx context.Context, session authn.Session, clientID string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error) {
+	ret := _m.Called(ctx, session, clientID, clientCert, clientKey, caCert)
 
 	if len(ret) == 0 {
 		panic("no return value specified for UpdateCert")
@@ -239,16 +239,16 @@ func (_m *Service) UpdateCert(ctx context.Context, session authn.Session, thingI
 	var r0 bootstrap.Config
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, string, string, string) (bootstrap.Config, error)); ok {
-		return rf(ctx, session, thingID, clientCert, clientKey, caCert)
+		return rf(ctx, session, clientID, clientCert, clientKey, caCert)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, string, string, string) bootstrap.Config); ok {
-		r0 = rf(ctx, session, thingID, clientCert, clientKey, caCert)
+		r0 = rf(ctx, session, clientID, clientCert, clientKey, caCert)
 	} else {
 		r0 = ret.Get(0).(bootstrap.Config)
 	}
 
 	if rf, ok := ret.Get(1).(func(context.Context, authn.Session, string, string, string, string) error); ok {
-		r1 = rf(ctx, session, thingID, clientCert, clientKey, caCert)
+		r1 = rf(ctx, session, clientID, clientCert, clientKey, caCert)
 	} else {
 		r1 = ret.Error(1)
 	}
diff --git a/bootstrap/postgres/configs.go b/bootstrap/postgres/configs.go
index ba09777e03..0fa8e389e0 100644
--- a/bootstrap/postgres/configs.go
+++ b/bootstrap/postgres/configs.go
@@ -48,7 +48,7 @@ func NewConfigRepository(db postgres.Database, log *slog.Logger) bootstrap.Confi
 	return &configRepository{db: db, log: log}
 }
 
-func (cr configRepository) Save(ctx context.Context, cfg bootstrap.Config, chsConnIDs []string) (thingID string, err error) {
+func (cr configRepository) Save(ctx context.Context, cfg bootstrap.Config, chsConnIDs []string) (clientID string, err error) {
 	q := `INSERT INTO configs (magistrala_client, domain_id, name, client_cert, client_key, ca_cert, magistrala_secret, external_id, external_key, content, state)
 	VALUES (:magistrala_client, :domain_id, :name, :client_cert, :client_key, :ca_cert, :magistrala_secret, :external_id, :external_key, :content, :state)`
 
@@ -281,12 +281,12 @@ func (cr configRepository) Update(ctx context.Context, cfg bootstrap.Config) err
 	return nil
 }
 
-func (cr configRepository) UpdateCert(ctx context.Context, domainID, thingID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
+func (cr configRepository) UpdateCert(ctx context.Context, domainID, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
 	q := `UPDATE configs SET client_cert = :client_cert, client_key = :client_key, ca_cert = :ca_cert WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id 
 	RETURNING magistrala_client, client_cert, client_key, ca_cert`
 
 	dbcfg := dbConfig{
-		ClientID:   thingID,
+		ClientID:   clientID,
 		ClientCert: nullString(clientCert),
 		DomainID:   domainID,
 		ClientKey:  nullString(clientKey),
@@ -474,23 +474,23 @@ func (cr configRepository) ConnectClient(ctx context.Context, channelID, clientI
 	return nil
 }
 
-func (cr configRepository) DisconnectClient(ctx context.Context, channelID, thingID string) error {
+func (cr configRepository) DisconnectClient(ctx context.Context, channelID, clientID string) error {
 	q := `UPDATE configs SET state = $1
 		WHERE magistrala_client = $2
 		AND EXISTS (SELECT 1 FROM connections WHERE config_id = $2 AND channel_id = $3)`
-	_, err := cr.db.ExecContext(ctx, q, bootstrap.Inactive, thingID, channelID)
+	_, err := cr.db.ExecContext(ctx, q, bootstrap.Inactive, clientID, channelID)
 	if err != nil {
 		return errors.Wrap(errDisconnectClient, err)
 	}
 	return nil
 }
 
-func buildRetrieveQueryParams(domainID string, thingIDs []string, filter bootstrap.Filter) (string, []interface{}) {
+func buildRetrieveQueryParams(domainID string, clientIDs []string, filter bootstrap.Filter) (string, []interface{}) {
 	params := []interface{}{}
 	queries := []string{}
 
-	if len(thingIDs) != 0 {
-		queries = append(queries, fmt.Sprintf("magistrala_client IN ('%s')", strings.Join(thingIDs, "','")))
+	if len(clientIDs) != 0 {
+		queries = append(queries, fmt.Sprintf("magistrala_client IN ('%s')", strings.Join(clientIDs, "','")))
 	} else if domainID != "" {
 		params = append(params, domainID)
 		queries = append(queries, fmt.Sprintf("domain_id = $%d", len(params)))
diff --git a/bootstrap/postgres/configs_test.go b/bootstrap/postgres/configs_test.go
index 942ebe0d41..8293867c11 100644
--- a/bootstrap/postgres/configs_test.go
+++ b/bootstrap/postgres/configs_test.go
@@ -23,7 +23,7 @@ const numConfigs = 10
 
 var (
 	config = bootstrap.Config{
-		ClientID:     "mg-thing",
+		ClientID:     "mg-client",
 		ClientSecret: "mg-key",
 		ExternalID:   "external-id",
 		ExternalKey:  "external-key",
@@ -46,10 +46,10 @@ func TestSave(t *testing.T) {
 
 	diff := "different"
 
-	duplicateThing := config
-	duplicateThing.ExternalID = diff
-	duplicateThing.ClientSecret = diff
-	duplicateThing.Channels = []bootstrap.Channel{}
+	duplicateClient := config
+	duplicateClient.ExternalID = diff
+	duplicateClient.ClientSecret = diff
+	duplicateClient.Channels = []bootstrap.Channel{}
 
 	duplicateExternal := config
 	duplicateExternal.ClientID = diff
@@ -74,8 +74,8 @@ func TestSave(t *testing.T) {
 			err:         nil,
 		},
 		{
-			desc:        "save config with same Thing ID",
-			config:      duplicateThing,
+			desc:        "save config with same Client ID",
+			config:      duplicateClient,
 			connections: nil,
 			err:         repoerr.ErrConflict,
 		},
@@ -191,7 +191,7 @@ func TestRetrieveAll(t *testing.T) {
 	cases := []struct {
 		desc     string
 		domainID string
-		thingID  []string
+		clientID []string
 		offset   uint64
 		limit    uint64
 		filter   bootstrap.Filter
@@ -200,7 +200,7 @@ func TestRetrieveAll(t *testing.T) {
 		{
 			desc:     "retrieve all configs",
 			domainID: config.DomainID,
-			thingID:  []string{},
+			clientID: []string{},
 			offset:   0,
 			limit:    uint64(numConfigs),
 			size:     numConfigs,
@@ -208,7 +208,7 @@ func TestRetrieveAll(t *testing.T) {
 		{
 			desc:     "retrieve a subset of configs",
 			domainID: config.DomainID,
-			thingID:  []string{},
+			clientID: []string{},
 			offset:   5,
 			limit:    uint64(numConfigs - 5),
 			size:     numConfigs - 5,
@@ -216,7 +216,7 @@ func TestRetrieveAll(t *testing.T) {
 		{
 			desc:     "retrieve with wrong domain ID ",
 			domainID: "2",
-			thingID:  []string{},
+			clientID: []string{},
 			offset:   0,
 			limit:    uint64(numConfigs),
 			size:     0,
@@ -224,7 +224,7 @@ func TestRetrieveAll(t *testing.T) {
 		{
 			desc:     "retrieve all active configs ",
 			domainID: config.DomainID,
-			thingID:  []string{},
+			clientID: []string{},
 			offset:   0,
 			limit:    uint64(numConfigs),
 			filter:   bootstrap.Filter{FullMatch: map[string]string{"state": bootstrap.Active.String()}},
@@ -233,7 +233,7 @@ func TestRetrieveAll(t *testing.T) {
 		{
 			desc:     "retrieve all with partial match filter",
 			domainID: config.DomainID,
-			thingID:  []string{},
+			clientID: []string{},
 			offset:   0,
 			limit:    uint64(numConfigs),
 			filter:   bootstrap.Filter{PartialMatch: map[string]string{"name": "1"}},
@@ -242,31 +242,31 @@ func TestRetrieveAll(t *testing.T) {
 		{
 			desc:     "retrieve search by name",
 			domainID: config.DomainID,
-			thingID:  []string{},
+			clientID: []string{},
 			offset:   0,
 			limit:    uint64(numConfigs),
 			filter:   bootstrap.Filter{PartialMatch: map[string]string{"name": "1"}},
 			size:     1,
 		},
 		{
-			desc:     "retrieve by valid thingIDs",
+			desc:     "retrieve by valid clientIDs",
 			domainID: config.DomainID,
-			thingID:  clientIDs,
+			clientID: clientIDs,
 			offset:   0,
 			limit:    uint64(numConfigs),
 			size:     10,
 		},
 		{
-			desc:     "retrieve by non-existing thingID",
+			desc:     "retrieve by non-existing clientID",
 			domainID: config.DomainID,
-			thingID:  []string{"non-existing"},
+			clientID: []string{"non-existing"},
 			offset:   0,
 			limit:    uint64(numConfigs),
 			size:     0,
 		},
 	}
 	for _, tc := range cases {
-		ret := repo.RetrieveAll(context.Background(), tc.domainID, tc.thingID, tc.filter, tc.offset, tc.limit)
+		ret := repo.RetrieveAll(context.Background(), tc.domainID, tc.clientID, tc.filter, tc.offset, tc.limit)
 		size := len(ret.Configs)
 		assert.Equal(t, tc.size, size, fmt.Sprintf("%s: expected %d got %d\n", tc.desc, tc.size, size))
 	}
@@ -379,7 +379,7 @@ func TestUpdateCert(t *testing.T) {
 
 	cases := []struct {
 		desc           string
-		thingID        string
+		clientID       string
 		domainID       string
 		cert           string
 		certKey        string
@@ -389,7 +389,7 @@ func TestUpdateCert(t *testing.T) {
 	}{
 		{
 			desc:           "update with wrong domain ID ",
-			thingID:        "",
+			clientID:       "",
 			cert:           "cert",
 			certKey:        "certKey",
 			ca:             "",
@@ -399,7 +399,7 @@ func TestUpdateCert(t *testing.T) {
 		},
 		{
 			desc:     "update a config",
-			thingID:  c.ClientID,
+			clientID: c.ClientID,
 			cert:     "cert",
 			certKey:  "certKey",
 			ca:       "ca",
@@ -415,7 +415,7 @@ func TestUpdateCert(t *testing.T) {
 		},
 	}
 	for _, tc := range cases {
-		cfg, err := repo.UpdateCert(context.Background(), tc.domainID, tc.thingID, tc.cert, tc.certKey, tc.ca)
+		cfg, err := repo.UpdateCert(context.Background(), tc.domainID, tc.clientID, tc.cert, tc.certKey, tc.ca)
 		assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 		assert.Equal(t, tc.expectedConfig, cfg, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.expectedConfig, cfg))
 	}
@@ -628,7 +628,7 @@ func TestListExisting(t *testing.T) {
 	}
 }
 
-func TestRemoveThing(t *testing.T) {
+func TestRemoveClient(t *testing.T) {
 	repo := postgres.NewConfigRepository(db, testLog)
 	err := deleteChannels(context.Background(), repo)
 	require.Nil(t, err, "Channels cleanup expected to succeed.")
@@ -644,7 +644,7 @@ func TestRemoveThing(t *testing.T) {
 	saved, err := repo.Save(context.Background(), c, channels)
 	assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
 	for i := 0; i < 2; i++ {
-		err := repo.RemoveThing(context.Background(), saved)
+		err := repo.RemoveClient(context.Background(), saved)
 		assert.Nil(t, err, fmt.Sprintf("an unexpected error occurred: %s\n", err))
 	}
 }
@@ -710,7 +710,7 @@ func TestRemoveChannel(t *testing.T) {
 	assert.NotContains(t, cfg.Channels, c.Channels[0], fmt.Sprintf("expected to remove channel %s from %s", c.Channels[0], cfg.Channels))
 }
 
-func TestConnectThing(t *testing.T) {
+func TestConnectClient(t *testing.T) {
 	repo := postgres.NewConfigRepository(db, testLog)
 	err := deleteChannels(context.Background(), repo)
 	require.Nil(t, err, "Channels cleanup expected to succeed.")
@@ -735,8 +735,8 @@ func TestConnectThing(t *testing.T) {
 	randomClientID, _ := uuid.NewV4()
 	randomClient.ClientID = randomClientID.String()
 
-	emptyThing := c
-	emptyThing.ClientID = ""
+	emptyClient := c
+	emptyClient.ClientID = ""
 
 	cases := []struct {
 		desc        string
@@ -748,7 +748,7 @@ func TestConnectThing(t *testing.T) {
 		err         error
 	}{
 		{
-			desc:        "connect disconnected thing",
+			desc:        "connect disconnected client",
 			domainID:    c.DomainID,
 			id:          saved,
 			state:       bootstrap.Inactive,
@@ -757,7 +757,7 @@ func TestConnectThing(t *testing.T) {
 			err:         nil,
 		},
 		{
-			desc:        "connect already connected thing",
+			desc:        "connect already connected client",
 			domainID:    c.DomainID,
 			id:          connectedClient.ClientID,
 			state:       connectedClient.State,
@@ -766,7 +766,7 @@ func TestConnectThing(t *testing.T) {
 			err:         nil,
 		},
 		{
-			desc:        "connect non-existent thing",
+			desc:        "connect non-existent client",
 			domainID:    c.DomainID,
 			id:          wrongID,
 			channels:    c.Channels,
@@ -774,7 +774,7 @@ func TestConnectThing(t *testing.T) {
 			err:         repoerr.ErrNotFound,
 		},
 		{
-			desc:        "connect random thing",
+			desc:        "connect random client",
 			domainID:    c.DomainID,
 			id:          randomClient.ClientID,
 			channels:    c.Channels,
@@ -782,9 +782,9 @@ func TestConnectThing(t *testing.T) {
 			err:         repoerr.ErrNotFound,
 		},
 		{
-			desc:        "connect empty thing",
+			desc:        "connect empty client",
 			domainID:    c.DomainID,
-			id:          emptyThing.ClientID,
+			id:          emptyClient.ClientID,
 			channels:    c.Channels,
 			connections: channels,
 			err:         repoerr.ErrNotFound,
@@ -793,13 +793,13 @@ func TestConnectThing(t *testing.T) {
 	for _, tc := range cases {
 		for i, ch := range tc.channels {
 			if i == 0 {
-				err = repo.ConnectThing(context.Background(), ch.ID, tc.id)
+				err = repo.ConnectClient(context.Background(), ch.ID, tc.id)
 				assert.Equal(t, tc.err, err, fmt.Sprintf("%s: Expected error: %s, got: %s.\n", tc.desc, tc.err, err))
 				cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID)
 				assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err))
 				assert.Equal(t, cfg.State, bootstrap.Active, fmt.Sprintf("expected to be active when a connection is added from %s", cfg))
 			} else {
-				_ = repo.ConnectThing(context.Background(), ch.ID, tc.id)
+				_ = repo.ConnectClient(context.Background(), ch.ID, tc.id)
 			}
 		}
 
@@ -809,7 +809,7 @@ func TestConnectThing(t *testing.T) {
 	}
 }
 
-func TestDisconnectThing(t *testing.T) {
+func TestDisconnectClient(t *testing.T) {
 	repo := postgres.NewConfigRepository(db, testLog)
 	err := deleteChannels(context.Background(), repo)
 	require.Nil(t, err, "Channels cleanup expected to succeed.")
@@ -828,14 +828,14 @@ func TestDisconnectThing(t *testing.T) {
 
 	wrongID := testsutil.GenerateUUID(&testing.T{})
 
-	connectedThing := c
+	connectedClient := c
 
-	randomThing := c
+	randomClient := c
 	randomClientID, _ := uuid.NewV4()
-	randomThing.ClientID = randomClientID.String()
+	randomClient.ClientID = randomClientID.String()
 
-	emptyThing := c
-	emptyThing.ClientID = ""
+	emptyClient := c
+	emptyClient.ClientID = ""
 
 	cases := []struct {
 		desc        string
@@ -847,16 +847,16 @@ func TestDisconnectThing(t *testing.T) {
 		err         error
 	}{
 		{
-			desc:        "disconnect connected thing",
+			desc:        "disconnect connected client",
 			domainID:    c.DomainID,
-			id:          connectedThing.ClientID,
-			state:       connectedThing.State,
+			id:          connectedClient.ClientID,
+			state:       connectedClient.State,
 			channels:    c.Channels,
 			connections: channels,
 			err:         nil,
 		},
 		{
-			desc:        "disconnect already disconnected thing",
+			desc:        "disconnect already disconnected client",
 			domainID:    c.DomainID,
 			id:          saved,
 			state:       bootstrap.Inactive,
@@ -865,7 +865,7 @@ func TestDisconnectThing(t *testing.T) {
 			err:         nil,
 		},
 		{
-			desc:        "disconnect invalid thing",
+			desc:        "disconnect invalid client",
 			domainID:    c.DomainID,
 			id:          wrongID,
 			channels:    c.Channels,
@@ -873,17 +873,17 @@ func TestDisconnectThing(t *testing.T) {
 			err:         nil,
 		},
 		{
-			desc:        "disconnect random thing",
+			desc:        "disconnect random client",
 			domainID:    c.DomainID,
-			id:          randomThing.ClientID,
+			id:          randomClient.ClientID,
 			channels:    c.Channels,
 			connections: channels,
 			err:         nil,
 		},
 		{
-			desc:        "disconnect empty thing",
+			desc:        "disconnect empty client",
 			domainID:    c.DomainID,
-			id:          emptyThing.ClientID,
+			id:          emptyClient.ClientID,
 			channels:    c.Channels,
 			connections: channels,
 			err:         nil,
@@ -892,7 +892,7 @@ func TestDisconnectThing(t *testing.T) {
 
 	for _, tc := range cases {
 		for _, ch := range tc.channels {
-			err = repo.DisconnectThing(context.Background(), ch.ID, tc.id)
+			err = repo.DisconnectClient(context.Background(), ch.ID, tc.id)
 			assert.Equal(t, tc.err, err, fmt.Sprintf("%s: Expected error: %s, got: %s.\n", tc.desc, tc.err, err))
 		}
 
diff --git a/bootstrap/postgres/init.go b/bootstrap/postgres/init.go
index b3ec83e69f..5ab55938d7 100644
--- a/bootstrap/postgres/init.go
+++ b/bootstrap/postgres/init.go
@@ -13,7 +13,7 @@ func Migration() *migrate.MemoryMigrationSource {
 				Id: "configs_1",
 				Up: []string{
 					`CREATE TABLE IF NOT EXISTS configs (
-						mainflux_thing TEXT UNIQUE NOT NULL,
+						mainflux_client TEXT UNIQUE NOT NULL,
 						owner          VARCHAR(254),
 						name           TEXT,
 						mainflux_key   CHAR(36) UNIQUE NOT NULL,
@@ -24,7 +24,7 @@ func Migration() *migrate.MemoryMigrationSource {
 						client_key 	   TEXT,
 						ca_cert 	   TEXT,
 						state          BIGINT NOT NULL,
-						PRIMARY KEY (mainflux_thing, owner)
+						PRIMARY KEY (mainflux_client, owner)
 					)`,
 					`CREATE TABLE IF NOT EXISTS unknown_configs (
 						external_id  TEXT UNIQUE NOT NULL,
@@ -44,7 +44,7 @@ func Migration() *migrate.MemoryMigrationSource {
 						config_id     TEXT,
 						config_owner  VARCHAR(256),
 						FOREIGN KEY (channel_id, channel_owner) REFERENCES channels (mainflux_channel, owner) ON DELETE CASCADE ON UPDATE CASCADE,
-						FOREIGN KEY (config_id, config_owner) REFERENCES configs (mainflux_thing, owner) ON DELETE CASCADE ON UPDATE CASCADE,
+						FOREIGN KEY (config_id, config_owner) REFERENCES configs (mainflux_client, owner) ON DELETE CASCADE ON UPDATE CASCADE,
 						PRIMARY KEY (channel_id, channel_owner, config_id, config_owner)
 					)`,
 				},
@@ -78,7 +78,7 @@ func Migration() *migrate.MemoryMigrationSource {
 			{
 				Id: "configs_4",
 				Up: []string{
-					`ALTER TABLE IF EXISTS configs RENAME COLUMN mainflux_thing TO magistrala_client`,
+					`ALTER TABLE IF EXISTS configs RENAME COLUMN mainflux_client TO magistrala_client`,
 					`ALTER TABLE IF EXISTS configs RENAME COLUMN mainflux_key TO magistrala_secret`,
 					`ALTER TABLE IF EXISTS channels RENAME COLUMN mainflux_channel TO magistrala_channel`,
 				},
diff --git a/bootstrap/service.go b/bootstrap/service.go
index daf67dc55a..4a9ad8e58e 100644
--- a/bootstrap/service.go
+++ b/bootstrap/service.go
@@ -152,26 +152,26 @@ func (bs bootstrapService) Add(ctx context.Context, session mgauthn.Session, tok
 	}
 
 	id := cfg.ClientID
-	mgThing, err := bs.client(session.DomainID, id, token)
+	mgClient, err := bs.client(session.DomainID, id, token)
 	if err != nil {
 		return Config{}, errors.Wrap(errClientNotFound, err)
 	}
 
 	for _, channel := range cfg.Channels {
-		if channel.DomainID != mgThing.DomainID {
+		if channel.DomainID != mgClient.DomainID {
 			return Config{}, errors.Wrap(svcerr.ErrMalformedEntity, errNotInSameDomain)
 		}
 	}
 
-	cfg.ClientID = mgThing.ID
+	cfg.ClientID = mgClient.ID
 	cfg.DomainID = session.DomainID
 	cfg.State = Inactive
-	cfg.ClientSecret = mgThing.Credentials.Secret
+	cfg.ClientSecret = mgClient.Credentials.Secret
 
 	saved, err := bs.configs.Save(ctx, cfg, toConnect)
 	if err != nil {
-		// If id is empty, then a new client has been created function - bs.thing(id, token)
-		// So, on bootstrap config save error , delete the newly created thing.
+		// If id is empty, then a new client has been created function - bs.client(id, token)
+		// So, on bootstrap config save error , delete the newly created client.
 		if id == "" {
 			if errT := bs.sdk.DeleteClient(cfg.ClientID, cfg.DomainID, token); errT != nil {
 				err = errors.Wrap(err, errT)
@@ -280,12 +280,12 @@ func (bs bootstrapService) List(ctx context.Context, session mgauthn.Session, fi
 	}
 
 	// Handle non-admin users
-	thingIDs, err := bs.listClientIDs(ctx, session.DomainUserID)
+	clientIDs, err := bs.listClientIDs(ctx, session.DomainUserID)
 	if err != nil {
 		return ConfigsPage{}, errors.Wrap(svcerr.ErrNotFound, err)
 	}
 
-	if len(thingIDs) == 0 {
+	if len(clientIDs) == 0 {
 		return ConfigsPage{
 			Total:   0,
 			Offset:  offset,
@@ -294,7 +294,7 @@ func (bs bootstrapService) List(ctx context.Context, session mgauthn.Session, fi
 		}, nil
 	}
 
-	return bs.configs.RetrieveAll(ctx, session.DomainID, thingIDs, filter, offset, limit), nil
+	return bs.configs.RetrieveAll(ctx, session.DomainID, clientIDs, filter, offset, limit), nil
 }
 
 func (bs bootstrapService) Remove(ctx context.Context, session mgauthn.Session, id string) error {
@@ -407,19 +407,19 @@ func (bs bootstrapService) client(domainID, id, token string) (mgsdk.Client, err
 		if err != nil {
 			return mgsdk.Client{}, errors.Wrap(errCreateClient, err)
 		}
-		thing, sdkErr := bs.sdk.CreateClient(mgsdk.Client{ID: id, Name: "Bootstrapped Client " + id}, domainID, token)
+		client, sdkErr := bs.sdk.CreateClient(mgsdk.Client{ID: id, Name: "Bootstrapped Client " + id}, domainID, token)
 		if sdkErr != nil {
 			return mgsdk.Client{}, errors.Wrap(errCreateClient, sdkErr)
 		}
-		return thing, nil
+		return client, nil
 	}
 
-	// If Client ID is provided, then retrieve thing
-	thing, sdkErr := bs.sdk.Client(id, domainID, token)
+	// If Client ID is provided, then retrieve client
+	client, sdkErr := bs.sdk.Client(id, domainID, token)
 	if sdkErr != nil {
 		return mgsdk.Client{}, errors.Wrap(ErrClients, sdkErr)
 	}
-	return thing, nil
+	return client, nil
 }
 
 func (bs bootstrapService) connectionChannels(channels, existing []string, domainID, token string) ([]Channel, error) {
diff --git a/bootstrap/service_test.go b/bootstrap/service_test.go
index 5d42dc48e1..8eb903b753 100644
--- a/bootstrap/service_test.go
+++ b/bootstrap/service_test.go
@@ -106,12 +106,12 @@ func TestAdd(t *testing.T) {
 		session         mgauthn.Session
 		userID          string
 		domainID        string
-		thingErr        error
-		createThingErr  error
+		clientErr        error
+		createClientErr  error
 		channelErr      error
 		listExistingErr error
 		saveErr         error
-		deleteThingErr  error
+		deleteClientErr  error
 		err             error
 	}{
 		{
@@ -128,7 +128,7 @@ func TestAdd(t *testing.T) {
 			token:    validToken,
 			userID:   validID,
 			domainID: domainID,
-			thingErr: errors.NewSDKError(svcerr.ErrNotFound),
+			clientErr: errors.NewSDKError(svcerr.ErrNotFound),
 			err:      svcerr.ErrNotFound,
 		},
 		{
@@ -152,9 +152,9 @@ func TestAdd(t *testing.T) {
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
 			tc.session = mgauthn.Session{UserID: tc.userID, DomainID: tc.domainID, DomainUserID: validID}
-			repoCall := sdk.On("Thing", tc.config.ClientID, mock.Anything, tc.token).Return(mgsdk.Client{ID: tc.config.ClientID, Credentials: mgsdk.ClientCredentials{Secret: tc.config.ClientSecret}}, tc.thingErr)
-			repoCall1 := sdk.On("CreateThing", mock.Anything, tc.domainID, tc.token).Return(mgsdk.Client{}, tc.createThingErr)
-			repoCall2 := sdk.On("DeleteThing", tc.config.ClientID, tc.domainID, tc.token).Return(tc.deleteThingErr)
+			repoCall := sdk.On("Client", tc.config.ClientID, mock.Anything, tc.token).Return(mgsdk.Client{ID: tc.config.ClientID, Credentials: mgsdk.ClientCredentials{Secret: tc.config.ClientSecret}}, tc.clientErr)
+			repoCall1 := sdk.On("CreateClient", mock.Anything, tc.domainID, tc.token).Return(mgsdk.Client{}, tc.createClientErr)
+			repoCall2 := sdk.On("DeleteClient", tc.config.ClientID, tc.domainID, tc.token).Return(tc.deleteClientErr)
 			repoCall3 := boot.On("ListExisting", context.Background(), tc.domainID, mock.Anything).Return(tc.config.Channels, tc.listExistingErr)
 			repoCall4 := boot.On("Save", context.Background(), mock.Anything, mock.Anything).Return(mock.Anything, tc.saveErr)
 			_, err := svc.Add(context.Background(), tc.session, tc.token, tc.config)
@@ -176,11 +176,11 @@ func TestView(t *testing.T) {
 		configID    string
 		userID      string
 		domain      string
-		thingDomain string
+		clientDomain string
 		token       string
 		session     mgauthn.Session
 		retrieveErr error
-		thingErr    error
+		clientErr    error
 		channelErr  error
 		err         error
 	}{
@@ -188,7 +188,7 @@ func TestView(t *testing.T) {
 			desc:        "view an existing config",
 			configID:    config.ClientID,
 			userID:      validID,
-			thingDomain: domainID,
+			clientDomain: domainID,
 			domain:      domainID,
 			token:       validToken,
 			err:         nil,
@@ -197,7 +197,7 @@ func TestView(t *testing.T) {
 			desc:        "view a non-existing config",
 			configID:    unknown,
 			userID:      validID,
-			thingDomain: domainID,
+			clientDomain: domainID,
 			domain:      domainID,
 			token:       validToken,
 			retrieveErr: svcerr.ErrNotFound,
@@ -207,7 +207,7 @@ func TestView(t *testing.T) {
 			desc:        "view a config with invalid domain",
 			configID:    config.ClientID,
 			userID:      validID,
-			thingDomain: invalidDomainID,
+			clientDomain: invalidDomainID,
 			domain:      invalidDomainID,
 			token:       validToken,
 			retrieveErr: svcerr.ErrNotFound,
@@ -218,7 +218,7 @@ func TestView(t *testing.T) {
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
 			tc.session = mgauthn.Session{UserID: tc.userID, DomainID: tc.domain, DomainUserID: validID}
-			repoCall := boot.On("RetrieveByID", context.Background(), tc.thingDomain, tc.configID).Return(config, tc.retrieveErr)
+			repoCall := boot.On("RetrieveByID", context.Background(), tc.clientDomain, tc.configID).Return(config, tc.retrieveErr)
 			_, err := svc.View(context.Background(), tc.session, tc.configID)
 			assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 			repoCall.Unset()
@@ -304,7 +304,7 @@ func TestUpdateCert(t *testing.T) {
 		session         mgauthn.Session
 		userID          string
 		domainID        string
-		thingID         string
+		clientID         string
 		clientCert      string
 		clientKey       string
 		caCert          string
@@ -318,7 +318,7 @@ func TestUpdateCert(t *testing.T) {
 			desc:       "update certs for the valid config",
 			userID:     validID,
 			domainID:   domainID,
-			thingID:    c.ClientID,
+			clientID:    c.ClientID,
 			clientCert: "newCert",
 			clientKey:  "newKey",
 			caCert:     "newCert",
@@ -343,7 +343,7 @@ func TestUpdateCert(t *testing.T) {
 			desc:           "update cert for a non-existing config",
 			userID:         validID,
 			domainID:       domainID,
-			thingID:        "empty",
+			clientID:        "empty",
 			clientCert:     "newCert",
 			clientKey:      "newKey",
 			caCert:         "newCert",
@@ -358,7 +358,7 @@ func TestUpdateCert(t *testing.T) {
 		t.Run(tc.desc, func(t *testing.T) {
 			tc.session = mgauthn.Session{UserID: tc.userID, DomainID: tc.domainID, DomainUserID: validID}
 			repoCall := boot.On("UpdateCert", context.Background(), mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.expectedConfig, tc.updateErr)
-			cfg, err := svc.UpdateCert(context.Background(), tc.session, tc.thingID, tc.clientCert, tc.clientKey, tc.caCert)
+			cfg, err := svc.UpdateCert(context.Background(), tc.session, tc.clientID, tc.clientCert, tc.clientKey, tc.caCert)
 			assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 			sort.Slice(cfg.Channels, func(i, j int) bool {
 				return cfg.Channels[i].ID < cfg.Channels[j].ID
@@ -393,7 +393,7 @@ func TestUpdateConnections(t *testing.T) {
 		domainID    string
 		connections []string
 		updateErr   error
-		thingErr    error
+		clientErr    error
 		channelErr  error
 		retrieveErr error
 		listErr     error
@@ -451,9 +451,9 @@ func TestUpdateConnections(t *testing.T) {
 func TestList(t *testing.T) {
 	svc := newService()
 
-	numThings := 101
+	numClients := 101
 	var saved []bootstrap.Config
-	for i := 0; i < numThings; i++ {
+	for i := 0; i < numClients; i++ {
 		c := config
 		c.ExternalID = testsutil.GenerateUUID(t)
 		c.ExternalKey = testsutil.GenerateUUID(t)
@@ -1038,7 +1038,7 @@ func TestRemoveConfigHandler(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			repoCall := boot.On("RemoveThing", context.Background(), mock.Anything).Return(tc.err)
+			repoCall := boot.On("RemoveClient", context.Background(), mock.Anything).Return(tc.err)
 			err := svc.RemoveConfigHandler(context.Background(), tc.id)
 			assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 			repoCall.Unset()
@@ -1046,66 +1046,66 @@ func TestRemoveConfigHandler(t *testing.T) {
 	}
 }
 
-func TestConnectThingsHandler(t *testing.T) {
+func TestConnectClientHandler(t *testing.T) {
 	svc := newService()
 
 	cases := []struct {
 		desc      string
-		thingID   string
+		clientID   string
 		channelID string
 		err       error
 	}{
 		{
 			desc:      "connect",
 			channelID: channel.ID,
-			thingID:   config.ClientID,
+			clientID:   config.ClientID,
 			err:       nil,
 		},
 		{
 			desc:      "connect connected",
 			channelID: channel.ID,
-			thingID:   config.ClientID,
+			clientID:   config.ClientID,
 			err:       svcerr.ErrAddPolicies,
 		},
 	}
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			repoCall := boot.On("ConnectThing", context.Background(), mock.Anything, mock.Anything).Return(tc.err)
-			err := svc.ConnectThingHandler(context.Background(), tc.channelID, tc.thingID)
+			repoCall := boot.On("ConnectClient", context.Background(), mock.Anything, mock.Anything).Return(tc.err)
+			err := svc.ConnectClientHandler(context.Background(), tc.channelID, tc.clientID)
 			assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 			repoCall.Unset()
 		})
 	}
 }
 
-func TestDisconnectThingsHandler(t *testing.T) {
+func TestDisconnectClientsHandler(t *testing.T) {
 	svc := newService()
 
 	cases := []struct {
 		desc      string
-		thingID   string
+		clientID   string
 		channelID string
 		err       error
 	}{
 		{
 			desc:      "disconnect",
 			channelID: channel.ID,
-			thingID:   config.ClientID,
+			clientID:   config.ClientID,
 			err:       nil,
 		},
 		{
 			desc:      "disconnect disconnected",
 			channelID: channel.ID,
-			thingID:   config.ClientID,
+			clientID:   config.ClientID,
 			err:       nil,
 		},
 	}
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			repoCall := boot.On("DisconnectThing", context.Background(), mock.Anything, mock.Anything).Return(tc.err)
-			err := svc.DisconnectThingHandler(context.Background(), tc.channelID, tc.thingID)
+			repoCall := boot.On("DisconnectClient", context.Background(), mock.Anything, mock.Anything).Return(tc.err)
+			err := svc.DisconnectClientHandler(context.Background(), tc.channelID, tc.clientID)
 			assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 			repoCall.Unset()
 		})
diff --git a/bootstrap/state.go b/bootstrap/state.go
index da8acccbb3..ec230a8dc4 100644
--- a/bootstrap/state.go
+++ b/bootstrap/state.go
@@ -6,18 +6,18 @@ package bootstrap
 import "strconv"
 
 const (
-	// Inactive Thing is created, but not able to exchange messages using Magistrala.
+	// Inactive Client is created, but not able to exchange messages using Magistrala.
 	Inactive State = iota
-	// Active Thing is created, configured, and whitelisted.
+	// Active Client is created, configured, and whitelisted.
 	Active
 )
 
-// State represents corresponding Magistrala Thing state. The possible Config States
+// State represents corresponding Magistrala Client state. The possible Config States
 // as well as description of what that State represents are given in the table:
 // | State    | What it means                                                                  |
 // |----------+--------------------------------------------------------------------------------|
-// | Inactive | Thing is created, but isn't able to communicate over Magistrala                  |
-// | Active   | Thing is able to communicate using Magistrala                                    |.
+// | Inactive | Client is created, but isn't able to communicate over Magistrala                  |
+// | Active   | Client is able to communicate using Magistrala                                    |.
 type State int
 
 // String returns string representation of State.
diff --git a/bootstrap/tracing/tracing.go b/bootstrap/tracing/tracing.go
index a6dbaf800d..8cd6b57eee 100644
--- a/bootstrap/tracing/tracing.go
+++ b/bootstrap/tracing/tracing.go
@@ -63,13 +63,13 @@ func (tm *tracingMiddleware) Update(ctx context.Context, session mgauthn.Session
 }
 
 // UpdateCert traces the "UpdateCert" operation of the wrapped bootstrap.Service.
-func (tm *tracingMiddleware) UpdateCert(ctx context.Context, session mgauthn.Session, thingID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
+func (tm *tracingMiddleware) UpdateCert(ctx context.Context, session mgauthn.Session, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
 	ctx, span := tm.tracer.Start(ctx, "svc_update_cert", trace.WithAttributes(
-		attribute.String("client_id", thingID),
+		attribute.String("client_id", clientID),
 	))
 	defer span.End()
 
-	return tm.svc.UpdateCert(ctx, session, thingID, clientCert, clientKey, caCert)
+	return tm.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert)
 }
 
 // UpdateConnections traces the "UpdateConnections" operation of the wrapped bootstrap.Service.
diff --git a/certs/README.md b/certs/README.md
index 25c82c00a1..ee450f1198 100644
--- a/certs/README.md
+++ b/certs/README.md
@@ -1,6 +1,6 @@
 # Certs Service
 
-Issues certificates for things. `Certs` service can create certificates to be used when `Magistrala` is deployed to support mTLS.
+Issues certificates for clients. `Certs` service can create certificates to be used when `Magistrala` is deployed to support mTLS.
 Certificate service can create certificates using PKI mode - where certificates issued by PKI, when you deploy `Vault` as PKI certificate management `cert` service will proxy requests to `Vault` previously checking access rights and saving info on successfully created certificate.
 
 ## PKI mode
@@ -48,8 +48,8 @@ The service is configured using the environment variables presented in the follo
 | MG_CERTS_VAULT_NAMESPACE                   | Vault namespace in which pki is present                                     | magistrala                                                          |
 | MG_CERTS_VAULT_APPROLE_ROLEID              | Vault AppRole auth RoleID                                                   | magistrala                                                          |
 | MG_CERTS_VAULT_APPROLE_SECRET              | Vault AppRole auth Secret                                                   | magistrala                                                          |
-| MG_CERTS_VAULT_CLIENTS_CERTS_PKI_PATH      | Vault PKI path for issuing Things Certificates                              | pki_int                                                             |
-| MG_CERTS_VAULT_CLIENTS_CERTS_PKI_ROLE_NAME | Vault PKI Role Name for issuing Things Certificates                         | magistrala_clients_certs                                            |
+| MG_CERTS_VAULT_CLIENTS_CERTS_PKI_PATH      | Vault PKI path for issuing Clients Certificates                              | pki_int                                                             |
+| MG_CERTS_VAULT_CLIENTS_CERTS_PKI_ROLE_NAME | Vault PKI Role Name for issuing Clients Certificates                         | magistrala_clients_certs                                            |
 | MG_CERTS_DB_HOST                           | Database host                                                               | localhost                                                           |
 | MG_CERTS_DB_PORT                           | Database port                                                               | 5432                                                                |
 | MG_CERTS_DB_PASS                           | Database password                                                           | magistrala                                                          |
diff --git a/certs/api/endpoint.go b/certs/api/endpoint.go
index da750ed825..764217a422 100644
--- a/certs/api/endpoint.go
+++ b/certs/api/endpoint.go
@@ -41,7 +41,7 @@ func listSerials(svc certs.Service) endpoint.Endpoint {
 			return nil, errors.Wrap(apiutil.ErrValidation, err)
 		}
 
-		page, err := svc.ListSerials(ctx, req.thingID, req.pm)
+		page, err := svc.ListSerials(ctx, req.clientID, req.pm)
 		if err != nil {
 			return certsPageRes{}, errors.Wrap(apiutil.ErrValidation, err)
 		}
diff --git a/certs/api/endpoint_test.go b/certs/api/endpoint_test.go
index d046e7b6fc..35636dccf7 100644
--- a/certs/api/endpoint_test.go
+++ b/certs/api/endpoint_test.go
@@ -433,7 +433,7 @@ func TestListSerials(t *testing.T) {
 		token           string
 		domainID        string
 		session         mgauthn.Session
-		thingID         string
+		clientID        string
 		revoked         string
 		offset          uint64
 		limit           uint64
@@ -448,7 +448,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list certs successfully with default limit",
 			domainID: valid,
 			token:    valid,
-			thingID:  clientID,
+			clientID: clientID,
 			revoked:  revoked,
 			offset:   0,
 			limit:    10,
@@ -467,7 +467,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list certs successfully with default revoke",
 			domainID: valid,
 			token:    valid,
-			thingID:  clientID,
+			clientID: clientID,
 			revoked:  revoked,
 			offset:   0,
 			limit:    10,
@@ -486,7 +486,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list certs successfully with all certs",
 			domainID: valid,
 			token:    valid,
-			thingID:  clientID,
+			clientID: clientID,
 			revoked:  "all",
 			offset:   0,
 			limit:    10,
@@ -505,7 +505,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list certs successfully with limit",
 			domainID: valid,
 			token:    valid,
-			thingID:  clientID,
+			clientID: clientID,
 			revoked:  revoked,
 			offset:   0,
 			limit:    5,
@@ -524,7 +524,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list certs successfully with offset",
 			domainID: valid,
 			token:    valid,
-			thingID:  clientID,
+			clientID: clientID,
 			revoked:  revoked,
 			offset:   1,
 			limit:    10,
@@ -543,7 +543,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list certs successfully with offset and limit",
 			domainID: valid,
 			token:    valid,
-			thingID:  clientID,
+			clientID: clientID,
 			revoked:  revoked,
 			offset:   1,
 			limit:    5,
@@ -562,7 +562,7 @@ func TestListSerials(t *testing.T) {
 			desc:            "list with invalid token",
 			domainID:        valid,
 			token:           invalid,
-			thingID:         clientID,
+			clientID:        clientID,
 			revoked:         revoked,
 			offset:          0,
 			limit:           10,
@@ -576,7 +576,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list with empty token",
 			domainID: valid,
 			token:    "",
-			thingID:  clientID,
+			clientID: clientID,
 			revoked:  revoked,
 			offset:   0,
 			limit:    10,
@@ -590,7 +590,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list with limit exceeding max limit",
 			domainID: valid,
 			token:    valid,
-			thingID:  clientID,
+			clientID: clientID,
 			revoked:  revoked,
 			query:    "?limit=1000",
 			status:   http.StatusBadRequest,
@@ -602,7 +602,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list with invalid offset",
 			domainID: valid,
 			token:    valid,
-			thingID:  clientID,
+			clientID: clientID,
 			revoked:  revoked,
 			query:    "?offset=invalid",
 			status:   http.StatusBadRequest,
@@ -614,7 +614,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list with invalid limit",
 			domainID: valid,
 			token:    valid,
-			thingID:  clientID,
+			clientID: clientID,
 			revoked:  revoked,
 			query:    "?limit=invalid",
 			status:   http.StatusBadRequest,
@@ -626,7 +626,7 @@ func TestListSerials(t *testing.T) {
 			desc:     "list with invalid client id",
 			domainID: valid,
 			token:    valid,
-			thingID:  invalid,
+			clientID: invalid,
 			revoked:  revoked,
 			offset:   0,
 			limit:    10,
@@ -642,14 +642,14 @@ func TestListSerials(t *testing.T) {
 			req := testRequest{
 				client: cs.Client(),
 				method: http.MethodGet,
-				url:    fmt.Sprintf("%s/%s/serials/%s", cs.URL, tc.domainID, tc.thingID) + tc.query,
+				url:    fmt.Sprintf("%s/%s/serials/%s", cs.URL, tc.domainID, tc.clientID) + tc.query,
 				token:  tc.token,
 			}
 			if tc.token == valid {
 				tc.session = mgauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}
 			}
 			authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr)
-			svcCall := svc.On("ListSerials", mock.Anything, tc.thingID, certs.PageMetadata{Revoked: tc.revoked, Offset: tc.offset, Limit: tc.limit}).Return(tc.svcRes, tc.svcErr)
+			svcCall := svc.On("ListSerials", mock.Anything, tc.clientID, certs.PageMetadata{Revoked: tc.revoked, Offset: tc.offset, Limit: tc.limit}).Return(tc.svcRes, tc.svcErr)
 			res, err := req.make()
 			assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err))
 			var errRes respBody
diff --git a/certs/api/metrics.go b/certs/api/metrics.go
index 9f78fd012c..c95d241a54 100644
--- a/certs/api/metrics.go
+++ b/certs/api/metrics.go
@@ -31,33 +31,33 @@ func MetricsMiddleware(svc certs.Service, counter metrics.Counter, latency metri
 }
 
 // IssueCert instruments IssueCert method with metrics.
-func (ms *metricsMiddleware) IssueCert(ctx context.Context, domainID, token, thingID, ttl string) (certs.Cert, error) {
+func (ms *metricsMiddleware) IssueCert(ctx context.Context, domainID, token, clientID, ttl string) (certs.Cert, error) {
 	defer func(begin time.Time) {
 		ms.counter.With("method", "issue_cert").Add(1)
 		ms.latency.With("method", "issue_cert").Observe(time.Since(begin).Seconds())
 	}(time.Now())
 
-	return ms.svc.IssueCert(ctx, domainID, token, thingID, ttl)
+	return ms.svc.IssueCert(ctx, domainID, token, clientID, ttl)
 }
 
 // ListCerts instruments ListCerts method with metrics.
-func (ms *metricsMiddleware) ListCerts(ctx context.Context, thingID string, pm certs.PageMetadata) (certs.CertPage, error) {
+func (ms *metricsMiddleware) ListCerts(ctx context.Context, clientID string, pm certs.PageMetadata) (certs.CertPage, error) {
 	defer func(begin time.Time) {
 		ms.counter.With("method", "list_certs").Add(1)
 		ms.latency.With("method", "list_certs").Observe(time.Since(begin).Seconds())
 	}(time.Now())
 
-	return ms.svc.ListCerts(ctx, thingID, pm)
+	return ms.svc.ListCerts(ctx, clientID, pm)
 }
 
 // ListSerials instruments ListSerials method with metrics.
-func (ms *metricsMiddleware) ListSerials(ctx context.Context, thingID string, pm certs.PageMetadata) (certs.CertPage, error) {
+func (ms *metricsMiddleware) ListSerials(ctx context.Context, clientID string, pm certs.PageMetadata) (certs.CertPage, error) {
 	defer func(begin time.Time) {
 		ms.counter.With("method", "list_serials").Add(1)
 		ms.latency.With("method", "list_serials").Observe(time.Since(begin).Seconds())
 	}(time.Now())
 
-	return ms.svc.ListSerials(ctx, thingID, pm)
+	return ms.svc.ListSerials(ctx, clientID, pm)
 }
 
 // ViewCert instruments ViewCert method with metrics.
@@ -71,11 +71,11 @@ func (ms *metricsMiddleware) ViewCert(ctx context.Context, serialID string) (cer
 }
 
 // RevokeCert instruments RevokeCert method with metrics.
-func (ms *metricsMiddleware) RevokeCert(ctx context.Context, domainID, token, thingID string) (certs.Revoke, error) {
+func (ms *metricsMiddleware) RevokeCert(ctx context.Context, domainID, token, clientID string) (certs.Revoke, error) {
 	defer func(begin time.Time) {
 		ms.counter.With("method", "revoke_cert").Add(1)
 		ms.latency.With("method", "revoke_cert").Observe(time.Since(begin).Seconds())
 	}(time.Now())
 
-	return ms.svc.RevokeCert(ctx, domainID, token, thingID)
+	return ms.svc.RevokeCert(ctx, domainID, token, clientID)
 }
diff --git a/certs/api/requests.go b/certs/api/requests.go
index 512f8655eb..c149ffe594 100644
--- a/certs/api/requests.go
+++ b/certs/api/requests.go
@@ -44,8 +44,8 @@ func (req addCertsReq) validate() error {
 }
 
 type listReq struct {
-	thingID string
-	pm      certs.PageMetadata
+	clientID string
+	pm       certs.PageMetadata
 }
 
 func (req *listReq) validate() error {
diff --git a/certs/api/transport.go b/certs/api/transport.go
index bf7e7fbc5a..5811eebe27 100644
--- a/certs/api/transport.go
+++ b/certs/api/transport.go
@@ -62,7 +62,7 @@ func MakeHandler(svc certs.Service, authn mgauthn.Authentication, logger *slog.L
 					opts...,
 				), "revoke").ServeHTTP)
 			})
-			r.Get("/serials/{thingID}", otelhttp.NewHandler(kithttp.NewServer(
+			r.Get("/serials/{clientID}", otelhttp.NewHandler(kithttp.NewServer(
 				listSerials(svc),
 				decodeListCerts,
 				api.EncodeResponse,
@@ -91,7 +91,7 @@ func decodeListCerts(_ context.Context, r *http.Request) (interface{}, error) {
 	}
 
 	req := listReq{
-		thingID: chi.URLParam(r, "clientID"),
+		clientID: chi.URLParam(r, "clientID"),
 		pm: certs.PageMetadata{
 			Offset:  o,
 			Limit:   l,
diff --git a/certs/mocks/service.go b/certs/mocks/service.go
index 864f3e28dd..56db28b733 100644
--- a/certs/mocks/service.go
+++ b/certs/mocks/service.go
@@ -17,9 +17,9 @@ type Service struct {
 	mock.Mock
 }
 
-// IssueCert provides a mock function with given fields: ctx, domainID, token, thingID, ttl
-func (_m *Service) IssueCert(ctx context.Context, domainID string, token string, thingID string, ttl string) (certs.Cert, error) {
-	ret := _m.Called(ctx, domainID, token, thingID, ttl)
+// IssueCert provides a mock function with given fields: ctx, domainID, token, clientID, ttl
+func (_m *Service) IssueCert(ctx context.Context, domainID string, token string, clientID string, ttl string) (certs.Cert, error) {
+	ret := _m.Called(ctx, domainID, token, clientID, ttl)
 
 	if len(ret) == 0 {
 		panic("no return value specified for IssueCert")
@@ -28,16 +28,16 @@ func (_m *Service) IssueCert(ctx context.Context, domainID string, token string,
 	var r0 certs.Cert
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, string, string, string, string) (certs.Cert, error)); ok {
-		return rf(ctx, domainID, token, thingID, ttl)
+		return rf(ctx, domainID, token, clientID, ttl)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, string, string, string, string) certs.Cert); ok {
-		r0 = rf(ctx, domainID, token, thingID, ttl)
+		r0 = rf(ctx, domainID, token, clientID, ttl)
 	} else {
 		r0 = ret.Get(0).(certs.Cert)
 	}
 
 	if rf, ok := ret.Get(1).(func(context.Context, string, string, string, string) error); ok {
-		r1 = rf(ctx, domainID, token, thingID, ttl)
+		r1 = rf(ctx, domainID, token, clientID, ttl)
 	} else {
 		r1 = ret.Error(1)
 	}
@@ -45,9 +45,9 @@ func (_m *Service) IssueCert(ctx context.Context, domainID string, token string,
 	return r0, r1
 }
 
-// ListCerts provides a mock function with given fields: ctx, thingID, pm
-func (_m *Service) ListCerts(ctx context.Context, thingID string, pm certs.PageMetadata) (certs.CertPage, error) {
-	ret := _m.Called(ctx, thingID, pm)
+// ListCerts provides a mock function with given fields: ctx, clientID, pm
+func (_m *Service) ListCerts(ctx context.Context, clientID string, pm certs.PageMetadata) (certs.CertPage, error) {
+	ret := _m.Called(ctx, clientID, pm)
 
 	if len(ret) == 0 {
 		panic("no return value specified for ListCerts")
@@ -56,16 +56,16 @@ func (_m *Service) ListCerts(ctx context.Context, thingID string, pm certs.PageM
 	var r0 certs.CertPage
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, string, certs.PageMetadata) (certs.CertPage, error)); ok {
-		return rf(ctx, thingID, pm)
+		return rf(ctx, clientID, pm)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, string, certs.PageMetadata) certs.CertPage); ok {
-		r0 = rf(ctx, thingID, pm)
+		r0 = rf(ctx, clientID, pm)
 	} else {
 		r0 = ret.Get(0).(certs.CertPage)
 	}
 
 	if rf, ok := ret.Get(1).(func(context.Context, string, certs.PageMetadata) error); ok {
-		r1 = rf(ctx, thingID, pm)
+		r1 = rf(ctx, clientID, pm)
 	} else {
 		r1 = ret.Error(1)
 	}
@@ -73,9 +73,9 @@ func (_m *Service) ListCerts(ctx context.Context, thingID string, pm certs.PageM
 	return r0, r1
 }
 
-// ListSerials provides a mock function with given fields: ctx, thingID, pm
-func (_m *Service) ListSerials(ctx context.Context, thingID string, pm certs.PageMetadata) (certs.CertPage, error) {
-	ret := _m.Called(ctx, thingID, pm)
+// ListSerials provides a mock function with given fields: ctx, clientID, pm
+func (_m *Service) ListSerials(ctx context.Context, clientID string, pm certs.PageMetadata) (certs.CertPage, error) {
+	ret := _m.Called(ctx, clientID, pm)
 
 	if len(ret) == 0 {
 		panic("no return value specified for ListSerials")
@@ -84,16 +84,16 @@ func (_m *Service) ListSerials(ctx context.Context, thingID string, pm certs.Pag
 	var r0 certs.CertPage
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, string, certs.PageMetadata) (certs.CertPage, error)); ok {
-		return rf(ctx, thingID, pm)
+		return rf(ctx, clientID, pm)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, string, certs.PageMetadata) certs.CertPage); ok {
-		r0 = rf(ctx, thingID, pm)
+		r0 = rf(ctx, clientID, pm)
 	} else {
 		r0 = ret.Get(0).(certs.CertPage)
 	}
 
 	if rf, ok := ret.Get(1).(func(context.Context, string, certs.PageMetadata) error); ok {
-		r1 = rf(ctx, thingID, pm)
+		r1 = rf(ctx, clientID, pm)
 	} else {
 		r1 = ret.Error(1)
 	}
@@ -101,9 +101,9 @@ func (_m *Service) ListSerials(ctx context.Context, thingID string, pm certs.Pag
 	return r0, r1
 }
 
-// RevokeCert provides a mock function with given fields: ctx, domainID, token, thingID
-func (_m *Service) RevokeCert(ctx context.Context, domainID string, token string, thingID string) (certs.Revoke, error) {
-	ret := _m.Called(ctx, domainID, token, thingID)
+// RevokeCert provides a mock function with given fields: ctx, domainID, token, clientID
+func (_m *Service) RevokeCert(ctx context.Context, domainID string, token string, clientID string) (certs.Revoke, error) {
+	ret := _m.Called(ctx, domainID, token, clientID)
 
 	if len(ret) == 0 {
 		panic("no return value specified for RevokeCert")
@@ -112,16 +112,16 @@ func (_m *Service) RevokeCert(ctx context.Context, domainID string, token string
 	var r0 certs.Revoke
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, string, string, string) (certs.Revoke, error)); ok {
-		return rf(ctx, domainID, token, thingID)
+		return rf(ctx, domainID, token, clientID)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, string, string, string) certs.Revoke); ok {
-		r0 = rf(ctx, domainID, token, thingID)
+		r0 = rf(ctx, domainID, token, clientID)
 	} else {
 		r0 = ret.Get(0).(certs.Revoke)
 	}
 
 	if rf, ok := ret.Get(1).(func(context.Context, string, string, string) error); ok {
-		r1 = rf(ctx, domainID, token, thingID)
+		r1 = rf(ctx, domainID, token, clientID)
 	} else {
 		r1 = ret.Error(1)
 	}
diff --git a/certs/service.go b/certs/service.go
index 401df086fc..fe28cd5609 100644
--- a/certs/service.go
+++ b/certs/service.go
@@ -34,19 +34,19 @@ var _ Service = (*certsService)(nil)
 //go:generate mockery --name Service --output=./mocks --filename service.go --quiet --note "Copyright (c) Abstract Machines"
 type Service interface {
 	// IssueCert issues certificate for given client id if access is granted with token
-	IssueCert(ctx context.Context, domainID, token, thingID, ttl string) (Cert, error)
+	IssueCert(ctx context.Context, domainID, token, clientID, ttl string) (Cert, error)
 
 	// ListCerts lists certificates issued for a given client ID
-	ListCerts(ctx context.Context, thingID string, pm PageMetadata) (CertPage, error)
+	ListCerts(ctx context.Context, clientID string, pm PageMetadata) (CertPage, error)
 
 	// ListSerials lists certificate serial IDs issued for a given client ID
-	ListSerials(ctx context.Context, thingID string, pm PageMetadata) (CertPage, error)
+	ListSerials(ctx context.Context, clientID string, pm PageMetadata) (CertPage, error)
 
 	// ViewCert retrieves the certificate issued for a given serial ID
 	ViewCert(ctx context.Context, serialID string) (Cert, error)
 
 	// RevokeCert revokes a certificate for a given client ID
-	RevokeCert(ctx context.Context, domainID, token, thingID string) (Revoke, error)
+	RevokeCert(ctx context.Context, domainID, token, clientID string) (Revoke, error)
 }
 
 type certsService struct {
@@ -70,12 +70,12 @@ type Revoke struct {
 func (cs *certsService) IssueCert(ctx context.Context, domainID, token, clientID, ttl string) (Cert, error) {
 	var err error
 
-	thing, err := cs.sdk.Client(clientID, domainID, token)
+	client, err := cs.sdk.Client(clientID, domainID, token)
 	if err != nil {
 		return Cert{}, errors.Wrap(ErrFailedCertCreation, err)
 	}
 
-	cert, err := cs.pki.Issue(thing.ID, ttl, []string{})
+	cert, err := cs.pki.Issue(client.ID, ttl, []string{})
 	if err != nil {
 		return Cert{}, errors.Wrap(ErrFailedCertCreation, err)
 	}
@@ -94,12 +94,12 @@ func (cs *certsService) RevokeCert(ctx context.Context, domainID, token, clientI
 	var revoke Revoke
 	var err error
 
-	thing, err := cs.sdk.Client(clientID, domainID, token)
+	client, err := cs.sdk.Client(clientID, domainID, token)
 	if err != nil {
 		return revoke, errors.Wrap(ErrFailedCertRevocation, err)
 	}
 
-	cp, err := cs.pki.ListCerts(sdk.PageMetadata{Offset: 0, Limit: 10000, EntityID: thing.ID})
+	cp, err := cs.pki.ListCerts(sdk.PageMetadata{Offset: 0, Limit: 10000, EntityID: client.ID})
 	if err != nil {
 		return revoke, errors.Wrap(ErrFailedCertRevocation, err)
 	}
@@ -115,8 +115,8 @@ func (cs *certsService) RevokeCert(ctx context.Context, domainID, token, clientI
 	return revoke, nil
 }
 
-func (cs *certsService) ListCerts(ctx context.Context, thingID string, pm PageMetadata) (CertPage, error) {
-	cp, err := cs.pki.ListCerts(sdk.PageMetadata{Offset: pm.Offset, Limit: pm.Limit, EntityID: thingID})
+func (cs *certsService) ListCerts(ctx context.Context, clientID string, pm PageMetadata) (CertPage, error) {
+	cp, err := cs.pki.ListCerts(sdk.PageMetadata{Offset: pm.Offset, Limit: pm.Limit, EntityID: clientID})
 	if err != nil {
 		return CertPage{}, errors.Wrap(svcerr.ErrViewEntity, err)
 	}
@@ -142,8 +142,8 @@ func (cs *certsService) ListCerts(ctx context.Context, thingID string, pm PageMe
 	}, nil
 }
 
-func (cs *certsService) ListSerials(ctx context.Context, thingID string, pm PageMetadata) (CertPage, error) {
-	cp, err := cs.pki.ListCerts(sdk.PageMetadata{Offset: pm.Offset, Limit: pm.Limit, EntityID: thingID})
+func (cs *certsService) ListSerials(ctx context.Context, clientID string, pm PageMetadata) (CertPage, error) {
+	cp, err := cs.pki.ListCerts(sdk.PageMetadata{Offset: pm.Offset, Limit: pm.Limit, EntityID: clientID})
 	if err != nil {
 		return CertPage{}, errors.Wrap(svcerr.ErrViewEntity, err)
 	}
diff --git a/certs/service_test.go b/certs/service_test.go
index 494d42d383..036a6ee00e 100644
--- a/certs/service_test.go
+++ b/certs/service_test.go
@@ -21,16 +21,16 @@ import (
 )
 
 const (
-	invalid   = "invalid"
-	email     = "user@example.com"
-	domain    = "domain"
-	token     = "token"
-	thingsNum = 1
-	thingKey  = "thingKey"
-	thingID   = "1"
-	ttl       = "1h"
-	certNum   = 10
-	validID   = "d4ebb847-5d0e-4e46-bdd9-b6aceaaa3a22"
+	invalid    = "invalid"
+	email      = "user@example.com"
+	domain     = "domain"
+	token      = "token"
+	clientsNum = 1
+	clientKey  = "clientKey"
+	clientID   = "1"
+	ttl        = "1h"
+	certNum    = 10
+	validID    = "d4ebb847-5d0e-4e46-bdd9-b6aceaaa3a22"
 )
 
 func newService(_ *testing.T) (certs.Service, *mocks.Agent, *sdkmocks.SDK) {
@@ -41,7 +41,7 @@ func newService(_ *testing.T) (certs.Service, *mocks.Agent, *sdkmocks.SDK) {
 }
 
 var cert = mgcrt.Cert{
-	ClientID:     thingID,
+	ClientID:     clientID,
 	SerialNumber: "Serial",
 	ExpiryTime:   time.Now().Add(time.Duration(1000)),
 	Revoked:      false,
@@ -53,12 +53,12 @@ func TestIssueCert(t *testing.T) {
 		domainID     string
 		token        string
 		desc         string
-		thingID      string
+		clientID     string
 		ttl          string
 		ipAddr       []string
 		key          string
 		cert         mgcrt.Cert
-		thingErr     errors.SDKError
+		clientErr    errors.SDKError
 		issueCertErr error
 		err          error
 	}{
@@ -66,7 +66,7 @@ func TestIssueCert(t *testing.T) {
 			desc:     "issue new cert",
 			domainID: domain,
 			token:    token,
-			thingID:  thingID,
+			clientID: clientID,
 			ttl:      ttl,
 			ipAddr:   []string{},
 			cert:     cert,
@@ -75,40 +75,40 @@ func TestIssueCert(t *testing.T) {
 			desc:         "issue new for failed pki",
 			domainID:     domain,
 			token:        token,
-			thingID:      thingID,
+			clientID:     clientID,
 			ttl:          ttl,
 			ipAddr:       []string{},
-			thingErr:     nil,
+			clientErr:    nil,
 			issueCertErr: certs.ErrFailedCertCreation,
 			err:          certs.ErrFailedCertCreation,
 		},
 		{
-			desc:     "issue new cert for non existing client id",
-			domainID: domain,
-			token:    token,
-			thingID:  "2",
-			ttl:      ttl,
-			ipAddr:   []string{},
-			thingErr: errors.NewSDKError(errors.ErrMalformedEntity),
-			err:      certs.ErrFailedCertCreation,
+			desc:      "issue new cert for non existing client id",
+			domainID:  domain,
+			token:     token,
+			clientID:  "2",
+			ttl:       ttl,
+			ipAddr:    []string{},
+			clientErr: errors.NewSDKError(errors.ErrMalformedEntity),
+			err:       certs.ErrFailedCertCreation,
 		},
 		{
-			desc:     "issue new cert for invalid token",
-			domainID: domain,
-			token:    invalid,
-			thingID:  thingID,
-			ttl:      ttl,
-			ipAddr:   []string{},
-			thingErr: errors.NewSDKError(svcerr.ErrAuthentication),
-			err:      svcerr.ErrAuthentication,
+			desc:      "issue new cert for invalid token",
+			domainID:  domain,
+			token:     invalid,
+			clientID:  clientID,
+			ttl:       ttl,
+			ipAddr:    []string{},
+			clientErr: errors.NewSDKError(svcerr.ErrAuthentication),
+			err:       svcerr.ErrAuthentication,
 		},
 	}
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdk.On("Thing", tc.thingID, tc.domainID, tc.token).Return(mgsdk.Client{ID: tc.thingID, Credentials: mgsdk.ClientCredentials{Secret: thingKey}}, tc.thingErr)
-			agentCall := agent.On("Issue", thingID, tc.ttl, tc.ipAddr).Return(tc.cert, tc.issueCertErr)
-			resp, err := svc.IssueCert(context.Background(), tc.domainID, tc.token, tc.thingID, tc.ttl)
+			sdkCall := sdk.On("Client", tc.clientID, tc.domainID, tc.token).Return(mgsdk.Client{ID: tc.clientID, Credentials: mgsdk.ClientCredentials{Secret: clientKey}}, tc.clientErr)
+			agentCall := agent.On("Issue", clientID, tc.ttl, tc.ipAddr).Return(tc.cert, tc.issueCertErr)
+			resp, err := svc.IssueCert(context.Background(), tc.domainID, tc.token, tc.clientID, tc.ttl)
 			assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 			assert.Equal(t, tc.cert.SerialNumber, resp.SerialNumber, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.cert.SerialNumber, resp.SerialNumber))
 			sdkCall.Unset()
@@ -123,10 +123,10 @@ func TestRevokeCert(t *testing.T) {
 		domainID  string
 		token     string
 		desc      string
-		thingID   string
+		clientID  string
 		page      mgcrt.CertPage
 		authErr   error
-		thingErr  errors.SDKError
+		clientErr errors.SDKError
 		revokeErr error
 		listErr   error
 		err       error
@@ -135,32 +135,32 @@ func TestRevokeCert(t *testing.T) {
 			desc:     "revoke cert",
 			domainID: domain,
 			token:    token,
-			thingID:  thingID,
+			clientID: clientID,
 			page:     mgcrt.CertPage{Limit: 10000, Offset: 0, Total: 1, Certificates: []mgcrt.Cert{cert}},
 		},
 		{
 			desc:      "revoke cert for failed pki revoke",
 			domainID:  domain,
 			token:     token,
-			thingID:   thingID,
+			clientID:  clientID,
 			page:      mgcrt.CertPage{Limit: 10000, Offset: 0, Total: 1, Certificates: []mgcrt.Cert{cert}},
 			revokeErr: certs.ErrFailedCertRevocation,
 			err:       certs.ErrFailedCertRevocation,
 		},
 		{
-			desc:     "revoke cert for invalid client id",
-			domainID: domain,
-			token:    token,
-			thingID:  "2",
-			page:     mgcrt.CertPage{},
-			thingErr: errors.NewSDKError(certs.ErrFailedCertCreation),
-			err:      certs.ErrFailedCertRevocation,
+			desc:      "revoke cert for invalid client id",
+			domainID:  domain,
+			token:     token,
+			clientID:  "2",
+			page:      mgcrt.CertPage{},
+			clientErr: errors.NewSDKError(certs.ErrFailedCertCreation),
+			err:       certs.ErrFailedCertRevocation,
 		},
 		{
 			desc:     "revoke cert with failed to list certs",
 			domainID: domain,
 			token:    token,
-			thingID:  thingID,
+			clientID: clientID,
 			page:     mgcrt.CertPage{},
 			listErr:  certs.ErrFailedCertRevocation,
 			err:      certs.ErrFailedCertRevocation,
@@ -169,10 +169,10 @@ func TestRevokeCert(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdk.On("Thing", tc.thingID, tc.domainID, tc.token).Return(mgsdk.Client{ID: tc.thingID, Credentials: mgsdk.ClientCredentials{Secret: thingKey}}, tc.thingErr)
+			sdkCall := sdk.On("Client", tc.clientID, tc.domainID, tc.token).Return(mgsdk.Client{ID: tc.clientID, Credentials: mgsdk.ClientCredentials{Secret: clientKey}}, tc.clientErr)
 			agentCall := agent.On("Revoke", mock.Anything).Return(tc.revokeErr)
 			agentCall1 := agent.On("ListCerts", mock.Anything).Return(tc.page, tc.listErr)
-			_, err := svc.RevokeCert(context.Background(), tc.domainID, tc.token, tc.thingID)
+			_, err := svc.RevokeCert(context.Background(), tc.domainID, tc.token, tc.clientID)
 			assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 			sdkCall.Unset()
 			agentCall.Unset()
@@ -186,7 +186,7 @@ func TestListCerts(t *testing.T) {
 	var mycerts []mgcrt.Cert
 	for i := 0; i < certNum; i++ {
 		c := mgcrt.Cert{
-			ClientID:     thingID,
+			ClientID:     clientID,
 			SerialNumber: fmt.Sprintf("%d", i),
 			ExpiryTime:   time.Now().Add(time.Hour),
 		}
@@ -194,40 +194,40 @@ func TestListCerts(t *testing.T) {
 	}
 
 	cases := []struct {
-		desc    string
-		thingID string
-		page    mgcrt.CertPage
-		listErr error
-		err     error
+		desc     string
+		clientID string
+		page     mgcrt.CertPage
+		listErr  error
+		err      error
 	}{
 		{
-			desc:    "list all certs successfully",
-			thingID: thingID,
-			page:    mgcrt.CertPage{Limit: certNum, Offset: 0, Total: certNum, Certificates: mycerts},
+			desc:     "list all certs successfully",
+			clientID: clientID,
+			page:     mgcrt.CertPage{Limit: certNum, Offset: 0, Total: certNum, Certificates: mycerts},
 		},
 		{
-			desc:    "list all certs with failed pki",
-			thingID: thingID,
-			page:    mgcrt.CertPage{},
-			listErr: svcerr.ErrViewEntity,
-			err:     svcerr.ErrViewEntity,
+			desc:     "list all certs with failed pki",
+			clientID: clientID,
+			page:     mgcrt.CertPage{},
+			listErr:  svcerr.ErrViewEntity,
+			err:      svcerr.ErrViewEntity,
 		},
 		{
-			desc:    "list half certs successfully",
-			thingID: thingID,
-			page:    mgcrt.CertPage{Limit: certNum, Offset: certNum / 2, Total: certNum / 2, Certificates: mycerts[certNum/2:]},
+			desc:     "list half certs successfully",
+			clientID: clientID,
+			page:     mgcrt.CertPage{Limit: certNum, Offset: certNum / 2, Total: certNum / 2, Certificates: mycerts[certNum/2:]},
 		},
 		{
-			desc:    "list last cert successfully",
-			thingID: thingID,
-			page:    mgcrt.CertPage{Limit: certNum, Offset: certNum - 1, Total: 1, Certificates: []mgcrt.Cert{mycerts[certNum-1]}},
+			desc:     "list last cert successfully",
+			clientID: clientID,
+			page:     mgcrt.CertPage{Limit: certNum, Offset: certNum - 1, Total: 1, Certificates: []mgcrt.Cert{mycerts[certNum-1]}},
 		},
 	}
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
 			agentCall := agent.On("ListCerts", mock.Anything).Return(tc.page, tc.listErr)
-			page, err := svc.ListCerts(context.Background(), tc.thingID, certs.PageMetadata{Offset: tc.page.Offset, Limit: tc.page.Limit})
+			page, err := svc.ListCerts(context.Background(), tc.clientID, certs.PageMetadata{Offset: tc.page.Offset, Limit: tc.page.Limit})
 			size := uint64(len(page.Certificates))
 			assert.Equal(t, tc.page.Total, size, fmt.Sprintf("%s: expected %d got %d\n", tc.desc, tc.page.Total, size))
 			assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
@@ -252,55 +252,55 @@ func TestListSerials(t *testing.T) {
 	}
 
 	cases := []struct {
-		desc    string
-		thingID string
-		revoke  string
-		offset  uint64
-		limit   uint64
-		certs   []mgcrt.Cert
-		listErr error
-		err     error
+		desc     string
+		clientID string
+		revoke   string
+		offset   uint64
+		limit    uint64
+		certs    []mgcrt.Cert
+		listErr  error
+		err      error
 	}{
 		{
-			desc:    "list all certs successfully",
-			thingID: thingID,
-			revoke:  revoke,
-			offset:  0,
-			limit:   certNum,
-			certs:   issuedCerts,
+			desc:     "list all certs successfully",
+			clientID: clientID,
+			revoke:   revoke,
+			offset:   0,
+			limit:    certNum,
+			certs:    issuedCerts,
 		},
 		{
-			desc:    "list all certs with failed pki",
-			thingID: thingID,
-			revoke:  revoke,
-			offset:  0,
-			limit:   certNum,
-			certs:   nil,
-			listErr: svcerr.ErrViewEntity,
-			err:     svcerr.ErrViewEntity,
+			desc:     "list all certs with failed pki",
+			clientID: clientID,
+			revoke:   revoke,
+			offset:   0,
+			limit:    certNum,
+			certs:    nil,
+			listErr:  svcerr.ErrViewEntity,
+			err:      svcerr.ErrViewEntity,
 		},
 		{
-			desc:    "list half certs successfully",
-			thingID: thingID,
-			revoke:  revoke,
-			offset:  certNum / 2,
-			limit:   certNum,
-			certs:   issuedCerts[certNum/2:],
+			desc:     "list half certs successfully",
+			clientID: clientID,
+			revoke:   revoke,
+			offset:   certNum / 2,
+			limit:    certNum,
+			certs:    issuedCerts[certNum/2:],
 		},
 		{
-			desc:    "list last cert successfully",
-			thingID: thingID,
-			revoke:  revoke,
-			offset:  certNum - 1,
-			limit:   certNum,
-			certs:   []mgcrt.Cert{issuedCerts[certNum-1]},
+			desc:     "list last cert successfully",
+			clientID: clientID,
+			revoke:   revoke,
+			offset:   certNum - 1,
+			limit:    certNum,
+			certs:    []mgcrt.Cert{issuedCerts[certNum-1]},
 		},
 	}
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
 			agentCall := agent.On("ListCerts", mock.Anything).Return(mgcrt.CertPage{Certificates: tc.certs}, tc.listErr)
-			page, err := svc.ListSerials(context.Background(), tc.thingID, certs.PageMetadata{Revoked: tc.revoke, Offset: tc.offset, Limit: tc.limit})
+			page, err := svc.ListSerials(context.Background(), tc.clientID, certs.PageMetadata{Revoked: tc.revoke, Offset: tc.offset, Limit: tc.limit})
 			assert.Equal(t, len(tc.certs), len(page.Certificates), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.certs, page.Certificates))
 			assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 			agentCall.Unset()
diff --git a/channels/api/grpc/client.go b/channels/api/grpc/client.go
index 5f33a4fc20..c72692d1ce 100644
--- a/channels/api/grpc/client.go
+++ b/channels/api/grpc/client.go
@@ -26,7 +26,7 @@ var _ grpcChannelsV1.ChannelsServiceClient = (*grpcClient)(nil)
 type grpcClient struct {
 	timeout                      time.Duration
 	authorize                    endpoint.Endpoint
-	removeThingConnections       endpoint.Endpoint
+	removeClientConnections       endpoint.Endpoint
 	unsetParentGroupFromChannels endpoint.Endpoint
 }
 
@@ -41,13 +41,13 @@ func NewClient(conn *grpc.ClientConn, timeout time.Duration) grpcChannelsV1.Chan
 			decodeAuthorizeResponse,
 			grpcChannelsV1.AuthzRes{},
 		).Endpoint(),
-		removeThingConnections: kitgrpc.NewClient(
+		removeClientConnections: kitgrpc.NewClient(
 			conn,
 			svcName,
-			"RemoveThingConnections",
-			encodeRemoveThingConnectionsRequest,
-			decodeRemoveThingConnectionsResponse,
-			grpcChannelsV1.RemoveThingConnectionsRes{},
+			"RemoveClientConnections",
+			encodeRemoveClientConnectionsRequest,
+			decodeRemoveClientConnectionsResponse,
+			grpcChannelsV1.RemoveClientConnectionsRes{},
 		).Endpoint(),
 		unsetParentGroupFromChannels: kitgrpc.NewClient(
 			conn,
@@ -99,23 +99,23 @@ func decodeAuthorizeResponse(_ context.Context, grpcRes interface{}) (interface{
 	return authorizeRes{authorized: res.GetAuthorized()}, nil
 }
 
-func (client grpcClient) RemoveThingConnections(ctx context.Context, req *grpcChannelsV1.RemoveThingConnectionsReq, _ ...grpc.CallOption) (r *grpcChannelsV1.RemoveThingConnectionsRes, err error) {
+func (client grpcClient) RemoveClientConnections(ctx context.Context, req *grpcChannelsV1.RemoveClientConnectionsReq, _ ...grpc.CallOption) (r *grpcChannelsV1.RemoveClientConnectionsRes, err error) {
 	ctx, cancel := context.WithTimeout(ctx, client.timeout)
 	defer cancel()
 
-	if _, err := client.removeThingConnections(ctx, req); err != nil {
-		return &grpcChannelsV1.RemoveThingConnectionsRes{}, decodeError(err)
+	if _, err := client.removeClientConnections(ctx, req); err != nil {
+		return &grpcChannelsV1.RemoveClientConnectionsRes{}, decodeError(err)
 	}
 
-	return &grpcChannelsV1.RemoveThingConnectionsRes{}, nil
+	return &grpcChannelsV1.RemoveClientConnectionsRes{}, nil
 }
 
-func encodeRemoveThingConnectionsRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
-	return grpcReq.(*grpcChannelsV1.RemoveThingConnectionsReq), nil
+func encodeRemoveClientConnectionsRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
+	return grpcReq.(*grpcChannelsV1.RemoveClientConnectionsReq), nil
 }
 
-func decodeRemoveThingConnectionsResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {
-	return grpcRes.(*grpcChannelsV1.RemoveThingConnectionsRes), nil
+func decodeRemoveClientConnectionsResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {
+	return grpcRes.(*grpcChannelsV1.RemoveClientConnectionsRes), nil
 }
 
 func (client grpcClient) UnsetParentGroupFromChannels(ctx context.Context, req *grpcChannelsV1.UnsetParentGroupFromChannelsReq, _ ...grpc.CallOption) (r *grpcChannelsV1.UnsetParentGroupFromChannelsRes, err error) {
diff --git a/channels/api/grpc/endpoint.go b/channels/api/grpc/endpoint.go
index 84eede5af6..97856bf4db 100644
--- a/channels/api/grpc/endpoint.go
+++ b/channels/api/grpc/endpoint.go
@@ -29,15 +29,15 @@ func authorizeEndpoint(svc channels.Service) endpoint.Endpoint {
 	}
 }
 
-func removeThingConnectionsEndpoint(svc channels.Service) endpoint.Endpoint {
+func removeClientConnectionsEndpoint(svc channels.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
-		req := request.(removeThingConnectionsReq)
+		req := request.(removeClientConnectionsReq)
 
 		if err := svc.RemoveClientConnections(ctx, req.clientID); err != nil {
-			return removeThingConnectionsRes{}, err
+			return removeClientConnectionsRes{}, err
 		}
 
-		return removeThingConnectionsRes{}, nil
+		return removeClientConnectionsRes{}, nil
 	}
 }
 
diff --git a/channels/api/grpc/endpoint_test.go b/channels/api/grpc/endpoint_test.go
index a6b20a9ab8..73e9454f51 100644
--- a/channels/api/grpc/endpoint_test.go
+++ b/channels/api/grpc/endpoint_test.go
@@ -16,8 +16,8 @@ import (
 const port = 7000
 
 var (
-	thingID   = "testID"
-	thingKey  = "testKey"
+	clientID  = "testID"
+	clientKey = "testKey"
 	channelID = "testID"
 	invalid   = "invalid"
 )
diff --git a/channels/api/grpc/request.go b/channels/api/grpc/request.go
index 4f94992962..1be561a865 100644
--- a/channels/api/grpc/request.go
+++ b/channels/api/grpc/request.go
@@ -12,7 +12,7 @@ type authorizeReq struct {
 	clientType string
 	connType   connections.ConnType
 }
-type removeThingConnectionsReq struct {
+type removeClientConnectionsReq struct {
 	clientID string
 }
 
diff --git a/channels/api/grpc/responses.go b/channels/api/grpc/responses.go
index 8f31b36e6c..8f5b5d2c7e 100644
--- a/channels/api/grpc/responses.go
+++ b/channels/api/grpc/responses.go
@@ -7,6 +7,6 @@ type authorizeRes struct {
 	authorized bool
 }
 
-type removeThingConnectionsRes struct{}
+type removeClientConnectionsRes struct{}
 
 type unsetParentGroupFromChannelsRes struct{}
diff --git a/channels/api/grpc/server.go b/channels/api/grpc/server.go
index 0d698cd944..d2599ea9f6 100644
--- a/channels/api/grpc/server.go
+++ b/channels/api/grpc/server.go
@@ -24,7 +24,7 @@ type grpcServer struct {
 	grpcChannelsV1.UnimplementedChannelsServiceServer
 
 	authorize                    kitgrpc.Handler
-	removeThingConnections       kitgrpc.Handler
+	removeClientConnections       kitgrpc.Handler
 	unsetParentGroupFromChannels kitgrpc.Handler
 }
 
@@ -36,10 +36,10 @@ func NewServer(svc channels.Service) grpcChannelsV1.ChannelsServiceServer {
 			decodeAuthorizeRequest,
 			encodeAuthorizeResponse,
 		),
-		removeThingConnections: kitgrpc.NewServer(
-			removeThingConnectionsEndpoint(svc),
-			decodeRemoveThingConnectionsRequest,
-			encodeRemoveThingConnectionsResponse,
+		removeClientConnections: kitgrpc.NewServer(
+			removeClientConnectionsEndpoint(svc),
+			decodeRemoveClientConnectionsRequest,
+			encodeRemoveClientConnectionsResponse,
 		),
 		unsetParentGroupFromChannels: kitgrpc.NewServer(
 			unsetParentGroupFromChannelsEndpoint(svc),
@@ -78,25 +78,25 @@ func encodeAuthorizeResponse(_ context.Context, grpcRes interface{}) (interface{
 	return &grpcChannelsV1.AuthzRes{Authorized: res.authorized}, nil
 }
 
-func (s *grpcServer) RemoveThingConnections(ctx context.Context, req *grpcChannelsV1.RemoveThingConnectionsReq) (*grpcChannelsV1.RemoveThingConnectionsRes, error) {
-	_, res, err := s.removeThingConnections.ServeGRPC(ctx, req)
+func (s *grpcServer) RemoveClientConnections(ctx context.Context, req *grpcChannelsV1.RemoveClientConnectionsReq) (*grpcChannelsV1.RemoveClientConnectionsRes, error) {
+	_, res, err := s.removeClientConnections.ServeGRPC(ctx, req)
 	if err != nil {
 		return nil, encodeError(err)
 	}
-	return res.(*grpcChannelsV1.RemoveThingConnectionsRes), nil
+	return res.(*grpcChannelsV1.RemoveClientConnectionsRes), nil
 }
 
-func decodeRemoveThingConnectionsRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
-	req := grpcReq.(*grpcChannelsV1.RemoveThingConnectionsReq)
+func decodeRemoveClientConnectionsRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
+	req := grpcReq.(*grpcChannelsV1.RemoveClientConnectionsReq)
 
-	return removeThingConnectionsReq{
+	return removeClientConnectionsReq{
 		clientID: req.GetClientId(),
 	}, nil
 }
 
-func encodeRemoveThingConnectionsResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {
-	_ = grpcRes.(removeThingConnectionsRes)
-	return &grpcChannelsV1.RemoveThingConnectionsRes{}, nil
+func encodeRemoveClientConnectionsResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {
+	_ = grpcRes.(removeClientConnectionsRes)
+	return &grpcChannelsV1.RemoveClientConnectionsRes{}, nil
 }
 
 func (s *grpcServer) UnsetParentGroupFromChannels(ctx context.Context, req *grpcChannelsV1.UnsetParentGroupFromChannelsReq) (*grpcChannelsV1.UnsetParentGroupFromChannelsRes, error) {
diff --git a/channels/api/http/endpoints.go b/channels/api/http/endpoints.go
index ecb310a586..93f77ed424 100644
--- a/channels/api/http/endpoints.go
+++ b/channels/api/http/endpoints.go
@@ -284,7 +284,7 @@ func connectChannelClientEndpoint(svc channels.Service) endpoint.Endpoint {
 			return nil, err
 		}
 
-		return connectChannelThingsRes{}, nil
+		return connectChannelClientsRes{}, nil
 	}
 }
 
@@ -304,7 +304,7 @@ func disconnectChannelClientsEndpoint(svc channels.Service) endpoint.Endpoint {
 			return nil, err
 		}
 
-		return disconnectChannelThingsRes{}, nil
+		return disconnectChannelClientsRes{}, nil
 	}
 }
 
diff --git a/channels/api/http/responses.go b/channels/api/http/responses.go
index 1f8c25a7ad..55c2dd05bd 100644
--- a/channels/api/http/responses.go
+++ b/channels/api/http/responses.go
@@ -17,8 +17,8 @@ var (
 	_ magistrala.Response = (*channelsPageRes)(nil)
 	_ magistrala.Response = (*updateChannelRes)(nil)
 	_ magistrala.Response = (*deleteChannelRes)(nil)
-	_ magistrala.Response = (*connectChannelThingsRes)(nil)
-	_ magistrala.Response = (*disconnectChannelThingsRes)(nil)
+	_ magistrala.Response = (*connectChannelClientsRes)(nil)
+	_ magistrala.Response = (*disconnectChannelClientsRes)(nil)
 	_ magistrala.Response = (*connectRes)(nil)
 	_ magistrala.Response = (*disconnectRes)(nil)
 	_ magistrala.Response = (*changeChannelStatusRes)(nil)
@@ -164,31 +164,31 @@ func (res deleteChannelRes) Empty() bool {
 	return true
 }
 
-type connectChannelThingsRes struct{}
+type connectChannelClientsRes struct{}
 
-func (res connectChannelThingsRes) Code() int {
+func (res connectChannelClientsRes) Code() int {
 	return http.StatusCreated
 }
 
-func (res connectChannelThingsRes) Headers() map[string]string {
+func (res connectChannelClientsRes) Headers() map[string]string {
 	return map[string]string{}
 }
 
-func (res connectChannelThingsRes) Empty() bool {
+func (res connectChannelClientsRes) Empty() bool {
 	return true
 }
 
-type disconnectChannelThingsRes struct{}
+type disconnectChannelClientsRes struct{}
 
-func (res disconnectChannelThingsRes) Code() int {
+func (res disconnectChannelClientsRes) Code() int {
 	return http.StatusNoContent
 }
 
-func (res disconnectChannelThingsRes) Headers() map[string]string {
+func (res disconnectChannelClientsRes) Headers() map[string]string {
 	return map[string]string{}
 }
 
-func (res disconnectChannelThingsRes) Empty() bool {
+func (res disconnectChannelClientsRes) Empty() bool {
 	return true
 }
 
diff --git a/channels/events/events.go b/channels/events/events.go
index d71ff8e494..9a4489fa1a 100644
--- a/channels/events/events.go
+++ b/channels/events/events.go
@@ -202,15 +202,15 @@ func (lce listChannelEvent) Encode() (map[string]interface{}, error) {
 	return val, nil
 }
 
-type listChannelByThingEvent struct {
-	thingID string
+type listChannelByClientEvent struct {
+	clientID string
 	channels.PageMetadata
 }
 
-func (lcte listChannelByThingEvent) Encode() (map[string]interface{}, error) {
+func (lcte listChannelByClientEvent) Encode() (map[string]interface{}, error) {
 	val := map[string]interface{}{
 		"operation": channelList,
-		"client_id": lcte.thingID,
+		"client_id": lcte.clientID,
 		"total":     lcte.Total,
 		"offset":    lcte.Offset,
 		"limit":     lcte.Limit,
diff --git a/channels/events/streams.go b/channels/events/streams.go
index c91fb0b656..20f9bf1e49 100644
--- a/channels/events/streams.go
+++ b/channels/events/streams.go
@@ -124,7 +124,7 @@ func (es *eventStore) ListChannelsByClient(ctx context.Context, session authn.Se
 	if err != nil {
 		return cp, err
 	}
-	event := listChannelByThingEvent{
+	event := listChannelByClientEvent{
 		clientID,
 		pm,
 	}
diff --git a/channels/middleware/authorization.go b/channels/middleware/authorization.go
index fa3a616573..15a2e5ddf2 100644
--- a/channels/middleware/authorization.go
+++ b/channels/middleware/authorization.go
@@ -33,8 +33,8 @@ var (
 	errDomainCreateChannels     = errors.New("not authorized to create channel in domain")
 	errGroupSetChildChannels    = errors.New("not authorized to set child channel for group")
 	errGroupRemoveChildChannels = errors.New("not authorized to remove child channel for group")
-	errThingDisConnectChannels  = errors.New("not authorized to disconnect channel for thing")
-	errThingConnectChannels     = errors.New("not authorized to connect channel for thing")
+	errClientDisConnectChannels = errors.New("not authorized to disconnect channel for client")
+	errClientConnectChannels    = errors.New("not authorized to connect channel for client")
 )
 
 var _ channels.Service = (*authorizationMiddleware)(nil)
@@ -198,7 +198,7 @@ func (am *authorizationMiddleware) RemoveChannel(ctx context.Context, session au
 func (am *authorizationMiddleware) Connect(ctx context.Context, session authn.Session, chIDs, thIDs []string, connTypes []connections.ConnType) error {
 	// ToDo: This authorization will be changed with Bulk Authorization. For this we need to add bulk authorization API in policies.
 	for _, chID := range chIDs {
-		if err := am.authorize(ctx, channels.OpConnectThing, authz.PolicyReq{
+		if err := am.authorize(ctx, channels.OpConnectClient, authz.PolicyReq{
 			Domain:      session.DomainID,
 			SubjectType: policies.UserType,
 			Subject:     session.DomainUserID,
@@ -217,7 +217,7 @@ func (am *authorizationMiddleware) Connect(ctx context.Context, session authn.Se
 			ObjectType:  policies.ClientType,
 			Object:      thID,
 		}); err != nil {
-			return errors.Wrap(err, errThingConnectChannels)
+			return errors.Wrap(err, errClientConnectChannels)
 		}
 	}
 	return am.svc.Connect(ctx, session, chIDs, thIDs, connTypes)
@@ -226,7 +226,7 @@ func (am *authorizationMiddleware) Connect(ctx context.Context, session authn.Se
 func (am *authorizationMiddleware) Disconnect(ctx context.Context, session authn.Session, chIDs, thIDs []string, connTypes []connections.ConnType) error {
 	// ToDo: This authorization will be changed with Bulk Authorization. For this we need to add bulk authorization API in policies.
 	for _, chID := range chIDs {
-		if err := am.authorize(ctx, channels.OpDisconnectThing, authz.PolicyReq{
+		if err := am.authorize(ctx, channels.OpDisconnectClient, authz.PolicyReq{
 			Domain:      session.DomainID,
 			SubjectType: policies.UserType,
 			Subject:     session.DomainUserID,
@@ -245,7 +245,7 @@ func (am *authorizationMiddleware) Disconnect(ctx context.Context, session authn
 			ObjectType:  policies.ClientType,
 			Object:      thID,
 		}); err != nil {
-			return errors.Wrap(err, errThingDisConnectChannels)
+			return errors.Wrap(err, errClientDisConnectChannels)
 		}
 	}
 	return am.svc.Disconnect(ctx, session, chIDs, thIDs, connTypes)
diff --git a/channels/middleware/metrics.go b/channels/middleware/metrics.go
index 52131b336b..b347e371ea 100644
--- a/channels/middleware/metrics.go
+++ b/channels/middleware/metrics.go
@@ -59,8 +59,8 @@ func (ms *metricsMiddleware) ListChannels(ctx context.Context, session authn.Ses
 
 func (ms *metricsMiddleware) ListChannelsByClient(ctx context.Context, session authn.Session, clientID string, pm channels.PageMetadata) (channels.Page, error) {
 	defer func(begin time.Time) {
-		ms.counter.With("method", "list_channels_by_thing").Add(1)
-		ms.latency.With("method", "list_channels_by_thing").Observe(time.Since(begin).Seconds())
+		ms.counter.With("method", "list_channels_by_client").Add(1)
+		ms.latency.With("method", "list_channels_by_client").Observe(time.Since(begin).Seconds())
 	}(time.Now())
 	return ms.svc.ListChannelsByClient(ctx, session, clientID, pm)
 }
diff --git a/channels/mocks/channels_client.go b/channels/mocks/channels_client.go
index e5b5a54275..240c0e17ad 100644
--- a/channels/mocks/channels_client.go
+++ b/channels/mocks/channels_client.go
@@ -103,8 +103,8 @@ func (_c *ChannelsServiceClient_Authorize_Call) RunAndReturn(run func(context.Co
 	return _c
 }
 
-// RemoveThingConnections provides a mock function with given fields: ctx, in, opts
-func (_m *ChannelsServiceClient) RemoveThingConnections(ctx context.Context, in *v1.RemoveThingConnectionsReq, opts ...grpc.CallOption) (*v1.RemoveThingConnectionsRes, error) {
+// RemoveClientConnections provides a mock function with given fields: ctx, in, opts
+func (_m *ChannelsServiceClient) RemoveClientConnections(ctx context.Context, in *v1.RemoveClientConnectionsReq, opts ...grpc.CallOption) (*v1.RemoveClientConnectionsRes, error) {
 	_va := make([]interface{}, len(opts))
 	for _i := range opts {
 		_va[_i] = opts[_i]
@@ -115,23 +115,23 @@ func (_m *ChannelsServiceClient) RemoveThingConnections(ctx context.Context, in
 	ret := _m.Called(_ca...)
 
 	if len(ret) == 0 {
-		panic("no return value specified for RemoveThingConnections")
+		panic("no return value specified for RemoveClientConnections")
 	}
 
-	var r0 *v1.RemoveThingConnectionsRes
+	var r0 *v1.RemoveClientConnectionsRes
 	var r1 error
-	if rf, ok := ret.Get(0).(func(context.Context, *v1.RemoveThingConnectionsReq, ...grpc.CallOption) (*v1.RemoveThingConnectionsRes, error)); ok {
+	if rf, ok := ret.Get(0).(func(context.Context, *v1.RemoveClientConnectionsReq, ...grpc.CallOption) (*v1.RemoveClientConnectionsRes, error)); ok {
 		return rf(ctx, in, opts...)
 	}
-	if rf, ok := ret.Get(0).(func(context.Context, *v1.RemoveThingConnectionsReq, ...grpc.CallOption) *v1.RemoveThingConnectionsRes); ok {
+	if rf, ok := ret.Get(0).(func(context.Context, *v1.RemoveClientConnectionsReq, ...grpc.CallOption) *v1.RemoveClientConnectionsRes); ok {
 		r0 = rf(ctx, in, opts...)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*v1.RemoveThingConnectionsRes)
+			r0 = ret.Get(0).(*v1.RemoveClientConnectionsRes)
 		}
 	}
 
-	if rf, ok := ret.Get(1).(func(context.Context, *v1.RemoveThingConnectionsReq, ...grpc.CallOption) error); ok {
+	if rf, ok := ret.Get(1).(func(context.Context, *v1.RemoveClientConnectionsReq, ...grpc.CallOption) error); ok {
 		r1 = rf(ctx, in, opts...)
 	} else {
 		r1 = ret.Error(1)
@@ -140,21 +140,21 @@ func (_m *ChannelsServiceClient) RemoveThingConnections(ctx context.Context, in
 	return r0, r1
 }
 
-// ChannelsServiceClient_RemoveThingConnections_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveThingConnections'
-type ChannelsServiceClient_RemoveThingConnections_Call struct {
+// ChannelsServiceClient_RemoveClientConnections_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveClientConnections'
+type ChannelsServiceClient_RemoveClientConnections_Call struct {
 	*mock.Call
 }
 
-// RemoveThingConnections is a helper method to define mock.On call
+// RemoveClientConnections is a helper method to define mock.On call
 //   - ctx context.Context
-//   - in *v1.RemoveThingConnectionsReq
+//   - in *v1.RemoveClientConnectionsReq
 //   - opts ...grpc.CallOption
-func (_e *ChannelsServiceClient_Expecter) RemoveThingConnections(ctx interface{}, in interface{}, opts ...interface{}) *ChannelsServiceClient_RemoveThingConnections_Call {
-	return &ChannelsServiceClient_RemoveThingConnections_Call{Call: _e.mock.On("RemoveThingConnections",
+func (_e *ChannelsServiceClient_Expecter) RemoveClientConnections(ctx interface{}, in interface{}, opts ...interface{}) *ChannelsServiceClient_RemoveClientConnections_Call {
+	return &ChannelsServiceClient_RemoveClientConnections_Call{Call: _e.mock.On("RemoveClientConnections",
 		append([]interface{}{ctx, in}, opts...)...)}
 }
 
-func (_c *ChannelsServiceClient_RemoveThingConnections_Call) Run(run func(ctx context.Context, in *v1.RemoveThingConnectionsReq, opts ...grpc.CallOption)) *ChannelsServiceClient_RemoveThingConnections_Call {
+func (_c *ChannelsServiceClient_RemoveClientConnections_Call) Run(run func(ctx context.Context, in *v1.RemoveClientConnectionsReq, opts ...grpc.CallOption)) *ChannelsServiceClient_RemoveClientConnections_Call {
 	_c.Call.Run(func(args mock.Arguments) {
 		variadicArgs := make([]grpc.CallOption, len(args)-2)
 		for i, a := range args[2:] {
@@ -162,17 +162,17 @@ func (_c *ChannelsServiceClient_RemoveThingConnections_Call) Run(run func(ctx co
 				variadicArgs[i] = a.(grpc.CallOption)
 			}
 		}
-		run(args[0].(context.Context), args[1].(*v1.RemoveThingConnectionsReq), variadicArgs...)
+		run(args[0].(context.Context), args[1].(*v1.RemoveClientConnectionsReq), variadicArgs...)
 	})
 	return _c
 }
 
-func (_c *ChannelsServiceClient_RemoveThingConnections_Call) Return(_a0 *v1.RemoveThingConnectionsRes, _a1 error) *ChannelsServiceClient_RemoveThingConnections_Call {
+func (_c *ChannelsServiceClient_RemoveClientConnections_Call) Return(_a0 *v1.RemoveClientConnectionsRes, _a1 error) *ChannelsServiceClient_RemoveClientConnections_Call {
 	_c.Call.Return(_a0, _a1)
 	return _c
 }
 
-func (_c *ChannelsServiceClient_RemoveThingConnections_Call) RunAndReturn(run func(context.Context, *v1.RemoveThingConnectionsReq, ...grpc.CallOption) (*v1.RemoveThingConnectionsRes, error)) *ChannelsServiceClient_RemoveThingConnections_Call {
+func (_c *ChannelsServiceClient_RemoveClientConnections_Call) RunAndReturn(run func(context.Context, *v1.RemoveClientConnectionsReq, ...grpc.CallOption) (*v1.RemoveClientConnectionsRes, error)) *ChannelsServiceClient_RemoveClientConnections_Call {
 	_c.Call.Return(run)
 	return _c
 }
diff --git a/channels/roleoperations.go b/channels/roleoperations.go
index c6dfe09726..475cfa2f88 100644
--- a/channels/roleoperations.go
+++ b/channels/roleoperations.go
@@ -16,8 +16,8 @@ const (
 	OpDeleteChannel
 	OpSetParentGroup
 	OpRemoveParentGroup
-	OpConnectThing
-	OpDisconnectThing
+	OpConnectClient
+	OpDisconnectClient
 )
 
 var expectedOperations = []svcutil.Operation{
@@ -29,8 +29,8 @@ var expectedOperations = []svcutil.Operation{
 	OpDeleteChannel,
 	OpSetParentGroup,
 	OpRemoveParentGroup,
-	OpConnectThing,
-	OpDisconnectThing,
+	OpConnectClient,
+	OpDisconnectClient,
 }
 
 var operationNames = []string{
@@ -42,8 +42,8 @@ var operationNames = []string{
 	"OpDeleteChannel",
 	"OpSetParentGroup",
 	"OpRemoveParentGroup",
-	"OpConnectThing",
-	"OpDisconnectThing",
+	"OpConnectClient",
+	"OpDisconnectClient",
 }
 
 func NewOperationPerm() svcutil.OperationPerm {
@@ -85,11 +85,11 @@ func NewExternalOperationPerm() svcutil.ExternalOperationPerm {
 // Below codes should moved out of service, may be can be kept in `cmd/<svc>/main.go`
 
 const (
-	updatePermission         = "update_permission"
-	readPermission           = "read_permission"
-	deletePermission         = "delete_permission"
-	setParentGroupPermission = "set_parent_group_permission"
-	connectToThingPermission = "connect_to_client_permission"
+	updatePermission          = "update_permission"
+	readPermission            = "read_permission"
+	deletePermission          = "delete_permission"
+	setParentGroupPermission  = "set_parent_group_permission"
+	connectToClientPermission = "connect_to_client_permission"
 
 	manageRolePermission      = "manage_role_permission"
 	addRoleUsersPermission    = "add_role_users_permission"
@@ -107,8 +107,8 @@ func NewOperationPermissionMap() map[svcutil.Operation]svcutil.Permission {
 		OpDeleteChannel:     deletePermission,
 		OpSetParentGroup:    setParentGroupPermission,
 		OpRemoveParentGroup: setParentGroupPermission,
-		OpConnectThing:      connectToThingPermission,
-		OpDisconnectThing:   connectToThingPermission,
+		OpConnectClient:     connectToClientPermission,
+		OpDisconnectClient:  connectToClientPermission,
 	}
 	return opPerm
 }
diff --git a/channels/service.go b/channels/service.go
index 595d408495..658632f516 100644
--- a/channels/service.go
+++ b/channels/service.go
@@ -369,7 +369,7 @@ func (svc service) Disconnect(ctx context.Context, session authn.Session, chIDs,
 		}
 
 		if resp.GetEntity().GetDomainId() != session.DomainID {
-			return errors.Wrap(svcerr.ErrCreateEntity, fmt.Errorf("thing id %s has invalid domain id", thID))
+			return errors.Wrap(svcerr.ErrCreateEntity, fmt.Errorf("client id %s has invalid domain id", thID))
 		}
 	}
 
@@ -505,7 +505,7 @@ func (svc service) listChannelIDs(ctx context.Context, userID, permission string
 }
 
 func (svc service) retrievePermissions(ctx context.Context, userID string, channel *Channel) error {
-	permissions, err := svc.listUserThingPermission(ctx, userID, channel.ID)
+	permissions, err := svc.listUserClientPermission(ctx, userID, channel.ID)
 	if err != nil {
 		return err
 	}
@@ -513,11 +513,11 @@ func (svc service) retrievePermissions(ctx context.Context, userID string, chann
 	return nil
 }
 
-func (svc service) listUserThingPermission(ctx context.Context, userID, thingID string) ([]string, error) {
+func (svc service) listUserClientPermission(ctx context.Context, userID, clientID string) ([]string, error) {
 	lp, err := svc.policy.ListPermissions(ctx, policies.Policy{
 		SubjectType: policies.UserType,
 		Subject:     userID,
-		Object:      thingID,
+		Object:      clientID,
 		ObjectType:  policies.ChannelType,
 	}, []string{})
 	if err != nil {
diff --git a/cli/README.md b/cli/README.md
index f2e1db01cd..997b6be1cd 100644
--- a/cli/README.md
+++ b/cli/README.md
@@ -72,19 +72,19 @@ magistrala-cli users disable <user_id> <user_token>
 
 ### System Provisioning
 
-#### Create Thing
+#### Create Client
 
 ```bash
-magistrala-cli clients create '{"name":"myThing"}' <user_token>
+magistrala-cli clients create '{"name":"myClient"}' <user_token>
 ```
 
-#### Create Thing with metadata
+#### Create Client with metadata
 
 ```bash
-magistrala-cli clients create '{"name":"myThing", "metadata": {"key1":"value1"}}' <user_token>
+magistrala-cli clients create '{"name":"myClient", "metadata": {"key1":"value1"}}' <user_token>
 ```
 
-#### Bulk Provision Things
+#### Bulk Provision Clients
 
 ```bash
 magistrala-cli provision clients <file> <user_token>
@@ -96,31 +96,31 @@ magistrala-cli provision clients <file> <user_token>
 An example CSV file might be:
 
 ```csv
-thing1,
-thing2,
-thing3,
+client1,
+client2,
+client3,
 ```
 
-in which the first column is the thing's name.
+in which the first column is the client's name.
 
 A comparable JSON file would be
 
 ```json
 [
   {
-    "name": "<thing1_name>",
+    "name": "<client1_name>",
     "status": "enabled"
   },
   {
-    "name": "<thing2_name>",
+    "name": "<client2_name>",
     "status": "disabled"
   },
   {
-    "name": "<thing3_name>",
+    "name": "<client3_name>",
     "status": "enabled",
     "credentials": {
-      "identity": "<thing3_identity>",
-      "secret": "<thing3_secret>"
+      "identity": "<client3_identity>",
+      "secret": "<client3_secret>"
     }
   }
 ]
@@ -128,43 +128,43 @@ A comparable JSON file would be
 
 With JSON you can be able to specify more fields of the channels you want to create
 
-#### Update Thing
+#### Update Client
 
 ```bash
 magistrala-cli clients update <client_id> '{"name":"value1", "metadata":{"key1": "value2"}}' <user_token>
 ```
 
-#### Identify Thing
+#### Identify Client
 
 ```bash
 magistrala-cli clients identify <client_key>
 ```
 
-#### Enable Thing
+#### Enable Client
 
 ```bash
 magistrala-cli clients enable <client_id> <user_token>
 ```
 
-#### Disable Thing
+#### Disable Client
 
 ```bash
 magistrala-cli clients disable <client_id> <user_token>
 ```
 
-#### Get Thing
+#### Get Client
 
 ```bash
 magistrala-cli clients get <client_id> <user_token>
 ```
 
-#### Get Things
+#### Get Clients
 
 ```bash
 magistrala-cli clients get all <user_token>
 ```
 
-#### Get a subset list of provisioned Things
+#### Get a subset list of provisioned Clients
 
 ```bash
 magistrala-cli clients get all --offset=1 --limit=5 <user_token>
@@ -257,13 +257,13 @@ magistrala-cli channels get all --offset=1 --limit=5 <user_token>
 
 ### Access control
 
-#### Connect Thing to Channel
+#### Connect Client to Channel
 
 ```bash
 magistrala-cli clients connect <client_id> <channel_id> <user_token>
 ```
 
-#### Bulk Connect Things to Channels
+#### Bulk Connect Clients to Channels
 
 ```bash
 magistrala-cli provision connect <file> <user_token>
@@ -290,19 +290,19 @@ A comparable JSON file would be
 }
 ```
 
-#### Disconnect Thing from Channel
+#### Disconnect Client from Channel
 
 ```bash
 magistrala-cli clients disconnect <client_id> <channel_id> <user_token>
 ```
 
-#### Get a subset list of Channels connected to Thing
+#### Get a subset list of Channels connected to Client
 
 ```bash
 magistrala-cli clients connections <client_id> <user_token>
 ```
 
-#### Get a subset list of Things connected to Channel
+#### Get a subset list of Clients connected to Channel
 
 ```bash
 magistrala-cli channels connections <channel_id> <user_token>
@@ -313,7 +313,7 @@ magistrala-cli channels connections <channel_id> <user_token>
 #### Send a message over HTTP
 
 ```bash
-magistrala-cli messages send <channel_id> '[{"bn":"Dev1","n":"temp","v":20}, {"n":"hum","v":40}, {"bn":"Dev2", "n":"temp","v":20}, {"n":"hum","v":40}]' <thing_secret>
+magistrala-cli messages send <channel_id> '[{"bn":"Dev1","n":"temp","v":20}, {"n":"hum","v":40}, {"bn":"Dev2", "n":"temp","v":20}, {"n":"hum","v":40}]' <client_secret>
 ```
 
 #### Read messages over HTTP
diff --git a/cli/bootstrap.go b/cli/bootstrap.go
index b995f7a79d..4a9ee61925 100644
--- a/cli/bootstrap.go
+++ b/cli/bootstrap.go
@@ -14,7 +14,7 @@ var cmdBootstrap = []cobra.Command{
 	{
 		Use:   "create <JSON_config> <domain_id> <user_auth_token>",
 		Short: "Create config",
-		Long:  `Create new Thing Bootstrap Config to the user identified by the provided key`,
+		Long:  `Create new Client Bootstrap Config to the user identified by the provided key`,
 		Run: func(cmd *cobra.Command, args []string) {
 			if len(args) != 3 {
 				logUsageCmd(*cmd, cmd.Use)
@@ -39,7 +39,7 @@ var cmdBootstrap = []cobra.Command{
 	{
 		Use:   "get [all | <client_id>] <domain_id> <user_auth_token>",
 		Short: "Get config",
-		Long: `Get Thing Config with given ID belonging to the user identified by the given key.
+		Long: `Get Client Config with given ID belonging to the user identified by the given key.
 				all - lists all config
 				<client_id> - view config of <client_id>`,
 		Run: func(cmd *cobra.Command, args []string) {
@@ -77,7 +77,7 @@ var cmdBootstrap = []cobra.Command{
 		Short: "Update config",
 		Long: `Updates editable fields of the provided Config.
 				config <JSON_config> - Updates editable fields of the provided Config.
-				connection <id> <channel_ids> - Updates connections performs update of the channel list corresponding Thing is connected to.
+				connection <id> <channel_ids> - Updates connections performs update of the channel list corresponding Client is connected to.
 				channel_ids - '["channel_id1", ...]'
 				certs  <id> <client_cert> <client_key> <ca> - Update bootstrap config certificates.`,
 		Run: func(cmd *cobra.Command, args []string) {
@@ -148,7 +148,7 @@ var cmdBootstrap = []cobra.Command{
 	{
 		Use:   "bootstrap [<external_id> <external_key> | secure <external_id> <external_key> <crypto_key> ]",
 		Short: "Bootstrap config",
-		Long: `Returns Config to the Thing with provided external ID using external key.
+		Long: `Returns Config to the Client with provided external ID using external key.
 				secure - Retrieves a configuration with given external ID and encrypted external key.`,
 		Run: func(cmd *cobra.Command, args []string) {
 			if len(args) < 2 {
diff --git a/cli/certs.go b/cli/certs.go
index 858478e0c9..ee24c0e793 100644
--- a/cli/certs.go
+++ b/cli/certs.go
@@ -18,7 +18,7 @@ var cmdCerts = []cobra.Command{
 				return
 			}
 			if args[0] == "client" {
-				cert, err := sdk.ViewCertByThing(args[1], args[2], args[3])
+				cert, err := sdk.ViewCertByClient(args[1], args[2], args[3])
 				if err != nil {
 					logErrorCmd(*cmd, err)
 					return
@@ -60,16 +60,16 @@ func NewCertsCmd() *cobra.Command {
 	issueCmd := cobra.Command{
 		Use:   "issue <client_id> <domain_id> <user_auth_token> [--ttl=8760h]",
 		Short: "Issue certificate",
-		Long:  `Issues new certificate for a thing`,
+		Long:  `Issues new certificate for a client`,
 		Run: func(cmd *cobra.Command, args []string) {
 			if len(args) != 3 {
 				logUsageCmd(*cmd, cmd.Use)
 				return
 			}
 
-			thingID := args[0]
+			clientID := args[0]
 
-			c, err := sdk.IssueCert(thingID, ttl, args[1], args[2])
+			c, err := sdk.IssueCert(clientID, ttl, args[1], args[2])
 			if err != nil {
 				logErrorCmd(*cmd, err)
 				return
@@ -83,7 +83,7 @@ func NewCertsCmd() *cobra.Command {
 	cmd := cobra.Command{
 		Use:   "certs [issue | get | revoke ]",
 		Short: "Certificates management",
-		Long:  `Certificates management: issue, get or revoke certificates for things"`,
+		Long:  `Certificates management: issue, get or revoke certificates for clients"`,
 	}
 
 	cmdCerts = append(cmdCerts, issueCmd)
diff --git a/cli/certs_test.go b/cli/certs_test.go
index 63654e6397..69cb4907af 100644
--- a/cli/certs_test.go
+++ b/cli/certs_test.go
@@ -104,7 +104,7 @@ func TestGetCertCmd(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdkMock.On("ViewCertByThing", mock.Anything, mock.Anything, mock.Anything).Return(tc.serials, tc.sdkErr)
+			sdkCall := sdkMock.On("ViewCertByClient", mock.Anything, mock.Anything, mock.Anything).Return(tc.serials, tc.sdkErr)
 			sdkCall1 := sdkMock.On("ViewCert", mock.Anything, mock.Anything, mock.Anything).Return(tc.cert, tc.sdkErr)
 			out := executeCommand(t, rootCmd, append([]string{getCmd}, tc.args...)...)
 			switch tc.logType {
diff --git a/cli/channels.go b/cli/channels.go
index 5e52841358..122024d457 100644
--- a/cli/channels.go
+++ b/cli/channels.go
@@ -363,7 +363,7 @@ func NewChannelsCmd() *cobra.Command {
 	cmd := cobra.Command{
 		Use:   "channels [create | get | update | delete | connections | not-connected | assign | unassign | users | groups]",
 		Short: "Channels management",
-		Long:  `Channels management: create, get, update or delete Channel and get list of Things connected or not connected to a Channel`,
+		Long:  `Channels management: create, get, update or delete Channel and get list of Clients connected or not connected to a Channel`,
 	}
 
 	for i := range cmdChannels {
diff --git a/cli/clients.go b/cli/clients.go
index 23fd706c74..8e6aa78b59 100644
--- a/cli/clients.go
+++ b/cli/clients.go
@@ -13,11 +13,11 @@ import (
 
 var cmdClients = []cobra.Command{
 	{
-		Use:   "create <JSON_thing> <domain_id> <user_auth_token>",
-		Short: "Create thing",
+		Use:   "create <JSON_client> <domain_id> <user_auth_token>",
+		Short: "Create client",
 		Long: "Creates new client with provided name and metadata\n" +
 			"Usage:\n" +
-			"\tmagistrala-cli clients create '{\"name\":\"new thing\", \"metadata\":{\"key\": \"value\"}}' $DOMAINID $USERTOKEN\n",
+			"\tmagistrala-cli clients create '{\"name\":\"new client\", \"metadata\":{\"key\": \"value\"}}' $DOMAINID $USERTOKEN\n",
 		Run: func(cmd *cobra.Command, args []string) {
 			if len(args) != 3 {
 				logUsageCmd(*cmd, cmd.Use)
@@ -41,10 +41,10 @@ var cmdClients = []cobra.Command{
 	},
 	{
 		Use:   "get [all | <client_id>] <domain_id> <user_auth_token>",
-		Short: "Get things",
+		Short: "Get clients",
 		Long: "Get all clients or get client by id. Clients can be filtered by name or metadata\n" +
 			"Usage:\n" +
-			"\tmagistrala-cli clients get all $DOMAINID $USERTOKEN - lists all things\n" +
+			"\tmagistrala-cli clients get all $DOMAINID $USERTOKEN - lists all clients\n" +
 			"\tmagistrala-cli clients get all $DOMAINID $USERTOKEN --offset=10 --limit=10 - lists all clients with offset and limit\n" +
 			"\tmagistrala-cli clients get <client_id> $DOMAINID $USERTOKEN - shows client with provided <client_id>\n",
 		Run: func(cmd *cobra.Command, args []string) {
@@ -120,13 +120,13 @@ var cmdClients = []cobra.Command{
 					return
 				}
 				client.ID = args[1]
-				thing, err := sdk.UpdateClientTags(client, args[3], args[4])
+				client, err := sdk.UpdateClientTags(client, args[3], args[4])
 				if err != nil {
 					logErrorCmd(*cmd, err)
 					return
 				}
 
-				logJSONCmd(*cmd, thing)
+				logJSONCmd(*cmd, client)
 				return
 			}
 
@@ -167,13 +167,13 @@ var cmdClients = []cobra.Command{
 				return
 			}
 
-			thing, err := sdk.EnableClient(args[0], args[1], args[2])
+			client, err := sdk.EnableClient(args[0], args[1], args[2])
 			if err != nil {
 				logErrorCmd(*cmd, err)
 				return
 			}
 
-			logJSONCmd(*cmd, thing)
+			logJSONCmd(*cmd, client)
 		},
 	},
 	{
@@ -188,13 +188,13 @@ var cmdClients = []cobra.Command{
 				return
 			}
 
-			thing, err := sdk.DisableClient(args[0], args[1], args[2])
+			client, err := sdk.DisableClient(args[0], args[1], args[2])
 			if err != nil {
 				logErrorCmd(*cmd, err)
 				return
 			}
 
-			logJSONCmd(*cmd, thing)
+			logJSONCmd(*cmd, client)
 		},
 	},
 	{
@@ -247,7 +247,7 @@ var cmdClients = []cobra.Command{
 	},
 	{
 		Use:   "connect <client_id> <channel_id> <domain_id> <user_auth_token>",
-		Short: "Connect thing",
+		Short: "Connect client",
 		Long: "Connect client to the channel\n" +
 			"Usage:\n" +
 			"\tmagistrala-cli clients connect <client_id> <channel_id> $DOMAINID $USERTOKEN\n",
@@ -271,7 +271,7 @@ var cmdClients = []cobra.Command{
 	},
 	{
 		Use:   "disconnect <client_id> <channel_id> <domain_id> <user_auth_token>",
-		Short: "Disconnect thing",
+		Short: "Disconnect client",
 		Long: "Disconnect client to the channel\n" +
 			"Usage:\n" +
 			"\tmagistrala-cli clients disconnect <client_id> <channel_id> $DOMAINID $USERTOKEN\n",
@@ -320,7 +320,7 @@ var cmdClients = []cobra.Command{
 	{
 		Use:   "users <client_id> <domain_id> <user_auth_token>",
 		Short: "List users",
-		Long: "List users of a thing\n" +
+		Long: "List users of a client\n" +
 			"Usage:\n" +
 			"\tmagistrala-cli clients users <client_id> $DOMAINID $USERTOKEN\n",
 		Run: func(cmd *cobra.Command, args []string) {
diff --git a/cli/clients_test.go b/cli/clients_test.go
index 7235cf938e..4776bedd93 100644
--- a/cli/clients_test.go
+++ b/cli/clients_test.go
@@ -32,7 +32,7 @@ var (
 
 var client = sdk.Client{
 	ID:   testsutil.GenerateUUID(&testing.T{}),
-	Name: "testthing",
+	Name: "testclient",
 	Credentials: sdk.ClientCredentials{
 		Secret: "secret",
 	},
@@ -43,7 +43,7 @@ var client = sdk.Client{
 func TestCreateClientsCmd(t *testing.T) {
 	sdkMock := new(sdkmocks.SDK)
 	cli.SetSDK(sdkMock)
-	thingJson := "{\"name\":\"testthing\", \"metadata\":{\"key1\":\"value1\"}}"
+	clientJson := "{\"name\":\"testclient\", \"metadata\":{\"key1\":\"value1\"}}"
 	clientsCmd := cli.NewClientsCmd()
 	rootCmd := setFlags(clientsCmd)
 
@@ -54,23 +54,23 @@ func TestCreateClientsCmd(t *testing.T) {
 		args          []string
 		sdkErr        errors.SDKError
 		errLogMessage string
-		thing         sdk.Client
+		client        sdk.Client
 		logType       outputLog
 	}{
 		{
 			desc: "create client successfully with token",
 			args: []string{
-				thingJson,
+				clientJson,
 				domainID,
 				token,
 			},
-			thing:   client,
+			client:  client,
 			logType: entityLog,
 		},
 		{
 			desc: "create client without token",
 			args: []string{
-				thingJson,
+				clientJson,
 				domainID,
 			},
 			logType: usageLog,
@@ -78,7 +78,7 @@ func TestCreateClientsCmd(t *testing.T) {
 		{
 			desc: "create client with invalid token",
 			args: []string{
-				thingJson,
+				clientJson,
 				domainID,
 				invalidToken,
 			},
@@ -87,9 +87,9 @@ func TestCreateClientsCmd(t *testing.T) {
 			logType:       errLog,
 		},
 		{
-			desc: "failed to create thing",
+			desc: "failed to create client",
 			args: []string{
-				thingJson,
+				clientJson,
 				domainID,
 				token,
 			},
@@ -100,7 +100,7 @@ func TestCreateClientsCmd(t *testing.T) {
 		{
 			desc: "create client with invalid metadata",
 			args: []string{
-				"{\"name\":\"testthing\", \"metadata\":{\"key1\":value1}}",
+				"{\"name\":\"testclient\", \"metadata\":{\"key1\":value1}}",
 				domainID,
 				token,
 			},
@@ -112,14 +112,14 @@ func TestCreateClientsCmd(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdkMock.On("CreateThing", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.thing, tc.sdkErr)
+			sdkCall := sdkMock.On("CreateClient", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.client, tc.sdkErr)
 			out := executeCommand(t, rootCmd, append([]string{createCmd}, tc.args...)...)
 
 			switch tc.logType {
 			case entityLog:
 				err := json.Unmarshal([]byte(out), &tg)
 				assert.Nil(t, err)
-				assert.Equal(t, tc.thing, tg, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.thing, tg))
+				assert.Equal(t, tc.client, tg, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.client, tg))
 			case errLog:
 				assert.Equal(t, tc.errLogMessage, out, fmt.Sprintf("%s unexpected error response: expected %s got errLogMessage:%s", tc.desc, tc.errLogMessage, out))
 			case usageLog:
@@ -145,7 +145,7 @@ func TestGetClientssCmd(t *testing.T) {
 		args          []string
 		sdkErr        errors.SDKError
 		errLogMessage string
-		thing         sdk.Client
+		client        sdk.Client
 		page          sdk.ClientsPage
 		logType       outputLog
 	}{
@@ -169,7 +169,7 @@ func TestGetClientssCmd(t *testing.T) {
 				token,
 			},
 			logType: entityLog,
-			thing:   client,
+			client:  client,
 		},
 		{
 			desc: "get clients with invalid token",
@@ -221,7 +221,7 @@ func TestGetClientssCmd(t *testing.T) {
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
 			sdkCall := sdkMock.On("Clients", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.page, tc.sdkErr)
-			sdkCall1 := sdkMock.On("Client", mock.Anything, mock.Anything, mock.Anything).Return(tc.thing, tc.sdkErr)
+			sdkCall1 := sdkMock.On("Client", mock.Anything, mock.Anything, mock.Anything).Return(tc.client, tc.sdkErr)
 
 			out := executeCommand(t, rootCmd, append([]string{getCmd}, tc.args...)...)
 
@@ -249,7 +249,7 @@ func TestGetClientssCmd(t *testing.T) {
 
 			if tc.logType == entityLog {
 				if tc.args[1] != all {
-					assert.Equal(t, tc.thing, tg, fmt.Sprintf("%v unexpected response, expected: %v, got: %v", tc.desc, tc.thing, tg))
+					assert.Equal(t, tc.client, tg, fmt.Sprintf("%v unexpected response, expected: %v, got: %v", tc.desc, tc.client, tg))
 				} else {
 					assert.Equal(t, tc.page, page, fmt.Sprintf("%v unexpected response, expected: %v, got: %v", tc.desc, tc.page, page))
 				}
@@ -271,7 +271,7 @@ func TestUpdateClientCmd(t *testing.T) {
 	secretUpdateType := "secret"
 	newTagsJson := "[\"tag1\", \"tag2\"]"
 	newTagString := []string{"tag1", "tag2"}
-	newNameandMeta := "{\"name\": \"thingName\", \"metadata\": {\"role\": \"general\"}}"
+	newNameandMeta := "{\"name\": \"clientName\", \"metadata\": {\"role\": \"general\"}}"
 	newSecret := "secret"
 
 	cases := []struct {
@@ -279,7 +279,7 @@ func TestUpdateClientCmd(t *testing.T) {
 		args          []string
 		sdkErr        errors.SDKError
 		errLogMessage string
-		thing         sdk.Client
+		client        sdk.Client
 		logType       outputLog
 	}{
 		{
@@ -290,8 +290,8 @@ func TestUpdateClientCmd(t *testing.T) {
 				domainID,
 				token,
 			},
-			thing: sdk.Client{
-				Name: "thingName",
+			client: sdk.Client{
+				Name: "clientName",
 				Metadata: map[string]interface{}{
 					"metadata": map[string]interface{}{
 						"role": "general",
@@ -307,7 +307,7 @@ func TestUpdateClientCmd(t *testing.T) {
 			desc: "update client name and metadata with invalid json",
 			args: []string{
 				client.ID,
-				"{\"name\": \"thingName\", \"metadata\": {\"role\": \"general\"}",
+				"{\"name\": \"clientName\", \"metadata\": {\"role\": \"general\"}",
 				domainID,
 				token,
 			},
@@ -336,7 +336,7 @@ func TestUpdateClientCmd(t *testing.T) {
 				domainID,
 				token,
 			},
-			thing: sdk.Client{
+			client: sdk.Client{
 				Name:     client.Name,
 				ID:       client.ID,
 				DomainID: client.DomainID,
@@ -380,7 +380,7 @@ func TestUpdateClientCmd(t *testing.T) {
 				domainID,
 				token,
 			},
-			thing: sdk.Client{
+			client: sdk.Client{
 				Name:     client.Name,
 				ID:       client.ID,
 				DomainID: client.DomainID,
@@ -434,9 +434,9 @@ func TestUpdateClientCmd(t *testing.T) {
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
 			var tg sdk.Client
-			sdkCall := sdkMock.On("UpdateClient", mock.Anything, mock.Anything, mock.Anything).Return(tc.thing, tc.sdkErr)
-			sdkCall1 := sdkMock.On("UpdateClientTags", mock.Anything, mock.Anything, mock.Anything).Return(tc.thing, tc.sdkErr)
-			sdkCall2 := sdkMock.On("UpdateClientSecret", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.thing, tc.sdkErr)
+			sdkCall := sdkMock.On("UpdateClient", mock.Anything, mock.Anything, mock.Anything).Return(tc.client, tc.sdkErr)
+			sdkCall1 := sdkMock.On("UpdateClientTags", mock.Anything, mock.Anything, mock.Anything).Return(tc.client, tc.sdkErr)
+			sdkCall2 := sdkMock.On("UpdateClientSecret", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.client, tc.sdkErr)
 
 			switch {
 			case tc.args[0] == tagUpdateType:
@@ -444,13 +444,13 @@ func TestUpdateClientCmd(t *testing.T) {
 				th.Tags = []string{"tag1", "tag2"}
 				th.ID = tc.args[1]
 
-				sdkCall1 = sdkMock.On("UpdateClientTags", th, tc.args[3]).Return(tc.thing, tc.sdkErr)
+				sdkCall1 = sdkMock.On("UpdateClientTags", th, tc.args[3]).Return(tc.client, tc.sdkErr)
 			case tc.args[0] == secretUpdateType:
 				var th sdk.Client
 				th.Credentials.Secret = tc.args[2]
 				th.ID = tc.args[1]
 
-				sdkCall2 = sdkMock.On("UpdateClientSecret", th, tc.args[2], tc.args[3]).Return(tc.thing, tc.sdkErr)
+				sdkCall2 = sdkMock.On("UpdateClientSecret", th, tc.args[2], tc.args[3]).Return(tc.client, tc.sdkErr)
 			}
 			out := executeCommand(t, rootCmd, append([]string{updCmd}, tc.args...)...)
 
@@ -458,7 +458,7 @@ func TestUpdateClientCmd(t *testing.T) {
 			case entityLog:
 				err := json.Unmarshal([]byte(out), &tg)
 				assert.Nil(t, err)
-				assert.Equal(t, tc.thing, tg, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.thing, tg))
+				assert.Equal(t, tc.client, tg, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.client, tg))
 			case errLog:
 				assert.Equal(t, tc.errLogMessage, out, fmt.Sprintf("%s unexpected error response: expected %s got errLogMessage:%s", tc.desc, tc.errLogMessage, out))
 			case usageLog:
@@ -530,7 +530,7 @@ func TestDeleteClientCmd(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdkMock.On("DeleteThing", tc.args[0], tc.args[1], tc.args[2]).Return(tc.sdkErr)
+			sdkCall := sdkMock.On("DeleteClient", tc.args[0], tc.args[1], tc.args[2]).Return(tc.sdkErr)
 			out := executeCommand(t, rootCmd, append([]string{delCmd}, tc.args...)...)
 
 			switch tc.logType {
@@ -546,7 +546,7 @@ func TestDeleteClientCmd(t *testing.T) {
 	}
 }
 
-func TestEnableThingCmd(t *testing.T) {
+func TestEnableClientCmd(t *testing.T) {
 	sdkMock := new(sdkmocks.SDK)
 	cli.SetSDK(sdkMock)
 	clientsCmd := cli.NewClientsCmd()
@@ -558,7 +558,7 @@ func TestEnableThingCmd(t *testing.T) {
 		args          []string
 		sdkErr        errors.SDKError
 		errLogMessage string
-		thing         sdk.Client
+		client        sdk.Client
 		logType       outputLog
 	}{
 		{
@@ -569,7 +569,7 @@ func TestEnableThingCmd(t *testing.T) {
 				validToken,
 			},
 			sdkErr:  nil,
-			thing:   client,
+			client:  client,
 			logType: entityLog,
 		},
 		{
@@ -608,7 +608,7 @@ func TestEnableThingCmd(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdkMock.On("EnableThing", tc.args[0], tc.args[1], tc.args[2]).Return(tc.thing, tc.sdkErr)
+			sdkCall := sdkMock.On("EnableClient", tc.args[0], tc.args[1], tc.args[2]).Return(tc.client, tc.sdkErr)
 			out := executeCommand(t, rootCmd, append([]string{enableCmd}, tc.args...)...)
 
 			switch tc.logType {
@@ -619,7 +619,7 @@ func TestEnableThingCmd(t *testing.T) {
 			case entityLog:
 				err := json.Unmarshal([]byte(out), &tg)
 				assert.Nil(t, err)
-				assert.Equal(t, tc.thing, tg, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.thing, tg))
+				assert.Equal(t, tc.client, tg, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.client, tg))
 			}
 
 			sdkCall.Unset()
@@ -627,7 +627,7 @@ func TestEnableThingCmd(t *testing.T) {
 	}
 }
 
-func TestDisablethingCmd(t *testing.T) {
+func TestDisableclientCmd(t *testing.T) {
 	sdkMock := new(sdkmocks.SDK)
 	cli.SetSDK(sdkMock)
 	clientsCmd := cli.NewClientsCmd()
@@ -640,7 +640,7 @@ func TestDisablethingCmd(t *testing.T) {
 		args          []string
 		sdkErr        errors.SDKError
 		errLogMessage string
-		thing         sdk.Client
+		client        sdk.Client
 		logType       outputLog
 	}{
 		{
@@ -651,7 +651,7 @@ func TestDisablethingCmd(t *testing.T) {
 				validToken,
 			},
 			logType: entityLog,
-			thing:   client,
+			client:  client,
 		},
 		{
 			desc: "delete client with invalid token",
@@ -689,7 +689,7 @@ func TestDisablethingCmd(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdkMock.On("DisableThing", tc.args[0], tc.args[1], tc.args[2]).Return(tc.thing, tc.sdkErr)
+			sdkCall := sdkMock.On("DisableClient", tc.args[0], tc.args[1], tc.args[2]).Return(tc.client, tc.sdkErr)
 			out := executeCommand(t, rootCmd, append([]string{disableCmd}, tc.args...)...)
 
 			switch tc.logType {
@@ -702,7 +702,7 @@ func TestDisablethingCmd(t *testing.T) {
 				if err != nil {
 					t.Fatalf("json.Unmarshal failed: %v", err)
 				}
-				assert.Equal(t, tc.thing, tg, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.thing, tg))
+				assert.Equal(t, tc.client, tg, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.client, tg))
 			}
 
 			sdkCall.Unset()
@@ -710,7 +710,7 @@ func TestDisablethingCmd(t *testing.T) {
 	}
 }
 
-func TestUsersThingCmd(t *testing.T) {
+func TestUsersClientCmd(t *testing.T) {
 	sdkMock := new(sdkmocks.SDK)
 	cli.SetSDK(sdkMock)
 	clientsCmd := cli.NewClientsCmd()
@@ -727,7 +727,7 @@ func TestUsersThingCmd(t *testing.T) {
 		sdkErr        errors.SDKError
 	}{
 		{
-			desc: "get thing's users successfully",
+			desc: "get client's users successfully",
 			args: []string{
 				client.ID,
 				domainID,
@@ -779,7 +779,7 @@ func TestUsersThingCmd(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdkMock.On("ListThingUsers", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.page, tc.sdkErr)
+			sdkCall := sdkMock.On("ListClientUsers", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.page, tc.sdkErr)
 			out := executeCommand(t, rootCmd, append([]string{usrCmd}, tc.args...)...)
 
 			switch tc.logType {
@@ -799,7 +799,7 @@ func TestUsersThingCmd(t *testing.T) {
 	}
 }
 
-func TestConnectThingCmd(t *testing.T) {
+func TestConnectClientCmd(t *testing.T) {
 	sdkMock := new(sdkmocks.SDK)
 	cli.SetSDK(sdkMock)
 	clientsCmd := cli.NewClientsCmd()
@@ -1046,7 +1046,7 @@ func TestListConnectionCmd(t *testing.T) {
 	}
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdkMock.On("ChannelsByThing", tc.args[0], mock.Anything, tc.args[1], tc.args[2]).Return(tc.page, tc.sdkErr)
+			sdkCall := sdkMock.On("ChannelsByClient", tc.args[0], mock.Anything, tc.args[1], tc.args[2]).Return(tc.page, tc.sdkErr)
 			out := executeCommand(t, rootCmd, append([]string{connsCmd}, tc.args...)...)
 
 			switch tc.logType {
@@ -1067,7 +1067,7 @@ func TestListConnectionCmd(t *testing.T) {
 	}
 }
 
-func TestShareThingCmd(t *testing.T) {
+func TestShareClientCmd(t *testing.T) {
 	sdkMock := new(sdkmocks.SDK)
 	cli.SetSDK(sdkMock)
 	clientCmd := cli.NewClientsCmd()
@@ -1145,7 +1145,7 @@ func TestShareThingCmd(t *testing.T) {
 	}
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdkMock.On("ShareThing", tc.args[0], mock.Anything, tc.args[3], tc.args[4]).Return(tc.sdkErr)
+			sdkCall := sdkMock.On("ShareClient", tc.args[0], mock.Anything, tc.args[3], tc.args[4]).Return(tc.sdkErr)
 			out := executeCommand(t, rootCmd, append([]string{shrCmd}, tc.args...)...)
 
 			switch tc.logType {
@@ -1161,7 +1161,7 @@ func TestShareThingCmd(t *testing.T) {
 	}
 }
 
-func TestUnshareThingCmd(t *testing.T) {
+func TestUnshareClientCmd(t *testing.T) {
 	sdkMock := new(sdkmocks.SDK)
 	cli.SetSDK(sdkMock)
 	clientsCmd := cli.NewClientsCmd()
@@ -1226,7 +1226,7 @@ func TestUnshareThingCmd(t *testing.T) {
 	}
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdkMock.On("UnshareThing", tc.args[0], mock.Anything, tc.args[3], tc.args[4]).Return(tc.sdkErr)
+			sdkCall := sdkMock.On("UnshareClient", tc.args[0], mock.Anything, tc.args[3], tc.args[4]).Return(tc.sdkErr)
 			out := executeCommand(t, rootCmd, append([]string{unshrCmd}, tc.args...)...)
 
 			switch tc.logType {
diff --git a/cli/commands_test.go b/cli/commands_test.go
index cede5ab099..04cf2d75de 100644
--- a/cli/commands_test.go
+++ b/cli/commands_test.go
@@ -26,7 +26,7 @@ const (
 	domsCmd       = "domains"
 )
 
-// Things commands
+// Clients commands
 const (
 	cliCmd     = "clients"
 	connsCmd   = "connections"
diff --git a/cli/message.go b/cli/message.go
index 6b5815bd51..693e8773da 100644
--- a/cli/message.go
+++ b/cli/message.go
@@ -10,7 +10,7 @@ import (
 
 var cmdMessages = []cobra.Command{
 	{
-		Use:   "send <channel_id.subtopic> <JSON_string> <thing_secret>",
+		Use:   "send <channel_id.subtopic> <JSON_string> <client_secret>",
 		Short: "Send messages",
 		Long:  `Sends message on the channel`,
 		Run: func(cmd *cobra.Command, args []string) {
diff --git a/cli/provision.go b/cli/provision.go
index 3f5c13f851..813b11bf8b 100644
--- a/cli/provision.go
+++ b/cli/provision.go
@@ -122,7 +122,7 @@ var cmdProvision = []cobra.Command{
 						Connect both clients to one of the channels, \
 						and only on client to other channel.`,
 		Run: func(cmd *cobra.Command, args []string) {
-			numThings := 2
+			numClients := 2
 			numChan := 2
 			clients := []mgxsdk.Client{}
 			channels := []mgxsdk.Channel{}
@@ -172,10 +172,10 @@ var cmdProvision = []cobra.Command{
 				return
 			}
 
-			// Create things
-			for i := 0; i < numThings; i++ {
+			// Create clients
+			for i := 0; i < numClients; i++ {
 				t := mgxsdk.Client{
-					Name:   fmt.Sprintf("%s-thing-%d", name, i),
+					Name:   fmt.Sprintf("%s-client-%d", name, i),
 					Status: mgxsdk.EnabledStatus,
 				}
 
@@ -275,7 +275,7 @@ func clientsFromFile(path string) ([]mgxsdk.Client, error) {
 	}
 	defer file.Close()
 
-	things := []mgxsdk.Client{}
+	clients := []mgxsdk.Client{}
 	switch filepath.Ext(path) {
 	case csvExt:
 		reader := csv.NewReader(file)
@@ -293,14 +293,14 @@ func clientsFromFile(path string) ([]mgxsdk.Client, error) {
 				return []mgxsdk.Client{}, errors.New("empty line found in file")
 			}
 
-			thing := mgxsdk.Client{
+			client := mgxsdk.Client{
 				Name: l[0],
 			}
 
-			things = append(things, thing)
+			clients = append(clients, client)
 		}
 	case jsonExt:
-		err := json.NewDecoder(file).Decode(&things)
+		err := json.NewDecoder(file).Decode(&clients)
 		if err != nil {
 			return []mgxsdk.Client{}, err
 		}
@@ -308,7 +308,7 @@ func clientsFromFile(path string) ([]mgxsdk.Client, error) {
 		return []mgxsdk.Client{}, err
 	}
 
-	return things, nil
+	return clients, nil
 }
 
 func channelsFromFile(path string) ([]mgxsdk.Channel, error) {
diff --git a/cli/users.go b/cli/users.go
index d280d94018..7c39f49f15 100644
--- a/cli/users.go
+++ b/cli/users.go
@@ -399,7 +399,7 @@ var cmdUsers = []cobra.Command{
 
 	{
 		Use:   "clients <user_id> <user_auth_token>",
-		Short: "List things",
+		Short: "List clients",
 		Long: "List clients of user\n" +
 			"Usage:\n" +
 			"\tmagistrala-cli users clients <user_id> <user_auth_token>\n",
diff --git a/cli/users_test.go b/cli/users_test.go
index b43a4b3581..52ae71767a 100644
--- a/cli/users_test.go
+++ b/cli/users_test.go
@@ -1218,14 +1218,14 @@ func TestListUserChannelsCmd(t *testing.T) {
 	}
 }
 
-func TestListUserThingsCmd(t *testing.T) {
+func TestListUserClientsCmd(t *testing.T) {
 	sdkMock := new(sdkmocks.SDK)
 	cli.SetSDK(sdkMock)
 	usersCmd := cli.NewUsersCmd()
 	rootCmd := setFlags(usersCmd)
 	th := mgsdk.Client{
 		ID:   testsutil.GenerateUUID(t),
-		Name: "testthing",
+		Name: "testclient",
 	}
 
 	var pg mgsdk.ClientsPage
@@ -1235,7 +1235,7 @@ func TestListUserThingsCmd(t *testing.T) {
 		args          []string
 		sdkerr        errors.SDKError
 		errLogMessage string
-		thing         mgsdk.Client
+		client        mgsdk.Client
 		page          mgsdk.ClientsPage
 		logType       outputLog
 	}{
@@ -1274,7 +1274,7 @@ func TestListUserThingsCmd(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			sdkCall := sdkMock.On("ListUserThings", tc.args[0], mock.Anything, tc.args[1]).Return(tc.page, tc.sdkerr)
+			sdkCall := sdkMock.On("ListUserClients", tc.args[0], mock.Anything, tc.args[1]).Return(tc.page, tc.sdkerr)
 			out := executeCommand(t, rootCmd, append([]string{cliCmd}, tc.args...)...)
 
 			switch tc.logType {
diff --git a/clients/api/grpc/client.go b/clients/api/grpc/client.go
index b225f8c086..cadf02523e 100644
--- a/clients/api/grpc/client.go
+++ b/clients/api/grpc/client.go
@@ -198,16 +198,16 @@ func encodeRetrieveEntitiesRequest(_ context.Context, grpcReq interface{}) (inte
 func decodeRetrieveEntitiesResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {
 	res := grpcRes.(*grpcCommonV1.RetrieveEntitiesRes)
 
-	ths := []enitity{}
+	clis := []enitity{}
 
 	for _, e := range res.Entities {
-		ths = append(ths, enitity{
+		clis = append(clis, enitity{
 			id:     e.GetId(),
 			domain: e.GetDomainId(),
 			status: uint8(e.GetStatus()),
 		})
 	}
-	return retrieveEntitiesRes{total: res.GetTotal(), limit: res.GetLimit(), offset: res.GetOffset(), clients: ths}, nil
+	return retrieveEntitiesRes{total: res.GetTotal(), limit: res.GetLimit(), offset: res.GetOffset(), clients: clis}, nil
 }
 
 func (client grpcClient) AddConnections(ctx context.Context, req *grpcCommonV1.AddConnectionsReq, _ ...grpc.CallOption) (r *grpcCommonV1.AddConnectionsRes, err error) {
diff --git a/clients/api/grpc/endpoint.go b/clients/api/grpc/endpoint.go
index 6444ace841..a561e099ab 100644
--- a/clients/api/grpc/endpoint.go
+++ b/clients/api/grpc/endpoint.go
@@ -7,11 +7,11 @@ import (
 	"context"
 
 	"github.com/absmach/magistrala/clients"
-	pThings "github.com/absmach/magistrala/clients/private"
+	pClients "github.com/absmach/magistrala/clients/private"
 	"github.com/go-kit/kit/endpoint"
 )
 
-func authenticateEndpoint(svc pThings.Service) endpoint.Endpoint {
+func authenticateEndpoint(svc pClients.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
 		req := request.(authenticateReq)
 		id, err := svc.Authenticate(ctx, req.ClientSecret)
@@ -25,39 +25,39 @@ func authenticateEndpoint(svc pThings.Service) endpoint.Endpoint {
 	}
 }
 
-func retrieveEntityEndpoint(svc pThings.Service) endpoint.Endpoint {
+func retrieveEntityEndpoint(svc pClients.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
 		req := request.(retrieveEntityReq)
-		thing, err := svc.RetrieveById(ctx, req.Id)
+		Client, err := svc.RetrieveById(ctx, req.Id)
 		if err != nil {
 			return retrieveEntityRes{}, err
 		}
 
-		return retrieveEntityRes{id: thing.ID, domain: thing.Domain, status: uint8(thing.Status)}, nil
+		return retrieveEntityRes{id: Client.ID, domain: Client.Domain, status: uint8(Client.Status)}, nil
 	}
 }
 
-func retrieveEntitiesEndpoint(svc pThings.Service) endpoint.Endpoint {
+func retrieveEntitiesEndpoint(svc pClients.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
 		req := request.(retrieveEntitiesReq)
 		tp, err := svc.RetrieveByIds(ctx, req.Ids)
 		if err != nil {
 			return retrieveEntitiesRes{}, err
 		}
-		thingsBasic := []enitity{}
+		clientsBasic := []enitity{}
 		for _, client := range tp.Clients {
-			thingsBasic = append(thingsBasic, enitity{id: client.ID, domain: client.Domain, status: uint8(client.Status)})
+			clientsBasic = append(clientsBasic, enitity{id: client.ID, domain: client.Domain, status: uint8(client.Status)})
 		}
 		return retrieveEntitiesRes{
 			total:   tp.Total,
 			limit:   tp.Limit,
 			offset:  tp.Offset,
-			clients: thingsBasic,
+			clients: clientsBasic,
 		}, nil
 	}
 }
 
-func addConnectionsEndpoint(svc pThings.Service) endpoint.Endpoint {
+func addConnectionsEndpoint(svc pClients.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
 		req := request.(connectionsReq)
 
@@ -80,7 +80,7 @@ func addConnectionsEndpoint(svc pThings.Service) endpoint.Endpoint {
 	}
 }
 
-func removeConnectionsEndpoint(svc pThings.Service) endpoint.Endpoint {
+func removeConnectionsEndpoint(svc pClients.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
 		req := request.(connectionsReq)
 
@@ -102,7 +102,7 @@ func removeConnectionsEndpoint(svc pThings.Service) endpoint.Endpoint {
 	}
 }
 
-func removeChannelConnectionsEndpoint(svc pThings.Service) endpoint.Endpoint {
+func removeChannelConnectionsEndpoint(svc pClients.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
 		req := request.(removeChannelConnectionsReq)
 
@@ -114,7 +114,7 @@ func removeChannelConnectionsEndpoint(svc pThings.Service) endpoint.Endpoint {
 	}
 }
 
-func UnsetParentGroupFromClientEndpoint(svc pThings.Service) endpoint.Endpoint {
+func UnsetParentGroupFromClientEndpoint(svc pClients.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
 		req := request.(UnsetParentGroupFromClientReq)
 
diff --git a/clients/api/http/clients.go b/clients/api/http/clients.go
index 56c03c2d3e..d07b02e860 100644
--- a/clients/api/http/clients.go
+++ b/clients/api/http/clients.go
@@ -93,14 +93,14 @@ func clientsHandler(svc clients.Service, authn mgauthn.Authentication, r *chi.Mu
 
 				r.Post("/parent", otelhttp.NewHandler(kithttp.NewServer(
 					setClientParentGroupEndpoint(svc),
-					decodeSetThingParentGroupStatus,
+					decodeSetClientParentGroupStatus,
 					api.EncodeResponse,
 					opts...,
-				), "set_thing_parent_group").ServeHTTP)
+				), "set_client_parent_group").ServeHTTP)
 
 				r.Delete("/parent", otelhttp.NewHandler(kithttp.NewServer(
 					removeClientParentGroupEndpoint(svc),
-					decodeRemoveThingParentGroupStatus,
+					decodeRemoveClientParentGroupStatus,
 					api.EncodeResponse,
 					opts...,
 				), "remove_client_parent_group").ServeHTTP)
diff --git a/clients/api/http/decode.go b/clients/api/http/decode.go
index b380cf55a9..2b22f8bb94 100644
--- a/clients/api/http/decode.go
+++ b/clients/api/http/decode.go
@@ -155,7 +155,7 @@ func decodeCreateClientsReq(_ context.Context, r *http.Request) (interface{}, er
 	}
 
 	c := createClientsReq{}
-	if err := json.NewDecoder(r.Body).Decode(&c.Things); err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&c.Clients); err != nil {
 		return nil, errors.Wrap(apiutil.ErrValidation, errors.Wrap(errors.ErrMalformedEntity, err))
 	}
 
@@ -170,12 +170,12 @@ func decodeChangeClientStatus(_ context.Context, r *http.Request) (interface{},
 	return req, nil
 }
 
-func decodeSetThingParentGroupStatus(_ context.Context, r *http.Request) (interface{}, error) {
+func decodeSetClientParentGroupStatus(_ context.Context, r *http.Request) (interface{}, error) {
 	if !strings.Contains(r.Header.Get("Content-Type"), api.ContentType) {
 		return nil, errors.Wrap(apiutil.ErrValidation, apiutil.ErrUnsupportedContentType)
 	}
 
-	req := setThingParentGroupReq{
+	req := setClientParentGroupReq{
 		id: chi.URLParam(r, clientID),
 	}
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
@@ -184,8 +184,8 @@ func decodeSetThingParentGroupStatus(_ context.Context, r *http.Request) (interf
 	return req, nil
 }
 
-func decodeRemoveThingParentGroupStatus(_ context.Context, r *http.Request) (interface{}, error) {
-	req := removeThingParentGroupReq{
+func decodeRemoveClientParentGroupStatus(_ context.Context, r *http.Request) (interface{}, error) {
+	req := removeClientParentGroupReq{
 		id: chi.URLParam(r, clientID),
 	}
 
diff --git a/clients/api/http/endpoints.go b/clients/api/http/endpoints.go
index 4045da1257..f6b0fb92c4 100644
--- a/clients/api/http/endpoints.go
+++ b/clients/api/http/endpoints.go
@@ -27,13 +27,13 @@ func createClientEndpoint(svc clients.Service) endpoint.Endpoint {
 			return nil, svcerr.ErrAuthentication
 		}
 
-		thing, err := svc.CreateClients(ctx, session, req.client)
+		client, err := svc.CreateClients(ctx, session, req.client)
 		if err != nil {
 			return nil, err
 		}
 
 		return createClientRes{
-			Client:  thing[0],
+			Client:  client[0],
 			created: true,
 		}, nil
 	}
@@ -51,7 +51,7 @@ func createClientsEndpoint(svc clients.Service) endpoint.Endpoint {
 			return nil, svcerr.ErrAuthentication
 		}
 
-		page, err := svc.CreateClients(ctx, session, req.Things...)
+		page, err := svc.CreateClients(ctx, session, req.Clients...)
 		if err != nil {
 			return nil, err
 		}
@@ -251,7 +251,7 @@ func disableClientEndpoint(svc clients.Service) endpoint.Endpoint {
 
 func setClientParentGroupEndpoint(svc clients.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
-		req := request.(setThingParentGroupReq)
+		req := request.(setClientParentGroupReq)
 		if err := req.validate(); err != nil {
 			return nil, errors.Wrap(apiutil.ErrValidation, err)
 		}
@@ -270,7 +270,7 @@ func setClientParentGroupEndpoint(svc clients.Service) endpoint.Endpoint {
 
 func removeClientParentGroupEndpoint(svc clients.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
-		req := request.(removeThingParentGroupReq)
+		req := request.(removeClientParentGroupReq)
 		if err := req.validate(); err != nil {
 			return nil, errors.Wrap(apiutil.ErrValidation, err)
 		}
diff --git a/clients/api/http/endpoints_test.go b/clients/api/http/endpoints_test.go
index dbac3798f6..4290d20eb3 100644
--- a/clients/api/http/endpoints_test.go
+++ b/clients/api/http/endpoints_test.go
@@ -87,7 +87,7 @@ func toJSON(data interface{}) string {
 	return string(jsonData)
 }
 
-func newThingsServer() (*httptest.Server, *mocks.Service, *authnmocks.Authentication) {
+func newClientsServer() (*httptest.Server, *mocks.Service, *authnmocks.Authentication) {
 	svc := new(mocks.Service)
 	authn := new(authnmocks.Authentication)
 
@@ -98,8 +98,8 @@ func newThingsServer() (*httptest.Server, *mocks.Service, *authnmocks.Authentica
 	return httptest.NewServer(mux), svc, authn
 }
 
-func TestCreateThing(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestCreateClient(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
@@ -124,7 +124,7 @@ func TestCreateThing(t *testing.T) {
 			err:         nil,
 		},
 		{
-			desc:        "register an existing thing",
+			desc:        "register an existing client",
 			client:      client,
 			domainID:    domainID,
 			token:       validToken,
@@ -218,7 +218,7 @@ func TestCreateThing(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodPost,
-				url:         fmt.Sprintf("%s/%s/things/", ts.URL, tc.domainID),
+				url:         fmt.Sprintf("%s/%s/clients/", ts.URL, tc.domainID),
 				contentType: tc.contentType,
 				token:       tc.token,
 				body:        strings.NewReader(data),
@@ -242,8 +242,8 @@ func TestCreateThing(t *testing.T) {
 	}
 }
 
-func TestCreateThings(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestCreateClients(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	num := 3
@@ -388,7 +388,7 @@ func TestCreateThings(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodPost,
-				url:         fmt.Sprintf("%s/%s/things/bulk", ts.URL, domainID),
+				url:         fmt.Sprintf("%s/%s/clients/bulk", ts.URL, domainID),
 				contentType: tc.contentType,
 				token:       tc.token,
 				body:        strings.NewReader(data),
@@ -414,20 +414,20 @@ func TestCreateThings(t *testing.T) {
 	}
 }
 
-func TestListThings(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestListClients(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
-		desc               string
-		query              string
-		domainID           string
-		token              string
-		listThingsResponse clients.ClientsPage
-		status             int
-		authnRes           mgauthn.Session
-		authnErr           error
-		err                error
+		desc                string
+		query               string
+		domainID            string
+		token               string
+		listClientsResponse clients.ClientsPage
+		status              int
+		authnRes            mgauthn.Session
+		authnErr            error
+		err                 error
 	}{
 		{
 			desc:     "list clients as admin with valid token",
@@ -435,7 +435,7 @@ func TestListThings(t *testing.T) {
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false},
 			status:   http.StatusOK,
-			listThingsResponse: clients.ClientsPage{
+			listClientsResponse: clients.ClientsPage{
 				Page: clients.Page{
 					Total: 1,
 				},
@@ -449,7 +449,7 @@ func TestListThings(t *testing.T) {
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false},
 			status:   http.StatusOK,
-			listThingsResponse: clients.ClientsPage{
+			listClientsResponse: clients.ClientsPage{
 				Page: clients.Page{
 					Total: 1,
 				},
@@ -477,7 +477,7 @@ func TestListThings(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false},
-			listThingsResponse: clients.ClientsPage{
+			listClientsResponse: clients.ClientsPage{
 				Page: clients.Page{
 					Offset: 1,
 					Total:  1,
@@ -502,7 +502,7 @@ func TestListThings(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false},
-			listThingsResponse: clients.ClientsPage{
+			listClientsResponse: clients.ClientsPage{
 				Page: clients.Page{
 					Limit: 1,
 					Total: 1,
@@ -536,7 +536,7 @@ func TestListThings(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false},
-			listThingsResponse: clients.ClientsPage{
+			listClientsResponse: clients.ClientsPage{
 				Page: clients.Page{
 					Total: 1,
 				},
@@ -569,7 +569,7 @@ func TestListThings(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false},
-			listThingsResponse: clients.ClientsPage{
+			listClientsResponse: clients.ClientsPage{
 				Page: clients.Page{
 					Total: 1,
 				},
@@ -602,7 +602,7 @@ func TestListThings(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false},
-			listThingsResponse: clients.ClientsPage{
+			listClientsResponse: clients.ClientsPage{
 				Page: clients.Page{
 					Total: 1,
 				},
@@ -635,7 +635,7 @@ func TestListThings(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false},
-			listThingsResponse: clients.ClientsPage{
+			listClientsResponse: clients.ClientsPage{
 				Page: clients.Page{
 					Total: 1,
 				},
@@ -668,7 +668,7 @@ func TestListThings(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false},
-			listThingsResponse: clients.ClientsPage{
+			listClientsResponse: clients.ClientsPage{
 				Page: clients.Page{
 					Total: 1,
 				},
@@ -701,7 +701,7 @@ func TestListThings(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false},
-			listThingsResponse: clients.ClientsPage{
+			listClientsResponse: clients.ClientsPage{
 				Page: clients.Page{
 					Total: 1,
 				},
@@ -736,13 +736,13 @@ func TestListThings(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodGet,
-				url:         ts.URL + "/" + tc.domainID + "/things?" + tc.query,
+				url:         ts.URL + "/" + tc.domainID + "/clients?" + tc.query,
 				contentType: contentType,
 				token:       tc.token,
 			}
 
 			authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.authnRes, tc.authnErr)
-			svcCall := svc.On("ListClients", mock.Anything, tc.authnRes, "", mock.Anything).Return(tc.listThingsResponse, tc.err)
+			svcCall := svc.On("ListClients", mock.Anything, tc.authnRes, "", mock.Anything).Return(tc.listClientsResponse, tc.err)
 			res, err := req.make()
 			assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err))
 
@@ -760,8 +760,8 @@ func TestListThings(t *testing.T) {
 	}
 }
 
-func TestViewThing(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestViewClient(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
@@ -818,7 +818,7 @@ func TestViewThing(t *testing.T) {
 			req := testRequest{
 				client: ts.Client(),
 				method: http.MethodGet,
-				url:    fmt.Sprintf("%s/%s/things/%s", ts.URL, tc.domainID, tc.id),
+				url:    fmt.Sprintf("%s/%s/clients/%s", ts.URL, tc.domainID, tc.id),
 				token:  tc.token,
 			}
 
@@ -840,15 +840,15 @@ func TestViewThing(t *testing.T) {
 	}
 }
 
-func TestViewThingPerms(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestViewClientPerms(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
 		desc     string
 		domainID string
 		token    string
-		thingID  string
+		clientID string
 		response []string
 		status   int
 		authnRes mgauthn.Session
@@ -860,7 +860,7 @@ func TestViewThingPerms(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
-			thingID:  client.ID,
+			clientID: client.ID,
 			response: []string{"view", "delete", "membership"},
 			status:   http.StatusOK,
 
@@ -870,7 +870,7 @@ func TestViewThingPerms(t *testing.T) {
 			desc:     "view client permissions with invalid token",
 			domainID: domainID,
 			token:    inValidToken,
-			thingID:  client.ID,
+			clientID: client.ID,
 			response: []string{},
 			status:   http.StatusUnauthorized,
 			authnErr: svcerr.ErrAuthentication,
@@ -880,7 +880,7 @@ func TestViewThingPerms(t *testing.T) {
 			desc:     "view client permissions with empty token",
 			domainID: domainID,
 			token:    "",
-			thingID:  client.ID,
+			clientID: client.ID,
 			response: []string{},
 			status:   http.StatusUnauthorized,
 			err:      apiutil.ErrBearerToken,
@@ -890,7 +890,7 @@ func TestViewThingPerms(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
-			thingID:  inValid,
+			clientID: inValid,
 			response: []string{},
 			status:   http.StatusForbidden,
 
@@ -901,7 +901,7 @@ func TestViewThingPerms(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			authnRes: mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
-			thingID:  "",
+			clientID: "",
 			response: []string{},
 			status:   http.StatusBadRequest,
 
@@ -914,12 +914,12 @@ func TestViewThingPerms(t *testing.T) {
 			req := testRequest{
 				client: ts.Client(),
 				method: http.MethodGet,
-				url:    fmt.Sprintf("%s/%s/things/%s/permissions", ts.URL, tc.domainID, tc.thingID),
+				url:    fmt.Sprintf("%s/%s/clients/%s/permissions", ts.URL, tc.domainID, tc.clientID),
 				token:  tc.token,
 			}
 
 			authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.authnRes, tc.authnErr)
-			svcCall := svc.On("ViewPerms", mock.Anything, tc.authnRes, tc.thingID).Return(tc.response, tc.err)
+			svcCall := svc.On("ViewPerms", mock.Anything, tc.authnRes, tc.clientID).Return(tc.response, tc.err)
 			res, err := req.make()
 			assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err))
 			var resBody respBody
@@ -937,8 +937,8 @@ func TestViewThingPerms(t *testing.T) {
 	}
 }
 
-func TestUpdateThing(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestUpdateClient(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	newName := "newname"
@@ -1052,7 +1052,7 @@ func TestUpdateThing(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodPatch,
-				url:         fmt.Sprintf("%s/%s/things/%s", ts.URL, tc.domainID, tc.id),
+				url:         fmt.Sprintf("%s/%s/clients/%s", ts.URL, tc.domainID, tc.id),
 				contentType: tc.contentType,
 				token:       tc.token,
 				body:        strings.NewReader(tc.data),
@@ -1081,8 +1081,8 @@ func TestUpdateThing(t *testing.T) {
 	}
 }
 
-func TestUpdateThingsTags(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestUpdateClientsTags(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	newTag := "newtag"
@@ -1191,7 +1191,7 @@ func TestUpdateThingsTags(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodPatch,
-				url:         fmt.Sprintf("%s/%s/things/%s/tags", ts.URL, tc.domainID, tc.id),
+				url:         fmt.Sprintf("%s/%s/clients/%s/tags", ts.URL, tc.domainID, tc.id),
 				contentType: tc.contentType,
 				token:       tc.token,
 				body:        strings.NewReader(tc.data),
@@ -1216,7 +1216,7 @@ func TestUpdateThingsTags(t *testing.T) {
 }
 
 func TestUpdateClientSecret(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
@@ -1359,7 +1359,7 @@ func TestUpdateClientSecret(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodPatch,
-				url:         fmt.Sprintf("%s/%s/things/%s/secret", ts.URL, tc.domainID, tc.client.ID),
+				url:         fmt.Sprintf("%s/%s/clients/%s/secret", ts.URL, tc.domainID, tc.client.ID),
 				contentType: tc.contentType,
 				token:       tc.token,
 				body:        strings.NewReader(tc.data),
@@ -1383,8 +1383,8 @@ func TestUpdateClientSecret(t *testing.T) {
 	}
 }
 
-func TestEnableThing(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestEnableClient(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
@@ -1441,7 +1441,7 @@ func TestEnableThing(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodPost,
-				url:         fmt.Sprintf("%s/%s/things/%s/enable", ts.URL, tc.domainID, tc.client.ID),
+				url:         fmt.Sprintf("%s/%s/clients/%s/enable", ts.URL, tc.domainID, tc.client.ID),
 				contentType: contentType,
 				token:       tc.token,
 				body:        strings.NewReader(data),
@@ -1468,8 +1468,8 @@ func TestEnableThing(t *testing.T) {
 	}
 }
 
-func TestDisableThing(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestDisableClient(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
@@ -1526,7 +1526,7 @@ func TestDisableThing(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodPost,
-				url:         fmt.Sprintf("%s/%s/things/%s/disable", ts.URL, tc.domainID, tc.client.ID),
+				url:         fmt.Sprintf("%s/%s/clients/%s/disable", ts.URL, tc.domainID, tc.client.ID),
 				contentType: contentType,
 				token:       tc.token,
 				body:        strings.NewReader(data),
@@ -1553,14 +1553,14 @@ func TestDisableThing(t *testing.T) {
 	}
 }
 
-func TestShareThing(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestShareClient(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
 		desc        string
 		data        string
-		thingID     string
+		clientID    string
 		domainID    string
 		token       string
 		contentType string
@@ -1572,7 +1572,7 @@ func TestShareThing(t *testing.T) {
 		{
 			desc:        "share client with valid token",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1584,7 +1584,7 @@ func TestShareThing(t *testing.T) {
 		{
 			desc:        "share client with invalid token",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       inValidToken,
 			contentType: contentType,
@@ -1595,7 +1595,7 @@ func TestShareThing(t *testing.T) {
 		{
 			desc:        "share client with empty token",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       "",
 			contentType: contentType,
@@ -1605,7 +1605,7 @@ func TestShareThing(t *testing.T) {
 		{
 			desc:        "share client with empty id",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     " ",
+			clientID:    " ",
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1617,7 +1617,7 @@ func TestShareThing(t *testing.T) {
 		{
 			desc:        "share client with missing relation",
 			data:        fmt.Sprintf(`{"relation": "%s", user_ids" : ["%s", "%s"]}`, " ", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1629,7 +1629,7 @@ func TestShareThing(t *testing.T) {
 		{
 			desc:        "share client with malformed data",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : [%s, "%s"]}`, "editor", "invalid", validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1641,7 +1641,7 @@ func TestShareThing(t *testing.T) {
 		{
 			desc:        "share client with empty client id",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     "",
+			clientID:    "",
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1653,7 +1653,7 @@ func TestShareThing(t *testing.T) {
 		{
 			desc:        "share client with empty relation",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, " ", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1665,7 +1665,7 @@ func TestShareThing(t *testing.T) {
 		{
 			desc:        "share client with empty user ids",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : [" ", " "]}`, "editor"),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1677,7 +1677,7 @@ func TestShareThing(t *testing.T) {
 		{
 			desc:        "share client with invalid content type",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1693,14 +1693,14 @@ func TestShareThing(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodPost,
-				url:         fmt.Sprintf("%s/%s/things/%s/share", ts.URL, tc.domainID, tc.thingID),
+				url:         fmt.Sprintf("%s/%s/clients/%s/share", ts.URL, tc.domainID, tc.clientID),
 				contentType: tc.contentType,
 				token:       tc.token,
 				body:        strings.NewReader(tc.data),
 			}
 
 			authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.authnRes, tc.authnErr)
-			svcCall := svc.On("Share", mock.Anything, tc.authnRes, tc.thingID, mock.Anything, mock.Anything, mock.Anything).Return(tc.err)
+			svcCall := svc.On("Share", mock.Anything, tc.authnRes, tc.clientID, mock.Anything, mock.Anything, mock.Anything).Return(tc.err)
 			res, err := req.make()
 			assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err))
 			assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", tc.desc, tc.status, res.StatusCode))
@@ -1710,14 +1710,14 @@ func TestShareThing(t *testing.T) {
 	}
 }
 
-func TestUnShareThing(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestUnShareClient(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
 		desc        string
 		data        string
-		thingID     string
+		clientID    string
 		domainID    string
 		token       string
 		contentType string
@@ -1729,7 +1729,7 @@ func TestUnShareThing(t *testing.T) {
 		{
 			desc:        "unshare client with valid token",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1741,7 +1741,7 @@ func TestUnShareThing(t *testing.T) {
 		{
 			desc:        "unshare client with invalid token",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       inValidToken,
 			contentType: contentType,
@@ -1752,7 +1752,7 @@ func TestUnShareThing(t *testing.T) {
 		{
 			desc:        "unshare client with empty token",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       "",
 			contentType: contentType,
@@ -1762,7 +1762,7 @@ func TestUnShareThing(t *testing.T) {
 		{
 			desc:        "unshare client with empty id",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     " ",
+			clientID:    " ",
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1774,7 +1774,7 @@ func TestUnShareThing(t *testing.T) {
 		{
 			desc:        "unshare client with missing relation",
 			data:        fmt.Sprintf(`{"relation": "%s", user_ids" : ["%s", "%s"]}`, " ", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1786,7 +1786,7 @@ func TestUnShareThing(t *testing.T) {
 		{
 			desc:        "unshare client with malformed data",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : [%s, "%s"]}`, "editor", "invalid", validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1798,7 +1798,7 @@ func TestUnShareThing(t *testing.T) {
 		{
 			desc:        "unshare client with empty client id",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     "",
+			clientID:    "",
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1810,7 +1810,7 @@ func TestUnShareThing(t *testing.T) {
 		{
 			desc:        "unshare client with empty relation",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, " ", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1822,7 +1822,7 @@ func TestUnShareThing(t *testing.T) {
 		{
 			desc:        "unshare client with empty user ids",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : [" ", " "]}`, "editor"),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1834,7 +1834,7 @@ func TestUnShareThing(t *testing.T) {
 		{
 			desc:        "unshare client with invalid content type",
 			data:        fmt.Sprintf(`{"relation": "%s", "user_ids" : ["%s", "%s"]}`, "editor", validID, validID),
-			thingID:     client.ID,
+			clientID:    client.ID,
 			domainID:    domainID,
 			token:       validToken,
 			authnRes:    mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID},
@@ -1850,14 +1850,14 @@ func TestUnShareThing(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodPost,
-				url:         fmt.Sprintf("%s/%s/things/%s/unshare", ts.URL, tc.domainID, tc.thingID),
+				url:         fmt.Sprintf("%s/%s/clients/%s/unshare", ts.URL, tc.domainID, tc.clientID),
 				contentType: tc.contentType,
 				token:       tc.token,
 				body:        strings.NewReader(tc.data),
 			}
 
 			authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.authnRes, tc.authnErr)
-			svcCall := svc.On("Unshare", mock.Anything, tc.authnRes, tc.thingID, mock.Anything, mock.Anything, mock.Anything).Return(tc.err)
+			svcCall := svc.On("Unshare", mock.Anything, tc.authnRes, tc.clientID, mock.Anything, mock.Anything, mock.Anything).Return(tc.err)
 			res, err := req.make()
 			assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err))
 			assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", tc.desc, tc.status, res.StatusCode))
@@ -1867,8 +1867,8 @@ func TestUnShareThing(t *testing.T) {
 	}
 }
 
-func TestDeleteThing(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+func TestDeleteClient(t *testing.T) {
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
@@ -1926,7 +1926,7 @@ func TestDeleteThing(t *testing.T) {
 			req := testRequest{
 				client: ts.Client(),
 				method: http.MethodDelete,
-				url:    fmt.Sprintf("%s/%s/things/%s", ts.URL, tc.domainID, tc.id),
+				url:    fmt.Sprintf("%s/%s/clients/%s", ts.URL, tc.domainID, tc.id),
 				token:  tc.token,
 			}
 
@@ -1942,7 +1942,7 @@ func TestDeleteThing(t *testing.T) {
 }
 
 func TestListMembers(t *testing.T) {
-	ts, svc, authn := newThingsServer()
+	ts, svc, authn := newClientsServer()
 	defer ts.Close()
 
 	cases := []struct {
@@ -2318,7 +2318,7 @@ func TestListMembers(t *testing.T) {
 			req := testRequest{
 				client:      ts.Client(),
 				method:      http.MethodGet,
-				url:         ts.URL + fmt.Sprintf("/%s/channels/%s/things?", tc.domainID, tc.groupID) + tc.query,
+				url:         ts.URL + fmt.Sprintf("/%s/channels/%s/clients?", tc.domainID, tc.groupID) + tc.query,
 				contentType: contentType,
 				token:       tc.token,
 			}
diff --git a/clients/api/http/requests.go b/clients/api/http/requests.go
index 31673a6ab6..d5bab68881 100644
--- a/clients/api/http/requests.go
+++ b/clients/api/http/requests.go
@@ -25,14 +25,14 @@ func (req createClientReq) validate() error {
 }
 
 type createClientsReq struct {
-	Things []clients.Client
+	Clients []clients.Client
 }
 
 func (req createClientsReq) validate() error {
-	if len(req.Things) == 0 {
+	if len(req.Clients) == 0 {
 		return apiutil.ErrEmptyList
 	}
-	for _, c := range req.Things {
+	for _, c := range req.Clients {
 		if c.ID != "" {
 			if err := api.ValidateUUID(c.ID); err != nil {
 				return err
@@ -175,12 +175,12 @@ func (req changeClientStatusReq) validate() error {
 	return nil
 }
 
-type setThingParentGroupReq struct {
+type setClientParentGroupReq struct {
 	id            string
 	ParentGroupID string `json:"parent_group_id"`
 }
 
-func (req setThingParentGroupReq) validate() error {
+func (req setClientParentGroupReq) validate() error {
 	if req.id == "" {
 		return apiutil.ErrMissingID
 	}
@@ -190,11 +190,11 @@ func (req setThingParentGroupReq) validate() error {
 	return nil
 }
 
-type removeThingParentGroupReq struct {
+type removeClientParentGroupReq struct {
 	id string
 }
 
-func (req removeThingParentGroupReq) validate() error {
+func (req removeClientParentGroupReq) validate() error {
 	if req.id == "" {
 		return apiutil.ErrMissingID
 	}
diff --git a/clients/api/http/requests_test.go b/clients/api/http/requests_test.go
index 2ff200e929..ab7f15a4ff 100644
--- a/clients/api/http/requests_test.go
+++ b/clients/api/http/requests_test.go
@@ -22,7 +22,7 @@ const (
 
 var validID = testsutil.GenerateUUID(&testing.T{})
 
-func TestCreateThingReqValidate(t *testing.T) {
+func TestCreateClientReqValidate(t *testing.T) {
 	cases := []struct {
 		desc string
 		req  createClientReq
@@ -67,7 +67,7 @@ func TestCreateThingReqValidate(t *testing.T) {
 	}
 }
 
-func TestCreateThingsReqValidate(t *testing.T) {
+func TestCreateClientsReqValidate(t *testing.T) {
 	cases := []struct {
 		desc string
 		req  createClientsReq
@@ -76,7 +76,7 @@ func TestCreateThingsReqValidate(t *testing.T) {
 		{
 			desc: "valid request",
 			req: createClientsReq{
-				Things: []clients.Client{
+				Clients: []clients.Client{
 					{
 						ID:   validID,
 						Name: valid,
@@ -88,14 +88,14 @@ func TestCreateThingsReqValidate(t *testing.T) {
 		{
 			desc: "empty list",
 			req: createClientsReq{
-				Things: []clients.Client{},
+				Clients: []clients.Client{},
 			},
 			err: apiutil.ErrEmptyList,
 		},
 		{
 			desc: "name too long",
 			req: createClientsReq{
-				Things: []clients.Client{
+				Clients: []clients.Client{
 					{
 						ID:   validID,
 						Name: strings.Repeat("a", api.MaxNameSize+1),
@@ -107,7 +107,7 @@ func TestCreateThingsReqValidate(t *testing.T) {
 		{
 			desc: "invalid id",
 			req: createClientsReq{
-				Things: []clients.Client{
+				Clients: []clients.Client{
 					{
 						ID:   invalid,
 						Name: valid,
diff --git a/clients/api/http/responses.go b/clients/api/http/responses.go
index 9f3c8274b1..d3a51d44fd 100644
--- a/clients/api/http/responses.go
+++ b/clients/api/http/responses.go
@@ -42,7 +42,7 @@ func (res createClientRes) Code() int {
 func (res createClientRes) Headers() map[string]string {
 	if res.created {
 		return map[string]string{
-			"Location": fmt.Sprintf("/things/%s", res.ID),
+			"Location": fmt.Sprintf("/clients/%s", res.ID),
 		}
 	}
 
diff --git a/clients/api/http/transport.go b/clients/api/http/transport.go
index 38a1adca94..a7cd8b551d 100644
--- a/clients/api/http/transport.go
+++ b/clients/api/http/transport.go
@@ -14,7 +14,7 @@ import (
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 )
 
-// MakeHandler returns a HTTP handler for Things and Groups API endpoints.
+// MakeHandler returns a HTTP handler for clients and Groups API endpoints.
 func MakeHandler(tsvc clients.Service, authn mgauthn.Authentication, mux *chi.Mux, logger *slog.Logger, instanceID string) http.Handler {
 	mux = clientsHandler(tsvc, authn, mux, logger)
 
diff --git a/clients/cache/things.go b/clients/cache/things.go
index bbd5ab3271..7b8536cd5b 100644
--- a/clients/cache/things.go
+++ b/clients/cache/things.go
@@ -15,58 +15,58 @@ import (
 )
 
 const (
-	keyPrefix = "thing_key"
+	keyPrefix = "client_key"
 	idPrefix  = "client_id"
 )
 
-var _ clients.Cache = (*thingCache)(nil)
+var _ clients.Cache = (*clientCache)(nil)
 
-type thingCache struct {
+type clientCache struct {
 	client      *redis.Client
 	keyDuration time.Duration
 }
 
 // NewCache returns redis client cache implementation.
 func NewCache(client *redis.Client, duration time.Duration) clients.Cache {
-	return &thingCache{
+	return &clientCache{
 		client:      client,
 		keyDuration: duration,
 	}
 }
 
-func (tc *thingCache) Save(ctx context.Context, thingKey, thingID string) error {
-	if thingKey == "" || thingID == "" {
+func (tc *clientCache) Save(ctx context.Context, clientKey, clientID string) error {
+	if clientKey == "" || clientID == "" {
 		return errors.Wrap(repoerr.ErrCreateEntity, errors.New("client key or client id is empty"))
 	}
-	tkey := fmt.Sprintf("%s:%s", keyPrefix, thingKey)
-	if err := tc.client.Set(ctx, tkey, thingID, tc.keyDuration).Err(); err != nil {
+	tkey := fmt.Sprintf("%s:%s", keyPrefix, clientKey)
+	if err := tc.client.Set(ctx, tkey, clientID, tc.keyDuration).Err(); err != nil {
 		return errors.Wrap(repoerr.ErrCreateEntity, err)
 	}
 
-	tid := fmt.Sprintf("%s:%s", idPrefix, thingID)
-	if err := tc.client.Set(ctx, tid, thingKey, tc.keyDuration).Err(); err != nil {
+	tid := fmt.Sprintf("%s:%s", idPrefix, clientID)
+	if err := tc.client.Set(ctx, tid, clientKey, tc.keyDuration).Err(); err != nil {
 		return errors.Wrap(repoerr.ErrCreateEntity, err)
 	}
 
 	return nil
 }
 
-func (tc *thingCache) ID(ctx context.Context, thingKey string) (string, error) {
-	if thingKey == "" {
+func (tc *clientCache) ID(ctx context.Context, clientKey string) (string, error) {
+	if clientKey == "" {
 		return "", repoerr.ErrNotFound
 	}
 
-	tkey := fmt.Sprintf("%s:%s", keyPrefix, thingKey)
-	thingID, err := tc.client.Get(ctx, tkey).Result()
+	tkey := fmt.Sprintf("%s:%s", keyPrefix, clientKey)
+	clientID, err := tc.client.Get(ctx, tkey).Result()
 	if err != nil {
 		return "", errors.Wrap(repoerr.ErrNotFound, err)
 	}
 
-	return thingID, nil
+	return clientID, nil
 }
 
-func (tc *thingCache) Remove(ctx context.Context, thingID string) error {
-	tid := fmt.Sprintf("%s:%s", idPrefix, thingID)
+func (tc *clientCache) Remove(ctx context.Context, clientID string) error {
+	tid := fmt.Sprintf("%s:%s", idPrefix, clientID)
 	key, err := tc.client.Get(ctx, tid).Result()
 	// Redis returns Nil Reply when key does not exist.
 	if err == redis.Nil {
diff --git a/clients/cache/things_test.go b/clients/cache/things_test.go
index d903fd031b..679c4130bb 100644
--- a/clients/cache/things_test.go
+++ b/clients/cache/things_test.go
@@ -115,7 +115,7 @@ func TestID(t *testing.T) {
 			err:  nil,
 		},
 		{
-			desc: "Get client ID from cache for non existing thing",
+			desc: "Get client ID from cache for non existing client",
 			key:  "nonExistingKey",
 			id:   "",
 			err:  repoerr.ErrNotFound,
diff --git a/clients/clients.go b/clients/clients.go
index d91284e3d2..9eee3c5851 100644
--- a/clients/clients.go
+++ b/clients/clients.go
@@ -72,21 +72,21 @@ type Repository interface {
 
 	RemoveConnections(ctx context.Context, conns []Connection) error
 
-	ThingConnectionsCount(ctx context.Context, id string) (uint64, error)
+	ClientConnectionsCount(ctx context.Context, id string) (uint64, error)
 
-	DoesThingHaveConnections(ctx context.Context, id string) (bool, error)
+	DoesClientHaveConnections(ctx context.Context, id string) (bool, error)
 
 	RemoveChannelConnections(ctx context.Context, channelID string) error
 
-	RemoveThingConnections(ctx context.Context, thingID string) error
+	RemoveClientConnections(ctx context.Context, clientID string) error
 
 	// SetParentGroup set parent group id to a given channel id
-	SetParentGroup(ctx context.Context, th Client) error
+	SetParentGroup(ctx context.Context, cli Client) error
 
 	// RemoveParentGroup remove parent group id fr given chanel id
-	RemoveParentGroup(ctx context.Context, th Client) error
+	RemoveParentGroup(ctx context.Context, cli Client) error
 
-	RetrieveParentGroupThings(ctx context.Context, parentGroupID string) ([]Client, error)
+	RetrieveParentGroupClients(ctx context.Context, parentGroupID string) ([]Client, error)
 
 	UnsetParentGroupFromClient(ctx context.Context, parentGroupID string) error
 
diff --git a/clients/events/events.go b/clients/events/events.go
index f7f6865dbb..985617912b 100644
--- a/clients/events/events.go
+++ b/clients/events/events.go
@@ -278,18 +278,18 @@ func (lcge listClientByGroupEvent) Encode() (map[string]interface{}, error) {
 }
 
 type identifyClientEvent struct {
-	thingID string
+	clientID string
 }
 
 func (ice identifyClientEvent) Encode() (map[string]interface{}, error) {
 	return map[string]interface{}{
 		"operation": clientIdentify,
-		"id":        ice.thingID,
+		"id":        ice.clientID,
 	}, nil
 }
 
 type authorizeClientEvent struct {
-	thingID    string
+	clientID   string
 	channelID  string
 	permission string
 }
@@ -297,7 +297,7 @@ type authorizeClientEvent struct {
 func (ice authorizeClientEvent) Encode() (map[string]interface{}, error) {
 	val := map[string]interface{}{
 		"operation": clientAuthorize,
-		"id":        ice.thingID,
+		"id":        ice.clientID,
 	}
 
 	if ice.permission != "" {
diff --git a/clients/events/streams.go b/clients/events/streams.go
index 081acbd758..194ea3c786 100644
--- a/clients/events/streams.go
+++ b/clients/events/streams.go
@@ -40,21 +40,21 @@ func NewEventStoreMiddleware(ctx context.Context, svc clients.Service, url strin
 }
 
 func (es *eventStore) CreateClients(ctx context.Context, session authn.Session, clients ...clients.Client) ([]clients.Client, error) {
-	sths, err := es.svc.CreateClients(ctx, session, clients...)
+	clis, err := es.svc.CreateClients(ctx, session, clients...)
 	if err != nil {
-		return sths, err
+		return clis, err
 	}
 
-	for _, th := range sths {
+	for _, cli := range clis {
 		event := createClientEvent{
-			th,
+			cli,
 		}
 		if err := es.Publish(ctx, event); err != nil {
-			return sths, err
+			return clis, err
 		}
 	}
 
-	return sths, nil
+	return clis, nil
 }
 
 func (es *eventStore) Update(ctx context.Context, session authn.Session, client clients.Client) (clients.Client, error) {
@@ -97,19 +97,19 @@ func (es *eventStore) update(ctx context.Context, operation string, client clien
 }
 
 func (es *eventStore) View(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
-	thi, err := es.svc.View(ctx, session, id)
+	cli, err := es.svc.View(ctx, session, id)
 	if err != nil {
-		return thi, err
+		return cli, err
 	}
 
 	event := viewClientEvent{
-		thi,
+		cli,
 	}
 	if err := es.Publish(ctx, event); err != nil {
-		return thi, err
+		return cli, err
 	}
 
-	return thi, nil
+	return cli, nil
 }
 
 func (es *eventStore) ListClients(ctx context.Context, session authn.Session, reqUserID string, pm clients.Page) (clients.ClientsPage, error) {
@@ -129,35 +129,35 @@ func (es *eventStore) ListClients(ctx context.Context, session authn.Session, re
 }
 
 func (es *eventStore) Enable(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
-	thi, err := es.svc.Enable(ctx, session, id)
+	cli, err := es.svc.Enable(ctx, session, id)
 	if err != nil {
-		return thi, err
+		return cli, err
 	}
 
-	return es.changeStatus(ctx, thi)
+	return es.changeStatus(ctx, cli)
 }
 
 func (es *eventStore) Disable(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
-	thi, err := es.svc.Disable(ctx, session, id)
+	cli, err := es.svc.Disable(ctx, session, id)
 	if err != nil {
-		return thi, err
+		return cli, err
 	}
 
-	return es.changeStatus(ctx, thi)
+	return es.changeStatus(ctx, cli)
 }
 
-func (es *eventStore) changeStatus(ctx context.Context, thi clients.Client) (clients.Client, error) {
+func (es *eventStore) changeStatus(ctx context.Context, cli clients.Client) (clients.Client, error) {
 	event := changeStatusClientEvent{
-		id:        thi.ID,
-		updatedAt: thi.UpdatedAt,
-		updatedBy: thi.UpdatedBy,
-		status:    thi.Status.String(),
+		id:        cli.ID,
+		updatedAt: cli.UpdatedAt,
+		updatedBy: cli.UpdatedBy,
+		status:    cli.Status.String(),
 	}
 	if err := es.Publish(ctx, event); err != nil {
-		return thi, err
+		return cli, err
 	}
 
-	return thi, nil
+	return cli, nil
 }
 
 func (es *eventStore) Delete(ctx context.Context, session authn.Session, id string) error {
diff --git a/clients/middleware/authorization.go b/clients/middleware/authorization.go
index 4f048c0c0e..3b8a4cc801 100644
--- a/clients/middleware/authorization.go
+++ b/clients/middleware/authorization.go
@@ -43,9 +43,9 @@ type authorizationMiddleware struct {
 }
 
 // AuthorizationMiddleware adds authorization to the clients service.
-func AuthorizationMiddleware(entityType string, svc clients.Service, authz authz.Authorization, repo clients.Repository, thingsOpPerm, rolesOpPerm map[svcutil.Operation]svcutil.Permission, extOpPerm map[svcutil.ExternalOperation]svcutil.Permission) (clients.Service, error) {
+func AuthorizationMiddleware(entityType string, svc clients.Service, authz authz.Authorization, repo clients.Repository, clientsOpPerm, rolesOpPerm map[svcutil.Operation]svcutil.Permission, extOpPerm map[svcutil.ExternalOperation]svcutil.Permission) (clients.Service, error) {
 	opp := clients.NewOperationPerm()
-	if err := opp.AddOperationPermissionMap(thingsOpPerm); err != nil {
+	if err := opp.AddOperationPermissionMap(clientsOpPerm); err != nil {
 		return nil, err
 	}
 	if err := opp.Validate(); err != nil {
@@ -87,7 +87,7 @@ func (am *authorizationMiddleware) CreateClients(ctx context.Context, session au
 }
 
 func (am *authorizationMiddleware) View(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
-	if err := am.authorize(ctx, clients.OpViewThing, authz.PolicyReq{
+	if err := am.authorize(ctx, clients.OpViewClient, authz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,
 		Subject:     session.DomainUserID,
@@ -108,7 +108,7 @@ func (am *authorizationMiddleware) ListClients(ctx context.Context, session auth
 }
 
 func (am *authorizationMiddleware) Update(ctx context.Context, session authn.Session, client clients.Client) (clients.Client, error) {
-	if err := am.authorize(ctx, clients.OpUpdateThing, authz.PolicyReq{
+	if err := am.authorize(ctx, clients.OpUpdateClient, authz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,
 		Subject:     session.DomainUserID,
@@ -122,7 +122,7 @@ func (am *authorizationMiddleware) Update(ctx context.Context, session authn.Ses
 }
 
 func (am *authorizationMiddleware) UpdateTags(ctx context.Context, session authn.Session, client clients.Client) (clients.Client, error) {
-	if err := am.authorize(ctx, clients.OpUpdateThingTags, authz.PolicyReq{
+	if err := am.authorize(ctx, clients.OpUpdateClientTags, authz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,
 		Subject:     session.DomainUserID,
@@ -136,7 +136,7 @@ func (am *authorizationMiddleware) UpdateTags(ctx context.Context, session authn
 }
 
 func (am *authorizationMiddleware) UpdateSecret(ctx context.Context, session authn.Session, id, key string) (clients.Client, error) {
-	if err := am.authorize(ctx, clients.OpUpdateThingSecret, authz.PolicyReq{
+	if err := am.authorize(ctx, clients.OpUpdateClientSecret, authz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,
 		Subject:     session.DomainUserID,
@@ -149,7 +149,7 @@ func (am *authorizationMiddleware) UpdateSecret(ctx context.Context, session aut
 }
 
 func (am *authorizationMiddleware) Enable(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
-	if err := am.authorize(ctx, clients.OpEnableThing, authz.PolicyReq{
+	if err := am.authorize(ctx, clients.OpEnableClient, authz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,
 		Subject:     session.DomainUserID,
@@ -163,7 +163,7 @@ func (am *authorizationMiddleware) Enable(ctx context.Context, session authn.Ses
 }
 
 func (am *authorizationMiddleware) Disable(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
-	if err := am.authorize(ctx, clients.OpDisableThing, authz.PolicyReq{
+	if err := am.authorize(ctx, clients.OpDisableClient, authz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,
 		Subject:     session.DomainUserID,
@@ -176,7 +176,7 @@ func (am *authorizationMiddleware) Disable(ctx context.Context, session authn.Se
 }
 
 func (am *authorizationMiddleware) Delete(ctx context.Context, session authn.Session, id string) error {
-	if err := am.authorize(ctx, clients.OpDeleteThing, authz.PolicyReq{
+	if err := am.authorize(ctx, clients.OpDeleteClient, authz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,
 		Subject:     session.DomainUserID,
@@ -223,18 +223,18 @@ func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, sessio
 		return errors.Wrap(err, errRemoveParentGroup)
 	}
 
-	th, err := am.repo.RetrieveByID(ctx, id)
+	cli, err := am.repo.RetrieveByID(ctx, id)
 	if err != nil {
 		return errors.Wrap(svcerr.ErrRemoveEntity, err)
 	}
 
-	if th.ParentGroup != "" {
+	if cli.ParentGroup != "" {
 		if err := am.extAuthorize(ctx, clients.GroupOpSetChildClient, authz.PolicyReq{
 			Domain:      session.DomainID,
 			SubjectType: policies.UserType,
 			Subject:     session.DomainUserID,
 			ObjectType:  policies.GroupType,
-			Object:      th.ParentGroup,
+			Object:      cli.ParentGroup,
 		}); err != nil {
 			return errors.Wrap(err, errGroupRemoveChildClients)
 		}
diff --git a/clients/mocks/repository.go b/clients/mocks/repository.go
index 9ea25c452f..fc8b581994 100644
--- a/clients/mocks/repository.go
+++ b/clients/mocks/repository.go
@@ -95,6 +95,34 @@ func (_m *Repository) ChangeStatus(ctx context.Context, client clients.Client) (
 	return r0, r1
 }
 
+// ClientConnectionsCount provides a mock function with given fields: ctx, id
+func (_m *Repository) ClientConnectionsCount(ctx context.Context, id string) (uint64, error) {
+	ret := _m.Called(ctx, id)
+
+	if len(ret) == 0 {
+		panic("no return value specified for ClientConnectionsCount")
+	}
+
+	var r0 uint64
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, string) (uint64, error)); ok {
+		return rf(ctx, id)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, string) uint64); ok {
+		r0 = rf(ctx, id)
+	} else {
+		r0 = ret.Get(0).(uint64)
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, string) error); ok {
+		r1 = rf(ctx, id)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
 // Delete provides a mock function with given fields: ctx, clientIDs
 func (_m *Repository) Delete(ctx context.Context, clientIDs ...string) error {
 	_va := make([]interface{}, len(clientIDs))
@@ -120,12 +148,12 @@ func (_m *Repository) Delete(ctx context.Context, clientIDs ...string) error {
 	return r0
 }
 
-// DoesThingHaveConnections provides a mock function with given fields: ctx, id
-func (_m *Repository) DoesThingHaveConnections(ctx context.Context, id string) (bool, error) {
+// DoesClientHaveConnections provides a mock function with given fields: ctx, id
+func (_m *Repository) DoesClientHaveConnections(ctx context.Context, id string) (bool, error) {
 	ret := _m.Called(ctx, id)
 
 	if len(ret) == 0 {
-		panic("no return value specified for DoesThingHaveConnections")
+		panic("no return value specified for DoesClientHaveConnections")
 	}
 
 	var r0 bool
@@ -166,6 +194,24 @@ func (_m *Repository) RemoveChannelConnections(ctx context.Context, channelID st
 	return r0
 }
 
+// RemoveClientConnections provides a mock function with given fields: ctx, clientID
+func (_m *Repository) RemoveClientConnections(ctx context.Context, clientID string) error {
+	ret := _m.Called(ctx, clientID)
+
+	if len(ret) == 0 {
+		panic("no return value specified for RemoveClientConnections")
+	}
+
+	var r0 error
+	if rf, ok := ret.Get(0).(func(context.Context, string) error); ok {
+		r0 = rf(ctx, clientID)
+	} else {
+		r0 = ret.Error(0)
+	}
+
+	return r0
+}
+
 // RemoveConnections provides a mock function with given fields: ctx, conns
 func (_m *Repository) RemoveConnections(ctx context.Context, conns []clients.Connection) error {
 	ret := _m.Called(ctx, conns)
@@ -238,24 +284,6 @@ func (_m *Repository) RemoveRoles(ctx context.Context, roleIDs []string) error {
 	return r0
 }
 
-// RemoveThingConnections provides a mock function with given fields: ctx, thingID
-func (_m *Repository) RemoveThingConnections(ctx context.Context, thingID string) error {
-	ret := _m.Called(ctx, thingID)
-
-	if len(ret) == 0 {
-		panic("no return value specified for RemoveThingConnections")
-	}
-
-	var r0 error
-	if rf, ok := ret.Get(0).(func(context.Context, string) error); ok {
-		r0 = rf(ctx, thingID)
-	} else {
-		r0 = ret.Error(0)
-	}
-
-	return r0
-}
-
 // RetrieveAll provides a mock function with given fields: ctx, pm
 func (_m *Repository) RetrieveAll(ctx context.Context, pm clients.Page) (clients.ClientsPage, error) {
 	ret := _m.Called(ctx, pm)
@@ -463,12 +491,12 @@ func (_m *Repository) RetrieveEntitiesRolesActionsMembers(ctx context.Context, e
 	return r0, r1, r2
 }
 
-// RetrieveParentGroupThings provides a mock function with given fields: ctx, parentGroupID
-func (_m *Repository) RetrieveParentGroupThings(ctx context.Context, parentGroupID string) ([]clients.Client, error) {
+// RetrieveParentGroupClients provides a mock function with given fields: ctx, parentGroupID
+func (_m *Repository) RetrieveParentGroupClients(ctx context.Context, parentGroupID string) ([]clients.Client, error) {
 	ret := _m.Called(ctx, parentGroupID)
 
 	if len(ret) == 0 {
-		panic("no return value specified for RetrieveParentGroupThings")
+		panic("no return value specified for RetrieveParentGroupClients")
 	}
 
 	var r0 []clients.Client
@@ -878,34 +906,6 @@ func (_m *Repository) SetParentGroup(ctx context.Context, th clients.Client) err
 	return r0
 }
 
-// ThingConnectionsCount provides a mock function with given fields: ctx, id
-func (_m *Repository) ThingConnectionsCount(ctx context.Context, id string) (uint64, error) {
-	ret := _m.Called(ctx, id)
-
-	if len(ret) == 0 {
-		panic("no return value specified for ThingConnectionsCount")
-	}
-
-	var r0 uint64
-	var r1 error
-	if rf, ok := ret.Get(0).(func(context.Context, string) (uint64, error)); ok {
-		return rf(ctx, id)
-	}
-	if rf, ok := ret.Get(0).(func(context.Context, string) uint64); ok {
-		r0 = rf(ctx, id)
-	} else {
-		r0 = ret.Get(0).(uint64)
-	}
-
-	if rf, ok := ret.Get(1).(func(context.Context, string) error); ok {
-		r1 = rf(ctx, id)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
 // UnsetParentGroupFromClient provides a mock function with given fields: ctx, parentGroupID
 func (_m *Repository) UnsetParentGroupFromClient(ctx context.Context, parentGroupID string) error {
 	ret := _m.Called(ctx, parentGroupID)
diff --git a/clients/postgres/clients.go b/clients/postgres/clients.go
index c690996c57..1c6cdefb8f 100644
--- a/clients/postgres/clients.go
+++ b/clients/postgres/clients.go
@@ -88,28 +88,28 @@ func (repo *clientRepo) RetrieveBySecret(ctx context.Context, key string) (clien
         FROM clients
         WHERE secret = :secret AND status = %d`, clients.EnabledStatus)
 
-	dbt := DBClient{
+	dbc := DBClient{
 		Secret: key,
 	}
 
-	rows, err := repo.DB.NamedQueryContext(ctx, q, dbt)
+	rows, err := repo.DB.NamedQueryContext(ctx, q, dbc)
 	if err != nil {
 		return clients.Client{}, postgres.HandleError(repoerr.ErrViewEntity, err)
 	}
 	defer rows.Close()
 
-	dbt = DBClient{}
+	dbc = DBClient{}
 	if rows.Next() {
-		if err = rows.StructScan(&dbt); err != nil {
+		if err = rows.StructScan(&dbc); err != nil {
 			return clients.Client{}, postgres.HandleError(repoerr.ErrViewEntity, err)
 		}
 
-		thing, err := ToClient(dbt)
+		client, err := ToClient(dbc)
 		if err != nil {
 			return clients.Client{}, errors.Wrap(repoerr.ErrFailedOpDB, err)
 		}
 
-		return thing, nil
+		return client, nil
 	}
 
 	return clients.Client{}, repoerr.ErrNotFound
@@ -172,23 +172,23 @@ func (repo *clientRepo) RetrieveByID(ctx context.Context, id string) (clients.Cl
 	q := `SELECT id, name, tags, COALESCE(domain_id, '') AS domain_id, COALESCE(parent_group_id, '') AS parent_group_id, identity, secret, metadata, created_at, updated_at, updated_by, status
         FROM clients WHERE id = :id`
 
-	dbt := DBClient{
+	dbc := DBClient{
 		ID: id,
 	}
 
-	row, err := repo.DB.NamedQueryContext(ctx, q, dbt)
+	row, err := repo.DB.NamedQueryContext(ctx, q, dbc)
 	if err != nil {
 		return clients.Client{}, errors.Wrap(repoerr.ErrViewEntity, err)
 	}
 	defer row.Close()
 
-	dbt = DBClient{}
+	dbc = DBClient{}
 	if row.Next() {
-		if err := row.StructScan(&dbt); err != nil {
+		if err := row.StructScan(&dbc); err != nil {
 			return clients.Client{}, errors.Wrap(repoerr.ErrViewEntity, err)
 		}
 
-		return ToClient(dbt)
+		return ToClient(dbc)
 	}
 
 	return clients.Client{}, repoerr.ErrNotFound
@@ -216,12 +216,12 @@ func (repo *clientRepo) RetrieveAll(ctx context.Context, pm clients.Page) (clien
 
 	var items []clients.Client
 	for rows.Next() {
-		dbt := DBClient{}
-		if err := rows.StructScan(&dbt); err != nil {
+		dbc := DBClient{}
+		if err := rows.StructScan(&dbc); err != nil {
 			return clients.ClientsPage{}, errors.Wrap(repoerr.ErrViewEntity, err)
 		}
 
-		c, err := ToClient(dbt)
+		c, err := ToClient(dbc)
 		if err != nil {
 			return clients.ClientsPage{}, err
 		}
@@ -271,12 +271,12 @@ func (repo *clientRepo) SearchClients(ctx context.Context, pm clients.Page) (cli
 
 	var items []clients.Client
 	for rows.Next() {
-		dbt := DBClient{}
-		if err := rows.StructScan(&dbt); err != nil {
+		dbc := DBClient{}
+		if err := rows.StructScan(&dbc); err != nil {
 			return clients.ClientsPage{}, errors.Wrap(repoerr.ErrViewEntity, err)
 		}
 
-		c, err := ToClient(dbt)
+		c, err := ToClient(dbc)
 		if err != nil {
 			return clients.ClientsPage{}, err
 		}
@@ -329,12 +329,12 @@ func (repo *clientRepo) RetrieveAllByIDs(ctx context.Context, pm clients.Page) (
 
 	var items []clients.Client
 	for rows.Next() {
-		dbt := DBClient{}
-		if err := rows.StructScan(&dbt); err != nil {
+		dbc := DBClient{}
+		if err := rows.StructScan(&dbc); err != nil {
 			return clients.ClientsPage{}, errors.Wrap(repoerr.ErrViewEntity, err)
 		}
 
-		c, err := ToClient(dbt)
+		c, err := ToClient(dbc)
 		if err != nil {
 			return clients.ClientsPage{}, err
 		}
@@ -474,7 +474,7 @@ func ToClient(t DBClient) (clients.Client, error) {
 		updatedAt = t.UpdatedAt.Time
 	}
 
-	thg := clients.Client{
+	cli := clients.Client{
 		ID:          t.ID,
 		Name:        t.Name,
 		Tags:        tags,
@@ -490,7 +490,7 @@ func ToClient(t DBClient) (clients.Client, error) {
 		UpdatedBy: updatedBy,
 		Status:    t.Status,
 	}
-	return thg, nil
+	return cli, nil
 }
 
 func ToDBClientsPage(pm clients.Page) (dbClientsPage, error) {
@@ -698,10 +698,10 @@ func (repo *clientRepo) RemoveConnections(ctx context.Context, conns []clients.C
 	return nil
 }
 
-func (repo *clientRepo) SetParentGroup(ctx context.Context, th clients.Client) error {
+func (repo *clientRepo) SetParentGroup(ctx context.Context, cli clients.Client) error {
 	q := "UPDATE clients SET parent_group_id = :parent_group_id, updated_at = :updated_at, updated_by = :updated_by WHERE id = :id"
 
-	dbcli, err := ToDBClient(th)
+	dbcli, err := ToDBClient(cli)
 	if err != nil {
 		return errors.Wrap(repoerr.ErrUpdateEntity, err)
 	}
@@ -715,9 +715,9 @@ func (repo *clientRepo) SetParentGroup(ctx context.Context, th clients.Client) e
 	return nil
 }
 
-func (repo *clientRepo) RemoveParentGroup(ctx context.Context, th clients.Client) error {
+func (repo *clientRepo) RemoveParentGroup(ctx context.Context, cli clients.Client) error {
 	q := "UPDATE clients SET parent_group_id = NULL, updated_at = :updated_at, updated_by = :updated_by WHERE id = :id"
-	dbcli, err := ToDBClient(th)
+	dbcli, err := ToDBClient(cli)
 	if err != nil {
 		return errors.Wrap(repoerr.ErrUpdateEntity, err)
 	}
@@ -731,7 +731,7 @@ func (repo *clientRepo) RemoveParentGroup(ctx context.Context, th clients.Client
 	return nil
 }
 
-func (repo *clientRepo) ThingConnectionsCount(ctx context.Context, id string) (uint64, error) {
+func (repo *clientRepo) ClientConnectionsCount(ctx context.Context, id string) (uint64, error) {
 	query := `SELECT COUNT(*) FROM connections WHERE client_id = :client_id`
 	dbConn := dbConnection{ClientID: id}
 
@@ -742,7 +742,7 @@ func (repo *clientRepo) ThingConnectionsCount(ctx context.Context, id string) (u
 	return total, nil
 }
 
-func (repo *clientRepo) DoesThingHaveConnections(ctx context.Context, id string) (bool, error) {
+func (repo *clientRepo) DoesClientHaveConnections(ctx context.Context, id string) (bool, error) {
 	query := `SELECT 1 FROM connections WHERE client_id = :client_id`
 	dbConn := dbConnection{ClientID: id}
 
@@ -765,17 +765,17 @@ func (repo *clientRepo) RemoveChannelConnections(ctx context.Context, channelID
 	return nil
 }
 
-func (repo *clientRepo) RemoveThingConnections(ctx context.Context, thingID string) error {
+func (repo *clientRepo) RemoveClientConnections(ctx context.Context, clientID string) error {
 	query := `DELETE FROM connections WHERE client_id = :client_id`
 
-	dbConn := dbConnection{ClientID: thingID}
+	dbConn := dbConnection{ClientID: clientID}
 	if _, err := repo.DB.NamedExecContext(ctx, query, dbConn); err != nil {
 		return errors.Wrap(repoerr.ErrRemoveEntity, err)
 	}
 	return nil
 }
 
-func (repo *clientRepo) RetrieveParentGroupThings(ctx context.Context, parentGroupID string) ([]clients.Client, error) {
+func (repo *clientRepo) RetrieveParentGroupClients(ctx context.Context, parentGroupID string) ([]clients.Client, error) {
 	query := `SELECT c.id, c.name, c.tags,  c.metadata, COALESCE(c.domain_id, '') AS domain_id, COALESCE(parent_group_id, '') AS parent_group_id, c.status,
 					c.created_at, c.updated_at, COALESCE(c.updated_by, '') AS updated_by FROM clients c WHERE c.parent_group_id = :parent_group_id ;`
 
@@ -785,21 +785,21 @@ func (repo *clientRepo) RetrieveParentGroupThings(ctx context.Context, parentGro
 	}
 	defer rows.Close()
 
-	var ths []clients.Client
+	var clis []clients.Client
 	for rows.Next() {
-		dbTh := DBClient{}
-		if err := rows.StructScan(&dbTh); err != nil {
+		dbCli := DBClient{}
+		if err := rows.StructScan(&dbCli); err != nil {
 			return []clients.Client{}, errors.Wrap(repoerr.ErrViewEntity, err)
 		}
 
-		th, err := ToClient(dbTh)
+		cli, err := ToClient(dbCli)
 		if err != nil {
 			return []clients.Client{}, err
 		}
 
-		ths = append(ths, th)
+		clis = append(clis, cli)
 	}
-	return ths, nil
+	return clis, nil
 }
 
 func (repo *clientRepo) UnsetParentGroupFromClient(ctx context.Context, parentGroupID string) error {
diff --git a/clients/postgres/clients_test.go b/clients/postgres/clients_test.go
index 807e55daca..ee4453f6d6 100644
--- a/clients/postgres/clients_test.go
+++ b/clients/postgres/clients_test.go
@@ -149,7 +149,7 @@ func TestClientsSave(t *testing.T) {
 					ID:   testsutil.GenerateUUID(t),
 					Name: clientName,
 					Credentials: clients.Credentials{
-						Identity: "withoutdomain-thing@example.com",
+						Identity: "withoutdomain-client@example.com",
 						Secret:   testsutil.GenerateUUID(t),
 					},
 					Metadata: clients.Metadata{},
@@ -166,7 +166,7 @@ func TestClientsSave(t *testing.T) {
 					Domain: domainID,
 					Name:   clientName,
 					Credentials: clients.Credentials{
-						Identity: "invalidid-thing@example.com",
+						Identity: "invalidid-client@example.com",
 						Secret:   testsutil.GenerateUUID(t),
 					},
 					Metadata: clients.Metadata{},
@@ -209,7 +209,7 @@ func TestClientsSave(t *testing.T) {
 					Name:   invalidName,
 					Domain: domainID,
 					Credentials: clients.Credentials{
-						Identity: "invalidname-thing@example.com",
+						Identity: "invalidname-client@example.com",
 						Secret:   testsutil.GenerateUUID(t),
 					},
 					Metadata: clients.Metadata{},
@@ -225,7 +225,7 @@ func TestClientsSave(t *testing.T) {
 					ID:     testsutil.GenerateUUID(t),
 					Domain: invalidDomainID,
 					Credentials: clients.Credentials{
-						Identity: "invaliddomainid-thing@example.com",
+						Identity: "invaliddomainid-client@example.com",
 						Secret:   testsutil.GenerateUUID(t),
 					},
 					Metadata: clients.Metadata{},
@@ -256,7 +256,7 @@ func TestClientsSave(t *testing.T) {
 				{
 					ID:     testsutil.GenerateUUID(t),
 					Domain: testsutil.GenerateUUID(t),
-					Name:   "missing-thing-identity",
+					Name:   "missing-client-identity",
 					Credentials: clients.Credentials{
 						Identity: "",
 						Secret:   testsutil.GenerateUUID(t),
@@ -273,7 +273,7 @@ func TestClientsSave(t *testing.T) {
 					ID:     testsutil.GenerateUUID(t),
 					Domain: testsutil.GenerateUUID(t),
 					Credentials: clients.Credentials{
-						Identity: "missing-thing-secret@example.com",
+						Identity: "missing-client-secret@example.com",
 						Secret:   "",
 					},
 					Metadata: clients.Metadata{},
@@ -300,18 +300,18 @@ func TestClientsSave(t *testing.T) {
 		},
 	}
 	for _, tc := range cases {
-		rThings, err := repo.Save(context.Background(), tc.clients...)
+		rClients, err := repo.Save(context.Background(), tc.clients...)
 		assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 		if err == nil {
-			for i := range rThings {
-				tc.clients[i].Credentials.Secret = rThings[i].Credentials.Secret
+			for i := range rClients {
+				tc.clients[i].Credentials.Secret = rClients[i].Credentials.Secret
 			}
-			assert.Equal(t, tc.clients, rThings, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.clients, rThings))
+			assert.Equal(t, tc.clients, rClients, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.clients, rClients))
 		}
 	}
 }
 
-func TestThingsRetrieveBySecret(t *testing.T) {
+func TestClientsRetrieveBySecret(t *testing.T) {
 	t.Cleanup(func() {
 		_, err := db.Exec("DELETE FROM clients")
 		require.Nil(t, err, fmt.Sprintf("clean clients unexpected error: %s", err))
diff --git a/clients/postgres/init.go b/clients/postgres/init.go
index d3d38949db..ed68d8dfd5 100644
--- a/clients/postgres/init.go
+++ b/clients/postgres/init.go
@@ -12,7 +12,7 @@ import (
 )
 
 func Migration() (*migrate.MemoryMigrationSource, error) {
-	thingsRolesMigration, err := rolesPostgres.Migration(rolesTableNamePrefix, entityTableName, entityIDColumnName)
+	clientsRolesMigration, err := rolesPostgres.Migration(rolesTableNamePrefix, entityTableName, entityIDColumnName)
 	if err != nil {
 		return &migrate.MemoryMigrationSource{}, errors.Wrap(repoerr.ErrRoleMigration, err)
 	}
@@ -21,7 +21,7 @@ func Migration() (*migrate.MemoryMigrationSource, error) {
 		Migrations: []*migrate.Migration{
 			{
 				Id: "clients_01",
-				// VARCHAR(36) for colums with IDs as UUIDS have a maximum of 36 characters
+				// VARCHAR(36) for columns with IDs as UUIDS have a maximum of 36 characters
 				// STATUS 0 to imply enabled and 1 to imply disabled
 				Up: []string{
 					`CREATE TABLE IF NOT EXISTS clients (
@@ -58,7 +58,7 @@ func Migration() (*migrate.MemoryMigrationSource, error) {
 		},
 	}
 
-	clientsMigration.Migrations = append(clientsMigration.Migrations, thingsRolesMigration.Migrations...)
+	clientsMigration.Migrations = append(clientsMigration.Migrations, clientsRolesMigration.Migrations...)
 
 	return clientsMigration, nil
 }
diff --git a/clients/private/service.go b/clients/private/service.go
index b67ca60c5d..5a11e65e09 100644
--- a/clients/private/service.go
+++ b/clients/private/service.go
@@ -83,20 +83,20 @@ func (svc service) RemoveChannelConnections(ctx context.Context, channelID strin
 }
 
 func (svc service) UnsetParentGroupFromClient(ctx context.Context, parentGroupID string) (retErr error) {
-	ths, err := svc.repo.RetrieveParentGroupThings(ctx, parentGroupID)
+	clients, err := svc.repo.RetrieveParentGroupClients(ctx, parentGroupID)
 	if err != nil {
 		return errors.Wrap(svcerr.ErrViewEntity, err)
 	}
 
-	if len(ths) > 0 {
+	if len(clients) > 0 {
 		prs := []policies.Policy{}
-		for _, th := range ths {
+		for _, client := range clients {
 			prs = append(prs, policies.Policy{
 				SubjectType: policies.GroupType,
-				Subject:     th.ParentGroup,
+				Subject:     client.ParentGroup,
 				Relation:    policies.ParentGroupRelation,
 				ObjectType:  policies.ClientType,
-				Object:      th.ID,
+				Object:      client.ID,
 			})
 		}
 
diff --git a/clients/roleactions.go b/clients/roleactions.go
index f47fe15e81..79f7b35e4d 100644
--- a/clients/roleactions.go
+++ b/clients/roleactions.go
@@ -8,37 +8,37 @@ import "github.com/absmach/magistrala/pkg/roles"
 // Below codes should moved out of service, may be can be kept in `cmd/<svc>/main.go`
 
 const (
-	ThingUpdate           roles.Action = "update"
-	ThingRead             roles.Action = "read"
-	ThingDelete           roles.Action = "delete"
-	ThingSetParentGroup   roles.Action = "set_parent_group"
-	ThingConnectToChannel roles.Action = "connect_to_channel"
-	ThingManageRole       roles.Action = "manage_role"
-	ThingAddRoleUsers     roles.Action = "add_role_users"
-	ThingRemoveRoleUsers  roles.Action = "remove_role_users"
-	ThingViewRoleUsers    roles.Action = "view_role_users"
+	ClientUpdate           roles.Action = "update"
+	ClientRead             roles.Action = "read"
+	ClientDelete           roles.Action = "delete"
+	ClientSetParentGroup   roles.Action = "set_parent_group"
+	ClientConnectToChannel roles.Action = "connect_to_channel"
+	ClientManageRole       roles.Action = "manage_role"
+	ClientAddRoleUsers     roles.Action = "add_role_users"
+	ClientRemoveRoleUsers  roles.Action = "remove_role_users"
+	ClientViewRoleUsers    roles.Action = "view_role_users"
 )
 
 const (
-	ThingBuiltInRoleAdmin = "admin"
+	ClientBuiltInRoleAdmin = "admin"
 )
 
 func AvailableActions() []roles.Action {
 	return []roles.Action{
-		ThingUpdate,
-		ThingRead,
-		ThingDelete,
-		ThingSetParentGroup,
-		ThingConnectToChannel,
-		ThingManageRole,
-		ThingAddRoleUsers,
-		ThingRemoveRoleUsers,
-		ThingViewRoleUsers,
+		ClientUpdate,
+		ClientRead,
+		ClientDelete,
+		ClientSetParentGroup,
+		ClientConnectToChannel,
+		ClientManageRole,
+		ClientAddRoleUsers,
+		ClientRemoveRoleUsers,
+		ClientViewRoleUsers,
 	}
 }
 
 func BuiltInRoles() map[roles.BuiltInRoleName][]roles.Action {
 	return map[roles.BuiltInRoleName][]roles.Action{
-		ThingBuiltInRoleAdmin: AvailableActions(),
+		ClientBuiltInRoleAdmin: AvailableActions(),
 	}
 }
diff --git a/clients/roleoperations.go b/clients/roleoperations.go
index c37505e464..2da41050ef 100644
--- a/clients/roleoperations.go
+++ b/clients/roleoperations.go
@@ -11,13 +11,13 @@ import (
 // Internal Operations
 
 const (
-	OpViewThing svcutil.Operation = iota
-	OpUpdateThing
-	OpUpdateThingTags
-	OpUpdateThingSecret
-	OpEnableThing
-	OpDisableThing
-	OpDeleteThing
+	OpViewClient svcutil.Operation = iota
+	OpUpdateClient
+	OpUpdateClientTags
+	OpUpdateClientSecret
+	OpEnableClient
+	OpDisableClient
+	OpDeleteClient
 	OpSetParentGroup
 	OpRemoveParentGroup
 	OpConnectToChannel
@@ -25,13 +25,13 @@ const (
 )
 
 var expectedOperations = []svcutil.Operation{
-	OpViewThing,
-	OpUpdateThing,
-	OpUpdateThingTags,
-	OpUpdateThingSecret,
-	OpEnableThing,
-	OpDisableThing,
-	OpDeleteThing,
+	OpViewClient,
+	OpUpdateClient,
+	OpUpdateClientTags,
+	OpUpdateClientSecret,
+	OpEnableClient,
+	OpDisableClient,
+	OpDeleteClient,
 	OpSetParentGroup,
 	OpRemoveParentGroup,
 	OpConnectToChannel,
@@ -105,13 +105,13 @@ const (
 
 func NewOperationPermissionMap() map[svcutil.Operation]svcutil.Permission {
 	opPerm := map[svcutil.Operation]svcutil.Permission{
-		OpViewThing:             readPermission,
-		OpUpdateThing:           updatePermission,
-		OpUpdateThingTags:       updatePermission,
-		OpUpdateThingSecret:     updatePermission,
-		OpEnableThing:           updatePermission,
-		OpDisableThing:          updatePermission,
-		OpDeleteThing:           deletePermission,
+		OpViewClient:            readPermission,
+		OpUpdateClient:          updatePermission,
+		OpUpdateClientTags:      updatePermission,
+		OpUpdateClientSecret:    updatePermission,
+		OpEnableClient:          updatePermission,
+		OpDisableClient:         updatePermission,
+		OpDeleteClient:          deletePermission,
 		OpSetParentGroup:        setParentGroupPermission,
 		OpRemoveParentGroup:     setParentGroupPermission,
 		OpConnectToChannel:      connectToChannelPermission,
diff --git a/clients/service.go b/clients/service.go
index 4f7dc14b6c..f7012354a2 100644
--- a/clients/service.go
+++ b/clients/service.go
@@ -54,7 +54,7 @@ func NewService(repo Repository, policy policies.Service, cache Cache, channels
 	}, nil
 }
 
-func (svc service) CreateClients(ctx context.Context, session authn.Session, cls ...Client) (retThings []Client, retErr error) {
+func (svc service) CreateClients(ctx context.Context, session authn.Session, cls ...Client) (retClients []Client, retErr error) {
 	var clients []Client
 	for _, c := range cls {
 		if c.ID == "" {
@@ -97,7 +97,7 @@ func (svc service) CreateClients(ctx context.Context, session authn.Session, cls
 	}()
 
 	newBuiltInRoleMembers := map[roles.BuiltInRoleName][]roles.Member{
-		ThingBuiltInRoleAdmin: {roles.Member(session.UserID)},
+		ClientBuiltInRoleAdmin: {roles.Member(session.UserID)},
 	}
 
 	optionalPolicies := []policies.Policy{}
@@ -239,11 +239,11 @@ func (svc service) filterAllowedClientIDs(ctx context.Context, userID, permissio
 	return ids, nil
 }
 
-func (svc service) Update(ctx context.Context, session authn.Session, thi Client) (Client, error) {
+func (svc service) Update(ctx context.Context, session authn.Session, cli Client) (Client, error) {
 	client := Client{
-		ID:        thi.ID,
-		Name:      thi.Name,
-		Metadata:  thi.Metadata,
+		ID:        cli.ID,
+		Name:      cli.Name,
+		Metadata:  cli.Metadata,
 		UpdatedAt: time.Now(),
 		UpdatedBy: session.UserID,
 	}
@@ -254,10 +254,10 @@ func (svc service) Update(ctx context.Context, session authn.Session, thi Client
 	return client, nil
 }
 
-func (svc service) UpdateTags(ctx context.Context, session authn.Session, thi Client) (Client, error) {
+func (svc service) UpdateTags(ctx context.Context, session authn.Session, cli Client) (Client, error) {
 	client := Client{
-		ID:        thi.ID,
-		Tags:      thi.Tags,
+		ID:        cli.ID,
+		Tags:      cli.Tags,
 		UpdatedAt: time.Now(),
 		UpdatedBy: session.UserID,
 	}
@@ -318,11 +318,11 @@ func (svc service) Disable(ctx context.Context, session authn.Session, id string
 }
 
 func (svc service) SetParentGroup(ctx context.Context, session authn.Session, parentGroupID string, id string) (retErr error) {
-	th, err := svc.repo.RetrieveByID(ctx, id)
+	cli, err := svc.repo.RetrieveByID(ctx, id)
 	if err != nil {
 		return errors.Wrap(svcerr.ErrUpdateEntity, err)
 	}
-	switch th.ParentGroup {
+	switch cli.ParentGroup {
 	case parentGroupID:
 		return nil
 	case "":
@@ -363,26 +363,26 @@ func (svc service) SetParentGroup(ctx context.Context, session authn.Session, pa
 			}
 		}
 	}()
-	th = Client{ID: id, ParentGroup: parentGroupID, UpdatedBy: session.UserID, UpdatedAt: time.Now()}
+	cli = Client{ID: id, ParentGroup: parentGroupID, UpdatedBy: session.UserID, UpdatedAt: time.Now()}
 
-	if err := svc.repo.SetParentGroup(ctx, th); err != nil {
+	if err := svc.repo.SetParentGroup(ctx, cli); err != nil {
 		return errors.Wrap(svcerr.ErrUpdateEntity, err)
 	}
 	return nil
 }
 
 func (svc service) RemoveParentGroup(ctx context.Context, session authn.Session, id string) (retErr error) {
-	th, err := svc.repo.RetrieveByID(ctx, id)
+	cli, err := svc.repo.RetrieveByID(ctx, id)
 	if err != nil {
 		return errors.Wrap(svcerr.ErrViewEntity, err)
 	}
 
-	if th.ParentGroup != "" {
+	if cli.ParentGroup != "" {
 		var pols []policies.Policy
 		pols = append(pols, policies.Policy{
 			Domain:      session.DomainID,
 			SubjectType: policies.GroupType,
-			Subject:     th.ParentGroup,
+			Subject:     cli.ParentGroup,
 			Relation:    policies.ParentGroupRelation,
 			ObjectType:  policies.ClientType,
 			Object:      id,
@@ -399,9 +399,9 @@ func (svc service) RemoveParentGroup(ctx context.Context, session authn.Session,
 			}
 		}()
 
-		th := Client{ID: id, UpdatedBy: session.UserID, UpdatedAt: time.Now()}
+		cli := Client{ID: id, UpdatedBy: session.UserID, UpdatedAt: time.Now()}
 
-		if err := svc.repo.RemoveParentGroup(ctx, th); err != nil {
+		if err := svc.repo.RemoveParentGroup(ctx, cli); err != nil {
 			return err
 		}
 	}
@@ -409,12 +409,12 @@ func (svc service) RemoveParentGroup(ctx context.Context, session authn.Session,
 }
 
 func (svc service) Delete(ctx context.Context, session authn.Session, id string) error {
-	ok, err := svc.repo.DoesThingHaveConnections(ctx, id)
+	ok, err := svc.repo.DoesClientHaveConnections(ctx, id)
 	if err != nil {
 		return errors.Wrap(svcerr.ErrRemoveEntity, err)
 	}
 	if ok {
-		if _, err := svc.channels.RemoveThingConnections(ctx, &grpcChannelsV1.RemoveThingConnectionsReq{ClientId: id}); err != nil {
+		if _, err := svc.channels.RemoveClientConnections(ctx, &grpcChannelsV1.RemoveClientConnectionsReq{ClientId: id}); err != nil {
 			return errors.Wrap(svcerr.ErrRemoveEntity, err)
 		}
 	}
diff --git a/clients/service_test.go b/clients/service_test.go
index fb8fb9d06b..e0c3b7be59 100644
--- a/clients/service_test.go
+++ b/clients/service_test.go
@@ -30,9 +30,9 @@ var (
 	ID             = "6e5e10b3-d4df-4758-b426-4929d55ad740"
 	client         = clients.Client{
 		ID:          ID,
-		Name:        "thingname",
+		Name:        "clientname",
 		Tags:        []string{"tag1", "tag2"},
-		Credentials: clients.Credentials{Identity: "thingidentity", Secret: secret},
+		Credentials: clients.Credentials{Identity: "clientidentity", Secret: secret},
 		Metadata:    validTMetadata,
 		Status:      clients.EnabledStatus,
 	}
@@ -82,7 +82,7 @@ func TestCreateClients(t *testing.T) {
 			err:    nil,
 		},
 		{
-			desc:    "create an existing thing",
+			desc:    "create an existing client",
 			client:  client,
 			token:   validToken,
 			saveErr: repoerr.ErrConflict,
@@ -91,9 +91,9 @@ func TestCreateClients(t *testing.T) {
 		{
 			desc: "create a new client without secret",
 			client: clients.Client{
-				Name: "thingWithoutSecret",
+				Name: "clientWithoutSecret",
 				Credentials: clients.Credentials{
-					Identity: "newthingwithoutsecret@example.com",
+					Identity: "newclientwithoutsecret@example.com",
 				},
 				Status: clients.EnabledStatus,
 			},
@@ -103,9 +103,9 @@ func TestCreateClients(t *testing.T) {
 		{
 			desc: "create a new client without identity",
 			client: clients.Client{
-				Name: "thingWithoutIdentity",
+				Name: "clientWithoutIdentity",
 				Credentials: clients.Credentials{
-					Identity: "newthingwithoutsecret@example.com",
+					Identity: "newclientwithoutsecret@example.com",
 				},
 				Status: clients.EnabledStatus,
 			},
@@ -115,9 +115,9 @@ func TestCreateClients(t *testing.T) {
 		{
 			desc: "create a new enabled client with name",
 			client: clients.Client{
-				Name: "thingWithName",
+				Name: "clientWithName",
 				Credentials: clients.Credentials{
-					Identity: "newthingwithname@example.com",
+					Identity: "newclientwithname@example.com",
 					Secret:   secret,
 				},
 				Status: clients.EnabledStatus,
@@ -129,9 +129,9 @@ func TestCreateClients(t *testing.T) {
 		{
 			desc: "create a new disabled client with name",
 			client: clients.Client{
-				Name: "thingWithName",
+				Name: "clientWithName",
 				Credentials: clients.Credentials{
-					Identity: "newthingwithname@example.com",
+					Identity: "newclientwithname@example.com",
 					Secret:   secret,
 				},
 			},
@@ -143,7 +143,7 @@ func TestCreateClients(t *testing.T) {
 			client: clients.Client{
 				Tags: []string{"tag1", "tag2"},
 				Credentials: clients.Credentials{
-					Identity: "newthingwithtags@example.com",
+					Identity: "newclientwithtags@example.com",
 					Secret:   secret,
 				},
 				Status: clients.EnabledStatus,
@@ -156,7 +156,7 @@ func TestCreateClients(t *testing.T) {
 			client: clients.Client{
 				Tags: []string{"tag1", "tag2"},
 				Credentials: clients.Credentials{
-					Identity: "newthingwithtags@example.com",
+					Identity: "newclientwithtags@example.com",
 					Secret:   secret,
 				},
 				Status: clients.DisabledStatus,
@@ -168,7 +168,7 @@ func TestCreateClients(t *testing.T) {
 			desc: "create a new enabled client with metadata",
 			client: clients.Client{
 				Credentials: clients.Credentials{
-					Identity: "newthingwithmetadata@example.com",
+					Identity: "newclientwithmetadata@example.com",
 					Secret:   secret,
 				},
 				Metadata: validTMetadata,
@@ -181,7 +181,7 @@ func TestCreateClients(t *testing.T) {
 			desc: "create a new disabled client with metadata",
 			client: clients.Client{
 				Credentials: clients.Credentials{
-					Identity: "newthingwithmetadata@example.com",
+					Identity: "newclientwithmetadata@example.com",
 					Secret:   secret,
 				},
 				Metadata: validTMetadata,
@@ -190,10 +190,10 @@ func TestCreateClients(t *testing.T) {
 			err:   nil,
 		},
 		{
-			desc: "create a new disabled thing",
+			desc: "create a new disabled client",
 			client: clients.Client{
 				Credentials: clients.Credentials{
-					Identity: "newthingwithvalidstatus@example.com",
+					Identity: "newclientwithvalidstatus@example.com",
 					Secret:   secret,
 				},
 			},
@@ -204,7 +204,7 @@ func TestCreateClients(t *testing.T) {
 			desc: "create a new client with valid disabled status",
 			client: clients.Client{
 				Credentials: clients.Credentials{
-					Identity: "newthingwithvalidstatus@example.com",
+					Identity: "newclientwithvalidstatus@example.com",
 					Secret:   secret,
 				},
 				Status: clients.DisabledStatus,
@@ -215,14 +215,14 @@ func TestCreateClients(t *testing.T) {
 		{
 			desc: "create a new client with all fields",
 			client: clients.Client{
-				Name: "newthingwithallfields",
+				Name: "newclientwithallfields",
 				Tags: []string{"tag1", "tag2"},
 				Credentials: clients.Credentials{
-					Identity: "newthingwithallfields@example.com",
+					Identity: "newclientwithallfields@example.com",
 					Secret:   secret,
 				},
 				Metadata: clients.Metadata{
-					"name": "newthingwithallfields",
+					"name": "newclientwithallfields",
 				},
 				Status: clients.EnabledStatus,
 			},
@@ -233,7 +233,7 @@ func TestCreateClients(t *testing.T) {
 			desc: "create a new client with invalid status",
 			client: clients.Client{
 				Credentials: clients.Credentials{
-					Identity: "newthingwithinvalidstatus@example.com",
+					Identity: "newclientwithinvalidstatus@example.com",
 					Secret:   secret,
 				},
 				Status: clients.AllStatus,
@@ -245,7 +245,7 @@ func TestCreateClients(t *testing.T) {
 			desc: "create a new client with failed add policies response",
 			client: clients.Client{
 				Credentials: clients.Credentials{
-					Identity: "newthingwithfailedpolicy@example.com",
+					Identity: "newclientwithfailedpolicy@example.com",
 					Secret:   secret,
 				},
 				Status: clients.EnabledStatus,
@@ -258,7 +258,7 @@ func TestCreateClients(t *testing.T) {
 			desc: "create a new client with failed delete policies response",
 			client: clients.Client{
 				Credentials: clients.Credentials{
-					Identity: "newthingwithfailedpolicy@example.com",
+					Identity: "newclientwithfailedpolicy@example.com",
 					Secret:   secret,
 				},
 				Status: clients.EnabledStatus,
@@ -330,9 +330,9 @@ func TestViewClient(t *testing.T) {
 
 	for _, tc := range cases {
 		repoCall1 := repo.On("RetrieveByID", context.Background(), mock.Anything).Return(tc.response, tc.err)
-		rThing, err := svc.View(context.Background(), mgauthn.Session{}, tc.clientID)
+		rClient, err := svc.View(context.Background(), mgauthn.Session{}, tc.clientID)
 		assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
-		assert.Equal(t, tc.response, rThing, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.response, rThing))
+		assert.Equal(t, tc.response, rClient, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.response, rClient))
 		repoCall1.Unset()
 	}
 }
@@ -561,7 +561,7 @@ func TestListClients(t *testing.T) {
 			err:                     svcerr.ErrNotFound,
 		},
 		{
-			desc:     "list all clients as admin with failed to list things",
+			desc:     "list all clients as admin with failed to list clients",
 			userKind: "admin",
 			id:       adminID,
 			session:  mgauthn.Session{UserID: adminID, DomainID: domainID, SuperAdmin: true},
@@ -605,10 +605,10 @@ func TestListClients(t *testing.T) {
 func TestUpdateClient(t *testing.T) {
 	svc := newService()
 
-	thing1 := client
-	thing2 := client
-	thing1.Name = "Updated thing"
-	thing2.Metadata = clients.Metadata{"role": "test"}
+	client1 := client
+	client2 := client
+	client1.Name = "Updated client"
+	client2.Metadata = clients.Metadata{"role": "test"}
 
 	cases := []struct {
 		desc           string
@@ -620,21 +620,21 @@ func TestUpdateClient(t *testing.T) {
 	}{
 		{
 			desc:           "update client name successfully",
-			client:         thing1,
+			client:         client1,
 			session:        mgauthn.Session{UserID: validID},
-			updateResponse: thing1,
+			updateResponse: client1,
 			err:            nil,
 		},
 		{
 			desc:           "update client metadata with valid token",
-			client:         thing2,
-			updateResponse: thing2,
+			client:         client2,
+			updateResponse: client2,
 			session:        mgauthn.Session{UserID: validID},
 			err:            nil,
 		},
 		{
 			desc:           "update client with failed to update repo",
-			client:         thing1,
+			client:         client1,
 			updateResponse: clients.Client{},
 			session:        mgauthn.Session{UserID: validID},
 			updateErr:      repoerr.ErrMalformedEntity,
@@ -644,9 +644,9 @@ func TestUpdateClient(t *testing.T) {
 
 	for _, tc := range cases {
 		repoCall1 := repo.On("Update", context.Background(), mock.Anything).Return(tc.updateResponse, tc.updateErr)
-		updatedThing, err := svc.Update(context.Background(), tc.session, tc.client)
+		updatedClient, err := svc.Update(context.Background(), tc.session, tc.client)
 		assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
-		assert.Equal(t, tc.updateResponse, updatedThing, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.updateResponse, updatedThing))
+		assert.Equal(t, tc.updateResponse, updatedClient, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.updateResponse, updatedClient))
 		repoCall1.Unset()
 	}
 }
@@ -683,9 +683,9 @@ func TestUpdateTags(t *testing.T) {
 
 	for _, tc := range cases {
 		repoCall1 := repo.On("UpdateTags", context.Background(), mock.Anything).Return(tc.updateResponse, tc.updateErr)
-		updatedThing, err := svc.UpdateTags(context.Background(), tc.session, tc.client)
+		updatedClient, err := svc.UpdateTags(context.Background(), tc.session, tc.client)
 		assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
-		assert.Equal(t, tc.updateResponse, updatedThing, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.updateResponse, updatedThing))
+		assert.Equal(t, tc.updateResponse, updatedClient, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.updateResponse, updatedClient))
 		repoCall1.Unset()
 	}
 }
@@ -729,9 +729,9 @@ func TestUpdateSecret(t *testing.T) {
 
 	for _, tc := range cases {
 		repoCall := repo.On("UpdateSecret", context.Background(), mock.Anything).Return(tc.updateSecretResponse, tc.updateErr)
-		updatedThing, err := svc.UpdateSecret(context.Background(), tc.session, tc.client.ID, tc.newSecret)
+		updatedClient, err := svc.UpdateSecret(context.Background(), tc.session, tc.client.ID, tc.newSecret)
 		assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
-		assert.Equal(t, tc.updateSecretResponse, updatedThing, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.updateSecretResponse, updatedThing))
+		assert.Equal(t, tc.updateSecretResponse, updatedClient, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.updateSecretResponse, updatedClient))
 		repoCall.Unset()
 	}
 }
@@ -739,10 +739,10 @@ func TestUpdateSecret(t *testing.T) {
 func TestEnable(t *testing.T) {
 	svc := newService()
 
-	enabledThing1 := clients.Client{ID: ID, Credentials: clients.Credentials{Identity: "thing1@example.com", Secret: "password"}, Status: clients.EnabledStatus}
-	disabledThing1 := clients.Client{ID: ID, Credentials: clients.Credentials{Identity: "thing3@example.com", Secret: "password"}, Status: clients.DisabledStatus}
-	endisabledThing1 := disabledThing1
-	endisabledThing1.Status = clients.EnabledStatus
+	enabledClient1 := clients.Client{ID: ID, Credentials: clients.Credentials{Identity: "client1@example.com", Secret: "password"}, Status: clients.EnabledStatus}
+	disabledClient1 := clients.Client{ID: ID, Credentials: clients.Credentials{Identity: "client3@example.com", Secret: "password"}, Status: clients.DisabledStatus}
+	endisabledClient1 := disabledClient1
+	endisabledClient1.Status = clients.EnabledStatus
 
 	cases := []struct {
 		desc                 string
@@ -756,36 +756,36 @@ func TestEnable(t *testing.T) {
 		err                  error
 	}{
 		{
-			desc:                 "enable disabled thing",
-			id:                   disabledThing1.ID,
+			desc:                 "enable disabled client",
+			id:                   disabledClient1.ID,
 			session:              mgauthn.Session{UserID: validID},
-			client:               disabledThing1,
-			changeStatusResponse: endisabledThing1,
-			retrieveByIDResponse: disabledThing1,
+			client:               disabledClient1,
+			changeStatusResponse: endisabledClient1,
+			retrieveByIDResponse: disabledClient1,
 			err:                  nil,
 		},
 		{
 			desc:                 "enable disabled client with failed to update repo",
-			id:                   disabledThing1.ID,
+			id:                   disabledClient1.ID,
 			session:              mgauthn.Session{UserID: validID},
-			client:               disabledThing1,
+			client:               disabledClient1,
 			changeStatusResponse: clients.Client{},
-			retrieveByIDResponse: disabledThing1,
+			retrieveByIDResponse: disabledClient1,
 			changeStatusErr:      repoerr.ErrMalformedEntity,
 			err:                  svcerr.ErrUpdateEntity,
 		},
 		{
-			desc:                 "enable enabled thing",
-			id:                   enabledThing1.ID,
+			desc:                 "enable enabled client",
+			id:                   enabledClient1.ID,
 			session:              mgauthn.Session{UserID: validID},
-			client:               enabledThing1,
-			changeStatusResponse: enabledThing1,
-			retrieveByIDResponse: enabledThing1,
+			client:               enabledClient1,
+			changeStatusResponse: enabledClient1,
+			retrieveByIDResponse: enabledClient1,
 			changeStatusErr:      errors.ErrStatusAlreadyAssigned,
 			err:                  errors.ErrStatusAlreadyAssigned,
 		},
 		{
-			desc:                 "enable non-existing thing",
+			desc:                 "enable non-existing client",
 			id:                   wrongID,
 			session:              mgauthn.Session{UserID: validID},
 			client:               clients.Client{},
@@ -809,9 +809,9 @@ func TestEnable(t *testing.T) {
 func TestDisable(t *testing.T) {
 	svc := newService()
 
-	enabledThing1 := clients.Client{ID: ID, Credentials: clients.Credentials{Identity: "thing1@example.com", Secret: "password"}, Status: clients.EnabledStatus}
-	disabledThing1 := clients.Client{ID: ID, Credentials: clients.Credentials{Identity: "thing3@example.com", Secret: "password"}, Status: clients.DisabledStatus}
-	disenabledClient1 := enabledThing1
+	enabledClient1 := clients.Client{ID: ID, Credentials: clients.Credentials{Identity: "client1@example.com", Secret: "password"}, Status: clients.EnabledStatus}
+	disabledClient1 := clients.Client{ID: ID, Credentials: clients.Credentials{Identity: "client3@example.com", Secret: "password"}, Status: clients.DisabledStatus}
+	disenabledClient1 := enabledClient1
 	disenabledClient1.Status = clients.DisabledStatus
 
 	cases := []struct {
@@ -827,36 +827,36 @@ func TestDisable(t *testing.T) {
 		err                  error
 	}{
 		{
-			desc:                 "disable enabled thing",
-			id:                   enabledThing1.ID,
+			desc:                 "disable enabled client",
+			id:                   enabledClient1.ID,
 			session:              mgauthn.Session{UserID: validID},
-			client:               enabledThing1,
+			client:               enabledClient1,
 			changeStatusResponse: disenabledClient1,
-			retrieveByIDResponse: enabledThing1,
+			retrieveByIDResponse: enabledClient1,
 			err:                  nil,
 		},
 		{
 			desc:                 "disable client with failed to update repo",
-			id:                   enabledThing1.ID,
+			id:                   enabledClient1.ID,
 			session:              mgauthn.Session{UserID: validID},
-			client:               enabledThing1,
+			client:               enabledClient1,
 			changeStatusResponse: clients.Client{},
-			retrieveByIDResponse: enabledThing1,
+			retrieveByIDResponse: enabledClient1,
 			changeStatusErr:      repoerr.ErrMalformedEntity,
 			err:                  svcerr.ErrUpdateEntity,
 		},
 		{
-			desc:                 "disable disabled thing",
-			id:                   disabledThing1.ID,
+			desc:                 "disable disabled client",
+			id:                   disabledClient1.ID,
 			session:              mgauthn.Session{UserID: validID},
-			client:               disabledThing1,
+			client:               disabledClient1,
 			changeStatusResponse: clients.Client{},
-			retrieveByIDResponse: disabledThing1,
+			retrieveByIDResponse: disabledClient1,
 			changeStatusErr:      errors.ErrStatusAlreadyAssigned,
 			err:                  errors.ErrStatusAlreadyAssigned,
 		},
 		{
-			desc:                 "disable non-existing thing",
+			desc:                 "disable non-existing client",
 			id:                   wrongID,
 			client:               clients.Client{},
 			session:              mgauthn.Session{UserID: validID},
@@ -867,11 +867,11 @@ func TestDisable(t *testing.T) {
 		},
 		{
 			desc:                 "disable client with failed to remove from cache",
-			id:                   enabledThing1.ID,
+			id:                   enabledClient1.ID,
 			session:              mgauthn.Session{UserID: validID},
-			client:               disabledThing1,
+			client:               disabledClient1,
 			changeStatusResponse: disenabledClient1,
-			retrieveByIDResponse: enabledThing1,
+			retrieveByIDResponse: enabledClient1,
 			removeErr:            svcerr.ErrRemoveEntity,
 			err:                  svcerr.ErrRemoveEntity,
 		},
diff --git a/clients/standalone/doc.go b/clients/standalone/doc.go
index 68ca6a78d6..9ad956bafe 100644
--- a/clients/standalone/doc.go
+++ b/clients/standalone/doc.go
@@ -3,7 +3,7 @@
 
 // Package standalone contains implementation for auth service in
 // single-user scenario. Running with a single user provides
-// Things as a standalone service with one admin user who
-// manages all the Things and Channels and does not
+// Clients as a standalone service with one admin user who
+// manages all the Clients and Channels and does not
 // require connection to Auth service.
 package standalone
diff --git a/clients/tracing/tracing.go b/clients/tracing/tracing.go
index 01def6b198..e7d600aaed 100644
--- a/clients/tracing/tracing.go
+++ b/clients/tracing/tracing.go
@@ -30,7 +30,7 @@ func New(svc clients.Service, tracer trace.Tracer) clients.Service {
 	}
 }
 
-// CreateClients traces the "CreateClients" operation of the wrapped policies.Service.
+// CreateClients traces the "CreateClients" operation of the wrapped clients.Service.
 func (tm *tracingMiddleware) CreateClients(ctx context.Context, session authn.Session, cli ...clients.Client) ([]clients.Client, error) {
 	ctx, span := tm.tracer.Start(ctx, "svc_create_client")
 	defer span.End()
@@ -38,21 +38,21 @@ func (tm *tracingMiddleware) CreateClients(ctx context.Context, session authn.Se
 	return tm.svc.CreateClients(ctx, session, cli...)
 }
 
-// View traces the "View" operation of the wrapped policies.Service.
+// View traces the "View" operation of the wrapped clients.Service.
 func (tm *tracingMiddleware) View(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
 	ctx, span := tm.tracer.Start(ctx, "svc_view_client", trace.WithAttributes(attribute.String("id", id)))
 	defer span.End()
 	return tm.svc.View(ctx, session, id)
 }
 
-// ListClients traces the "ListClients" operation of the wrapped policies.Service.
+// ListClients traces the "ListClients" operation of the wrapped clients.Service.
 func (tm *tracingMiddleware) ListClients(ctx context.Context, session authn.Session, reqUserID string, pm clients.Page) (clients.ClientsPage, error) {
 	ctx, span := tm.tracer.Start(ctx, "svc_list_clients")
 	defer span.End()
 	return tm.svc.ListClients(ctx, session, reqUserID, pm)
 }
 
-// Update traces the "Update" operation of the wrapped policies.Service.
+// Update traces the "Update" operation of the wrapped clients.Service.
 func (tm *tracingMiddleware) Update(ctx context.Context, session authn.Session, cli clients.Client) (clients.Client, error) {
 	ctx, span := tm.tracer.Start(ctx, "svc_update_client", trace.WithAttributes(attribute.String("id", cli.ID)))
 	defer span.End()
@@ -60,7 +60,7 @@ func (tm *tracingMiddleware) Update(ctx context.Context, session authn.Session,
 	return tm.svc.Update(ctx, session, cli)
 }
 
-// UpdateTags traces the "UpdateTags" operation of the wrapped policies.Service.
+// UpdateTags traces the "UpdateTags" operation of the wrapped clients.Service.
 func (tm *tracingMiddleware) UpdateTags(ctx context.Context, session authn.Session, cli clients.Client) (clients.Client, error) {
 	ctx, span := tm.tracer.Start(ctx, "svc_update_client_tags", trace.WithAttributes(
 		attribute.String("id", cli.ID),
@@ -71,7 +71,7 @@ func (tm *tracingMiddleware) UpdateTags(ctx context.Context, session authn.Sessi
 	return tm.svc.UpdateTags(ctx, session, cli)
 }
 
-// UpdateSecret traces the "UpdateSecret" operation of the wrapped policies.Service.
+// UpdateSecret traces the "UpdateSecret" operation of the wrapped clients.Service.
 func (tm *tracingMiddleware) UpdateSecret(ctx context.Context, session authn.Session, oldSecret, newSecret string) (clients.Client, error) {
 	ctx, span := tm.tracer.Start(ctx, "svc_update_client_secret")
 	defer span.End()
@@ -79,7 +79,7 @@ func (tm *tracingMiddleware) UpdateSecret(ctx context.Context, session authn.Ses
 	return tm.svc.UpdateSecret(ctx, session, oldSecret, newSecret)
 }
 
-// Enable traces the "Enable" operation of the wrapped policies.Service.
+// Enable traces the "Enable" operation of the wrapped clients.Service.
 func (tm *tracingMiddleware) Enable(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
 	ctx, span := tm.tracer.Start(ctx, "svc_enable_client", trace.WithAttributes(attribute.String("id", id)))
 	defer span.End()
@@ -87,7 +87,7 @@ func (tm *tracingMiddleware) Enable(ctx context.Context, session authn.Session,
 	return tm.svc.Enable(ctx, session, id)
 }
 
-// Disable traces the "Disable" operation of the wrapped policies.Service.
+// Disable traces the "Disable" operation of the wrapped clients.Service.
 func (tm *tracingMiddleware) Disable(ctx context.Context, session authn.Session, id string) (clients.Client, error) {
 	ctx, span := tm.tracer.Start(ctx, "svc_disable_client", trace.WithAttributes(attribute.String("id", id)))
 	defer span.End()
@@ -95,7 +95,7 @@ func (tm *tracingMiddleware) Disable(ctx context.Context, session authn.Session,
 	return tm.svc.Disable(ctx, session, id)
 }
 
-// Delete traces the "Delete" operation of the wrapped things.Service.
+// Delete traces the "Delete" operation of the wrapped clients.Service.
 func (tm *tracingMiddleware) Delete(ctx context.Context, session authn.Session, id string) error {
 	ctx, span := tm.tracer.Start(ctx, "delete_client", trace.WithAttributes(attribute.String("id", id)))
 	defer span.End()
diff --git a/cmd/bootstrap/main.go b/cmd/bootstrap/main.go
index 863a1dd3b3..d468d68baf 100644
--- a/cmd/bootstrap/main.go
+++ b/cmd/bootstrap/main.go
@@ -165,7 +165,7 @@ func main() {
 		return
 	}
 
-	if err = subscribeToThingsES(ctx, svc, cfg, logger); err != nil {
+	if err = subscribeToClientsES(ctx, svc, cfg, logger); err != nil {
 		logger.Error(fmt.Sprintf("failed to subscribe to clients event store: %s", err))
 		exitCode = 1
 		return
@@ -228,7 +228,7 @@ func newService(ctx context.Context, authz mgauthz.Authorization, policySvc poli
 	return svc, nil
 }
 
-func subscribeToThingsES(ctx context.Context, svc bootstrap.Service, cfg config, logger *slog.Logger) error {
+func subscribeToClientsES(ctx context.Context, svc bootstrap.Service, cfg config, logger *slog.Logger) error {
 	subscriber, err := store.NewSubscriber(ctx, cfg.ESURL, logger)
 	if err != nil {
 		return err
diff --git a/cmd/channels/main.go b/cmd/channels/main.go
index 409f360110..776c08e19f 100644
--- a/cmd/channels/main.go
+++ b/cmd/channels/main.go
@@ -105,7 +105,7 @@ func main() {
 		}
 	}
 
-	// Create new database for things
+	// Create new database for clients
 	dbConfig := pgclient.Config{Name: defDB}
 	if err := env.ParseWithOptions(&dbConfig, env.Options{Prefix: envPrefixDB}); err != nil {
 		logger.Error(err.Error())
@@ -184,7 +184,7 @@ func main() {
 		return
 	}
 	defer clientsHandler.Close()
-	logger.Info("Things gRPC client successfully connected to clients gRPC server " + clientsHandler.Secure())
+	logger.Info("Clients gRPC client successfully connected to clients gRPC server " + clientsHandler.Secure())
 
 	groupsgRPCCfg := grpcclient.Config{}
 	if err := env.ParseWithOptions(&groupsgRPCCfg, env.Options{Prefix: envPrefixGroups}); err != nil {
diff --git a/cmd/clients/main.go b/cmd/clients/main.go
index 4fd84eed7a..39a2798dd3 100644
--- a/cmd/clients/main.go
+++ b/cmd/clients/main.go
@@ -22,7 +22,7 @@ import (
 	"github.com/absmach/magistrala/clients/events"
 	"github.com/absmach/magistrala/clients/middleware"
 	"github.com/absmach/magistrala/clients/postgres"
-	pThings "github.com/absmach/magistrala/clients/private"
+	pClients "github.com/absmach/magistrala/clients/private"
 	"github.com/absmach/magistrala/clients/tracing"
 	redisclient "github.com/absmach/magistrala/internal/clients/redis"
 	grpcChannelsV1 "github.com/absmach/magistrala/internal/grpc/channels/v1"
@@ -113,7 +113,7 @@ func main() {
 		}
 	}
 
-	// Create new database for things
+	// Create new database for clients
 	dbConfig := pgclient.Config{Name: defDB}
 	if err := env.ParseWithOptions(&dbConfig, env.Options{Prefix: envPrefixDB}); err != nil {
 		logger.Error(err.Error())
@@ -241,11 +241,11 @@ func main() {
 		return
 	}
 
-	registerThingsServer := func(srv *grpc.Server) {
+	registerClientsServer := func(srv *grpc.Server) {
 		reflection.Register(srv)
 		grpcClientsV1.RegisterClientsServiceServer(srv, grpcapi.NewServer(psvc))
 	}
-	gs := grpcserver.NewServer(ctx, cancel, svcName, grpcServerConfig, registerThingsServer, logger)
+	gs := grpcserver.NewServer(ctx, cancel, svcName, grpcServerConfig, registerClientsServer, logger)
 
 	if cfg.SendTelemetry {
 		chc := chclient.New(svcName, magistrala.Version, logger, cancel)
@@ -270,7 +270,7 @@ func main() {
 	}
 }
 
-func newService(ctx context.Context, db *sqlx.DB, dbConfig pgclient.Config, authz mgauthz.Authorization, pe policies.Evaluator, ps policies.Service, cacheClient *redis.Client, keyDuration time.Duration, esURL string, channels grpcChannelsV1.ChannelsServiceClient, groups grpcGroupsV1.GroupsServiceClient, tracer trace.Tracer, logger *slog.Logger) (clients.Service, pThings.Service, error) {
+func newService(ctx context.Context, db *sqlx.DB, dbConfig pgclient.Config, authz mgauthz.Authorization, pe policies.Evaluator, ps policies.Service, cacheClient *redis.Client, keyDuration time.Duration, esURL string, channels grpcChannelsV1.ChannelsServiceClient, groups grpcGroupsV1.GroupsServiceClient, tracer trace.Tracer, logger *slog.Logger) (clients.Service, pClients.Service, error) {
 	database := pg.NewDatabase(db, dbConfig, tracer)
 	repo := postgres.NewRepository(database)
 
@@ -305,7 +305,7 @@ func newService(ctx context.Context, db *sqlx.DB, dbConfig pgclient.Config, auth
 	}
 	csvc = middleware.LoggingMiddleware(csvc, logger)
 
-	isvc := pThings.New(repo, cache, pe, ps)
+	isvc := pClients.New(repo, cache, pe, ps)
 
 	return csvc, isvc, err
 }
diff --git a/cmd/coap/main.go b/cmd/coap/main.go
index 255983d9de..15b916cf94 100644
--- a/cmd/coap/main.go
+++ b/cmd/coap/main.go
@@ -34,7 +34,7 @@ const (
 	svcName           = "coap_adapter"
 	envPrefix         = "MG_COAP_ADAPTER_"
 	envPrefixHTTP     = "MG_COAP_ADAPTER_HTTP_"
-	envPrefixThings   = "MG_CLIENTS_AUTH_GRPC_"
+	envPrefixClients   = "MG_CLIENTS_AUTH_GRPC_"
 	envPrefixChannels = "MG_CHANNELS_GRPC_"
 	defSvcHTTPPort    = "5683"
 	defSvcCoAPPort    = "5683"
@@ -88,22 +88,22 @@ func main() {
 		return
 	}
 
-	thingsClientCfg := grpcclient.Config{}
-	if err := env.ParseWithOptions(&thingsClientCfg, env.Options{Prefix: envPrefixThings}); err != nil {
+	clientsClientCfg := grpcclient.Config{}
+	if err := env.ParseWithOptions(&clientsClientCfg, env.Options{Prefix: envPrefixClients}); err != nil {
 		logger.Error(fmt.Sprintf("failed to load %s auth configuration : %s", svcName, err))
 		exitCode = 1
 		return
 	}
 
-	thingsClient, thingsHandler, err := grpcclient.SetupClientsClient(ctx, thingsClientCfg)
+	clientsClient, clientsHandler, err := grpcclient.SetupClientsClient(ctx, clientsClientCfg)
 	if err != nil {
 		logger.Error(err.Error())
 		exitCode = 1
 		return
 	}
-	defer thingsHandler.Close()
+	defer clientsHandler.Close()
 
-	logger.Info("Things service gRPC client successfully connected to clients gRPC server " + thingsHandler.Secure())
+	logger.Info("Clients service gRPC client successfully connected to clients gRPC server " + clientsHandler.Secure())
 
 	channelsClientCfg := grpcclient.Config{}
 	if err := env.ParseWithOptions(&channelsClientCfg, env.Options{Prefix: envPrefixChannels}); err != nil {
@@ -143,7 +143,7 @@ func main() {
 	defer nps.Close()
 	nps = brokerstracing.NewPubSub(coapServerConfig, tracer, nps)
 
-	svc := coap.New(thingsClient, channelsClient, nps)
+	svc := coap.New(clientsClient, channelsClient, nps)
 
 	svc = tracing.New(tracer, svc)
 
diff --git a/cmd/groups/main.go b/cmd/groups/main.go
index a12e5db35b..0a4f4d8fe7 100644
--- a/cmd/groups/main.go
+++ b/cmd/groups/main.go
@@ -62,7 +62,7 @@ const (
 	envPrefixAuth     = "MG_AUTH_GRPC_"
 	envPrefixDomains  = "MG_DOMAINS_GRPC_"
 	envPrefixChannels = "MG_CHANNELS_GRPC_"
-	envPrefixThings   = "MG_CLIENTS_AUTH_GRPC_"
+	envPrefixClients   = "MG_CLIENTS_AUTH_GRPC_"
 	defDB             = "groups"
 	defSvcHTTPPort    = "9004"
 	defSvcgRPCPort    = "7004"
@@ -187,21 +187,21 @@ func main() {
 	logger.Info("Groups gRPC client successfully connected to channels gRPC server " + channelsHandler.Secure())
 
 	thgrpcCfg := grpcclient.Config{}
-	if err := env.ParseWithOptions(&thgrpcCfg, env.Options{Prefix: envPrefixThings}); err != nil {
+	if err := env.ParseWithOptions(&thgrpcCfg, env.Options{Prefix: envPrefixClients}); err != nil {
 		logger.Error(fmt.Sprintf("failed to load clients gRPC client configuration : %s", err))
 		exitCode = 1
 		return
 	}
-	thingsClient, thingsHandler, err := grpcclient.SetupClientsClient(ctx, thgrpcCfg)
+	clientsClient, clientsHandler, err := grpcclient.SetupClientsClient(ctx, thgrpcCfg)
 	if err != nil {
 		logger.Error(fmt.Sprintf("failed to connect to clients gRPC server: %s", err))
 		exitCode = 1
 		return
 	}
-	defer thingsHandler.Close()
-	logger.Info("Things gRPC client successfully connected to clients gRPC server " + thingsHandler.Secure())
+	defer clientsHandler.Close()
+	logger.Info("Clients gRPC client successfully connected to clients gRPC server " + clientsHandler.Secure())
 
-	svc, psvc, err := newService(ctx, authz, policyService, db, dbConfig, channelsClient, thingsClient, tracer, logger, cfg)
+	svc, psvc, err := newService(ctx, authz, policyService, db, dbConfig, channelsClient, clientsClient, tracer, logger, cfg)
 	if err != nil {
 		logger.Error(fmt.Sprintf("failed to setup service: %s", err))
 		exitCode = 1
diff --git a/cmd/http/main.go b/cmd/http/main.go
index 85e1dc11fb..57f5d89ff4 100644
--- a/cmd/http/main.go
+++ b/cmd/http/main.go
@@ -44,7 +44,7 @@ import (
 const (
 	svcName           = "http_adapter"
 	envPrefix         = "MG_HTTP_ADAPTER_"
-	envPrefixThings   = "MG_CLIENTS_AUTH_GRPC_"
+	envPrefixClients   = "MG_CLIENTS_AUTH_GRPC_"
 	envPrefixChannels = "MG_CHANNELS_GRPC_"
 	envPrefixAuth     = "MG_AUTH_GRPC_"
 	defSvcHTTPPort    = "80"
@@ -93,21 +93,21 @@ func main() {
 		return
 	}
 
-	thingsClientCfg := grpcclient.Config{}
-	if err := env.ParseWithOptions(&thingsClientCfg, env.Options{Prefix: envPrefixThings}); err != nil {
+	clientsClientCfg := grpcclient.Config{}
+	if err := env.ParseWithOptions(&clientsClientCfg, env.Options{Prefix: envPrefixClients}); err != nil {
 		logger.Error(fmt.Sprintf("failed to load clients gRPC client configuration : %s", err))
 		exitCode = 1
 		return
 	}
 
-	clientsClient, thingsHandler, err := grpcclient.SetupClientsClient(ctx, thingsClientCfg)
+	clientsClient, clientsHandler, err := grpcclient.SetupClientsClient(ctx, clientsClientCfg)
 	if err != nil {
 		logger.Error(err.Error())
 		exitCode = 1
 		return
 	}
-	defer thingsHandler.Close()
-	logger.Info("Things service gRPC client successfully connected to clients gRPC server " + thingsHandler.Secure())
+	defer clientsHandler.Close()
+	logger.Info("Clients service gRPC client successfully connected to clients gRPC server " + clientsHandler.Secure())
 
 	channelsClientCfg := grpcclient.Config{}
 	if err := env.ParseWithOptions(&channelsClientCfg, env.Options{Prefix: envPrefixChannels}); err != nil {
diff --git a/cmd/mqtt/main.go b/cmd/mqtt/main.go
index 362c4eb251..911d525da6 100644
--- a/cmd/mqtt/main.go
+++ b/cmd/mqtt/main.go
@@ -43,7 +43,7 @@ import (
 
 const (
 	svcName           = "mqtt"
-	envPrefixThings   = "MG_CLIENTS_AUTH_GRPC_"
+	envPrefixClients   = "MG_CLIENTS_AUTH_GRPC_"
 	envPrefixChannels = "MG_CHANNELS_GRPC_"
 	wsPathPrefix      = "/mqtt"
 )
@@ -166,21 +166,21 @@ func main() {
 		return
 	}
 
-	thingsClientCfg := grpcclient.Config{}
-	if err := env.ParseWithOptions(&thingsClientCfg, env.Options{Prefix: envPrefixThings}); err != nil {
+	clientsClientCfg := grpcclient.Config{}
+	if err := env.ParseWithOptions(&clientsClientCfg, env.Options{Prefix: envPrefixClients}); err != nil {
 		logger.Error(fmt.Sprintf("failed to load %s auth configuration : %s", svcName, err))
 		exitCode = 1
 		return
 	}
 
-	thingsClient, thingsHandler, err := grpcclient.SetupClientsClient(ctx, thingsClientCfg)
+	clientsClient, clientsHandler, err := grpcclient.SetupClientsClient(ctx, clientsClientCfg)
 	if err != nil {
 		logger.Error(err.Error())
 		exitCode = 1
 		return
 	}
-	defer thingsHandler.Close()
-	logger.Info("Things service gRPC client successfully connected to clients gRPC server " + thingsHandler.Secure())
+	defer clientsHandler.Close()
+	logger.Info("Clients service gRPC client successfully connected to clients gRPC server " + clientsHandler.Secure())
 
 	channelsClientCfg := grpcclient.Config{}
 	if err := env.ParseWithOptions(&channelsClientCfg, env.Options{Prefix: envPrefixChannels}); err != nil {
@@ -198,7 +198,7 @@ func main() {
 	defer channelsHandler.Close()
 	logger.Info("Channels service gRPC client successfully connected to channels gRPC server " + channelsHandler.Secure())
 
-	h := mqtt.NewHandler(np, es, logger, thingsClient, channelsClient)
+	h := mqtt.NewHandler(np, es, logger, clientsClient, channelsClient)
 	h = handler.NewTracing(tracer, h)
 
 	if cfg.SendTelemetry {
diff --git a/cmd/postgres-reader/main.go b/cmd/postgres-reader/main.go
index 0e12973f4b..7f4d445748 100644
--- a/cmd/postgres-reader/main.go
+++ b/cmd/postgres-reader/main.go
@@ -34,7 +34,7 @@ const (
 	envPrefixDB       = "MG_POSTGRES_"
 	envPrefixHTTP     = "MG_POSTGRES_READER_HTTP_"
 	envPrefixAuth     = "MG_AUTH_GRPC_"
-	envPrefixThings   = "MG_CLIENTS_AUTH_GRPC_"
+	envPrefixClients   = "MG_CLIENTS_AUTH_GRPC_"
 	envPrefixChannels = "MG_CHANNELS_GRPC_"
 	defDB             = "magistrala"
 	defSvcHTTPPort    = "9009"
@@ -85,21 +85,21 @@ func main() {
 	}
 	defer db.Close()
 
-	thingsClientCfg := grpcclient.Config{}
-	if err := env.ParseWithOptions(&thingsClientCfg, env.Options{Prefix: envPrefixThings}); err != nil {
+	clientsClientCfg := grpcclient.Config{}
+	if err := env.ParseWithOptions(&clientsClientCfg, env.Options{Prefix: envPrefixClients}); err != nil {
 		logger.Error(fmt.Sprintf("failed to load clients gRPC client configuration : %s", err))
 		exitCode = 1
 		return
 	}
 
-	thingsClient, thingsHandler, err := grpcclient.SetupClientsClient(ctx, thingsClientCfg)
+	clientsClient, clientsHandler, err := grpcclient.SetupClientsClient(ctx, clientsClientCfg)
 	if err != nil {
 		logger.Error(err.Error())
 		exitCode = 1
 		return
 	}
-	defer thingsHandler.Close()
-	logger.Info("Things service gRPC client successfully connected to clients gRPC server " + thingsHandler.Secure())
+	defer clientsHandler.Close()
+	logger.Info("Clients service gRPC client successfully connected to clients gRPC server " + clientsHandler.Secure())
 
 	channelsClientCfg := grpcclient.Config{}
 	if err := env.ParseWithOptions(&channelsClientCfg, env.Options{Prefix: envPrefixChannels}); err != nil {
@@ -141,7 +141,7 @@ func main() {
 		exitCode = 1
 		return
 	}
-	hs := httpserver.NewServer(ctx, cancel, svcName, httpServerConfig, api.MakeHandler(repo, authn, thingsClient, channelsClient, svcName, cfg.InstanceID), logger)
+	hs := httpserver.NewServer(ctx, cancel, svcName, httpServerConfig, api.MakeHandler(repo, authn, clientsClient, channelsClient, svcName, cfg.InstanceID), logger)
 
 	if cfg.SendTelemetry {
 		chc := chclient.New(svcName, magistrala.Version, logger, cancel)
diff --git a/cmd/timescale-reader/main.go b/cmd/timescale-reader/main.go
index 4383aef9e8..9ba402d137 100644
--- a/cmd/timescale-reader/main.go
+++ b/cmd/timescale-reader/main.go
@@ -34,7 +34,7 @@ const (
 	envPrefixDB       = "MG_TIMESCALE_"
 	envPrefixHTTP     = "MG_TIMESCALE_READER_HTTP_"
 	envPrefixAuth     = "MG_AUTH_GRPC_"
-	envPrefixThings   = "MG_CLIENTS_AUTH_GRPC_"
+	envPrefixClients   = "MG_CLIENTS_AUTH_GRPC_"
 	envPrefixChannels = "MG_CHANNELS_GRPC_"
 	defDB             = "messages"
 	defSvcHTTPPort    = "9011"
@@ -85,22 +85,22 @@ func main() {
 
 	repo := newService(db, logger)
 
-	thingsClientCfg := grpcclient.Config{}
-	if err := env.ParseWithOptions(&thingsClientCfg, env.Options{Prefix: envPrefixThings}); err != nil {
+	clientsClientCfg := grpcclient.Config{}
+	if err := env.ParseWithOptions(&clientsClientCfg, env.Options{Prefix: envPrefixClients}); err != nil {
 		logger.Error(fmt.Sprintf("failed to load %s auth configuration : %s", svcName, err))
 		exitCode = 1
 		return
 	}
 
-	thingsClient, thingsHandler, err := grpcclient.SetupClientsClient(ctx, thingsClientCfg)
+	clientsClient, clientsHandler, err := grpcclient.SetupClientsClient(ctx, clientsClientCfg)
 	if err != nil {
 		logger.Error(err.Error())
 		exitCode = 1
 		return
 	}
-	defer thingsHandler.Close()
+	defer clientsHandler.Close()
 
-	logger.Info("ThingsService gRPC client successfully connected to clients gRPC server " + thingsHandler.Secure())
+	logger.Info("ClientsService gRPC client successfully connected to clients gRPC server " + clientsHandler.Secure())
 
 	channelsClientCfg := grpcclient.Config{}
 	if err := env.ParseWithOptions(&channelsClientCfg, env.Options{Prefix: envPrefixChannels}); err != nil {
@@ -140,7 +140,7 @@ func main() {
 		exitCode = 1
 		return
 	}
-	hs := httpserver.NewServer(ctx, cancel, svcName, httpServerConfig, api.MakeHandler(repo, authn, thingsClient, channelsClient, svcName, cfg.InstanceID), logger)
+	hs := httpserver.NewServer(ctx, cancel, svcName, httpServerConfig, api.MakeHandler(repo, authn, clientsClient, channelsClient, svcName, cfg.InstanceID), logger)
 
 	if cfg.SendTelemetry {
 		chc := chclient.New(svcName, magistrala.Version, logger, cancel)
diff --git a/cmd/ws/main.go b/cmd/ws/main.go
index 87475fed6f..3f2827b25a 100644
--- a/cmd/ws/main.go
+++ b/cmd/ws/main.go
@@ -94,22 +94,22 @@ func main() {
 		Host: targetWSHost,
 	}
 
-	thingsClientCfg := grpcclient.Config{}
-	if err := env.ParseWithOptions(&thingsClientCfg, env.Options{Prefix: envPrefixClients}); err != nil {
+	clientsClientCfg := grpcclient.Config{}
+	if err := env.ParseWithOptions(&clientsClientCfg, env.Options{Prefix: envPrefixClients}); err != nil {
 		logger.Error(fmt.Sprintf("failed to load %s auth configuration : %s", svcName, err))
 		exitCode = 1
 		return
 	}
 
-	thingsClient, thingsHandler, err := grpcclient.SetupClientsClient(ctx, thingsClientCfg)
+	clientsClient, clientsHandler, err := grpcclient.SetupClientsClient(ctx, clientsClientCfg)
 	if err != nil {
 		logger.Error(err.Error())
 		exitCode = 1
 		return
 	}
-	defer thingsHandler.Close()
+	defer clientsHandler.Close()
 
-	logger.Info("Things service gRPC client successfully connected to clients gRPC server " + thingsHandler.Secure())
+	logger.Info("Clients service gRPC client successfully connected to clients gRPC server " + clientsHandler.Secure())
 
 	channelsClientCfg := grpcclient.Config{}
 	if err := env.ParseWithOptions(&channelsClientCfg, env.Options{Prefix: envPrefixChannels}); err != nil {
@@ -165,7 +165,7 @@ func main() {
 	defer nps.Close()
 	nps = brokerstracing.NewPubSub(targetServerConfig, tracer, nps)
 
-	svc := newService(thingsClient, channelsClient, nps, logger, tracer)
+	svc := newService(clientsClient, channelsClient, nps, logger, tracer)
 
 	hs := httpserver.NewServer(ctx, cancel, svcName, targetServerConfig, api.MakeHandler(ctx, svc, logger, cfg.InstanceID), logger)
 
@@ -178,7 +178,7 @@ func main() {
 		g.Go(func() error {
 			return hs.Start()
 		})
-		handler := ws.NewHandler(nps, logger, authn, thingsClient, channelsClient)
+		handler := ws.NewHandler(nps, logger, authn, clientsClient, channelsClient)
 		return proxyWS(ctx, httpServerConfig, targetServerConfig, logger, handler)
 	})
 
@@ -191,8 +191,8 @@ func main() {
 	}
 }
 
-func newService(thingsClient grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.ChannelsServiceClient, nps messaging.PubSub, logger *slog.Logger, tracer trace.Tracer) ws.Service {
-	svc := ws.New(thingsClient, channels, nps)
+func newService(clientsClient grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.ChannelsServiceClient, nps messaging.PubSub, logger *slog.Logger, tracer trace.Tracer) ws.Service {
+	svc := ws.New(clientsClient, channels, nps)
 	svc = tracing.New(tracer, svc)
 	svc = api.LoggingMiddleware(svc, logger)
 	counter, latency := prometheus.MakeMetrics("ws_adapter", "api")
diff --git a/coap/README.md b/coap/README.md
index 5cfbb64401..5eb4c37c38 100644
--- a/coap/README.md
+++ b/coap/README.md
@@ -76,5 +76,5 @@ Setting `MG_CLIENTS_AUTH_GRPC_CLIENT_CERT` and `MG_CLIENTS_AUTH_GRPC_CLIENT_KEY`
 
 ## Usage
 
-If CoAP adapter is running locally (on default 5683 port), a valid URL would be: `coap://localhost/channels/<channel_id>/messages?auth=<thing_auth_key>`.
-Since CoAP protocol does not support `Authorization` header (option) and options have limited size, in order to send CoAP messages, valid `auth` value (a valid Thing key) must be present in `Uri-Query` option.
+If CoAP adapter is running locally (on default 5683 port), a valid URL would be: `coap://localhost/channels/<channel_id>/messages?auth=<client_auth_key>`.
+Since CoAP protocol does not support `Authorization` header (option) and options have limited size, in order to send CoAP messages, valid `auth` value (a valid Client key) must be present in `Uri-Query` option.
diff --git a/coap/adapter.go b/coap/adapter.go
index 28f17d3c74..808f2031a7 100644
--- a/coap/adapter.go
+++ b/coap/adapter.go
@@ -44,15 +44,15 @@ var _ Service = (*adapterService)(nil)
 
 // Observers is a map of maps,.
 type adapterService struct {
-	things   grpcClientsV1.ClientsServiceClient
+	clients   grpcClientsV1.ClientsServiceClient
 	channels grpcChannelsV1.ChannelsServiceClient
 	pubsub   messaging.PubSub
 }
 
 // New instantiates the CoAP adapter implementation.
-func New(things grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.ChannelsServiceClient, pubsub messaging.PubSub) Service {
+func New(clients grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.ChannelsServiceClient, pubsub messaging.PubSub) Service {
 	as := &adapterService{
-		things:   things,
+		clients:   clients,
 		channels: channels,
 		pubsub:   pubsub,
 	}
@@ -61,7 +61,7 @@ func New(things grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.Chan
 }
 
 func (svc *adapterService) Publish(ctx context.Context, key string, msg *messaging.Message) error {
-	authnRes, err := svc.things.Authenticate(ctx, &grpcClientsV1.AuthnReq{
+	authnRes, err := svc.clients.Authenticate(ctx, &grpcClientsV1.AuthnReq{
 		ClientSecret: key,
 	})
 	if err != nil {
@@ -90,7 +90,7 @@ func (svc *adapterService) Publish(ctx context.Context, key string, msg *messagi
 }
 
 func (svc *adapterService) Subscribe(ctx context.Context, key, chanID, subtopic string, c Client) error {
-	authnRes, err := svc.things.Authenticate(ctx, &grpcClientsV1.AuthnReq{
+	authnRes, err := svc.clients.Authenticate(ctx, &grpcClientsV1.AuthnReq{
 		ClientSecret: key,
 	})
 	if err != nil {
@@ -100,9 +100,9 @@ func (svc *adapterService) Subscribe(ctx context.Context, key, chanID, subtopic
 		return svcerr.ErrAuthentication
 	}
 
-	thingID := authnRes.GetId()
+	clientID := authnRes.GetId()
 	authzRes, err := svc.channels.Authorize(ctx, &grpcChannelsV1.AuthzReq{
-		ClientId:   thingID,
+		ClientId:   clientID,
 		ClientType: policies.ClientType,
 		Type:       uint32(connections.Subscribe),
 		ChannelId:  chanID,
@@ -119,7 +119,7 @@ func (svc *adapterService) Subscribe(ctx context.Context, key, chanID, subtopic
 		subject = fmt.Sprintf("%s.%s", subject, subtopic)
 	}
 
-	authzc := newAuthzClient(thingID, chanID, subtopic, svc.channels, c)
+	authzc := newAuthzClient(clientID, chanID, subtopic, svc.channels, c)
 	subCfg := messaging.SubscriberConfig{
 		ID:      c.Token(),
 		Topic:   subject,
@@ -129,7 +129,7 @@ func (svc *adapterService) Subscribe(ctx context.Context, key, chanID, subtopic
 }
 
 func (svc *adapterService) Unsubscribe(ctx context.Context, key, chanID, subtopic, token string) error {
-	authnRes, err := svc.things.Authenticate(ctx, &grpcClientsV1.AuthnReq{
+	authnRes, err := svc.clients.Authenticate(ctx, &grpcClientsV1.AuthnReq{
 		ClientSecret: key,
 	})
 	if err != nil {
@@ -179,19 +179,19 @@ type authzClient interface {
 }
 
 type ac struct {
-	thingID   string
+	clientID   string
 	channelID string
 	subTopic  string
 	channels  grpcChannelsV1.ChannelsServiceClient
 	client    Client
 }
 
-func newAuthzClient(thingID, channelID, subTopic string, channels grpcChannelsV1.ChannelsServiceClient, client Client) authzClient {
-	return ac{thingID, channelID, subTopic, channels, client}
+func newAuthzClient(clientID, channelID, subTopic string, channels grpcChannelsV1.ChannelsServiceClient, client Client) authzClient {
+	return ac{clientID, channelID, subTopic, channels, client}
 }
 
 func (a ac) Handle(m *messaging.Message) error {
-	res, err := a.channels.Authorize(context.Background(), &grpcChannelsV1.AuthzReq{ClientId: a.thingID, ClientType: policies.ClientType, ChannelId: a.channelID, Type: uint32(connections.Subscribe)})
+	res, err := a.channels.Authorize(context.Background(), &grpcChannelsV1.AuthzReq{ClientId: a.clientID, ClientType: policies.ClientType, ChannelId: a.channelID, Type: uint32(connections.Subscribe)})
 	if err != nil {
 		if disErr := a.Cancel(); disErr != nil {
 			return errors.Wrap(err, errors.Wrap(errFailedToDisconnectClient, disErr))
diff --git a/docker/addons/postgres-reader/docker-compose.yml b/docker/addons/postgres-reader/docker-compose.yml
index 9cb6fa1d75..7895047caf 100644
--- a/docker/addons/postgres-reader/docker-compose.yml
+++ b/docker/addons/postgres-reader/docker-compose.yml
@@ -67,7 +67,7 @@ services:
         target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
         bind:
           create_host_path: true
-      # Things gRPC mTLS client certificates
+      # Clients gRPC mTLS client certificates
       - type: bind
         source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
         target: /clients-grpc-client${MG_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt}
diff --git a/docker/addons/prometheus/grafana/example-dashboard.json b/docker/addons/prometheus/grafana/example-dashboard.json
index d24c71c05c..63411e2963 100644
--- a/docker/addons/prometheus/grafana/example-dashboard.json
+++ b/docker/addons/prometheus/grafana/example-dashboard.json
@@ -559,7 +559,7 @@
           },
           "editorMode": "code",
           "exemplar": false,
-          "expr": "label_replace(label_replace(label_replace(things_api_request_latency_microseconds, \"quantile\", \"50th percentile\", \"quantile\", \"0.5\"), \"quantile\", \"90th percentile\", \"quantile\", \"0.9\"), \"quantile\", \"99th percentile\", \"quantile\", \"0.99\")",
+          "expr": "label_replace(label_replace(label_replace(clients_api_request_latency_microseconds, \"quantile\", \"50th percentile\", \"quantile\", \"0.5\"), \"quantile\", \"90th percentile\", \"quantile\", \"0.9\"), \"quantile\", \"99th percentile\", \"quantile\", \"0.99\")",
           "format": "time_series",
           "instant": false,
           "interval": "",
diff --git a/docker/addons/provision/configs/config.toml b/docker/addons/provision/configs/config.toml
index a6251e97b5..70e3114951 100644
--- a/docker/addons/provision/configs/config.toml
+++ b/docker/addons/provision/configs/config.toml
@@ -19,13 +19,13 @@
     [bootstrap.content.agent.server]
       nats_url = "localhost:4222"
       port = "9000"
-  
+
     [bootstrap.content.agent.heartbeat]
       interval = "30s"
-  
+
     [bootstrap.content.agent.terminal]
       session_timeout = "30s"
-    
+
 
     [bootstrap.content.export.exp]
       log_level = "debug"
@@ -37,12 +37,12 @@
 
     [bootstrap.content.export.mqtt]
       ca_path = "ca.crt"
-      cert_path = "thing.crt"
+      cert_path = "client.crt"
       channel = ""
       host = "tcp://localhost:1883"
       mtls = false
       password = ""
-      priv_key_path = "thing.key"
+      priv_key_path = "client.key"
       qos = 0
       retain = false
       skip_tls_ver = false
@@ -55,10 +55,10 @@
       type = "plain"
       workers = 10
 
-[[things]]
+[[clients]]
   name = "client"
 
-  [things.metadata]
+  [clients.metadata]
     external_id = "xxxxxx"
 
 [[channels]]
diff --git a/docker/addons/timescale-reader/docker-compose.yml b/docker/addons/timescale-reader/docker-compose.yml
index 50e47885a7..11c0beca6b 100644
--- a/docker/addons/timescale-reader/docker-compose.yml
+++ b/docker/addons/timescale-reader/docker-compose.yml
@@ -67,7 +67,7 @@ services:
         target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
         bind:
           create_host_path: true
-      # Things gRPC mTLS client certificates
+      # Clients gRPC mTLS client certificates
       - type: bind
         source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
         target: /clients-grpc-client${MG_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt}
diff --git a/docker/addons/vault/README.md b/docker/addons/vault/README.md
index 6f2b58fb23..59e45ab60b 100644
--- a/docker/addons/vault/README.md
+++ b/docker/addons/vault/README.md
@@ -28,7 +28,7 @@ When the Vault service is started, some initialization steps need to be done to
 | MG_VAULT_PKI_CLUSTER_AIA_PATH           | Vault Root CA Cluster AIA Path                                                | http://localhost                      |
 | MG_VAULT_PKI_INT_PATH                   | Vault secrets engine path for Intermediate CA                                 | pki_int                               |
 | MG_VAULT_PKI_INT_SERVER_CERTS_ROLE_NAME | Vault Intermediate CA role name to issue server certificate                   | magistrala_server_certs               |
-| MG_VAULT_PKI_INT_CLIENTS_CERTS_ROLE_NAME | Vault Intermediate CA role name to issue Things certificates                  | magistrala_clients_certs               |
+| MG_VAULT_PKI_INT_CLIENTS_CERTS_ROLE_NAME | Vault Intermediate CA role name to issue Clients certificates                  | magistrala_clients_certs               |
 | MG_VAULT_PKI_INT_FILE_NAME              | Intermediate CA Certificates name used by`vault_set_pki.sh`                   | mg_root                               |
 | MG_VAULT_PKI_INT_CA_CN                  | Common name used for Intermediate CA creation by`vault_set_pki.sh`            | Magistrala Root Certificate Authority |
 | MG_VAULT_PKI_INT_CA_OU                  | Organization unit used for Root CA creation by`vault_set_pki.sh`              | Magistrala                            |
@@ -40,8 +40,8 @@ When the Vault service is started, some initialization steps need to be done to
 | MG_VAULT_PKI_INT_CA_PO                  | Postal code used for Intermediate CA creation by`vault_set_pki.sh`            | 75007                                 |
 | MG_VAULT_PKI_INT_CLUSTER_PATH           | Vault Intermediate CA Cluster Path                                            | http://localhost                      |
 | MG_VAULT_PKI_INT_CLUSTER_AIA_PATH       | Vault Intermediate CA Cluster AIA Path                                        | http://localhost                      |
-| MG_VAULT_CLIENTS_CERTS_ISSUER_ROLEID     | Vault Intermediate CA Things Certificate issuer AppRole authentication RoleID | magistrala                            |
-| MG_VAULT_CLIENTS_CERTS_ISSUER_SECRET     | Vault Intermediate CA Things Certificate issuer AppRole authentication Secret | magistrala                            |
+| MG_VAULT_CLIENTS_CERTS_ISSUER_ROLEID     | Vault Intermediate CA Clients Certificate issuer AppRole authentication RoleID | magistrala                            |
+| MG_VAULT_CLIENTS_CERTS_ISSUER_SECRET     | Vault Intermediate CA Clients Certificate issuer AppRole authentication Secret | magistrala                            |
 
 ## Setup
 
diff --git a/docker/addons/vault/scripts/vault_set_pki.sh b/docker/addons/vault/scripts/vault_set_pki.sh
index 595d37aa9d..7d289bb056 100755
--- a/docker/addons/vault/scripts/vault_set_pki.sh
+++ b/docker/addons/vault/scripts/vault_set_pki.sh
@@ -204,8 +204,8 @@ vaultGenerateServerCertificate() {
     fi
 }
 
-vaultSetupThingCertsRole() {
-    echo "Setup Thing Certs role"
+vaultSetupClientCertsRole() {
+    echo "Setup Client Certs role"
     vault write -namespace=${MG_VAULT_NAMESPACE} -address=${MG_VAULT_ADDR} ${MG_VAULT_PKI_INT_PATH}/roles/${MG_VAULT_PKI_INT_CLIENTS_CERTS_ROLE_NAME} \
         allow_subdomains=true \
         allow_any_name=true \
@@ -245,7 +245,7 @@ vaultGenerateIntermediateCertificateBundle
 vaultSetupIntermediateIssuingURLs
 vaultSetupServerCertsRole
 vaultGenerateServerCertificate
-vaultSetupThingCertsRole
+vaultSetupClientCertsRole
 vaultCleanupFiles
 
 exit 0
diff --git a/docker/docker-compose-live.yaml b/docker/docker-compose-live.yaml
index 0751c72dfd..732356bca8 100644
--- a/docker/docker-compose-live.yaml
+++ b/docker/docker-compose-live.yaml
@@ -48,8 +48,8 @@ services:
       - $GOPATH/pkg/mod/cache:/go/pkg/mod/cache
     working_dir: /go/src/github.com/absmach/magistrala
     entrypoint: [ "air",
-                  "--build.cmd", "BUILD_DIR=/tmp make things",
-                  "--build.bin", "/tmp/things",
+                  "--build.cmd", "BUILD_DIR=/tmp make clients",
+                  "--build.bin", "/tmp/clients",
                   "--build.stop_on_error", "true",
                   "--build.send_interrupt", "true",
                   "--build.exclude_dir", ".vscode,.git,.docker,.github,api,build,tools,scripts",
diff --git a/docker/nginx/nginx-key.conf b/docker/nginx/nginx-key.conf
index 8d9b690b7b..76df250c83 100644
--- a/docker/nginx/nginx-key.conf
+++ b/docker/nginx/nginx-key.conf
@@ -79,7 +79,7 @@ http {
         }
 
         # Proxy pass to clients service
-        location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(things)" {
+        location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(clients)" {
             include snippets/proxy-headers.conf;
             add_header Access-Control-Expose-Headers Location;
             proxy_pass http://clients:${MG_CLIENTS_HTTP_PORT};
diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf
index db4924443e..1b2a63e900 100644
--- a/docker/nginx/nginx-x509.conf
+++ b/docker/nginx/nginx-x509.conf
@@ -88,7 +88,7 @@ http {
         }
 
         # Proxy pass to clients service
-        location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(things)" {
+        location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(clients)" {
             include snippets/proxy-headers.conf;
             add_header Access-Control-Expose-Headers Location;
             proxy_pass http://clients:${MG_CLIENTS_HTTP_PORT};
diff --git a/docker/spicedb/schema_V1.zed b/docker/spicedb/schema_V1.zed
deleted file mode 100644
index 8b0f0c23ce..0000000000
--- a/docker/spicedb/schema_V1.zed
+++ /dev/null
@@ -1,193 +0,0 @@
-definition user {}
-
-definition thing {
-	relation administrator: user
-	relation group: group
-	relation domain: domain
-
-	permission admin = administrator + group->admin + domain->admin
-	permission delete = admin
-	permission edit = admin + group->edit + domain->edit
-	permission view = edit + group->view  + domain->view
-	permission share = edit
-
-	// These permission are made for only list purpose. It helps to list users have only particular permission excluding other higher and lower permission.
-	permission admin_only = admin
-	permission edit_only = edit - admin
-	permission view_only = view
-
-	// These permission are made for only list purpose. It helps to list users from external, users who are not in group but have permission on the group through parent group
-	permission ext_admin = admin - administrator // For list of external admin , not having direct relation with group, but have indirect relation from parent group
-}
-
-definition channel {
-	relation administrator: user
-	relation editor: user
-	relation contributor: user
-	relation member: user
-	relation guest: user
-
-	relation publisher: thing | user
-	relation subscriber: thing | user
-	relation publisher_subscriber: thing | user
-
-	relation parent_group: group
-	relation domain: domain
-
-	permission admin =  administrator + parent_group->admin + domain->admin
-	permission delete = admin
-	permission edit = admin + editor + parent_group->edit  + domain->edit
-	permission share = edit
-	permission view = contributor + edit + parent_group->view + domain->view + guest
-	permission membership = view + member
-	permission create = membership - guest
-
-	permission publish = publisher + edit + publisher_subscriber
-	permission subscribe = subscriber + view + publisher_subscriber
-
-	// These permissions are made for listing purposes. They enable listing users who have only particular permission excluding higher-level permissions users.
-	permission admin_only = admin
-	permission edit_only = edit - admin
-	permission view_only = view
-	permission membership_only = membership - view
-
-	// These permission are made for only list purpose. They enable listing users who have only particular permission from parent group excluding higher-level permissions.
-	permission ext_admin = admin - administrator  // For list of external admin , not having direct relation with group, but have indirect relation from parent group
-	permission ext_edit = edit - editor  // For list of external edit , not having direct relation with group, but have indirect relation from parent group
-	permission ext_view = view - contributor  // For list of external view , not having direct relation with group, but have indirect relation from parent group
-}
-
-definition group {
-	relation administrator: user
-	relation editor: user
-	relation contributor: user
-	relation member: user
-	relation guest: user
-
-	relation parent_group: group
-	relation domain: domain
-
-	permission admin =  administrator + parent_group->admin + domain->admin
-	permission delete = admin
-	permission edit = admin + editor + parent_group->edit  + domain->edit
-	permission share = edit
-	permission view = contributor + edit + parent_group->view + domain->view + guest
-	permission membership = view + member
-	permission create = membership - guest
-
-	// These permissions are made for listing purposes. They enable listing users who have only particular permission excluding higher-level permissions users.
-	permission admin_only = admin
-	permission edit_only = edit - admin
-	permission view_only = view
-	permission membership_only = membership - view
-
-	// These permission are made for only list purpose. They enable listing users who have only particular permission from parent group excluding higher-level permissions.
-	permission ext_admin = admin - administrator  // For list of external admin , not having direct relation with group, but have indirect relation from parent group
-	permission ext_edit = edit - editor  // For list of external edit , not having direct relation with group, but have indirect relation from parent group
-	permission ext_view = view - contributor  // For list of external view , not having direct relation with group, but have indirect relation from parent group
-}
-
-definition domain {
-	relation organization: organization
-	relation org_group: organization_group#membership
-
-    // Collaborator can be a user or an organization group member
-	relation collabrator_adminstrator: user | organization_group#membership // collabrator organization group
-	relation collabrator_editor: user | organization_group#membership // collabrator organization group
-	relation collabrator_contributor: user | organization_group#membership // collabrator organization group
-	relation collabrator_member: user | organization_group#membership // collabrator organization group
-	relation collabrator_guest: user | organization_group#membership // collabrator organization group
-
-	permission admin = organization->admin + org_group->admin + collabrator_adminstrator->admin
-	permission edit =  admin + org_group->edit +  collabrator_adminstrator->edit + collabrator_editor->edit
-	permission share = edit
-	permission view = edit + org_group->view +  collabrator_adminstrator->view + collabrator_editor->view + collabrator_guest->view
-	permission membership = view + org_group->membership  +  collabrator_adminstrator->membership + collabrator_editor->membership
-	permission create = membership - org_group->guest  +  collabrator_adminstrator->guest + collabrator_editor->guest
-}
-
-definition organization_group {
-	// users should be withing the organization , user outside the organization could not have thes following relations
-	relation ou_administrator: user
-	relation ou_editor: user
-	relation ou_contributor: user
-	relation ou_delegate: user
-	relation ou_guest: user
-	relation ou_scoped_guest: user
-
-	// Internal organiztion groups
-	relation iog_admininstrator: organization_group#membership
-	relation iog_editor: organization_group#membership
-	relation iog_contributor: organization_group#membership
-	relation iog_delegate: organization_group#membership
-	relation iog_guest: organization_group#membership
-	relation iog_scoped_guest: organization_group#membership
-
-	// An organization_group can have only one organization
-	relation organization: organization
-
-	// External Users relatiuons
-	relation eu_administrator: user
-	relation eu_editor: user
-	relation eu_contributor: user
-	relation eu_delegate: user
-	relation eu_guest: user
-	relation eu_scoped_guest: user
-
-
-	// External organization group
-	relation eog_admininstrator: organization_group#membership
-	relation eog_editor: organization_group#membership
-	relation eog_contributor: organization_group#membership
-	relation eog_delegate: organization_group#membership
-	relation eog_guest: organization_group#membership
-	relation eog_scoped_guest: organization_group#membership
-
-	permission admin = 	organization->admin +
-						ou_administrator + iog_admininstrator->admin +
-						eu_administrator +  eog_admininstrator->admin
-
-	permission edit =  admin + ou_editor + iog_editor->edit +
-						eu_editor + eog_editor->edit +
-						iog_admininstrator->edit + eog_admininstrator->edit
-
-	permission share = edit
-
-	permission contribute = edit + ou_contributor + iog_contributor->contribute +
-							eu_contributor + eog_contributor->contribute +
-							iog_admininstrator->contribute + eog_admininstrator->contribute +
-							iog_editor->contribute + eog_editor->contribute
-
-	permission create = contribute  + ou_delegate + iog_delegate->create +
-							eu_delegate + eog_delegate->create +
-							iog_admininstrator->create + eog_admininstrator->create +
-							iog_editor->create + eog_editor->create +
-							iog_contributor-create + eog_contributor->create
-
-
-	permission view = contribute +  ou_guest + iog_guest->contribute +
-						eu_guest + eog_guest->contribute
-
-	permission membership = create + ou_guest + iog_guest->contribute +
-						eu_guest + eog_guest->contribute +
-						ou_scoped_guest + eu_scoped_guest +
-						iog_scoped_guest->contribute + eog_scoped_guest->contribute
-}
-
-definition organization {
-	relation administrator: user
-	relation member: user
-
-	relation platform: platform
-
-	permission admin = administrator + platform->admin
-	permission membership = admin + member
-}
-
-definition platform {
-  relation administrator: user
-  relation member: user
-
-  permission admin = administrator
-  permission membership = administrator + member
-}
diff --git a/docker/spicedb/schemav2.zed b/docker/spicedb/schemav2.zed
deleted file mode 100644
index cb050d5f42..0000000000
--- a/docker/spicedb/schemav2.zed
+++ /dev/null
@@ -1,176 +0,0 @@
-definition user {}
-
-
-definition thing {
-	relation administrator: user
-
-
-	relation parent_group: group
-
-    relation add_role: role#member
-    relation edit_role: role#member
-    relation delete_role: role#member
-
-	relation update: role#member
-	relation share: role#member
-	relation read: role#member
-	relation delete: role#member
-	relation set_parent: role#member
-	relation connect_to_channel: role#member
-
-	permission admin = administrator
-
-	permission update_perm  =  admin + update + parent_group->update_thing
-	permission share_perm  =  admin + share + parent_group->share_thing
-	permission read_perm  = admin + read + parent_group->read_thing
-	permission delete_perm  = admin + delete + parent_group->delete_thing
-	permission connect_to_channel_perm  = admin + connect_to_channel + parent_group->connect_thing_to_channel
-
-
-}
-
-definition channel {
-	relation administrator: user
-
-
-	relation parent_group: group
-
-    relation add_role: role#member
-    relation edit_role: role#member
-    relation delete_role: role#member
-
-	relation update: role#member
-	relation share: role#member
-	relation read: role#member
-	relation delete: role#member
-	relation set_parent: role#member
-	relation connect_to_thing: role#member
-	relation publish: role#member | thing
-	relation subscribe: role#member | thing
-
-	permission admin = administrator
-
-	permission update_perm  =  admin + update + parent_group->update_thing_permission
-	permission share_perm  =  admin + share + parent_group->update_thing_permission
-	permission read_perm  = admin + read + parent_group->read_thing_permission
-	permission delete_perm  = admin + delete + parent_group->delete_thing_permission
-	permission connect_to_channel_perm  = admin + connect_to_thing + parent_group->connect_to_channel_permission
-}
-
-definition group {
-
-    relation domain: domain // This can't be clubed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it safe to add domain
-	relation parent_group: group
-
-    relation add_role: role#member
-    relation edit_role: role#member
-    relation delete_role: role#member
-
-	relation update: role#member
-	relation share: role#member
-	relation read: role#member
-	relation delete: role#member
-	relation set_child: role#member
-	relation set_parent: role#member
-
-	relation create_thing: role#member
-	relation update_thing: role#member
-	relation share_thing: role#member
-	relation read_thing: role#member
-	relation delete_thing: role#member
-	relation set_parent_group_thing: role#member
-	relation connect_thing_to_channel: role#member
-
-	relation create_channel: role#member
-	relation update_channel: role#member
-	relation share_channel: role#member
-	relation read_channel: role#member
-	relation delete_channel: role#member
-	relation set_parent_group_channel: role#member
-	relation connect_to_thing: role#member
-	relation publish_channel: role#member
-	relation subscribe_channel: role#member
-
-	relation create_subgroup: role#member // this allows to add parent for group during the new group creation
-	relation update_subgroup: role#member
-	relation share_subgroup: role#member
-	relation read_subgroup: role#member
-	relation delete_subgroup: role#member
-	relation set_child_subgroup: role#member
-	relation set_parent_subgroup: role#member
-
-
-
-	permission update_perm 		=	update + parent_group->update_subgroup + domain->update_group
-	permission share_perm 		=	share  parent_group->share_subgroup + domain->share_group
-	permission read_perm 		=	read + parent_group->read_subgroup + domain->read_group
-	permission delete_perm 		=	delete + parent_group->delete_subgroup + domain->delete_group
-	permission set_child_perm 	=	set_child  + parent_group->set_child_subgroup + domain->set_child_group
-	permission set_parent_perm 	=	set_parent + parent_group->set_parent_subgroup + domain->set_parent_group
-
-
-	permission create_thing_permission =  create_thing + parent_group->create_thing_permission
-	permission update_thing_permission =  update_thing + parent_group->update_thing_permission
-	permission share_thing_permission = share_thing + parent_group->share_thing_permission
-	permission read_thing_permission =  read_thing  + parent_group->read_thing_permission
-	permission delete_thing_permission = delete_thing  + parent_group->delete_thing_permission
-	permission set_parent_group_thing_permission = set_parent_group_thing + parent_group->set_parent_group_thing_permission
-	permission connect_thing_to_channel_permission = connect_thing_to_channel
-
-
-}
-
-definition domain {
-
-	relation update: role#member
-	relation share: role#member
-	relation read: role#member
-	relation delete: role#member
-
-    relation add_role: role#member
-    relation edit_role: role#member
-    relation delete_role: role#member
-
-	relation create_thing: role#member
-	relation update_thing: role#member
-	relation share_thing: role#member
-	relation read_thing: role#member
-	relation delete_thing: role#member
-	relation set_parent_group_thing: role#member
-	relation connect_to_channel: role#member
-
-	relation create_channel: role#member
-	relation update_channel: role#member
-	relation share_channel: role#member
-	relation read_channel: role#member
-	relation delete_channel: role#member
-	relation set_parent_group_channel: role#member
-	relation connect_to_thing: role#member
-	relation publish_channel: role#member
-	relation subscribe_channel: role#member
-
-	relation create_group: role#member
-	relation update_group: role#member
-	relation share_group: role#member
-	relation read_group: role#member
-	relation delete_group: role#member
-	relation set_child_group: role#member
-	relation set_parent_group: role#member
-
-}
-
-
-definition role {
-	relation entity: domain | group | channel | thing
-	relation member: user
-}
-
-
-
-definition platform {
-  relation administrator: user
-  relation member: user
-
-  permission admin = administrator
-  permission membership = administrator + member
-}
diff --git a/docker/spicedb/schemav3.zed b/docker/spicedb/schemav3.zed
deleted file mode 100644
index 01f3ac2123..0000000000
--- a/docker/spicedb/schemav3.zed
+++ /dev/null
@@ -1,284 +0,0 @@
-definition user {}
-
-
-definition thing {
-
-
-	relation domain: domain
-	relation parent_group: group
-
-	relation role_manager: role#member
-	relation manage_role_users: role#member
-	relation view_role_users: role#member
-
-
-	relation update: role#member
-	relation share: role#member
-	relation read: role#member
-	relation delete: role#member
-	relation set_parent: role#member
-	relation connect_to_channel: role#member
-
-
-	permission update_perm  =   parent_group->update_thing + domain->update_thing  + update
-	permission share_perm  =   share + parent_group->share_thing  + domain->share_thing
-	permission read_perm  =  read + parent_group->read_thing  + domain->read_thing
-	permission delete_perm  =  delete + parent_group->delete_thing  + domain->delete_thing
-	permission connect_to_channel_perm  =  connect_to_channel + parent_group->connect_thing_to_channel  + domain->connect_thing_to_channel
-
-
-}
-
-definition channel {
-
-
-	relation parent_group: group
-
-	relation role_manager: role#member
-	relation manage_role_users: role#member
-	relation view_role_users: role#member
-
-	relation update: role#member
-	relation share: role#member
-	relation read: role#member
-	relation delete: role#member
-	relation set_parent: role#member
-	relation connect_to_thing: role#member
-	relation publish: role#member | thing
-	relation subscribe: role#member | thing
-
-
-	permission update_perm  =   update + parent_group->update_thing_permission
-	permission share_perm  =   share + parent_group->update_thing_permission
-	permission read_perm  =  read + parent_group->read_thing_permission
-	permission delete_perm  =  delete + parent_group->delete_thing_permission
-	permission connect_to_channel_perm  =  connect_to_thing + parent_group->connect_to_channel_permission
-}
-
-definition group {
-
-	relation domain: domain // This can't be clubbed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it safe to add domain
-	relation parent_group: group
-
-	relation role_manager: role#member
-	relation manage_role_users: role#member
-	relation view_role_users: role#member
-
-	relation update: role#member
-	relation share: role#member
-	relation read: role#member
-	relation delete: role#member
-	relation set_child: role#member
-	relation set_parent: role#member
-
-	relation create_thing: role#member
-	relation update_thing: role#member
-	relation share_thing: role#member
-	relation read_thing: role#member
-	relation delete_thing: role#member
-	relation set_parent_group_thing: role#member
-	relation connect_thing_to_channel: role#member
-
-	relation create_channel: role#member
-	relation update_channel: role#member
-	relation share_channel: role#member
-	relation read_channel: role#member
-	relation delete_channel: role#member
-	relation set_parent_group_channel: role#member
-	relation connect_to_thing: role#member
-	relation publish_channel: role#member
-	relation subscribe_channel: role#member
-
-	relation create_subgroup: role#member // this allows to add parent for group during the new group creation
-	relation update_subgroup: role#member
-	relation share_subgroup: role#member
-	relation read_subgroup: role#member
-	relation delete_subgroup: role#member
-	relation set_child_subgroup: role#member
-	relation set_parent_subgroup: role#member
-
-
-
-	permission update_perm =	update + parent_group->update_subgroup + domain->update_group
-	permission share_perm = share + parent_group->share_subgroup + domain->share_group
-	permission read_perm 		=	read + parent_group->read_subgroup + domain->read_group
-	permission delete_perm 		=	delete + parent_group->delete_subgroup + domain->delete_group
-	permission set_child_perm 	=	set_child  + parent_group->set_child_subgroup + domain->set_child_group
-	permission set_parent_perm 	=	set_parent + parent_group->set_parent_subgroup + domain->set_parent_group
-
-
-	permission create_thing_permission =  create_thing + parent_group->create_thing_permission
-	permission update_thing_permission =  update_thing + parent_group->update_thing_permission
-	permission share_thing_permission = share_thing + parent_group->share_thing_permission
-	permission read_thing_permission =  read_thing  + parent_group->read_thing_permission
-	permission delete_thing_permission = delete_thing  + parent_group->delete_thing_permission
-	permission set_parent_group_thing_permission = set_parent_group_thing + parent_group->set_parent_group_thing_permission
-	permission connect_thing_to_channel_permission = connect_thing_to_channel
-
-
-}
-
-definition domain {
-
-	relation update: role#member
-	relation share: role#member
-	relation read: role#member
-	relation delete: role#member
-
-	relation role_manager: role#member
-	relation manage_role_users: role#member
-
-	relation create_thing: role#member
-	relation update_thing: role#member
-	relation share_thing: role#member
-	relation read_thing: role#member
-	relation delete_thing: role#member
-	relation set_parent_group_thing: role#member
-	relation connect_to_channel: role#member
-
-	relation create_channel: role#member
-	relation update_channel: role#member
-	relation share_channel: role#member
-	relation read_channel: role#member
-	relation delete_channel: role#member
-	relation set_parent_group_channel: role#member
-	relation connect_to_thing: role#member
-	relation publish_channel: role#member
-	relation subscribe_channel: role#member
-
-	relation create_group: role#member
-	relation update_group: role#member
-	relation share_group: role#member
-	relation read_group: role#member
-	relation delete_group: role#member
-	relation set_child_group: role#member
-	relation set_parent_group: role#member
-
-}
-
-
-definition role {
-	relation entity: domain | group | channel | thing
-	relation member: user | team
-	relation built_in_role: domain | group | channel | thing
-
-	permission delete = entity->manage_role_perm - built_in_role->manage_role_perm
-	permission update = entity->manage_role_perm - built_in_role->manage_role_perm
-	permission read = entity->manage_role_perm - built_in_role->manage_role_perm
-
-	permission add_user = entity->add_role_users_perm
-	permission remove_user = entity->remove_role_users_perm
-	permission view_user = entity->view_role_users_perm
-
-	permission add_permission = entity->manage_role_perm - built_in_role->manage_role_perm
-	permission remove_permission = entity->manage_role_perm - built_in_role->manage_role_perm
-}
-
-
-
-
-definition team {
-
-	relation organization: organization
-	relation parent_team: team
-
-	relation delete: role#member
-	relation update: role#member
-	relation read: role#member
-
-	relation set_parent : role#member
-	relation set_child : role#member
-
-	relation member: role#member
-
-	relation manage_role: role#member
-	relation add_role_users: role#member
-	relation remove_role_users: role#member
-	relation view_role_users: role#member
-
-
-	relation delete_subteam: role#member
-	relation update_subteam: role#member
-	relation read_subteam: role#member
-
-	relation member_subteam: role#member
-
-	relation set_child_subteam: role#member
-	relation set_parent_subteam: role#member
-
-	relation manage_role_subteam: role#member
-	relation add_role_users_subteam: role#member
-	relation remove_role_users_subteam: role#member
-	relation view_role_users_subteam: role#member
-
-	permission delete_perm = delete->member + organization->delete_team + parent_team->delete_subteam
-	permission update_perm = update->member + organization->update_team + parent_team->update_team
-	permission read_perm = read->member + organization->read_group  + parent_team->read_team
-
-	permission set_parent_perm = set_parent->member + organization->set_parent_team + parent_team->set_parent_subteam
-	permission set_child_perm = set_child->member + organization->set_child_team + parent_team->set_child_subteam
-
-	permission membership = member->member + organization->member_team + parent_team->member_subteam
-
-	permission manage_role_perm = manage_role + organization->manage_role_team + parent_team->manage_role_subteam
-	permission add_role_users_perm = add_role_users + organization->add_role_users_team + parent_team->add_role_users_subteam
-	permission remove_role_users_perm = remove_role_users + organization->remove_role_users_team + parent_team->remove_role_users_subteam
-	permission view_role_users_perm = view_role_users + organization->view_role_users_team + parent_team->view_role_users_subteam
-}
-
-
-definition organization {
-
-	relation platform: platform
-
-	relation delete: role#member
-	relation update: role#member
-	relation read: role#member
-
-	relation member: role#member
-
-	relation manage_role: role#member
-	relation add_role_users: role#member
-	relation remove_role_users: role#member
-	relation view_role_users: role#member
-
-	relation create_team : role#member
-
-	relation delete_team: role#member
-	relation update_team: role#member
-	relation read_team: role#member
-
-	relation member_team: role#member
-
-	relation set_child_team: role#member
-	relation set_parent_team: role#member
-
-	relation manage_role_team: role#member
-	relation add_role_users_team: role#member
-	relation remove_role_users_team: role#member
-	relation view_role_users_team: role#member
-
-	permission delete_perm = delete->member
-	permission update_perm = update->member
-	permission read_perm = read->member
-
-	permission membership = member->member
-
-	permission create_team_perm = create_team->member
-
-	permission manage_role_perm = manage_role
-	permission add_role_users_perm = add_role_users
-	permission remove_role_users_perm = remove_role_users
-	permission view_role_users_perm = view_role_users
-
-}
-
-
-definition platform {
-  relation administrator: user
-  relation member: user
-
-  permission admin = administrator
-  permission membership = administrator + member
-}definition user {}
-
diff --git a/docker/spicedb/schemav4.zed b/docker/spicedb/schemav4.zed
deleted file mode 100644
index 46c3af8aa6..0000000000
--- a/docker/spicedb/schemav4.zed
+++ /dev/null
@@ -1,492 +0,0 @@
-definition user {}
-
-
-definition role {
-	relation entity: domain | group | channel | thing
-	relation member: user
-	relation built_in_role: domain | group | channel | thing
-
-	permission delete = entity->manage_role_permission - built_in_role->manage_role_permission
-	permission update = entity->manage_role_permission - built_in_role->manage_role_permission
-	permission read = entity->manage_role_permission - built_in_role->manage_role_permission
-
-	permission add_user = entity->add_role_users_permission
-	permission remove_user = entity->remove_role_users_permission
-	permission view_user = entity->view_role_users_permission
-
-
-}
-
-definition thing {
-	relation domain: domain // This can't be clubbed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it safe to add domain
-	relation parent_group: group
-
-	relation update: role#member
-	relation read: role#member
-	relation delete: role#member
-	relation set_parent_group: role#member
-	relation connect_to_channel: role#member
-
-	relation manage_role: role#member
-	relation add_role_users: role#member
-	relation remove_role_users: role#member
-	relation view_role_users: role#member
-
-	permission update_permission = update + parent_group->thing_update_permission + domain->thing_update_permission
-	permission read_permission = read + parent_group->thing_read_permission + domain->thing_read_permission
-	permission delete_permission = delete + parent_group->thing_delete_permission + domain->thing_delete_permission
-	permission set_parent_group_permission = set_parent_group + parent_group->thing_set_parent_group_permission + domain->thing_set_parent_group_permission
-	permission connect_to_channel_permission  =  connect_to_channel + parent_group->thing_connect_to_channel + domain->thing_connect_to_channel_permission
-
-	permission manage_role_permission = manage_role + parent_group->thing_manage_role_permission + domain->thing_manage_role_permission
-	permission add_role_users_permission = add_role_users + parent_group->thing_add_role_users_permission + domain->thing_add_role_users_permission
-	permission remove_role_users_permission = remove_role_users + parent_group->thing_remove_role_users_permission + domain->thing_remove_role_users_permission
-	permission view_role_users_permission = view_role_users + parent_group->thing_view_role_users_permission + domain->thing_view_role_users_permission
-}
-
-definition channel {
-	relation domain: domain // This can't be clubbed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it safe to add domain
-	relation parent_group: group
-
-	relation update: role#member
-	relation read: role#member
-	relation delete: role#member
-	relation set_parent_group: role#member
-	relation connect_to_thing: role#member
-	relation publish: role#member | thing
-	relation subscribe: role#member | thing
-
-	relation manage_role: role#member
-	relation add_role_users: role#member
-	relation remove_role_users: role#member
-	relation view_role_users: role#member
-
-	permission update_permission = update + parent_group->channel_update_permission + domain->channel_update_permission
-	permission read_permission = read + parent_group->channel_read_permission + domain->channel_read_permission
-	permission delete_permission = delete + parent_group->channel_delete_permission + domain->channel_delete_permission
-	permission set_parent_group_permission = set_parent_group + parent_group->channel_set_parent_group_permission + domain->channel_set_parent_group_permission
-	permission connect_to_thing_permission = connect_to_thing + parent_group->channel_connect_to_client_permission + domain->channel_connect_to_client
-	permission publish_permission = publish + parent_group->channel_publish_permission + domain->channel_publish_permission
-	permission subscribe_permission = subscribe + parent_group->channel_subscribe_permission + domain->channel_subscribe_permission
-
-	permission manage_role_permission = manage_role + parent_group->channel_manage_role_permission + domain->channel_manage_role_permission
-	permission add_role_users_permission = add_role_users + parent_group->channel_add_role_users_permission + domain->channel_add_role_users_permission
-	permission remove_role_users_permission = remove_role_users + parent_group->channel_remove_role_users_permission + domain->channel_remove_role_users_permission
-	permission view_role_users_permission = view_role_users + parent_group->channel_view_role_users_permission + domain->channel_view_role_users_permission
-}
-
-definition group {
-	relation domain: domain // This can't be clubbed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it is safe to add domain
-	relation parent_group: group
-
-	relation update: role#member
-	relation read: role#member
-	relation delete: role#member
-	relation set_child: role#member
-	relation set_parent: role#member
-
-	relation manage_role: role#member
-	relation add_role_users: role#member
-	relation remove_role_users: role#member
-	relation view_role_users: role#member
-
-	relation thing_create: role#member
-	relation thing_update: role#member
-	relation thing_read: role#member
-	relation thing_delete: role#member
-	relation thing_set_parent_group: role#member
-	relation thing_connect_to_channel: role#member
-
-	relation thing_manage_role: role#member
-	relation thing_add_role_users: role#member
-	relation thing_remove_role_users: role#member
-	relation thing_view_role_users: role#member
-
-	relation channel_create: role#member
-	relation channel_update: role#member
-	relation channel_read: role#member
-	relation channel_delete: role#member
-	relation channel_set_parent_group: role#member
-	relation channel_connect_to_client: role#member
-	relation channel_publish: role#member
-	relation channel_subscribe: role#member
-
-	relation channel_manage_role: role#member
-	relation channel_add_role_users: role#member
-	relation channel_remove_role_users: role#member
-	relation channel_view_role_users: role#member
-
-	relation subgroup_create: role#member // this allows to add parent for group during the new group creation
-	relation subgroup_update: role#member
-	relation subgroup_read: role#member
-	relation subgroup_delete: role#member
-	relation subgroup_set_child: role#member
-	relation subgroup_set_parent: role#member
-
-	relation subgroup_manage_role: role#member
-	relation subgroup_add_role_users: role#member
-	relation subgroup_remove_role_users: role#member
-	relation subgroup_view_role_users: role#member
-
-	relation subgroup_thing_create: role#member
-	relation subgroup_thing_update: role#member
-	relation subgroup_thing_read: role#member
-	relation subgroup_thing_delete: role#member
-	relation subgroup_thing_set_parent_group: role#member
-	relation subgroup_thing_connect_to_channel: role#member
-
-	relation subgroup_thing_manage_role: role#member
-	relation subgroup_thing_add_role_users: role#member
-	relation subgroup_thing_remove_role_users: role#member
-	relation subgroup_thing_view_role_users: role#member
-
-	relation subgroup_channel_create: role#member
-	relation subgroup_channel_update: role#member
-	relation subgroup_channel_read: role#member
-	relation subgroup_channel_delete: role#member
-	relation subgroup_channel_set_parent_group: role#member
-	relation subgroup_channel_connect_to_client: role#member
-	relation subgroup_channel_publish: role#member
-	relation subgroup_channel_subscribe: role#member
-
-	relation subgroup_channel_manage_role: role#member
-	relation subgroup_channel_add_role_users: role#member
-	relation subgroup_channel_remove_role_users: role#member
-	relation subgroup_channel_view_role_users: role#member
-
-	// Subgroup permission
-	permission subgroup_create_permission = subgroup_create + parent_group->subgroup_create_permission
-	permission subgroup_update_permission = subgroup_update + parent_group->subgroup_update_permission
-	permission subgroup_read_permission = subgroup_read + parent_group->subgroup_read_permission
-	permission subgroup_delete_permission = subgroup_delete + parent_group->subgroup_delete_permission
-	permission subgroup_set_child_permission = subgroup_set_child + parent_group->subgroup_set_child_permission
-	permission subgroup_set_parent_permission = subgroup_set_parent + parent_group->subgroup_set_parent_permission
-
-	permission subgroup_manage_role_permission = subgroup_manage_role + parent_group->subgroup_manage_role_permission
-	permission subgroup_add_role_users_permission = subgroup_add_role_users + parent_group->subgroup_add_role_users_permission
-	permission subgroup_remove_role_users_permission = subgroup_remove_role_users + parent_group->subgroup_remove_role_users_permission
-	permission subgroup_view_role_users_permission = subgroup_view_role_users + parent_group->subgroup_view_role_users_permission
-
-	// Group permission
-	permission update_permission = update + parent_group->subgroup_create_permission + domain->group_update_permission
-	permission read_permission = read + parent_group->subgroup_read_permission + domain->group_read_permission
-	permission delete_permission = delete + parent_group->subgroup_delete_permission + domain->group_delete_permission
-	permission set_child_permission =	set_child + parent_group->subgroup_set_child_permission + domain->group_set_child
-	permission set_parent_permission = set_parent + parent_group->subgroup_set_parent_permission + domain->group_set_parent
-
-	permission manage_role_permission = manage_role + parent_group->subgroup_manage_role_permission + domain->group_manage_role_permission
-	permission add_role_users_permission = add_role_users + parent_group->subgroup_add_role_users_permission + domain->group_add_role_users_permission
-	permission remove_role_users_permission = remove_role_users + parent_group->subgroup_remove_role_users_permission + domain->group_remove_role_users_permission
-	permission view_role_users_permission = view_role_users + parent_group->subgroup_view_role_users_permission + domain->group_view_role_users_permission
-
-	// Subgroup clients permisssion
-	permission subgroup_thing_create_permission = subgroup_thing_create + parent_group->subgroup_thing_create_permission
-	permission subgroup_thing_update_permission = subgroup_thing_update + parent_group->subgroup_thing_update_permission
-	permission subgroup_thing_read_permission = subgroup_thing_read + parent_group->subgroup_thing_read_permission
-	permission subgroup_thing_delete_permission = subgroup_thing_delete + parent_group->subgroup_thing_delete_permission
-	permission subgroup_thing_set_parent_group_permission = subgroup_thing_set_parent_group + parent_group->subgroup_thing_set_parent_group_permission
-	permission subgroup_thing_connect_to_channel_permission = subgroup_thing_connect_to_channel + parent_group->subgroup_thing_connect_to_channel_permission
-
-	permission subgroup_thing_manage_role_permission = subgroup_thing_manage_role + parent_group->subgroup_thing_manage_role_permission
-	permission subgroup_thing_add_role_users_permission = subgroup_thing_add_role_users + parent_group->subgroup_thing_add_role_users_permission
-	permission subgroup_thing_remove_role_users_permission = subgroup_thing_remove_role_users + parent_group->subgroup_thing_remove_role_users_permission
-	permission subgroup_thing_view_role_users_permission = subgroup_thing_view_role_users + parent_group->subgroup_thing_view_role_users_permission
-
-	// Group clients permisssion
-	permission thing_create_permission = thing_create + parent_group->subgroup_thing_create + domain->thing_create_permission
-	permission thing_update_permission = thing_update + parent_group->subgroup_thing_update + domain->thing_update_permission
-	permission thing_read_permission = thing_read + parent_group->subgroup_thing_read + domain->thing_read_permission
-	permission thing_delete_permission = thing_delete + parent_group->subgroup_thing_delete + domain->thing_delete_permission
-	permission thing_set_parent_group_permission = thing_set_parent_group + parent_group->subgroup_thing_set_parent_group + domain->thing_set_parent_group_permission
-	permission thing_connect_to_channel_permission = thing_connect_to_channel + parent_group->subgroup_thing_connect_to_channel + domain->thing_connect_to_channel_permission
-
-	permission thing_manage_role_permission = thing_manage_role + parent_group->subgroup_thing_manage_role + domain->thing_manage_role_permission
-	permission thing_add_role_users_permission = thing_add_role_users + parent_group->subgroup_thing_add_role_users + domain->thing_add_role_users_permission
-	permission thing_remove_role_users_permission = thing_remove_role_users + parent_group->subgroup_thing_remove_role_users + domain->thing_remove_role_users_permission
-	permission thing_view_role_users_permission = thing_view_role_users + parent_group->subgroup_thing_view_role_users + domain->thing_view_role_users_permission
-
-	// Subgroup channels permisssion
-	permission subgroup_channel_create_permission = subgroup_channel_create + parent_group->subgroup_channel_create_permission
-	permission subgroup_channel_update_permission = subgroup_channel_update + parent_group->subgroup_channel_update_permission
-	permission subgroup_channel_read_permission = subgroup_channel_read + parent_group->subgroup_channel_read_permission
-	permission subgroup_channel_delete_permission =  subgroup_channel_delete + parent_group->subgroup_channel_delete_permission
-	permission subgroup_channel_set_parent_group_permission = subgroup_channel_set_parent_group + parent_group->subgroup_channel_set_parent_group_permission
-	permission subgroup_channel_connect_to_client_permission = subgroup_channel_connect_to_client + parent_group->subgroup_channel_connect_to_client_permission
-	permission subgroup_channel_publish_permission = subgroup_channel_publish + parent_group->subgroup_channel_publish_permission
-	permission subgroup_channel_subscribe_permission = subgroup_channel_subscribe + parent_group->subgroup_channel_subscribe_permission
-
-	permission subgroup_channel_manage_role_permission = subgroup_channel_manage_role + parent_group->subgroup_channel_manage_role_permission
-	permission subgroup_channel_add_role_users_permission = subgroup_channel_add_role_users + parent_group->subgroup_channel_add_role_users_permission
-	permission subgroup_channel_remove_role_users_permission = subgroup_channel_remove_role_users + parent_group->subgroup_channel_remove_role_users_permission
-	permission subgroup_channel_view_role_users_permission = subgroup_channel_view_role_users + parent_group->subgroup_channel_view_role_users_permission
-
-	// Group channels permisssion
-	permission channel_create_permission = channel_create + parent_group->subgroup_channel_create_permission + domain->channel_create_permission
-	permission channel_update_permission = channel_update + parent_group->subgroup_channel_update + domain->channel_update_permission
-	permission channel_read_permission = channel_read + parent_group->subgroup_channel_read + domain->channel_read_permission
-	permission channel_delete_permission = channel_delete + parent_group->subgroup_channel_delete_permission + domain->channel_delete_permission
-	permission channel_set_parent_group_permission = channel_set_parent_group + parent_group->subgroup_channel_set_parent_group + domain->channel_set_parent_group_permission
-	permission channel_connect_to_client_permission = channel_connect_to_client + parent_group->subgroup_channel_connect_to_client + domain->channel_connect_to_client_permission
-	permission channel_publish_permission = channel_publish + parent_group->subgroup_channel_publish + domain->channel_publish_permission
-	permission channel_subscribe_permission = channel_subscribe + parent_group->subgroup_channel_subscribe + domain->channel_subscribe_permission
-
-	permission channel_manage_role_permission = channel_manage_role + parent_group->subgroup_channel_manage_role + domain->channel_manage_role_permission
-	permission channel_add_role_users_permission = channel_add_role_users + parent_group->subgroup_channel_add_role_users + domain->channel_add_role_users_permission
-	permission channel_remove_role_users_permission = channel_remove_role_users + parent_group->subgroup_channel_remove_role_users + domain->channel_remove_role_users_permission
-	permission channel_view_role_users_permission = channel_view_role_users + parent_group->subgroup_channel_view_role_users + domain->channel_view_role_users_permission
-
-
-}
-
-definition domain {
-	relation organization: organization
-	relation team: team
-
-	relation update: role#member | team#member
-	relation read: role#member | team#member
-	relation delete: role#member | team#member
-
-	relation manage_role: role#member | team#member
-	relation add_role_users: role#member | team#member
-	relation remove_role_users: role#member | team#member
-	relation view_role_users: role#member | team#member
-
-	relation thing_create: role#member | team#member
-	relation thing_update: role#member | team#member
-	relation thing_read: role#member | team#member
-	relation thing_delete: role#member | team#member
-	relation thing_set_parent_group: role#member | team#member
-	relation thing_connect_to_channel: role#member | team#member
-
-	relation thing_manage_role: role#member | team#member
-	relation thing_add_role_users: role#member | team#member
-	relation thing_remove_role_users: role#member | team#member
-	relation thing_view_role_users: role#member | team#member
-
-	relation channel_create: role#member | team#member
-	relation channel_update: role#member | team#member
-	relation channel_read: role#member | team#member
-	relation channel_delete: role#member | team#member
-	relation channel_set_parent_group: role#member | team#member
-	relation channel_connect_to_client: role#member | team#member
-	relation channel_publish: role#member | team#member
-	relation channel_subscribe: role#member | team#member
-
-	relation channel_manage_role: role#member | team#member
-	relation channel_add_role_users: role#member | team#member
-	relation channel_remove_role_users: role#member | team#member
-	relation channel_view_role_users: role#member | team#member
-
-	relation group_create: role#member | team#member
-	relation group_update: role#member | team#member
-	relation group_read: role#member | team#member
-	relation group_delete: role#member | team#member
-	relation group_set_child: role#member | team#member
-	relation group_set_parent: role#member | team#member
-
-	relation group_manage_role: role#member | team#member
-	relation group_add_role_users: role#member | team#member
-	relation group_remove_role_users: role#member | team#member
-	relation group_view_role_users: role#member | team#member
-
-	permission update_permission = update + team->domain_update + organization->admin
-	permission read_permission = read + team->domain_read + organization->admin
-	permission delete_permission = delete + team->domain_delete + organization->admin
-
-	permission manage_role_permission = manage_role + team->domain_manage_role + organization->admin
-	permission add_role_users_permission = add_role_users + team->domain_add_role_users + organization->admin
-	permission remove_role_users_permission = remove_role_users + team->domain_remove_role_users + organization->admin
-	permission view_role_users_permission = view_role_users + team->domain_view_role_users + organization->admin
-
-	permission thing_create_permission = thing_create + team->thing_create + organization->admin
-	permission thing_update_permission = thing_update + team->thing_update + organization->admin
-	permission thing_read_permission = thing_read + team->thing_read + organization->admin
-	permission thing_delete_permission = thing_delete + team->thing_delete + organization->admin
-	permission thing_set_parent_group_permission = thing_set_parent_group + team->thing_set_parent_group + organization->admin
-	permission thing_connect_to_channel_permission = thing_connect_to_channel + team->thing_connect_to_channel + organization->admin
-
-	permission thing_manage_role_permission = thing_manage_role + team->thing_manage_role + organization->admin
-	permission thing_add_role_users_permission = thing_add_role_users + team->thing_add_role_users + organization->admin
-	permission thing_remove_role_users_permission = thing_remove_role_users + team->thing_remove_role_users + organization->admin
-	permission thing_view_role_users_permission = thing_view_role_users + team->thing_view_role_users + organization->admin
-
-	permission channel_create_permission = channel_create + team->channel_create + organization->admin
-	permission channel_update_permission = channel_update + team->channel_update + organization->admin
-	permission channel_read_permission = channel_read + team->channel_read + organization->admin
-	permission channel_delete_permission = channel_delete + team->channel_delete + organization->admin
-	permission channel_set_parent_group_permission = channel_set_parent_group + team->channel_set_parent_group + organization->admin
-	permission channel_connect_to_client_permission = channel_connect_to_client + team->channel_connect_to_client + organization->admin
-	permission channel_publish_permission = channel_publish + team->channel_publish + organization->admin
-	permission channel_subscribe_permission = channel_subscribe + team->channel_subscribe + organization->admin
-
-	permission channel_manage_role_permission = channel_manage_role + team->channel_manage_role + organization->admin
-	permission channel_add_role_users_permission = channel_add_role_users + team->channel_add_role_users + organization->admin
-	permission channel_remove_role_users_permission = channel_remove_role_users + team->channel_remove_role_users + organization->admin
-	permission channel_view_role_users_permission = channel_view_role_users + team->channel_view_role_users + organization->admin
-
-	permission group_create_permission = group_create + team->group_create + organization->admin
-	permission group_update_permission = group_update + team->group_update + organization->admin
-	permission group_read_permission = group_read + team->group_read + organization->admin
-	permission group_delete_permission = group_delete + team->group_delete + organization->admin
-	permission group_set_child_permission = group_set_child + team->group_set_child + organization->admin
-	permission group_set_parent_permission = group_set_parent + team->group_set_parent + organization->admin
-
-	permission group_manage_role_permission = group_manage_role + team->group_manage_role + organization->admin
-	permission group_add_role_users_permission = group_add_role_users + team->group_add_role_users + organization->admin
-	permission group_remove_role_users_permission = group_remove_role_users + team->group_remove_role_users + organization->admin
-	permission group_view_role_users_permission = group_view_role_users + team->group_view_role_users + organization->admin
-
-}
-
-
-definition team {
-	relation organization: organization
-	relation parent_team: team
-
-	relation delete: role#member
-	relation update: role#member
-	relation read: role#member
-
-	relation set_parent: role#member
-	relation set_child: role#member
-
-	relation member: role#member
-
-	relation manage_role: role#member
-	relation add_role_users: role#member
-	relation remove_role_users: role#member
-	relation view_role_users: role#member
-
-	relation subteam_delete: role#member
-	relation subteam_update: role#member
-	relation subteam_read: role#member
-
-	relation subteam_member: role#member
-
-	relation subteam_set_child: role#member
-	relation subteam_set_parent: role#member
-
-	relation subteam_manage_role: role#member
-	relation subteam_add_role_users: role#member
-	relation subteam_remove_role_users: role#member
-	relation subteam_view_role_users: role#member
-
-    // Domain related permission
-
-	relation domain_update: role#member | team#member
-	relation domain_read: role#member | team#member
-	relation domain_delete: role#member | team#member
-
-	relation domain_manage_role: role#member | team#member
-	relation domain_add_role_users: role#member | team#member
-	relation domain_remove_role_users: role#member | team#member
-	relation domain_view_role_users: role#member | team#member
-
-	relation thing_create: role#member | team#member
-	relation thing_update: role#member | team#member
-	relation thing_read: role#member | team#member
-	relation thing_delete: role#member | team#member
-	relation thing_set_parent_group: role#member | team#member
-	relation thing_connect_to_channel: role#member | team#member
-
-	relation thing_manage_role: role#member | team#member
-	relation thing_add_role_users: role#member | team#member
-	relation thing_remove_role_users: role#member | team#member
-	relation thing_view_role_users: role#member | team#member
-
-	relation channel_create: role#member | team#member
-	relation channel_update: role#member | team#member
-	relation channel_read: role#member | team#member
-	relation channel_delete: role#member | team#member
-	relation channel_set_parent_group: role#member | team#member
-	relation channel_connect_to_client: role#member | team#member
-	relation channel_publish: role#member | team#member
-	relation channel_subscribe: role#member | team#member
-
-	relation channel_manage_role: role#member | team#member
-	relation channel_add_role_users: role#member | team#member
-	relation channel_remove_role_users: role#member | team#member
-	relation channel_view_role_users: role#member | team#member
-
-	relation group_create: role#member | team#member
-	relation group_update: role#member | team#member
-	relation group_read: role#member | team#member
-	relation group_delete: role#member | team#member
-	relation group_set_child: role#member | team#member
-	relation group_set_parent: role#member | team#member
-
-	relation group_manage_role: role#member | team#member
-	relation group_add_role_users: role#member | team#member
-	relation group_remove_role_users: role#member | team#member
-	relation group_view_role_users: role#member | team#member
-
-	permission delete_permission = delete + organization->team_delete + parent_team->subteam_delete + organization->admin
-	permission update_permission = update + organization->team_update + parent_team->subteam_update + organization->admin
-	permission read_permission = read + organization->team_read + parent_team->subteam_read + organization->admin
-
-	permission set_parent_permission = set_parent + organization->team_set_parent + parent_team->subteam_set_parent + organization->admin
-	permission set_child_permisssion = set_child + organization->team_set_child + parent_team->subteam_set_child + organization->admin
-
-    permission membership = member + organization->team_member + parent_team->subteam_member + organization->admin
-
-	permission manage_role_permission = manage_role + organization->team_manage_role + parent_team->subteam_manage_role + organization->admin
-	permission add_role_users_permission = add_role_users + organization->team_add_role_users + parent_team->subteam_add_role_users + organization->admin
-	permission remove_role_users_permission = remove_role_users + organization->team_remove_role_users + parent_team->subteam_remove_role_users + organization->admin
-	permission view_role_users_permission = view_role_users + organization->team_view_role_users + parent_team->subteam_view_role_users + organization->admin
-}
-
-
-definition organization {
-	relation platform: platform
-	relation administrator : user
-
-	relation delete: role#member
-	relation update: role#member
-	relation read: role#member
-
-	relation member: role#member
-
-	relation manage_role: role#member
-	relation add_role_users: role#member
-	relation remove_role_users: role#member
-	relation view_role_users: role#member
-
-	relation team_create: role#member
-
-	relation team_delete: role#member
-	relation team_update: role#member
-	relation team_read: role#member
-
-	relation team_member: role#member  // Will be member of all the teams in the organization
-
-	relation team_set_child: role#member
-	relation team_set_parent: role#member
-
-	relation team_manage_role: role#member
-	relation team_add_role_users: role#member
-	relation team_remove_role_users: role#member
-	relation team_view_role_users: role#member
-
-	permission admin = administrator + platform->administrator
-	permission delete_permission = admin + delete->member
-	permission update_permission = admin + update->member
-	permission read_permission = admin + read->member
-
-	permission membership = admin + member->member
-
-	permission team_create_permission = admin + team_create->member
-
-	permission manage_role_permission = admin + manage_role
-	permission add_role_users_permisson = admin + add_role_users
-	permission remove_role_users_permission = admin + remove_role_users
-	permission view_role_users_permission = admin + view_role_users
-}
-
-
-definition platform {
-  relation administrator: user
-  relation member: user
-
-  permission admin = administrator
-  permission membership = administrator + member
-}
diff --git a/docker/ssl/Makefile b/docker/ssl/Makefile
index fe349188a7..1c11251ef7 100644
--- a/docker/ssl/Makefile
+++ b/docker/ssl/Makefile
@@ -82,8 +82,8 @@ client_cert:
 	rm $(CRT_LOCATION)/$(CRT_FILE_NAME).csr
 
 clients_grpc_certs:
-	# Things server grpc certificates
-	$(file > $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(THINGS_GRPC_SERVER_CN),$(GRPC_CERT_CONFIG)) )
+	# Clients server grpc certificates
+	$(file > $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(CLIENTS_GRPC_SERVER_CN),$(GRPC_CERT_CONFIG)) )
 
 	openssl req -new -sha256  -newkey rsa:4096 -nodes \
 				-keyout $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).key  \
@@ -102,7 +102,7 @@ clients_grpc_certs:
 			-extensions v3_req
 
 	rm -rf  $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf
-	# Things client grpc certificates
+	# Clients client grpc certificates
 	$(file > $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(CLIENTS_GRPC_CLIENT_CN),$(GRPC_CERT_CONFIG)) )
 
 	openssl req -new -sha256 -newkey rsa:4096 -nodes \
@@ -164,7 +164,7 @@ auth_grpc_certs:
 			-extensions v3_req
 
 	rm -rf  $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).conf
-	
+
 clean_certs:
 	rm -r $(CRT_LOCATION)/*.crt
 	rm -r $(CRT_LOCATION)/*.key
diff --git a/docker/ssl/authorization.js b/docker/ssl/authorization.js
index 5bfedbe9c2..bf0652138e 100644
--- a/docker/ssl/authorization.js
+++ b/docker/ssl/authorization.js
@@ -170,7 +170,7 @@ function parseCert(cert, key) {
         for (var i = 0; i < pairs.length; i++) {
             var pair = pairs[i].split('=');
             if (pair[0].toUpperCase() == key) {
-                return "Thing " + pair[1].replace("\\", "").trim();
+                return "Client " + pair[1].replace("\\", "").trim();
             }
         }
     }
diff --git a/domains/roleactions.go b/domains/roleactions.go
index 84a5f7c91d..c607a5b10a 100644
--- a/domains/roleactions.go
+++ b/domains/roleactions.go
@@ -20,7 +20,7 @@ const (
 	ChannelCreate roles.Action = "channel_create"
 	GroupCreate   roles.Action = "group_create"
 
-	// Domain Things Roles: Actions related to clients present within the Domain
+	// Domain Clients Roles: Actions related to clients present within the Domain
 	ClientUpdate           roles.Action = "client_update"
 	ClientRead             roles.Action = "client_read"
 	ClientDelete           roles.Action = "client_delete"
@@ -36,7 +36,7 @@ const (
 	ChannelRead            roles.Action = "channel_read"
 	ChannelDelete          roles.Action = "channel_delete"
 	ChannelSetParentGroup  roles.Action = "channel_set_parent_group"
-	ChannelConnectToThing  roles.Action = "channel_connect_to_client"
+	ChannelConnectToClient  roles.Action = "channel_connect_to_client"
 	ChannelPublish         roles.Action = "channel_publish"
 	ChannelSubscribe       roles.Action = "channel_subscribe"
 	ChannelManageRole      roles.Action = "channel_manage_role"
@@ -90,7 +90,7 @@ func AvailableActions() []roles.Action {
 		ChannelRead,
 		ChannelDelete,
 		ChannelSetParentGroup,
-		ChannelConnectToThing,
+		ChannelConnectToClient,
 		ChannelPublish,
 		ChannelSubscribe,
 		ChannelManageRole,
diff --git a/go.mod b/go.mod
index e3fcd80cf8..b5caac786f 100644
--- a/go.mod
+++ b/go.mod
@@ -42,6 +42,7 @@ require (
 	github.com/rubenv/sql-migrate v1.7.0
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
+	github.com/sqids/sqids-go v0.4.1
 	github.com/stretchr/testify v1.9.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0
@@ -152,10 +153,8 @@ require (
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/sqids/sqids-go v0.4.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
diff --git a/go.sum b/go.sum
index d1b6e437f5..839b4fdbd4 100644
--- a/go.sum
+++ b/go.sum
@@ -428,8 +428,6 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI=
-github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
diff --git a/groups/groups.go b/groups/groups.go
index 8890f05887..104980715a 100644
--- a/groups/groups.go
+++ b/groups/groups.go
@@ -174,10 +174,10 @@ const (
 	OpRemoveChannels
 	OpRemoveAllChannels
 	OpListChannels
-	OpAddThings
-	OpRemoveThings
-	OpRemoveAllThings
-	OpListThings
+	OpAddClients
+	OpRemoveClients
+	OpRemoveAllClients
+	OpListClients
 	OpDeleteGroup
 )
 
@@ -200,10 +200,10 @@ var expectedOperations = []svcutil.Operation{
 	OpRemoveChannels,
 	OpRemoveAllChannels,
 	OpListChannels,
-	OpAddThings,
-	OpRemoveThings,
-	OpRemoveAllThings,
-	OpListThings,
+	OpAddClients,
+	OpRemoveClients,
+	OpRemoveAllClients,
+	OpListClients,
 	OpDeleteGroup,
 }
 
@@ -226,10 +226,10 @@ var operationNames = []string{
 	"OpRemoveChannels",
 	"OpRemoveAllChannels",
 	"OpListChannels",
-	"OpAddThings",
-	"OpRemoveThings",
-	"OpRemoveAllThings",
-	"OpListThings",
+	"OpAddClients",
+	"OpRemoveClients",
+	"OpRemoveAllClients",
+	"OpListClients",
 	"OpDeleteGroup",
 }
 
@@ -271,10 +271,10 @@ func NewOperationPermissionMap() map[svcutil.Operation]svcutil.Permission {
 		OpRemoveChannels:          "",
 		OpRemoveAllChannels:       "",
 		OpListChannels:            "",
-		OpAddThings:               "",
-		OpRemoveThings:            "",
-		OpRemoveAllThings:         "",
-		OpListThings:              "",
+		OpAddClients:               "",
+		OpRemoveClients:            "",
+		OpRemoveAllClients:         "",
+		OpListClients:              "",
 		OpDeleteGroup:             deletePermission,
 	}
 	return opPerm
diff --git a/groups/roleactions.go b/groups/roleactions.go
index 75f553eba8..0ca7cee809 100644
--- a/groups/roleactions.go
+++ b/groups/roleactions.go
@@ -18,7 +18,7 @@ const (
 	ClientCreate          = "client_create"
 	ChannelCreate         = "channel_create"
 	SubgroupCreate        = "subgroup_create"
-	SubgroupThingCreate   = "subgroup_client_create"
+	SubgroupClientCreate   = "subgroup_client_create"
 	SubgroupChannelCreate = "subgroup_channel_create"
 
 	ClientUpdate           = "client_update"
@@ -36,7 +36,7 @@ const (
 	ChannelRead           = "channel_read"
 	ChannelDelete         = "channel_delete"
 	ChannelSetParentGroup = "channel_set_parent_group"
-	ChannelConnectToThing = "channel_connect_to_client"
+	ChannelConnectToClient = "channel_connect_to_client"
 	ChannelPublish        = "channel_publish"
 	ChannelSubscribe      = "channel_subscribe"
 
@@ -72,7 +72,7 @@ const (
 	SubgroupChannelRead           = "subgroup_channel_read"
 	SubgroupChannelDelete         = "subgroup_channel_delete"
 	SubgroupChannelSetParentGroup = "subgroup_channel_set_parent_group"
-	SubgroupChannelConnectToThing = "subgroup_channel_connect_to_client"
+	SubgroupChannelConnectToClient = "subgroup_channel_connect_to_client"
 	SubgroupChannelPublish        = "subgroup_channel_publish"
 	SubgroupChannelSubscribe      = "subgroup_channel_subscribe"
 
@@ -102,7 +102,7 @@ func AvailableActions() []roles.Action {
 		ClientCreate,
 		ChannelCreate,
 		SubgroupCreate,
-		SubgroupThingCreate,
+		SubgroupClientCreate,
 		SubgroupChannelCreate,
 		ClientUpdate,
 		ClientRead,
@@ -117,7 +117,7 @@ func AvailableActions() []roles.Action {
 		ChannelRead,
 		ChannelDelete,
 		ChannelSetParentGroup,
-		ChannelConnectToThing,
+		ChannelConnectToClient,
 		ChannelPublish,
 		ChannelSubscribe,
 		ChannelManageRole,
@@ -147,7 +147,7 @@ func AvailableActions() []roles.Action {
 		SubgroupChannelRead,
 		SubgroupChannelDelete,
 		SubgroupChannelSetParentGroup,
-		SubgroupChannelConnectToThing,
+		SubgroupChannelConnectToClient,
 		SubgroupChannelPublish,
 		SubgroupChannelSubscribe,
 		SubgroupChannelManageRole,
diff --git a/groups/service.go b/groups/service.go
index 4d1c7e784e..dad9b1222e 100644
--- a/groups/service.go
+++ b/groups/service.go
@@ -28,7 +28,7 @@ type service struct {
 	policy     policies.Service
 	idProvider magistrala.IDProvider
 	channels   grpcChannelsV1.ChannelsServiceClient
-	things     grpcClientsV1.ClientsServiceClient
+	clients     grpcClientsV1.ClientsServiceClient
 
 	roles.ProvisionManageService
 }
@@ -44,7 +44,7 @@ func NewService(repo Repository, policy policies.Service, idp magistrala.IDProvi
 		policy:                 policy,
 		idProvider:             idp,
 		channels:               channels,
-		things:                 clients,
+		clients:                 clients,
 		ProvisionManageService: rpms,
 	}, nil
 }
@@ -156,7 +156,7 @@ func (svc service) ListGroups(ctx context.Context, session mgauthn.Session, gm P
 	return gp, nil
 }
 
-// Experimental functions used for async calling of svc.listUserThingPermission. This might be helpful during listing of large number of entities.
+// Experimental functions used for async calling of svc.listUserClientPermission. This might be helpful during listing of large number of entities.
 func (svc service) retrievePermissions(ctx context.Context, userID string, group *Group) error {
 	permissions, err := svc.listUserGroupPermission(ctx, userID, group.ID)
 	if err != nil {
@@ -457,7 +457,7 @@ func (svc service) DeleteGroup(ctx context.Context, session mgauthn.Session, id
 		return errors.Wrap(svcerr.ErrRemoveEntity, err)
 	}
 
-	if _, err := svc.things.UnsetParentGroupFromClient(ctx, &grpcClientsV1.UnsetParentGroupFromClientReq{ParentGroupId: id}); err != nil {
+	if _, err := svc.clients.UnsetParentGroupFromClient(ctx, &grpcClientsV1.UnsetParentGroupFromClientReq{ParentGroupId: id}); err != nil {
 		return errors.Wrap(svcerr.ErrRemoveEntity, err)
 	}
 
diff --git a/http/README.md b/http/README.md
index 6c3202c7d7..21a2b8ca73 100644
--- a/http/README.md
+++ b/http/README.md
@@ -68,4 +68,4 @@ Setting `MG_CLIENTS_AUTH_GRPC_CLIENT_CERT` and `MG_CLIENTS_AUTH_GRPC_CLIENT_KEY`
 
 ## Usage
 
-HTTP Authorization request header contains the credentials to authenticate a Thing. The authorization header can be a plain Thing key or a Thing key encoded as a password for Basic Authentication. In case the Basic Authentication schema is used, the username is ignored. For more information about service capabilities and its usage, please check out the [API documentation](https://docs.api.magistrala.abstractmachines.fr/?urls.primaryName=http.yml).
+HTTP Authorization request header contains the credentials to authenticate a Client. The authorization header can be a plain Client key or a Client key encoded as a password for Basic Authentication. In case the Basic Authentication schema is used, the username is ignored. For more information about service capabilities and its usage, please check out the [API documentation](https://docs.api.magistrala.abstractmachines.fr/?urls.primaryName=http.yml).
diff --git a/http/api/endpoint_test.go b/http/api/endpoint_test.go
index 03f75a8e2e..231120eb17 100644
--- a/http/api/endpoint_test.go
+++ b/http/api/endpoint_test.go
@@ -85,19 +85,19 @@ func (tr testRequest) make() (*http.Response, error) {
 }
 
 func TestPublish(t *testing.T) {
-	things := new(climocks.ClientsServiceClient)
+	clients := new(climocks.ClientsServiceClient)
 	authn := new(authnMocks.Authentication)
 	channels := new(chmocks.ChannelsServiceClient)
 	chanID := "1"
 	ctSenmlJSON := "application/senml+json"
 	ctSenmlCBOR := "application/senml+cbor"
 	ctJSON := "application/json"
-	thingKey := "thing_key"
+	clientKey := "client_key"
 	invalidKey := invalidValue
 	msg := `[{"n":"current","t":-1,"v":1.6}]`
 	msgJSON := `{"field1":"val1","field2":"val2"}`
 	msgCBOR := `81A3616E6763757272656E746174206176FB3FF999999999999A`
-	svc, pub := newService(authn, things, channels)
+	svc, pub := newService(authn, clients, channels)
 	target := newTargetHTTPServer()
 	defer target.Close()
 	ts, err := newProxyHTPPServer(svc, target)
@@ -117,21 +117,21 @@ func TestPublish(t *testing.T) {
 			chanID:      chanID,
 			msg:         msg,
 			contentType: ctSenmlJSON,
-			key:         thingKey,
+			key:         clientKey,
 			status:      http.StatusAccepted,
 		},
 		"publish message with application/senml+cbor content-type": {
 			chanID:      chanID,
 			msg:         msgCBOR,
 			contentType: ctSenmlCBOR,
-			key:         thingKey,
+			key:         clientKey,
 			status:      http.StatusAccepted,
 		},
 		"publish message with application/json content-type": {
 			chanID:      chanID,
 			msg:         msgJSON,
 			contentType: ctJSON,
-			key:         thingKey,
+			key:         clientKey,
 			status:      http.StatusAccepted,
 		},
 		"publish message with empty key": {
@@ -145,7 +145,7 @@ func TestPublish(t *testing.T) {
 			chanID:      chanID,
 			msg:         msg,
 			contentType: ctSenmlJSON,
-			key:         thingKey,
+			key:         clientKey,
 			basicAuth:   true,
 			status:      http.StatusAccepted,
 		},
@@ -168,14 +168,14 @@ func TestPublish(t *testing.T) {
 			chanID:      chanID,
 			msg:         msg,
 			contentType: "",
-			key:         thingKey,
+			key:         clientKey,
 			status:      http.StatusUnsupportedMediaType,
 		},
 		"publish message to invalid channel": {
 			chanID:      "",
 			msg:         msg,
 			contentType: ctSenmlJSON,
-			key:         thingKey,
+			key:         clientKey,
 			status:      http.StatusBadRequest,
 		},
 	}
diff --git a/http/handler.go b/http/handler.go
index 6e93555409..3ba60abc24 100644
--- a/http/handler.go
+++ b/http/handler.go
@@ -38,10 +38,10 @@ const (
 
 // Log message formats.
 const (
-	logInfoConnected        = "connected with thing_key %s"
+	logInfoConnected        = "connected with client_key %s"
 	logInfoPublished        = "published with client_type %s client_id %s to the topic %s"
 	logInfoFailedAuthNToken = "failed to authenticate token for topic %s with error %s"
-	logInfoFailedAuthNThing = "failed to authenticate client key %s for topic %s with error %s"
+	logInfoFailedAuthNClient = "failed to authenticate client key %s for topic %s with error %s"
 )
 
 // Error wrappers for MQTT errors.
@@ -131,11 +131,11 @@ func (h *handler) Publish(ctx context.Context, topic *string, payload *[]byte) e
 		secret := strings.TrimPrefix(string(s.Password), apiutil.ClientPrefix)
 		authnRes, err := h.clients.Authenticate(ctx, &grpcClientsV1.AuthnReq{ClientSecret: secret})
 		if err != nil {
-			h.logger.Info(fmt.Sprintf(logInfoFailedAuthNThing, secret, *topic, err))
+			h.logger.Info(fmt.Sprintf(logInfoFailedAuthNClient, secret, *topic, err))
 			return mgate.NewHTTPProxyError(http.StatusUnauthorized, svcerr.ErrAuthentication)
 		}
 		if !authnRes.Authenticated {
-			h.logger.Info(fmt.Sprintf(logInfoFailedAuthNThing, secret, *topic, svcerr.ErrAuthentication))
+			h.logger.Info(fmt.Sprintf(logInfoFailedAuthNClient, secret, *topic, svcerr.ErrAuthentication))
 			return mgate.NewHTTPProxyError(http.StatusUnauthorized, svcerr.ErrAuthentication)
 		}
 		clientType = policies.ClientType
diff --git a/internal/api/common.go b/internal/api/common.go
index 06b357aaa5..61ccf3c272 100644
--- a/internal/api/common.go
+++ b/internal/api/common.go
@@ -185,7 +185,9 @@ func EncodeError(_ context.Context, err error, w http.ResponseWriter) {
 	case errors.Contains(err, svcerr.ErrCreateEntity),
 		errors.Contains(err, svcerr.ErrUpdateEntity),
 		errors.Contains(err, svcerr.ErrRemoveEntity),
-		errors.Contains(err, svcerr.ErrEnableClient):
+		errors.Contains(err, svcerr.ErrEnableClient),
+		errors.Contains(err, svcerr.ErrEnableUser),
+		errors.Contains(err, svcerr.ErrDisableUser):
 		err = unwrap(err)
 		w.WriteHeader(http.StatusUnprocessableEntity)
 
diff --git a/internal/grpc/auth/v1/auth.pb.go b/internal/grpc/auth/v1/auth.pb.go
index 71bf566f95..cf85fdf79a 100644
--- a/internal/grpc/auth/v1/auth.pb.go
+++ b/internal/grpc/auth/v1/auth.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.35.1
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.34.2
+// 	protoc        v5.27.1
 // source: auth/v1/auth.proto
 
 package v1
@@ -33,9 +33,11 @@ type AuthNReq struct {
 
 func (x *AuthNReq) Reset() {
 	*x = AuthNReq{}
-	mi := &file_auth_v1_auth_proto_msgTypes[0]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_auth_v1_auth_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *AuthNReq) String() string {
@@ -46,7 +48,7 @@ func (*AuthNReq) ProtoMessage() {}
 
 func (x *AuthNReq) ProtoReflect() protoreflect.Message {
 	mi := &file_auth_v1_auth_proto_msgTypes[0]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -80,9 +82,11 @@ type AuthNRes struct {
 
 func (x *AuthNRes) Reset() {
 	*x = AuthNRes{}
-	mi := &file_auth_v1_auth_proto_msgTypes[1]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_auth_v1_auth_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *AuthNRes) String() string {
@@ -93,7 +97,7 @@ func (*AuthNRes) ProtoMessage() {}
 
 func (x *AuthNRes) ProtoReflect() protoreflect.Message {
 	mi := &file_auth_v1_auth_proto_msgTypes[1]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -135,21 +139,23 @@ type AuthZReq struct {
 	unknownFields protoimpl.UnknownFields
 
 	Domain          string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`                                          // Domain
-	SubjectType     string `protobuf:"bytes,2,opt,name=subject_type,json=subjectType,proto3" json:"subject_type,omitempty"`             // Thing or User
+	SubjectType     string `protobuf:"bytes,2,opt,name=subject_type,json=subjectType,proto3" json:"subject_type,omitempty"`             // Client or User
 	SubjectKind     string `protobuf:"bytes,3,opt,name=subject_kind,json=subjectKind,proto3" json:"subject_kind,omitempty"`             // ID or Token
 	SubjectRelation string `protobuf:"bytes,4,opt,name=subject_relation,json=subjectRelation,proto3" json:"subject_relation,omitempty"` // Subject relation
 	Subject         string `protobuf:"bytes,5,opt,name=subject,proto3" json:"subject,omitempty"`                                        // Subject value (id or token, depending on kind)
 	Relation        string `protobuf:"bytes,6,opt,name=relation,proto3" json:"relation,omitempty"`                                      // Relation to filter
 	Permission      string `protobuf:"bytes,7,opt,name=permission,proto3" json:"permission,omitempty"`                                  // Action
 	Object          string `protobuf:"bytes,8,opt,name=object,proto3" json:"object,omitempty"`                                          // Object ID
-	ObjectType      string `protobuf:"bytes,9,opt,name=object_type,json=objectType,proto3" json:"object_type,omitempty"`                // Thing, User, Group
+	ObjectType      string `protobuf:"bytes,9,opt,name=object_type,json=objectType,proto3" json:"object_type,omitempty"`                // Client, User, Group
 }
 
 func (x *AuthZReq) Reset() {
 	*x = AuthZReq{}
-	mi := &file_auth_v1_auth_proto_msgTypes[2]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_auth_v1_auth_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *AuthZReq) String() string {
@@ -160,7 +166,7 @@ func (*AuthZReq) ProtoMessage() {}
 
 func (x *AuthZReq) ProtoReflect() protoreflect.Message {
 	mi := &file_auth_v1_auth_proto_msgTypes[2]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -249,9 +255,11 @@ type AuthZRes struct {
 
 func (x *AuthZRes) Reset() {
 	*x = AuthZRes{}
-	mi := &file_auth_v1_auth_proto_msgTypes[3]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_auth_v1_auth_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *AuthZRes) String() string {
@@ -262,7 +270,7 @@ func (*AuthZRes) ProtoMessage() {}
 
 func (x *AuthZRes) ProtoReflect() protoreflect.Message {
 	mi := &file_auth_v1_auth_proto_msgTypes[3]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -375,6 +383,56 @@ func file_auth_v1_auth_proto_init() {
 	if File_auth_v1_auth_proto != nil {
 		return
 	}
+	if !protoimpl.UnsafeEnabled {
+		file_auth_v1_auth_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*AuthNReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_auth_v1_auth_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*AuthNRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_auth_v1_auth_proto_msgTypes[2].Exporter = func(v any, i int) any {
+			switch v := v.(*AuthZReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_auth_v1_auth_proto_msgTypes[3].Exporter = func(v any, i int) any {
+			switch v := v.(*AuthZRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/internal/grpc/auth/v1/auth_grpc.pb.go b/internal/grpc/auth/v1/auth_grpc.pb.go
index 5aae19082d..c1ff612fe1 100644
--- a/internal/grpc/auth/v1/auth_grpc.pb.go
+++ b/internal/grpc/auth/v1/auth_grpc.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.5.1
-// - protoc             v5.28.2
+// - protoc-gen-go-grpc v1.4.0
+// - protoc             v5.27.1
 // source: auth/v1/auth.proto
 
 package v1
@@ -18,8 +18,8 @@ import (
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.64.0 or later.
-const _ = grpc.SupportPackageIsVersion9
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
 
 const (
 	AuthService_Authorize_FullMethodName    = "/auth.v1.AuthService/Authorize"
@@ -67,7 +67,7 @@ func (c *authServiceClient) Authenticate(ctx context.Context, in *AuthNReq, opts
 
 // AuthServiceServer is the server API for AuthService service.
 // All implementations must embed UnimplementedAuthServiceServer
-// for forward compatibility.
+// for forward compatibility
 //
 // AuthService is a service that provides authentication and authorization
 // functionalities for magistrala services.
@@ -77,12 +77,9 @@ type AuthServiceServer interface {
 	mustEmbedUnimplementedAuthServiceServer()
 }
 
-// UnimplementedAuthServiceServer must be embedded to have
-// forward compatible implementations.
-//
-// NOTE: this should be embedded by value instead of pointer to avoid a nil
-// pointer dereference when methods are called.
-type UnimplementedAuthServiceServer struct{}
+// UnimplementedAuthServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedAuthServiceServer struct {
+}
 
 func (UnimplementedAuthServiceServer) Authorize(context.Context, *AuthZReq) (*AuthZRes, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Authorize not implemented")
@@ -91,7 +88,6 @@ func (UnimplementedAuthServiceServer) Authenticate(context.Context, *AuthNReq) (
 	return nil, status.Errorf(codes.Unimplemented, "method Authenticate not implemented")
 }
 func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {}
-func (UnimplementedAuthServiceServer) testEmbeddedByValue()                     {}
 
 // UnsafeAuthServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to AuthServiceServer will
@@ -101,13 +97,6 @@ type UnsafeAuthServiceServer interface {
 }
 
 func RegisterAuthServiceServer(s grpc.ServiceRegistrar, srv AuthServiceServer) {
-	// If the following call pancis, it indicates UnimplementedAuthServiceServer was
-	// embedded by pointer and is nil.  This will cause panics if an
-	// unimplemented method is ever invoked, so we test this at initialization
-	// time to prevent it from happening at runtime later due to I/O.
-	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
-		t.testEmbeddedByValue()
-	}
 	s.RegisterService(&AuthService_ServiceDesc, srv)
 }
 
diff --git a/internal/grpc/channels/v1/channels.pb.go b/internal/grpc/channels/v1/channels.pb.go
index b68c455012..999eb4592e 100644
--- a/internal/grpc/channels/v1/channels.pb.go
+++ b/internal/grpc/channels/v1/channels.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.35.1
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.34.2
+// 	protoc        v5.27.1
 // source: channels/v1/channels.proto
 
 package v1
@@ -23,7 +23,7 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )
 
-type RemoveThingConnectionsReq struct {
+type RemoveClientConnectionsReq struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
@@ -31,22 +31,24 @@ type RemoveThingConnectionsReq struct {
 	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
 }
 
-func (x *RemoveThingConnectionsReq) Reset() {
-	*x = RemoveThingConnectionsReq{}
-	mi := &file_channels_v1_channels_proto_msgTypes[0]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+func (x *RemoveClientConnectionsReq) Reset() {
+	*x = RemoveClientConnectionsReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_channels_v1_channels_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (x *RemoveThingConnectionsReq) String() string {
+func (x *RemoveClientConnectionsReq) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*RemoveThingConnectionsReq) ProtoMessage() {}
+func (*RemoveClientConnectionsReq) ProtoMessage() {}
 
-func (x *RemoveThingConnectionsReq) ProtoReflect() protoreflect.Message {
+func (x *RemoveClientConnectionsReq) ProtoReflect() protoreflect.Message {
 	mi := &file_channels_v1_channels_proto_msgTypes[0]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -56,40 +58,42 @@ func (x *RemoveThingConnectionsReq) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use RemoveThingConnectionsReq.ProtoReflect.Descriptor instead.
-func (*RemoveThingConnectionsReq) Descriptor() ([]byte, []int) {
+// Deprecated: Use RemoveClientConnectionsReq.ProtoReflect.Descriptor instead.
+func (*RemoveClientConnectionsReq) Descriptor() ([]byte, []int) {
 	return file_channels_v1_channels_proto_rawDescGZIP(), []int{0}
 }
 
-func (x *RemoveThingConnectionsReq) GetClientId() string {
+func (x *RemoveClientConnectionsReq) GetClientId() string {
 	if x != nil {
 		return x.ClientId
 	}
 	return ""
 }
 
-type RemoveThingConnectionsRes struct {
+type RemoveClientConnectionsRes struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 }
 
-func (x *RemoveThingConnectionsRes) Reset() {
-	*x = RemoveThingConnectionsRes{}
-	mi := &file_channels_v1_channels_proto_msgTypes[1]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+func (x *RemoveClientConnectionsRes) Reset() {
+	*x = RemoveClientConnectionsRes{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_channels_v1_channels_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (x *RemoveThingConnectionsRes) String() string {
+func (x *RemoveClientConnectionsRes) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*RemoveThingConnectionsRes) ProtoMessage() {}
+func (*RemoveClientConnectionsRes) ProtoMessage() {}
 
-func (x *RemoveThingConnectionsRes) ProtoReflect() protoreflect.Message {
+func (x *RemoveClientConnectionsRes) ProtoReflect() protoreflect.Message {
 	mi := &file_channels_v1_channels_proto_msgTypes[1]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -99,8 +103,8 @@ func (x *RemoveThingConnectionsRes) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use RemoveThingConnectionsRes.ProtoReflect.Descriptor instead.
-func (*RemoveThingConnectionsRes) Descriptor() ([]byte, []int) {
+// Deprecated: Use RemoveClientConnectionsRes.ProtoReflect.Descriptor instead.
+func (*RemoveClientConnectionsRes) Descriptor() ([]byte, []int) {
 	return file_channels_v1_channels_proto_rawDescGZIP(), []int{1}
 }
 
@@ -114,9 +118,11 @@ type UnsetParentGroupFromChannelsReq struct {
 
 func (x *UnsetParentGroupFromChannelsReq) Reset() {
 	*x = UnsetParentGroupFromChannelsReq{}
-	mi := &file_channels_v1_channels_proto_msgTypes[2]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_channels_v1_channels_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *UnsetParentGroupFromChannelsReq) String() string {
@@ -127,7 +133,7 @@ func (*UnsetParentGroupFromChannelsReq) ProtoMessage() {}
 
 func (x *UnsetParentGroupFromChannelsReq) ProtoReflect() protoreflect.Message {
 	mi := &file_channels_v1_channels_proto_msgTypes[2]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -157,9 +163,11 @@ type UnsetParentGroupFromChannelsRes struct {
 
 func (x *UnsetParentGroupFromChannelsRes) Reset() {
 	*x = UnsetParentGroupFromChannelsRes{}
-	mi := &file_channels_v1_channels_proto_msgTypes[3]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_channels_v1_channels_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *UnsetParentGroupFromChannelsRes) String() string {
@@ -170,7 +178,7 @@ func (*UnsetParentGroupFromChannelsRes) ProtoMessage() {}
 
 func (x *UnsetParentGroupFromChannelsRes) ProtoReflect() protoreflect.Message {
 	mi := &file_channels_v1_channels_proto_msgTypes[3]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -199,9 +207,11 @@ type AuthzReq struct {
 
 func (x *AuthzReq) Reset() {
 	*x = AuthzReq{}
-	mi := &file_channels_v1_channels_proto_msgTypes[4]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_channels_v1_channels_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *AuthzReq) String() string {
@@ -212,7 +222,7 @@ func (*AuthzReq) ProtoMessage() {}
 
 func (x *AuthzReq) ProtoReflect() protoreflect.Message {
 	mi := &file_channels_v1_channels_proto_msgTypes[4]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -272,9 +282,11 @@ type AuthzRes struct {
 
 func (x *AuthzRes) Reset() {
 	*x = AuthzRes{}
-	mi := &file_channels_v1_channels_proto_msgTypes[5]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_channels_v1_channels_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *AuthzRes) String() string {
@@ -285,7 +297,7 @@ func (*AuthzRes) ProtoMessage() {}
 
 func (x *AuthzRes) ProtoReflect() protoreflect.Message {
 	mi := &file_channels_v1_channels_proto_msgTypes[5]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -312,56 +324,56 @@ var File_channels_v1_channels_proto protoreflect.FileDescriptor
 var file_channels_v1_channels_proto_rawDesc = []byte{
 	0x0a, 0x1a, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x68,
 	0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x63, 0x68,
-	0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x22, 0x38, 0x0a, 0x19, 0x52, 0x65, 0x6d,
-	0x6f, 0x76, 0x65, 0x54, 0x68, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-	0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e,
-	0x74, 0x49, 0x64, 0x22, 0x1b, 0x0a, 0x19, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x68, 0x69,
-	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x73,
-	0x22, 0x49, 0x0a, 0x1f, 0x55, 0x6e, 0x73, 0x65, 0x74, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x47,
-	0x72, 0x6f, 0x75, 0x70, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73,
-	0x52, 0x65, 0x71, 0x12, 0x26, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x67, 0x72,
-	0x6f, 0x75, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x70, 0x61,
-	0x72, 0x65, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x49, 0x64, 0x22, 0x21, 0x0a, 0x1f, 0x55,
-	0x6e, 0x73, 0x65, 0x74, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x46,
-	0x72, 0x6f, 0x6d, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x22, 0x98,
-	0x01, 0x0a, 0x08, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x52, 0x65, 0x71, 0x12, 0x1b, 0x0a, 0x09, 0x64,
-	0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
-	0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65,
-	0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f,
-	0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6c, 0x69, 0x65,
-	0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65,
-	0x6c, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x68, 0x61, 0x6e,
-	0x6e, 0x65, 0x6c, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x2a, 0x0a, 0x08, 0x41, 0x75, 0x74,
-	0x68, 0x7a, 0x52, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x65, 0x64, 0x32, 0xb8, 0x02, 0x0a, 0x0f, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65,
-	0x6c, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3b, 0x0a, 0x09, 0x41, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x12, 0x15, 0x2e, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c,
-	0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x52, 0x65, 0x71, 0x1a, 0x15, 0x2e,
-	0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68,
-	0x7a, 0x52, 0x65, 0x73, 0x22, 0x00, 0x12, 0x6a, 0x0a, 0x16, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65,
-	0x54, 0x68, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x12, 0x26, 0x2e, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52,
-	0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x68, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x1a, 0x26, 0x2e, 0x63, 0x68, 0x61, 0x6e, 0x6e,
-	0x65, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x68, 0x69,
-	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x73,
-	0x22, 0x00, 0x12, 0x7c, 0x0a, 0x1c, 0x55, 0x6e, 0x73, 0x65, 0x74, 0x50, 0x61, 0x72, 0x65, 0x6e,
+	0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x22, 0x39, 0x0a, 0x1a, 0x52, 0x65, 0x6d,
+	0x6f, 0x76, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e,
+	0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65,
+	0x6e, 0x74, 0x49, 0x64, 0x22, 0x1c, 0x0a, 0x1a, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x43, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
+	0x65, 0x73, 0x22, 0x49, 0x0a, 0x1f, 0x55, 0x6e, 0x73, 0x65, 0x74, 0x50, 0x61, 0x72, 0x65, 0x6e,
+	0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65,
+	0x6c, 0x73, 0x52, 0x65, 0x71, 0x12, 0x26, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f,
+	0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d,
+	0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x49, 0x64, 0x22, 0x21, 0x0a,
+	0x1f, 0x55, 0x6e, 0x73, 0x65, 0x74, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75,
+	0x70, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x73,
+	0x22, 0x98, 0x01, 0x0a, 0x08, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x52, 0x65, 0x71, 0x12, 0x1b, 0x0a,
+	0x09, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x08, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6c, 0x69, 0x65, 0x6e,
+	0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x68, 0x61, 0x6e,
+	0x6e, 0x65, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x68,
+	0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x2a, 0x0a, 0x08, 0x41,
+	0x75, 0x74, 0x68, 0x7a, 0x52, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x75, 0x74, 0x68, 0x6f,
+	0x72, 0x69, 0x7a, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x75, 0x74,
+	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x32, 0xbb, 0x02, 0x0a, 0x0f, 0x43, 0x68, 0x61, 0x6e,
+	0x6e, 0x65, 0x6c, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3b, 0x0a, 0x09, 0x41,
+	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x12, 0x15, 0x2e, 0x63, 0x68, 0x61, 0x6e, 0x6e,
+	0x65, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x52, 0x65, 0x71, 0x1a,
+	0x15, 0x2e, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75,
+	0x74, 0x68, 0x7a, 0x52, 0x65, 0x73, 0x22, 0x00, 0x12, 0x6d, 0x0a, 0x17, 0x52, 0x65, 0x6d, 0x6f,
+	0x76, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x12, 0x27, 0x2e, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2e, 0x76,
+	0x31, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x1a, 0x27, 0x2e, 0x63,
+	0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76,
+	0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x52, 0x65, 0x73, 0x22, 0x00, 0x12, 0x7c, 0x0a, 0x1c, 0x55, 0x6e, 0x73, 0x65, 0x74,
+	0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x46, 0x72, 0x6f, 0x6d, 0x43,
+	0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x12, 0x2c, 0x2e, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65,
+	0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x6e, 0x73, 0x65, 0x74, 0x50, 0x61, 0x72, 0x65, 0x6e,
 	0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65,
-	0x6c, 0x73, 0x12, 0x2c, 0x2e, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2e, 0x76, 0x31,
-	0x2e, 0x55, 0x6e, 0x73, 0x65, 0x74, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75,
-	0x70, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x71,
-	0x1a, 0x2c, 0x2e, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55,
-	0x6e, 0x73, 0x65, 0x74, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x46,
-	0x72, 0x6f, 0x6d, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x22, 0x00,
-	0x42, 0x39, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61,
-	0x62, 0x73, 0x6d, 0x61, 0x63, 0x68, 0x2f, 0x6d, 0x61, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x6c,
-	0x61, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f,
-	0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
+	0x6c, 0x73, 0x52, 0x65, 0x71, 0x1a, 0x2c, 0x2e, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73,
+	0x2e, 0x76, 0x31, 0x2e, 0x55, 0x6e, 0x73, 0x65, 0x74, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x47,
+	0x72, 0x6f, 0x75, 0x70, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73,
+	0x52, 0x65, 0x73, 0x22, 0x00, 0x42, 0x39, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x62, 0x73, 0x6d, 0x61, 0x63, 0x68, 0x2f, 0x6d, 0x61, 0x67, 0x69,
+	0x73, 0x74, 0x72, 0x61, 0x6c, 0x61, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f,
+	0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x73, 0x2f, 0x76, 0x31,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -378,8 +390,8 @@ func file_channels_v1_channels_proto_rawDescGZIP() []byte {
 
 var file_channels_v1_channels_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
 var file_channels_v1_channels_proto_goTypes = []any{
-	(*RemoveThingConnectionsReq)(nil),       // 0: channels.v1.RemoveThingConnectionsReq
-	(*RemoveThingConnectionsRes)(nil),       // 1: channels.v1.RemoveThingConnectionsRes
+	(*RemoveClientConnectionsReq)(nil),      // 0: channels.v1.RemoveClientConnectionsReq
+	(*RemoveClientConnectionsRes)(nil),      // 1: channels.v1.RemoveClientConnectionsRes
 	(*UnsetParentGroupFromChannelsReq)(nil), // 2: channels.v1.UnsetParentGroupFromChannelsReq
 	(*UnsetParentGroupFromChannelsRes)(nil), // 3: channels.v1.UnsetParentGroupFromChannelsRes
 	(*AuthzReq)(nil),                        // 4: channels.v1.AuthzReq
@@ -387,10 +399,10 @@ var file_channels_v1_channels_proto_goTypes = []any{
 }
 var file_channels_v1_channels_proto_depIdxs = []int32{
 	4, // 0: channels.v1.ChannelsService.Authorize:input_type -> channels.v1.AuthzReq
-	0, // 1: channels.v1.ChannelsService.RemoveThingConnections:input_type -> channels.v1.RemoveThingConnectionsReq
+	0, // 1: channels.v1.ChannelsService.RemoveClientConnections:input_type -> channels.v1.RemoveClientConnectionsReq
 	2, // 2: channels.v1.ChannelsService.UnsetParentGroupFromChannels:input_type -> channels.v1.UnsetParentGroupFromChannelsReq
 	5, // 3: channels.v1.ChannelsService.Authorize:output_type -> channels.v1.AuthzRes
-	1, // 4: channels.v1.ChannelsService.RemoveThingConnections:output_type -> channels.v1.RemoveThingConnectionsRes
+	1, // 4: channels.v1.ChannelsService.RemoveClientConnections:output_type -> channels.v1.RemoveClientConnectionsRes
 	3, // 5: channels.v1.ChannelsService.UnsetParentGroupFromChannels:output_type -> channels.v1.UnsetParentGroupFromChannelsRes
 	3, // [3:6] is the sub-list for method output_type
 	0, // [0:3] is the sub-list for method input_type
@@ -404,6 +416,80 @@ func file_channels_v1_channels_proto_init() {
 	if File_channels_v1_channels_proto != nil {
 		return
 	}
+	if !protoimpl.UnsafeEnabled {
+		file_channels_v1_channels_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*RemoveClientConnectionsReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_channels_v1_channels_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*RemoveClientConnectionsRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_channels_v1_channels_proto_msgTypes[2].Exporter = func(v any, i int) any {
+			switch v := v.(*UnsetParentGroupFromChannelsReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_channels_v1_channels_proto_msgTypes[3].Exporter = func(v any, i int) any {
+			switch v := v.(*UnsetParentGroupFromChannelsRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_channels_v1_channels_proto_msgTypes[4].Exporter = func(v any, i int) any {
+			switch v := v.(*AuthzReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_channels_v1_channels_proto_msgTypes[5].Exporter = func(v any, i int) any {
+			switch v := v.(*AuthzRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/internal/grpc/channels/v1/channels_grpc.pb.go b/internal/grpc/channels/v1/channels_grpc.pb.go
index 6225256a18..3082ccea81 100644
--- a/internal/grpc/channels/v1/channels_grpc.pb.go
+++ b/internal/grpc/channels/v1/channels_grpc.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.5.1
-// - protoc             v5.28.2
+// - protoc-gen-go-grpc v1.4.0
+// - protoc             v5.27.1
 // source: channels/v1/channels.proto
 
 package v1
@@ -18,12 +18,12 @@ import (
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.64.0 or later.
-const _ = grpc.SupportPackageIsVersion9
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
 
 const (
 	ChannelsService_Authorize_FullMethodName                    = "/channels.v1.ChannelsService/Authorize"
-	ChannelsService_RemoveThingConnections_FullMethodName       = "/channels.v1.ChannelsService/RemoveThingConnections"
+	ChannelsService_RemoveClientConnections_FullMethodName      = "/channels.v1.ChannelsService/RemoveClientConnections"
 	ChannelsService_UnsetParentGroupFromChannels_FullMethodName = "/channels.v1.ChannelsService/UnsetParentGroupFromChannels"
 )
 
@@ -32,7 +32,7 @@ const (
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type ChannelsServiceClient interface {
 	Authorize(ctx context.Context, in *AuthzReq, opts ...grpc.CallOption) (*AuthzRes, error)
-	RemoveThingConnections(ctx context.Context, in *RemoveThingConnectionsReq, opts ...grpc.CallOption) (*RemoveThingConnectionsRes, error)
+	RemoveClientConnections(ctx context.Context, in *RemoveClientConnectionsReq, opts ...grpc.CallOption) (*RemoveClientConnectionsRes, error)
 	UnsetParentGroupFromChannels(ctx context.Context, in *UnsetParentGroupFromChannelsReq, opts ...grpc.CallOption) (*UnsetParentGroupFromChannelsRes, error)
 }
 
@@ -54,10 +54,10 @@ func (c *channelsServiceClient) Authorize(ctx context.Context, in *AuthzReq, opt
 	return out, nil
 }
 
-func (c *channelsServiceClient) RemoveThingConnections(ctx context.Context, in *RemoveThingConnectionsReq, opts ...grpc.CallOption) (*RemoveThingConnectionsRes, error) {
+func (c *channelsServiceClient) RemoveClientConnections(ctx context.Context, in *RemoveClientConnectionsReq, opts ...grpc.CallOption) (*RemoveClientConnectionsRes, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
-	out := new(RemoveThingConnectionsRes)
-	err := c.cc.Invoke(ctx, ChannelsService_RemoveThingConnections_FullMethodName, in, out, cOpts...)
+	out := new(RemoveClientConnectionsRes)
+	err := c.cc.Invoke(ctx, ChannelsService_RemoveClientConnections_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -76,32 +76,28 @@ func (c *channelsServiceClient) UnsetParentGroupFromChannels(ctx context.Context
 
 // ChannelsServiceServer is the server API for ChannelsService service.
 // All implementations must embed UnimplementedChannelsServiceServer
-// for forward compatibility.
+// for forward compatibility
 type ChannelsServiceServer interface {
 	Authorize(context.Context, *AuthzReq) (*AuthzRes, error)
-	RemoveThingConnections(context.Context, *RemoveThingConnectionsReq) (*RemoveThingConnectionsRes, error)
+	RemoveClientConnections(context.Context, *RemoveClientConnectionsReq) (*RemoveClientConnectionsRes, error)
 	UnsetParentGroupFromChannels(context.Context, *UnsetParentGroupFromChannelsReq) (*UnsetParentGroupFromChannelsRes, error)
 	mustEmbedUnimplementedChannelsServiceServer()
 }
 
-// UnimplementedChannelsServiceServer must be embedded to have
-// forward compatible implementations.
-//
-// NOTE: this should be embedded by value instead of pointer to avoid a nil
-// pointer dereference when methods are called.
-type UnimplementedChannelsServiceServer struct{}
+// UnimplementedChannelsServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedChannelsServiceServer struct {
+}
 
 func (UnimplementedChannelsServiceServer) Authorize(context.Context, *AuthzReq) (*AuthzRes, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Authorize not implemented")
 }
-func (UnimplementedChannelsServiceServer) RemoveThingConnections(context.Context, *RemoveThingConnectionsReq) (*RemoveThingConnectionsRes, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method RemoveThingConnections not implemented")
+func (UnimplementedChannelsServiceServer) RemoveClientConnections(context.Context, *RemoveClientConnectionsReq) (*RemoveClientConnectionsRes, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RemoveClientConnections not implemented")
 }
 func (UnimplementedChannelsServiceServer) UnsetParentGroupFromChannels(context.Context, *UnsetParentGroupFromChannelsReq) (*UnsetParentGroupFromChannelsRes, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method UnsetParentGroupFromChannels not implemented")
 }
 func (UnimplementedChannelsServiceServer) mustEmbedUnimplementedChannelsServiceServer() {}
-func (UnimplementedChannelsServiceServer) testEmbeddedByValue()                         {}
 
 // UnsafeChannelsServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to ChannelsServiceServer will
@@ -111,13 +107,6 @@ type UnsafeChannelsServiceServer interface {
 }
 
 func RegisterChannelsServiceServer(s grpc.ServiceRegistrar, srv ChannelsServiceServer) {
-	// If the following call pancis, it indicates UnimplementedChannelsServiceServer was
-	// embedded by pointer and is nil.  This will cause panics if an
-	// unimplemented method is ever invoked, so we test this at initialization
-	// time to prevent it from happening at runtime later due to I/O.
-	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
-		t.testEmbeddedByValue()
-	}
 	s.RegisterService(&ChannelsService_ServiceDesc, srv)
 }
 
@@ -139,20 +128,20 @@ func _ChannelsService_Authorize_Handler(srv interface{}, ctx context.Context, de
 	return interceptor(ctx, in, info, handler)
 }
 
-func _ChannelsService_RemoveThingConnections_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RemoveThingConnectionsReq)
+func _ChannelsService_RemoveClientConnections_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemoveClientConnectionsReq)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(ChannelsServiceServer).RemoveThingConnections(ctx, in)
+		return srv.(ChannelsServiceServer).RemoveClientConnections(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: ChannelsService_RemoveThingConnections_FullMethodName,
+		FullMethod: ChannelsService_RemoveClientConnections_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ChannelsServiceServer).RemoveThingConnections(ctx, req.(*RemoveThingConnectionsReq))
+		return srv.(ChannelsServiceServer).RemoveClientConnections(ctx, req.(*RemoveClientConnectionsReq))
 	}
 	return interceptor(ctx, in, info, handler)
 }
@@ -187,8 +176,8 @@ var ChannelsService_ServiceDesc = grpc.ServiceDesc{
 			Handler:    _ChannelsService_Authorize_Handler,
 		},
 		{
-			MethodName: "RemoveThingConnections",
-			Handler:    _ChannelsService_RemoveThingConnections_Handler,
+			MethodName: "RemoveClientConnections",
+			Handler:    _ChannelsService_RemoveClientConnections_Handler,
 		},
 		{
 			MethodName: "UnsetParentGroupFromChannels",
diff --git a/internal/grpc/clients/v1/clients.pb.go b/internal/grpc/clients/v1/clients.pb.go
index 7d69af8f17..989bbd06ff 100644
--- a/internal/grpc/clients/v1/clients.pb.go
+++ b/internal/grpc/clients/v1/clients.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.35.1
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.34.2
+// 	protoc        v5.27.1
 // source: clients/v1/clients.proto
 
 package v1
@@ -35,9 +35,11 @@ type AuthnReq struct {
 
 func (x *AuthnReq) Reset() {
 	*x = AuthnReq{}
-	mi := &file_clients_v1_clients_proto_msgTypes[0]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_clients_v1_clients_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *AuthnReq) String() string {
@@ -48,7 +50,7 @@ func (*AuthnReq) ProtoMessage() {}
 
 func (x *AuthnReq) ProtoReflect() protoreflect.Message {
 	mi := &file_clients_v1_clients_proto_msgTypes[0]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -88,9 +90,11 @@ type AuthnRes struct {
 
 func (x *AuthnRes) Reset() {
 	*x = AuthnRes{}
-	mi := &file_clients_v1_clients_proto_msgTypes[1]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_clients_v1_clients_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *AuthnRes) String() string {
@@ -101,7 +105,7 @@ func (*AuthnRes) ProtoMessage() {}
 
 func (x *AuthnRes) ProtoReflect() protoreflect.Message {
 	mi := &file_clients_v1_clients_proto_msgTypes[1]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -140,9 +144,11 @@ type RemoveChannelConnectionsReq struct {
 
 func (x *RemoveChannelConnectionsReq) Reset() {
 	*x = RemoveChannelConnectionsReq{}
-	mi := &file_clients_v1_clients_proto_msgTypes[2]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_clients_v1_clients_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *RemoveChannelConnectionsReq) String() string {
@@ -153,7 +159,7 @@ func (*RemoveChannelConnectionsReq) ProtoMessage() {}
 
 func (x *RemoveChannelConnectionsReq) ProtoReflect() protoreflect.Message {
 	mi := &file_clients_v1_clients_proto_msgTypes[2]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -183,9 +189,11 @@ type RemoveChannelConnectionsRes struct {
 
 func (x *RemoveChannelConnectionsRes) Reset() {
 	*x = RemoveChannelConnectionsRes{}
-	mi := &file_clients_v1_clients_proto_msgTypes[3]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_clients_v1_clients_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *RemoveChannelConnectionsRes) String() string {
@@ -196,7 +204,7 @@ func (*RemoveChannelConnectionsRes) ProtoMessage() {}
 
 func (x *RemoveChannelConnectionsRes) ProtoReflect() protoreflect.Message {
 	mi := &file_clients_v1_clients_proto_msgTypes[3]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -221,9 +229,11 @@ type UnsetParentGroupFromClientReq struct {
 
 func (x *UnsetParentGroupFromClientReq) Reset() {
 	*x = UnsetParentGroupFromClientReq{}
-	mi := &file_clients_v1_clients_proto_msgTypes[4]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_clients_v1_clients_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *UnsetParentGroupFromClientReq) String() string {
@@ -234,7 +244,7 @@ func (*UnsetParentGroupFromClientReq) ProtoMessage() {}
 
 func (x *UnsetParentGroupFromClientReq) ProtoReflect() protoreflect.Message {
 	mi := &file_clients_v1_clients_proto_msgTypes[4]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -264,9 +274,11 @@ type UnsetParentGroupFromClientRes struct {
 
 func (x *UnsetParentGroupFromClientRes) Reset() {
 	*x = UnsetParentGroupFromClientRes{}
-	mi := &file_clients_v1_clients_proto_msgTypes[5]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_clients_v1_clients_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *UnsetParentGroupFromClientRes) String() string {
@@ -277,7 +289,7 @@ func (*UnsetParentGroupFromClientRes) ProtoMessage() {}
 
 func (x *UnsetParentGroupFromClientRes) ProtoReflect() protoreflect.Message {
 	mi := &file_clients_v1_clients_proto_msgTypes[5]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -423,6 +435,80 @@ func file_clients_v1_clients_proto_init() {
 	if File_clients_v1_clients_proto != nil {
 		return
 	}
+	if !protoimpl.UnsafeEnabled {
+		file_clients_v1_clients_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*AuthnReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_clients_v1_clients_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*AuthnRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_clients_v1_clients_proto_msgTypes[2].Exporter = func(v any, i int) any {
+			switch v := v.(*RemoveChannelConnectionsReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_clients_v1_clients_proto_msgTypes[3].Exporter = func(v any, i int) any {
+			switch v := v.(*RemoveChannelConnectionsRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_clients_v1_clients_proto_msgTypes[4].Exporter = func(v any, i int) any {
+			switch v := v.(*UnsetParentGroupFromClientReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_clients_v1_clients_proto_msgTypes[5].Exporter = func(v any, i int) any {
+			switch v := v.(*UnsetParentGroupFromClientRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/internal/grpc/clients/v1/clients_grpc.pb.go b/internal/grpc/clients/v1/clients_grpc.pb.go
index 75b64892cd..628e9d66a6 100644
--- a/internal/grpc/clients/v1/clients_grpc.pb.go
+++ b/internal/grpc/clients/v1/clients_grpc.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.5.1
-// - protoc             v5.28.2
+// - protoc-gen-go-grpc v1.4.0
+// - protoc             v5.27.1
 // source: clients/v1/clients.proto
 
 package v1
@@ -19,8 +19,8 @@ import (
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.64.0 or later.
-const _ = grpc.SupportPackageIsVersion9
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
 
 const (
 	ClientsService_Authenticate_FullMethodName               = "/clients.v1.ClientsService/Authenticate"
@@ -129,7 +129,7 @@ func (c *clientsServiceClient) UnsetParentGroupFromClient(ctx context.Context, i
 
 // ClientsServiceServer is the server API for ClientsService service.
 // All implementations must embed UnimplementedClientsServiceServer
-// for forward compatibility.
+// for forward compatibility
 //
 // ClientsService is a service that provides clients authorization functionalities
 // for magistrala services.
@@ -145,12 +145,9 @@ type ClientsServiceServer interface {
 	mustEmbedUnimplementedClientsServiceServer()
 }
 
-// UnimplementedClientsServiceServer must be embedded to have
-// forward compatible implementations.
-//
-// NOTE: this should be embedded by value instead of pointer to avoid a nil
-// pointer dereference when methods are called.
-type UnimplementedClientsServiceServer struct{}
+// UnimplementedClientsServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedClientsServiceServer struct {
+}
 
 func (UnimplementedClientsServiceServer) Authenticate(context.Context, *AuthnReq) (*AuthnRes, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Authenticate not implemented")
@@ -174,7 +171,6 @@ func (UnimplementedClientsServiceServer) UnsetParentGroupFromClient(context.Cont
 	return nil, status.Errorf(codes.Unimplemented, "method UnsetParentGroupFromClient not implemented")
 }
 func (UnimplementedClientsServiceServer) mustEmbedUnimplementedClientsServiceServer() {}
-func (UnimplementedClientsServiceServer) testEmbeddedByValue()                        {}
 
 // UnsafeClientsServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to ClientsServiceServer will
@@ -184,13 +180,6 @@ type UnsafeClientsServiceServer interface {
 }
 
 func RegisterClientsServiceServer(s grpc.ServiceRegistrar, srv ClientsServiceServer) {
-	// If the following call pancis, it indicates UnimplementedClientsServiceServer was
-	// embedded by pointer and is nil.  This will cause panics if an
-	// unimplemented method is ever invoked, so we test this at initialization
-	// time to prevent it from happening at runtime later due to I/O.
-	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
-		t.testEmbeddedByValue()
-	}
 	s.RegisterService(&ClientsService_ServiceDesc, srv)
 }
 
diff --git a/internal/grpc/common/v1/common.pb.go b/internal/grpc/common/v1/common.pb.go
index e2961cd7a0..19c1633551 100644
--- a/internal/grpc/common/v1/common.pb.go
+++ b/internal/grpc/common/v1/common.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.35.1
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.34.2
+// 	protoc        v5.27.1
 // source: common/v1/common.proto
 
 package v1
@@ -33,9 +33,11 @@ type RetrieveEntitiesReq struct {
 
 func (x *RetrieveEntitiesReq) Reset() {
 	*x = RetrieveEntitiesReq{}
-	mi := &file_common_v1_common_proto_msgTypes[0]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_common_v1_common_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *RetrieveEntitiesReq) String() string {
@@ -46,7 +48,7 @@ func (*RetrieveEntitiesReq) ProtoMessage() {}
 
 func (x *RetrieveEntitiesReq) ProtoReflect() protoreflect.Message {
 	mi := &file_common_v1_common_proto_msgTypes[0]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -81,9 +83,11 @@ type RetrieveEntitiesRes struct {
 
 func (x *RetrieveEntitiesRes) Reset() {
 	*x = RetrieveEntitiesRes{}
-	mi := &file_common_v1_common_proto_msgTypes[1]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_common_v1_common_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *RetrieveEntitiesRes) String() string {
@@ -94,7 +98,7 @@ func (*RetrieveEntitiesRes) ProtoMessage() {}
 
 func (x *RetrieveEntitiesRes) ProtoReflect() protoreflect.Message {
 	mi := &file_common_v1_common_proto_msgTypes[1]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -147,9 +151,11 @@ type RetrieveEntityReq struct {
 
 func (x *RetrieveEntityReq) Reset() {
 	*x = RetrieveEntityReq{}
-	mi := &file_common_v1_common_proto_msgTypes[2]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_common_v1_common_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *RetrieveEntityReq) String() string {
@@ -160,7 +166,7 @@ func (*RetrieveEntityReq) ProtoMessage() {}
 
 func (x *RetrieveEntityReq) ProtoReflect() protoreflect.Message {
 	mi := &file_common_v1_common_proto_msgTypes[2]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -192,9 +198,11 @@ type RetrieveEntityRes struct {
 
 func (x *RetrieveEntityRes) Reset() {
 	*x = RetrieveEntityRes{}
-	mi := &file_common_v1_common_proto_msgTypes[3]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_common_v1_common_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *RetrieveEntityRes) String() string {
@@ -205,7 +213,7 @@ func (*RetrieveEntityRes) ProtoMessage() {}
 
 func (x *RetrieveEntityRes) ProtoReflect() protoreflect.Message {
 	mi := &file_common_v1_common_proto_msgTypes[3]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -239,9 +247,11 @@ type EntityBasic struct {
 
 func (x *EntityBasic) Reset() {
 	*x = EntityBasic{}
-	mi := &file_common_v1_common_proto_msgTypes[4]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_common_v1_common_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *EntityBasic) String() string {
@@ -252,7 +262,7 @@ func (*EntityBasic) ProtoMessage() {}
 
 func (x *EntityBasic) ProtoReflect() protoreflect.Message {
 	mi := &file_common_v1_common_proto_msgTypes[4]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -298,9 +308,11 @@ type AddConnectionsReq struct {
 
 func (x *AddConnectionsReq) Reset() {
 	*x = AddConnectionsReq{}
-	mi := &file_common_v1_common_proto_msgTypes[5]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_common_v1_common_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *AddConnectionsReq) String() string {
@@ -311,7 +323,7 @@ func (*AddConnectionsReq) ProtoMessage() {}
 
 func (x *AddConnectionsReq) ProtoReflect() protoreflect.Message {
 	mi := &file_common_v1_common_proto_msgTypes[5]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -343,9 +355,11 @@ type AddConnectionsRes struct {
 
 func (x *AddConnectionsRes) Reset() {
 	*x = AddConnectionsRes{}
-	mi := &file_common_v1_common_proto_msgTypes[6]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_common_v1_common_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *AddConnectionsRes) String() string {
@@ -356,7 +370,7 @@ func (*AddConnectionsRes) ProtoMessage() {}
 
 func (x *AddConnectionsRes) ProtoReflect() protoreflect.Message {
 	mi := &file_common_v1_common_proto_msgTypes[6]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -388,9 +402,11 @@ type RemoveConnectionsReq struct {
 
 func (x *RemoveConnectionsReq) Reset() {
 	*x = RemoveConnectionsReq{}
-	mi := &file_common_v1_common_proto_msgTypes[7]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_common_v1_common_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *RemoveConnectionsReq) String() string {
@@ -401,7 +417,7 @@ func (*RemoveConnectionsReq) ProtoMessage() {}
 
 func (x *RemoveConnectionsReq) ProtoReflect() protoreflect.Message {
 	mi := &file_common_v1_common_proto_msgTypes[7]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -433,9 +449,11 @@ type RemoveConnectionsRes struct {
 
 func (x *RemoveConnectionsRes) Reset() {
 	*x = RemoveConnectionsRes{}
-	mi := &file_common_v1_common_proto_msgTypes[8]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_common_v1_common_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *RemoveConnectionsRes) String() string {
@@ -446,7 +464,7 @@ func (*RemoveConnectionsRes) ProtoMessage() {}
 
 func (x *RemoveConnectionsRes) ProtoReflect() protoreflect.Message {
 	mi := &file_common_v1_common_proto_msgTypes[8]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -481,9 +499,11 @@ type Connection struct {
 
 func (x *Connection) Reset() {
 	*x = Connection{}
-	mi := &file_common_v1_common_proto_msgTypes[9]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_common_v1_common_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *Connection) String() string {
@@ -494,7 +514,7 @@ func (*Connection) ProtoMessage() {}
 
 func (x *Connection) ProtoReflect() protoreflect.Message {
 	mi := &file_common_v1_common_proto_msgTypes[9]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -637,6 +657,128 @@ func file_common_v1_common_proto_init() {
 	if File_common_v1_common_proto != nil {
 		return
 	}
+	if !protoimpl.UnsafeEnabled {
+		file_common_v1_common_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*RetrieveEntitiesReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_common_v1_common_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*RetrieveEntitiesRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_common_v1_common_proto_msgTypes[2].Exporter = func(v any, i int) any {
+			switch v := v.(*RetrieveEntityReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_common_v1_common_proto_msgTypes[3].Exporter = func(v any, i int) any {
+			switch v := v.(*RetrieveEntityRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_common_v1_common_proto_msgTypes[4].Exporter = func(v any, i int) any {
+			switch v := v.(*EntityBasic); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_common_v1_common_proto_msgTypes[5].Exporter = func(v any, i int) any {
+			switch v := v.(*AddConnectionsReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_common_v1_common_proto_msgTypes[6].Exporter = func(v any, i int) any {
+			switch v := v.(*AddConnectionsRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_common_v1_common_proto_msgTypes[7].Exporter = func(v any, i int) any {
+			switch v := v.(*RemoveConnectionsReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_common_v1_common_proto_msgTypes[8].Exporter = func(v any, i int) any {
+			switch v := v.(*RemoveConnectionsRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_common_v1_common_proto_msgTypes[9].Exporter = func(v any, i int) any {
+			switch v := v.(*Connection); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/internal/grpc/domains/v1/domains.pb.go b/internal/grpc/domains/v1/domains.pb.go
index 3ec787d6b8..c62a2d0d49 100644
--- a/internal/grpc/domains/v1/domains.pb.go
+++ b/internal/grpc/domains/v1/domains.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.35.1
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.34.2
+// 	protoc        v5.27.1
 // source: domains/v1/domains.proto
 
 package v1
@@ -33,9 +33,11 @@ type DeleteUserRes struct {
 
 func (x *DeleteUserRes) Reset() {
 	*x = DeleteUserRes{}
-	mi := &file_domains_v1_domains_proto_msgTypes[0]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_domains_v1_domains_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *DeleteUserRes) String() string {
@@ -46,7 +48,7 @@ func (*DeleteUserRes) ProtoMessage() {}
 
 func (x *DeleteUserRes) ProtoReflect() protoreflect.Message {
 	mi := &file_domains_v1_domains_proto_msgTypes[0]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -78,9 +80,11 @@ type DeleteUserReq struct {
 
 func (x *DeleteUserReq) Reset() {
 	*x = DeleteUserReq{}
-	mi := &file_domains_v1_domains_proto_msgTypes[1]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_domains_v1_domains_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *DeleteUserReq) String() string {
@@ -91,7 +95,7 @@ func (*DeleteUserReq) ProtoMessage() {}
 
 func (x *DeleteUserReq) ProtoReflect() protoreflect.Message {
 	mi := &file_domains_v1_domains_proto_msgTypes[1]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -168,6 +172,32 @@ func file_domains_v1_domains_proto_init() {
 	if File_domains_v1_domains_proto != nil {
 		return
 	}
+	if !protoimpl.UnsafeEnabled {
+		file_domains_v1_domains_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*DeleteUserRes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_domains_v1_domains_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*DeleteUserReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/internal/grpc/domains/v1/domains_grpc.pb.go b/internal/grpc/domains/v1/domains_grpc.pb.go
index 8ad9a28f36..9c9b30d02a 100644
--- a/internal/grpc/domains/v1/domains_grpc.pb.go
+++ b/internal/grpc/domains/v1/domains_grpc.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.5.1
-// - protoc             v5.28.2
+// - protoc-gen-go-grpc v1.4.0
+// - protoc             v5.27.1
 // source: domains/v1/domains.proto
 
 package v1
@@ -18,8 +18,8 @@ import (
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.64.0 or later.
-const _ = grpc.SupportPackageIsVersion9
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
 
 const (
 	DomainsService_DeleteUserFromDomains_FullMethodName = "/domains.v1.DomainsService/DeleteUserFromDomains"
@@ -55,7 +55,7 @@ func (c *domainsServiceClient) DeleteUserFromDomains(ctx context.Context, in *De
 
 // DomainsServiceServer is the server API for DomainsService service.
 // All implementations must embed UnimplementedDomainsServiceServer
-// for forward compatibility.
+// for forward compatibility
 //
 // DomainsService is a service that provides access to domains
 // functionalities for magistrala services.
@@ -64,18 +64,14 @@ type DomainsServiceServer interface {
 	mustEmbedUnimplementedDomainsServiceServer()
 }
 
-// UnimplementedDomainsServiceServer must be embedded to have
-// forward compatible implementations.
-//
-// NOTE: this should be embedded by value instead of pointer to avoid a nil
-// pointer dereference when methods are called.
-type UnimplementedDomainsServiceServer struct{}
+// UnimplementedDomainsServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedDomainsServiceServer struct {
+}
 
 func (UnimplementedDomainsServiceServer) DeleteUserFromDomains(context.Context, *DeleteUserReq) (*DeleteUserRes, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method DeleteUserFromDomains not implemented")
 }
 func (UnimplementedDomainsServiceServer) mustEmbedUnimplementedDomainsServiceServer() {}
-func (UnimplementedDomainsServiceServer) testEmbeddedByValue()                        {}
 
 // UnsafeDomainsServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to DomainsServiceServer will
@@ -85,13 +81,6 @@ type UnsafeDomainsServiceServer interface {
 }
 
 func RegisterDomainsServiceServer(s grpc.ServiceRegistrar, srv DomainsServiceServer) {
-	// If the following call pancis, it indicates UnimplementedDomainsServiceServer was
-	// embedded by pointer and is nil.  This will cause panics if an
-	// unimplemented method is ever invoked, so we test this at initialization
-	// time to prevent it from happening at runtime later due to I/O.
-	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
-		t.testEmbeddedByValue()
-	}
 	s.RegisterService(&DomainsService_ServiceDesc, srv)
 }
 
diff --git a/internal/grpc/groups/v1/groups.pb.go b/internal/grpc/groups/v1/groups.pb.go
index 736e4e24ab..26e0c5a934 100644
--- a/internal/grpc/groups/v1/groups.pb.go
+++ b/internal/grpc/groups/v1/groups.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.35.1
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.34.2
+// 	protoc        v5.27.1
 // source: groups/v1/groups.proto
 
 package v1
diff --git a/internal/grpc/groups/v1/groups_grpc.pb.go b/internal/grpc/groups/v1/groups_grpc.pb.go
index 0c47283a70..f4422b8d79 100644
--- a/internal/grpc/groups/v1/groups_grpc.pb.go
+++ b/internal/grpc/groups/v1/groups_grpc.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.5.1
-// - protoc             v5.28.2
+// - protoc-gen-go-grpc v1.4.0
+// - protoc             v5.27.1
 // source: groups/v1/groups.proto
 
 package v1
@@ -19,8 +19,8 @@ import (
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.64.0 or later.
-const _ = grpc.SupportPackageIsVersion9
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
 
 const (
 	GroupsService_RetrieveEntity_FullMethodName = "/groups.v1.GroupsService/RetrieveEntity"
@@ -56,7 +56,7 @@ func (c *groupsServiceClient) RetrieveEntity(ctx context.Context, in *v1.Retriev
 
 // GroupsServiceServer is the server API for GroupsService service.
 // All implementations must embed UnimplementedGroupsServiceServer
-// for forward compatibility.
+// for forward compatibility
 //
 // GroupssService is a service that provides groups functionalities
 // for magistrala services.
@@ -65,18 +65,14 @@ type GroupsServiceServer interface {
 	mustEmbedUnimplementedGroupsServiceServer()
 }
 
-// UnimplementedGroupsServiceServer must be embedded to have
-// forward compatible implementations.
-//
-// NOTE: this should be embedded by value instead of pointer to avoid a nil
-// pointer dereference when methods are called.
-type UnimplementedGroupsServiceServer struct{}
+// UnimplementedGroupsServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedGroupsServiceServer struct {
+}
 
 func (UnimplementedGroupsServiceServer) RetrieveEntity(context.Context, *v1.RetrieveEntityReq) (*v1.RetrieveEntityRes, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method RetrieveEntity not implemented")
 }
 func (UnimplementedGroupsServiceServer) mustEmbedUnimplementedGroupsServiceServer() {}
-func (UnimplementedGroupsServiceServer) testEmbeddedByValue()                       {}
 
 // UnsafeGroupsServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to GroupsServiceServer will
@@ -86,13 +82,6 @@ type UnsafeGroupsServiceServer interface {
 }
 
 func RegisterGroupsServiceServer(s grpc.ServiceRegistrar, srv GroupsServiceServer) {
-	// If the following call pancis, it indicates UnimplementedGroupsServiceServer was
-	// embedded by pointer and is nil.  This will cause panics if an
-	// unimplemented method is ever invoked, so we test this at initialization
-	// time to prevent it from happening at runtime later due to I/O.
-	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
-		t.testEmbeddedByValue()
-	}
 	s.RegisterService(&GroupsService_ServiceDesc, srv)
 }
 
diff --git a/internal/grpc/token/v1/token.pb.go b/internal/grpc/token/v1/token.pb.go
index 3b70547057..03175dda4c 100644
--- a/internal/grpc/token/v1/token.pb.go
+++ b/internal/grpc/token/v1/token.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.35.1
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.34.2
+// 	protoc        v5.27.1
 // source: token/v1/token.proto
 
 package v1
@@ -34,9 +34,11 @@ type IssueReq struct {
 
 func (x *IssueReq) Reset() {
 	*x = IssueReq{}
-	mi := &file_token_v1_token_proto_msgTypes[0]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_token_v1_token_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *IssueReq) String() string {
@@ -47,7 +49,7 @@ func (*IssueReq) ProtoMessage() {}
 
 func (x *IssueReq) ProtoReflect() protoreflect.Message {
 	mi := &file_token_v1_token_proto_msgTypes[0]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -86,9 +88,11 @@ type RefreshReq struct {
 
 func (x *RefreshReq) Reset() {
 	*x = RefreshReq{}
-	mi := &file_token_v1_token_proto_msgTypes[1]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_token_v1_token_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *RefreshReq) String() string {
@@ -99,7 +103,7 @@ func (*RefreshReq) ProtoMessage() {}
 
 func (x *RefreshReq) ProtoReflect() protoreflect.Message {
 	mi := &file_token_v1_token_proto_msgTypes[1]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -136,9 +140,11 @@ type Token struct {
 
 func (x *Token) Reset() {
 	*x = Token{}
-	mi := &file_token_v1_token_proto_msgTypes[2]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_token_v1_token_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *Token) String() string {
@@ -149,7 +155,7 @@ func (*Token) ProtoMessage() {}
 
 func (x *Token) ProtoReflect() protoreflect.Message {
 	mi := &file_token_v1_token_proto_msgTypes[2]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -254,6 +260,44 @@ func file_token_v1_token_proto_init() {
 	if File_token_v1_token_proto != nil {
 		return
 	}
+	if !protoimpl.UnsafeEnabled {
+		file_token_v1_token_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*IssueReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_token_v1_token_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*RefreshReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_token_v1_token_proto_msgTypes[2].Exporter = func(v any, i int) any {
+			switch v := v.(*Token); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
 	file_token_v1_token_proto_msgTypes[2].OneofWrappers = []any{}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
diff --git a/internal/grpc/token/v1/token_grpc.pb.go b/internal/grpc/token/v1/token_grpc.pb.go
index 777d124dd8..bd0768a51e 100644
--- a/internal/grpc/token/v1/token_grpc.pb.go
+++ b/internal/grpc/token/v1/token_grpc.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.5.1
-// - protoc             v5.28.2
+// - protoc-gen-go-grpc v1.4.0
+// - protoc             v5.27.1
 // source: token/v1/token.proto
 
 package v1
@@ -18,8 +18,8 @@ import (
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.64.0 or later.
-const _ = grpc.SupportPackageIsVersion9
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
 
 const (
 	TokenService_Issue_FullMethodName   = "/token.v1.TokenService/Issue"
@@ -64,19 +64,16 @@ func (c *tokenServiceClient) Refresh(ctx context.Context, in *RefreshReq, opts .
 
 // TokenServiceServer is the server API for TokenService service.
 // All implementations must embed UnimplementedTokenServiceServer
-// for forward compatibility.
+// for forward compatibility
 type TokenServiceServer interface {
 	Issue(context.Context, *IssueReq) (*Token, error)
 	Refresh(context.Context, *RefreshReq) (*Token, error)
 	mustEmbedUnimplementedTokenServiceServer()
 }
 
-// UnimplementedTokenServiceServer must be embedded to have
-// forward compatible implementations.
-//
-// NOTE: this should be embedded by value instead of pointer to avoid a nil
-// pointer dereference when methods are called.
-type UnimplementedTokenServiceServer struct{}
+// UnimplementedTokenServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedTokenServiceServer struct {
+}
 
 func (UnimplementedTokenServiceServer) Issue(context.Context, *IssueReq) (*Token, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Issue not implemented")
@@ -85,7 +82,6 @@ func (UnimplementedTokenServiceServer) Refresh(context.Context, *RefreshReq) (*T
 	return nil, status.Errorf(codes.Unimplemented, "method Refresh not implemented")
 }
 func (UnimplementedTokenServiceServer) mustEmbedUnimplementedTokenServiceServer() {}
-func (UnimplementedTokenServiceServer) testEmbeddedByValue()                      {}
 
 // UnsafeTokenServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to TokenServiceServer will
@@ -95,13 +91,6 @@ type UnsafeTokenServiceServer interface {
 }
 
 func RegisterTokenServiceServer(s grpc.ServiceRegistrar, srv TokenServiceServer) {
-	// If the following call pancis, it indicates UnimplementedTokenServiceServer was
-	// embedded by pointer and is nil.  This will cause panics if an
-	// unimplemented method is ever invoked, so we test this at initialization
-	// time to prevent it from happening at runtime later due to I/O.
-	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
-		t.testEmbeddedByValue()
-	}
 	s.RegisterService(&TokenService_ServiceDesc, srv)
 }
 
diff --git a/internal/proto/auth/v1/auth.proto b/internal/proto/auth/v1/auth.proto
index 74bb04fcc0..cd24f57dc0 100644
--- a/internal/proto/auth/v1/auth.proto
+++ b/internal/proto/auth/v1/auth.proto
@@ -26,14 +26,14 @@ message AuthNRes {
 
 message AuthZReq {
   string domain = 1;           // Domain
-  string subject_type = 2;     // Thing or User
+  string subject_type = 2;     // Client or User
   string subject_kind = 3;     // ID or Token
   string subject_relation = 4; // Subject relation
   string subject = 5;          // Subject value (id or token, depending on kind)
   string relation = 6;         // Relation to filter
   string permission = 7;       // Action
   string object = 8;           // Object ID
-  string object_type = 9;      // Thing, User, Group
+  string object_type = 9;      // Client, User, Group
 }
 
 message AuthZRes {
diff --git a/internal/proto/channels/v1/channels.proto b/internal/proto/channels/v1/channels.proto
index 7c9d9fffa4..7e444f5205 100644
--- a/internal/proto/channels/v1/channels.proto
+++ b/internal/proto/channels/v1/channels.proto
@@ -9,15 +9,15 @@ option go_package = "github.com/absmach/magistrala/internal/grpc/channels/v1";
 
 service ChannelsService {
   rpc Authorize(AuthzReq)returns(AuthzRes) {}
-  rpc RemoveThingConnections(RemoveThingConnectionsReq)returns(RemoveThingConnectionsRes) {}
+  rpc RemoveClientConnections(RemoveClientConnectionsReq)returns(RemoveClientConnectionsRes) {}
   rpc UnsetParentGroupFromChannels(UnsetParentGroupFromChannelsReq)returns(UnsetParentGroupFromChannelsRes){}
 }
 
-message RemoveThingConnectionsReq {
+message RemoveClientConnectionsReq {
   string client_id = 1;
 }
 
-message RemoveThingConnectionsRes {}
+message RemoveClientConnectionsRes {}
 
 message UnsetParentGroupFromChannelsReq {
   string parent_group_id = 1;
diff --git a/journal/journal.go b/journal/journal.go
index adbfaf5032..35d1901b16 100644
--- a/journal/journal.go
+++ b/journal/journal.go
@@ -17,7 +17,7 @@ type EntityType uint8
 const (
 	UserEntity EntityType = iota
 	GroupEntity
-	ThingEntity
+	ClientEntity
 	ChannelEntity
 )
 
@@ -36,7 +36,7 @@ func (e EntityType) String() string {
 		return userEntityType
 	case GroupEntity:
 		return groupEntityType
-	case ThingEntity:
+	case ClientEntity:
 		return clientEntityType
 	case ChannelEntity:
 		return channelEntityType
@@ -52,7 +52,7 @@ func (e EntityType) AuthString() string {
 		return policies.UserType
 	case GroupEntity, ChannelEntity:
 		return policies.GroupType
-	case ThingEntity:
+	case ClientEntity:
 		return policies.ClientType
 	default:
 		return ""
@@ -67,7 +67,7 @@ func ToEntityType(entityType string) (EntityType, error) {
 	case groupEntityType:
 		return GroupEntity, nil
 	case clientEntityType:
-		return ThingEntity, nil
+		return ClientEntity, nil
 	case channelEntityType:
 		return ChannelEntity, nil
 	default:
@@ -82,8 +82,8 @@ func (e EntityType) Query() string {
 		return "((operation LIKE 'user.%' AND attributes->>'id' = :entity_id) OR (attributes->>'user_id' = :entity_id))"
 	case GroupEntity, ChannelEntity:
 		return "((operation LIKE 'group.%' AND attributes->>'id' = :entity_id) OR (attributes->>'group_id' = :entity_id))"
-	case ThingEntity:
-		return "((operation LIKE 'thing.%' AND attributes->>'id' = :entity_id) OR (attributes->>'client_id' = :entity_id))"
+	case ClientEntity:
+		return "((operation LIKE 'client.%' AND attributes->>'id' = :entity_id) OR (attributes->>'client_id' = :entity_id))"
 	default:
 		return ""
 	}
diff --git a/journal/journal_test.go b/journal/journal_test.go
index e37319a24b..27c47e8fa6 100644
--- a/journal/journal_test.go
+++ b/journal/journal_test.go
@@ -71,8 +71,8 @@ func TestEntityType(t *testing.T) {
 			authString: "user",
 		},
 		{
-			desc:       "ThingEntity",
-			e:          journal.ThingEntity,
+			desc:       "ClientEntity",
+			e:          journal.ClientEntity,
 			str:        "client",
 			authString: "client",
 		},
@@ -112,9 +112,9 @@ func TestToEntityType(t *testing.T) {
 			expected:   journal.UserEntity,
 		},
 		{
-			desc:       "ThingEntity",
+			desc:       "ClientEntity",
 			entityType: "client",
-			expected:   journal.ThingEntity,
+			expected:   journal.ClientEntity,
 		},
 		{
 			desc:       "GroupEntity",
diff --git a/journal/postgres/init.go b/journal/postgres/init.go
index 6a79dad3bc..a44a4a8865 100644
--- a/journal/postgres/init.go
+++ b/journal/postgres/init.go
@@ -24,7 +24,7 @@ func Migration() *migrate.MemoryMigrationSource {
 					)`,
 					`CREATE INDEX idx_journal_default_user_filter ON journal(operation, (attributes->>'id'), (attributes->>'user_id'), occurred_at DESC);`,
 					`CREATE INDEX idx_journal_default_group_filter ON journal(operation, (attributes->>'id'), (attributes->>'group_id'), occurred_at DESC);`,
-					`CREATE INDEX idx_journal_default_thing_filter ON journal(operation, (attributes->>'id'), (attributes->>'client_id'), occurred_at DESC);`,
+					`CREATE INDEX idx_journal_default_client_filter ON journal(operation, (attributes->>'id'), (attributes->>'client_id'), occurred_at DESC);`,
 					`CREATE INDEX idx_journal_default_channel_filter ON journal(operation, (attributes->>'id'), (attributes->>'channel_id'), occurred_at DESC);`,
 				},
 				Down: []string{
diff --git a/journal/postgres/journal_test.go b/journal/postgres/journal_test.go
index 64c2695691..e521fc8af2 100644
--- a/journal/postgres/journal_test.go
+++ b/journal/postgres/journal_test.go
@@ -43,8 +43,8 @@ var (
 	}
 
 	entityID          = testsutil.GenerateUUID(&testing.T{})
-	thingOperation    = "thing.create"
-	thingAttributesV1 = map[string]interface{}{
+	clientOperation    = "client.create"
+	clientAttributesV1 = map[string]interface{}{
 		"id":         entityID,
 		"status":     "enabled",
 		"created_at": time.Now().Add(-time.Hour),
@@ -54,7 +54,7 @@ var (
 		"metadata":   payload,
 		"identity":   testsutil.GenerateUUID(&testing.T{}),
 	}
-	thingAttributesV2 = map[string]interface{}{
+	clientAttributesV2 = map[string]interface{}{
 		"client_id": entityID,
 		"metadata":  payload,
 	}
@@ -299,14 +299,14 @@ func TestJournalRetrieveAll(t *testing.T) {
 			Metadata:   payload,
 		}
 		if i%2 == 0 {
-			j.Operation = fmt.Sprintf("%s-%d", thingOperation, i)
-			j.Attributes = thingAttributesV1
+			j.Operation = fmt.Sprintf("%s-%d", clientOperation, i)
+			j.Attributes = clientAttributesV1
 		}
 		if i%3 == 0 {
 			j.Attributes = userAttributesV2
 		}
 		if i%5 == 0 {
-			j.Attributes = thingAttributesV2
+			j.Attributes = clientAttributesV2
 		}
 		err := repo.Save(context.Background(), j)
 		require.Nil(t, err, fmt.Sprintf("create journal unexpected error: %s", err))
@@ -634,13 +634,13 @@ func TestJournalRetrieveAll(t *testing.T) {
 				Offset:     0,
 				Limit:      10,
 				EntityID:   entityID,
-				EntityType: journal.ThingEntity,
+				EntityType: journal.ClientEntity,
 			},
 			response: journal.JournalsPage{
-				Total:    uint64(len(extractEntities(items, journal.ThingEntity, entityID))),
+				Total:    uint64(len(extractEntities(items, journal.ClientEntity, entityID))),
 				Offset:   0,
 				Limit:    10,
-				Journals: extractEntities(items, journal.ThingEntity, entityID)[:10],
+				Journals: extractEntities(items, journal.ClientEntity, entityID)[:10],
 			},
 		},
 		{
@@ -709,8 +709,8 @@ func extractEntities(journals []journal.Journal, entityType journal.EntityType,
 			if strings.HasPrefix(j.Operation, "group.") && j.Attributes["id"] == entityID || j.Attributes["group_id"] == entityID {
 				entities = append(entities, j)
 			}
-		case journal.ThingEntity:
-			if strings.HasPrefix(j.Operation, "thing.") && j.Attributes["id"] == entityID || j.Attributes["client_id"] == entityID {
+		case journal.ClientEntity:
+			if strings.HasPrefix(j.Operation, "client.") && j.Attributes["id"] == entityID || j.Attributes["client_id"] == entityID {
 				entities = append(entities, j)
 			}
 		case journal.ChannelEntity:
diff --git a/journal/service_test.go b/journal/service_test.go
index f6176d0f8d..e996b09b90 100644
--- a/journal/service_test.go
+++ b/journal/service_test.go
@@ -87,7 +87,7 @@ func TestReadAll(t *testing.T) {
 		Offset:     0,
 		Limit:      10,
 		EntityID:   testsutil.GenerateUUID(t),
-		EntityType: journal.ThingEntity,
+		EntityType: journal.ClientEntity,
 	}
 
 	cases := []struct {
diff --git a/mqtt/handler.go b/mqtt/handler.go
index c0f2d54487..72cc84659c 100644
--- a/mqtt/handler.go
+++ b/mqtt/handler.go
@@ -63,19 +63,19 @@ var (
 // Event implements events.Event interface.
 type handler struct {
 	publisher messaging.Publisher
-	things    grpcClientsV1.ClientsServiceClient
+	clients   grpcClientsV1.ClientsServiceClient
 	channels  grpcChannelsV1.ChannelsServiceClient
 	logger    *slog.Logger
 	es        events.EventStore
 }
 
 // NewHandler creates new Handler entity.
-func NewHandler(publisher messaging.Publisher, es events.EventStore, logger *slog.Logger, thingsClient grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.ChannelsServiceClient) session.Handler {
+func NewHandler(publisher messaging.Publisher, es events.EventStore, logger *slog.Logger, clients grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.ChannelsServiceClient) session.Handler {
 	return &handler{
 		es:        es,
 		logger:    logger,
 		publisher: publisher,
-		things:    thingsClient,
+		clients:   clients,
 		channels:  channels,
 	}
 }
@@ -94,7 +94,7 @@ func (h *handler) AuthConnect(ctx context.Context) error {
 
 	pwd := string(s.Password)
 
-	res, err := h.things.Authenticate(ctx, &grpcClientsV1.AuthnReq{ClientSecret: pwd})
+	res, err := h.clients.Authenticate(ctx, &grpcClientsV1.AuthnReq{ClientSecret: pwd})
 	if err != nil {
 		return errors.Wrap(svcerr.ErrAuthentication, err)
 	}
@@ -229,7 +229,7 @@ func (h *handler) Disconnect(ctx context.Context) error {
 	return nil
 }
 
-func (h *handler) authAccess(ctx context.Context, thingID, topic string, msgType connections.ConnType) error {
+func (h *handler) authAccess(ctx context.Context, clientID, topic string, msgType connections.ConnType) error {
 	// Topics are in the format:
 	// channels/<channel_id>/messages/<subtopic>/.../ct/<content_type>
 	if !channelRegExp.MatchString(topic) {
@@ -245,7 +245,7 @@ func (h *handler) authAccess(ctx context.Context, thingID, topic string, msgType
 
 	ar := &grpcChannelsV1.AuthzReq{
 		Type:       uint32(msgType),
-		ClientId:   thingID,
+		ClientId:   clientID,
 		ClientType: policies.ClientType,
 		ChannelId:  chanID,
 	}
diff --git a/mqtt/handler_test.go b/mqtt/handler_test.go
index 4ddca1d4e0..8446d478ab 100644
--- a/mqtt/handler_test.go
+++ b/mqtt/handler_test.go
@@ -23,8 +23,6 @@ import (
 )
 
 const (
-	thingID               = "513d02d2-16c1-4f23-98be-9e12f8fee898"
-	thingID1              = "513d02d2-16c1-4f23-98be-9e12f8fee899"
 	password              = "password"
 	password1             = "password1"
 	chanID                = "123e4567-e89b-12d3-a456-000000000001"
@@ -48,15 +46,15 @@ var (
 	logBuffer     = bytes.Buffer{}
 	sessionClient = session.Session{
 		ID:       clientID,
-		Username: thingID,
+		Username: clientID,
 		Password: []byte(password),
 	}
 	sessionClientSub = session.Session{
 		ID:       clientID1,
-		Username: thingID1,
+		Username: clientID1,
 		Password: []byte(password1),
 	}
-	invalidThingSessionClient = session.Session{
+	invalidClientSessionClient = session.Session{
 		ID:       clientID,
 		Username: invalidID,
 		Password: []byte(password),
@@ -81,7 +79,7 @@ func TestAuthConnect(t *testing.T) {
 			err:  mqtt.ErrMissingClientID,
 			session: &session.Session{
 				ID:       "",
-				Username: thingID,
+				Username: clientID,
 				Password: []byte(password),
 			},
 		},
@@ -90,14 +88,14 @@ func TestAuthConnect(t *testing.T) {
 			err:  nil,
 			session: &session.Session{
 				ID:       clientID,
-				Username: thingID,
+				Username: clientID,
 				Password: []byte(""),
 			},
 		},
 		{
 			desc:    "connect with valid password and invalid username",
 			err:     nil,
-			session: &invalidThingSessionClient,
+			session: &invalidClientSessionClient,
 		},
 		{
 			desc:    "connect with valid username and password",
@@ -450,8 +448,8 @@ func newHandler() (session.Handler, *climocks.ClientsServiceClient, *chmocks.Cha
 	if err != nil {
 		log.Fatalf("failed to create logger: %s", err)
 	}
-	things := new(climocks.ClientsServiceClient)
+	clients := new(climocks.ClientsServiceClient)
 	channels := new(chmocks.ChannelsServiceClient)
 	eventStore := new(mocks.EventStore)
-	return mqtt.NewHandler(mocks.NewPublisher(), eventStore, logger, things, channels), things, channels, eventStore
+	return mqtt.NewHandler(mocks.NewPublisher(), eventStore, logger, clients, channels), clients, channels, eventStore
 }
diff --git a/pkg/apiutil/token.go b/pkg/apiutil/token.go
index c88f17b048..d0ff3589da 100644
--- a/pkg/apiutil/token.go
+++ b/pkg/apiutil/token.go
@@ -11,7 +11,7 @@ import (
 // BearerPrefix represents the token prefix for Bearer authentication scheme.
 const BearerPrefix = "Bearer "
 
-// ClientPrefix represents the key prefix for Thing authentication scheme.
+// ClientPrefix represents the key prefix for Client authentication scheme.
 const ClientPrefix = "Client "
 
 // ExtractBearerToken returns value of the bearer token. If there is no bearer token - an empty value is returned.
diff --git a/pkg/authz/authz.go b/pkg/authz/authz.go
index bec45bb7b7..5a38a35f11 100644
--- a/pkg/authz/authz.go
+++ b/pkg/authz/authz.go
@@ -13,7 +13,7 @@ type PolicyReq struct {
 	Subject string `json:"subject"`
 
 	// SubjectType contains the subject type. Supported subject types are
-	// platform, group, domain, thing, users.
+	// platform, group, domain, client, users.
 	SubjectType string `json:"subject_type"`
 
 	// SubjectKind contains the subject kind. Supported subject kinds are
@@ -31,7 +31,7 @@ type PolicyReq struct {
 	ObjectKind string `json:"object_kind"`
 
 	// ObjectType contains the object type. Supported object types are
-	// platform, group, domain, thing, users.
+	// platform, group, domain, client, users.
 	ObjectType string `json:"object_type"`
 
 	// Relation contains the relation. Supported relations are administrator, editor, contributor, member, guest, parent_group,group,domain.
diff --git a/pkg/errors/service/types.go b/pkg/errors/service/types.go
index 2eb33acec1..6ce699bd97 100644
--- a/pkg/errors/service/types.go
+++ b/pkg/errors/service/types.go
@@ -75,4 +75,10 @@ var (
 
 	// ErrMissingUsername indicates that the user's names are missing.
 	ErrMissingUsername = errors.New("missing usernames")
+
+	// ErrEnableUser indicates error in enabling user.
+	ErrEnableUser = errors.New("failed to enable user")
+
+	// ErrDisableUser indicates error in disabling user.
+	ErrDisableUser = errors.New("failed to disable user")
 )
diff --git a/pkg/grpcclient/client.go b/pkg/grpcclient/client.go
index b1a1c811ef..b92d6bd352 100644
--- a/pkg/grpcclient/client.go
+++ b/pkg/grpcclient/client.go
@@ -60,7 +60,7 @@ func SetupDomainsClient(ctx context.Context, cfg Config) (grpcDomainsV1.DomainsS
 //
 // For example:
 //
-// thingClient, thingHandler, err := grpcclient.SetupThings(ctx, grpcclient.Config{}).
+// clientClient, clientHandler, err := grpcclient.SetupClients(ctx, grpcclient.Config{}).
 func SetupClientsClient(ctx context.Context, cfg Config) (grpcClientsV1.ClientsServiceClient, Handler, error) {
 	client, err := NewHandler(cfg)
 	if err != nil {
diff --git a/pkg/grpcclient/client_test.go b/pkg/grpcclient/client_test.go
index 1f547f0a4b..5c60dcb51b 100644
--- a/pkg/grpcclient/client_test.go
+++ b/pkg/grpcclient/client_test.go
@@ -11,7 +11,7 @@ import (
 
 	tokengrpcapi "github.com/absmach/magistrala/auth/api/grpc/token"
 	"github.com/absmach/magistrala/auth/mocks"
-	thingsgrpcapi "github.com/absmach/magistrala/clients/api/grpc"
+	clientsgrpcapi "github.com/absmach/magistrala/clients/api/grpc"
 	climocks "github.com/absmach/magistrala/clients/private/mocks"
 	domainsgrpcapi "github.com/absmach/magistrala/domains/api/grpc"
 	domainsMocks "github.com/absmach/magistrala/domains/mocks"
@@ -78,14 +78,14 @@ func TestSetupToken(t *testing.T) {
 	}
 }
 
-func TestSetupThingsClient(t *testing.T) {
+func TestSetupClientsClient(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	registerThingsServiceServer := func(srv *grpc.Server) {
-		grpcClientsV1.RegisterClientsServiceServer(srv, thingsgrpcapi.NewServer(new(climocks.Service)))
+	registerClientsServiceServer := func(srv *grpc.Server) {
+		grpcClientsV1.RegisterClientsServiceServer(srv, clientsgrpcapi.NewServer(new(climocks.Service)))
 	}
-	gs := grpcserver.NewServer(ctx, cancel, "clients", server.Config{Port: "12345"}, registerThingsServiceServer, mglog.NewMock())
+	gs := grpcserver.NewServer(ctx, cancel, "clients", server.Config{Port: "12345"}, registerClientsServiceServer, mglog.NewMock())
 	go func() {
 		err := gs.Start()
 		assert.Nil(t, err, fmt.Sprintf(`"Unexpected error creating server %s"`, err))
diff --git a/pkg/messaging/message.pb.go b/pkg/messaging/message.pb.go
index 70868c1d48..804b02e7de 100644
--- a/pkg/messaging/message.pb.go
+++ b/pkg/messaging/message.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.35.1
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.34.2
+// 	protoc        v5.27.1
 // source: pkg/messaging/message.proto
 
 package messaging
@@ -39,9 +39,11 @@ type Message struct {
 
 func (x *Message) Reset() {
 	*x = Message{}
-	mi := &file_pkg_messaging_message_proto_msgTypes[0]
-	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-	ms.StoreMessageInfo(mi)
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pkg_messaging_message_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
 func (x *Message) String() string {
@@ -52,7 +54,7 @@ func (*Message) ProtoMessage() {}
 
 func (x *Message) ProtoReflect() protoreflect.Message {
 	mi := &file_pkg_messaging_message_proto_msgTypes[0]
-	if x != nil {
+	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -158,6 +160,20 @@ func file_pkg_messaging_message_proto_init() {
 	if File_pkg_messaging_message_proto != nil {
 		return
 	}
+	if !protoimpl.UnsafeEnabled {
+		file_pkg_messaging_message_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*Message); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/pkg/policies/service.go b/pkg/policies/service.go
index 3fcf49a1d4..f0f21173af 100644
--- a/pkg/policies/service.go
+++ b/pkg/policies/service.go
@@ -16,7 +16,7 @@ type Policy struct {
 	Subject string `json:"subject"`
 
 	// SubjectType contains the subject type. Supported subject types are
-	// platform, group, domain, thing, users.
+	// platform, group, domain, client, users.
 	SubjectType string `json:"subject_type"`
 
 	// SubjectKind contains the subject kind. Supported subject kinds are
@@ -37,7 +37,7 @@ type Policy struct {
 	ObjectKind string `json:"object_kind"`
 
 	// ObjectType contains the object type. Supported object types are
-	// platform, group, domain, thing, users.
+	// platform, group, domain, client, users.
 	ObjectType string `json:"object_type"`
 
 	// Relation contains the relation. Supported relations are administrator, editor, contributor, member, guest, parent_group,group,domain.
diff --git a/pkg/policies/spicedb/service.go b/pkg/policies/spicedb/service.go
index f77e1c0fcd..a24a8ef931 100644
--- a/pkg/policies/spicedb/service.go
+++ b/pkg/policies/spicedb/service.go
@@ -33,7 +33,7 @@ var (
 )
 
 var (
-	defThingsFilterPermissions = []string{
+	defClientsFilterPermissions = []string{
 		policies.AdminPermission,
 		policies.DeletePermission,
 		policies.EditPermission,
@@ -299,7 +299,7 @@ func (ps *policyService) ListPermissions(ctx context.Context, pr policies.Policy
 	if len(permissionsFilter) == 0 {
 		switch pr.ObjectType {
 		case policies.ClientType:
-			permissionsFilter = defThingsFilterPermissions
+			permissionsFilter = defClientsFilterPermissions
 		case policies.GroupType:
 			permissionsFilter = defGroupsFilterPermissions
 		case policies.PlatformType:
@@ -329,9 +329,9 @@ func (ps *policyService) policyValidation(pr policies.Policy) error {
 func (ps *policyService) addPolicyPreCondition(ctx context.Context, pr policies.Policy) ([]*v1.Precondition, error) {
 	// Checks are required for following  ( -> means adding)
 	// 1.) user -> group (both user groups and channels)
-	// 2.) user -> thing
+	// 2.) user -> client
 	// 3.) group -> group (both for adding parent_group and channels)
-	// 4.) group (channel) -> thing
+	// 4.) group (channel) -> client
 	// 5.) user -> domain
 
 	switch {
@@ -342,12 +342,12 @@ func (ps *policyService) addPolicyPreCondition(ctx context.Context, pr policies.
 	case pr.SubjectType == policies.UserType && pr.ObjectType == policies.GroupType:
 		return ps.userGroupPreConditions(ctx, pr)
 
-	// 2.) user -> thing
+	// 2.) user -> client
 	// Checks :
 	// - USER with ANY RELATION to DOMAIN
-	// - THING with DOMAIN RELATION to DOMAIN
+	// - CLIENT with DOMAIN RELATION to DOMAIN
 	case pr.SubjectType == policies.UserType && pr.ObjectType == policies.ClientType:
-		return ps.userThingPreConditions(ctx, pr)
+		return ps.userClientPreConditions(ctx, pr)
 
 	// 3.) group -> group (both for adding parent_group and channels)
 	// Checks :
@@ -355,13 +355,13 @@ func (ps *policyService) addPolicyPreCondition(ctx context.Context, pr policies.
 	case pr.SubjectType == policies.GroupType && pr.ObjectType == policies.GroupType:
 		return groupPreConditions(pr)
 
-	// 4.) group (channel) -> thing
+	// 4.) group (channel) -> client
 	// Checks :
 	// - GROUP (channel) with DOMAIN RELATION to DOMAIN
 	// - NO GROUP should not have PARENT_GROUP RELATION with GROUP (channel)
-	// - THING with DOMAIN RELATION to DOMAIN
-	// case pr.SubjectType == policies.GroupType && pr.ObjectType == policies.ThingType:
-	// 	return channelThingPreCondition(pr)
+	// - CLIENT with DOMAIN RELATION to DOMAIN
+	// case pr.SubjectType == policies.GroupType && pr.ObjectType == policies.ClientType:
+	// 	return channelClientPreCondition(pr)
 
 	// 5.) user -> domain
 	// Checks :
@@ -464,10 +464,10 @@ func (ps *policyService) userGroupPreConditions(ctx context.Context, pr policies
 	return preconds, nil
 }
 
-func (ps *policyService) userThingPreConditions(ctx context.Context, pr policies.Policy) ([]*v1.Precondition, error) {
+func (ps *policyService) userClientPreConditions(ctx context.Context, pr policies.Policy) ([]*v1.Precondition, error) {
 	var preconds []*v1.Precondition
 
-	// user should not have any relation with thing
+	// user should not have any relation with client
 	preconds = append(preconds, &v1.Precondition{
 		Operation: v1.Precondition_OPERATION_MUST_NOT_MATCH,
 		Filter: &v1.RelationshipFilter{
@@ -505,8 +505,8 @@ func (ps *policyService) userThingPreConditions(ctx context.Context, pr policies
 		})
 	}
 	switch {
-	// For New thing
-	// - THING without DOMAIN RELATION to ANY DOMAIN
+	// For New client
+	// - CLIENT without DOMAIN RELATION to ANY DOMAIN
 	case pr.ObjectKind == policies.NewClientKind:
 		preconds = append(preconds,
 			&v1.Precondition{
@@ -522,8 +522,8 @@ func (ps *policyService) userThingPreConditions(ctx context.Context, pr policies
 			},
 		)
 	default:
-		// For existing thing
-		// - THING without DOMAIN RELATION to ANY DOMAIN
+		// For existing client
+		// - CLIENT without DOMAIN RELATION to ANY DOMAIN
 		preconds = append(preconds,
 			&v1.Precondition{
 				Operation: v1.Precondition_OPERATION_MUST_MATCH,
@@ -848,7 +848,7 @@ func groupPreConditions(pr policies.Policy) ([]*v1.Precondition, error) {
 	return precond, nil
 }
 
-func channelThingPreCondition(pr policies.Policy) ([]*v1.Precondition, error) {
+func channelClientPreCondition(pr policies.Policy) ([]*v1.Precondition, error) {
 	if pr.SubjectKind != policies.ChannelsKind {
 		return nil, errors.Wrap(errors.ErrMalformedEntity, errInvalidSubject)
 	}
diff --git a/pkg/roles/repo/postgres/roles.go b/pkg/roles/repo/postgres/roles.go
index 9b9ed2e8eb..2ad149cfb2 100644
--- a/pkg/roles/repo/postgres/roles.go
+++ b/pkg/roles/repo/postgres/roles.go
@@ -721,13 +721,13 @@ func (repo *Repository) RetrieveEntitiesRolesActionsMembers(ctx context.Context,
 		"entity_ids": entityIDs,
 	}
 
-	thingsActionsRolesQuery := fmt.Sprintf(`SELECT e.%s AS entity_id , era."action" AS "action", er.id AS role_id
+	clientsActionsRolesQuery := fmt.Sprintf(`SELECT e.%s AS entity_id , era."action" AS "action", er.id AS role_id
 								FROM %s e
 								JOIN %s_roles er ON er.entity_id  = e.%s
 								JOIN %s_role_actions era  ON era.role_id  = er.id
 								WHERE e.%s = ANY(:entity_ids);
 							`, repo.entityIDColumnName, repo.entityTableName, repo.tableNamePrefix, repo.entityIDColumnName, repo.tableNamePrefix, repo.entityIDColumnName)
-	rows, err := repo.db.NamedQueryContext(ctx, thingsActionsRolesQuery, params)
+	rows, err := repo.db.NamedQueryContext(ctx, clientsActionsRolesQuery, params)
 	if err != nil {
 		return []roles.EntityActionRole{}, []roles.EntityMemberRole{}, postgres.HandleError(repoerr.ErrViewEntity, err)
 	}
@@ -742,14 +742,14 @@ func (repo *Repository) RetrieveEntitiesRolesActionsMembers(ctx context.Context,
 
 		dbears = append(dbears, dbear)
 	}
-	thingsMembersRolesQuery := fmt.Sprintf(`SELECT e.%s AS entity_id , erm.member_id AS member_id, er.id AS role_id
+	clientsMembersRolesQuery := fmt.Sprintf(`SELECT e.%s AS entity_id , erm.member_id AS member_id, er.id AS role_id
 								FROM %s e
 								JOIN %s_roles er ON er.entity_id  = e.%s
 								JOIN %s_role_members erm ON erm.role_id = er.id
 								WHERE e.%s = ANY(:entity_ids);
 								`, repo.entityIDColumnName, repo.entityTableName, repo.tableNamePrefix, repo.entityIDColumnName, repo.tableNamePrefix, repo.entityIDColumnName)
 
-	rows, err = repo.db.NamedQueryContext(ctx, thingsMembersRolesQuery, params)
+	rows, err = repo.db.NamedQueryContext(ctx, clientsMembersRolesQuery, params)
 	if err != nil {
 		return []roles.EntityActionRole{}, []roles.EntityMemberRole{}, postgres.HandleError(repoerr.ErrViewEntity, err)
 	}
diff --git a/pkg/sdk/go/README.md b/pkg/sdk/go/README.md
index 6577788dd5..96583a3842 100644
--- a/pkg/sdk/go/README.md
+++ b/pkg/sdk/go/README.md
@@ -8,8 +8,9 @@ Does both system administration (provisioning) and messaging.
 
 Import `"github.com/absmach/magistrala/sdk/go"` in your Go package.
 
-````
-import "github.com/absmach/magistrala/pkg/sdk/go"```
+```go
+import "github.com/absmach/magistrala/pkg/sdk/go"
+```
 
 Then call SDK Go functions to interact with the system.
 
@@ -20,10 +21,10 @@ FUNCTIONS
 
 func NewMgxSDK(host, port string, tls bool) *MgxSDK
 
-func (sdk *MgxSDK) Channel(id, token string) (things.Channel, error)
+func (sdk *MgxSDK) Channel(id, token string) (clients.Channel, error)
     Channel - gets channel by ID
 
-func (sdk *MgxSDK) Channels(token string) ([]things.Channel, error)
+func (sdk *MgxSDK) Channels(token string) ([]clients.Channel, error)
     Channels - gets all channels
 
 func (sdk *MgxSDK) Connect(struct{[]string, []string}, token string) error
@@ -32,8 +33,8 @@ func (sdk *MgxSDK) Connect(struct{[]string, []string}, token string) error
 func (sdk *MgxSDK) CreateChannel(data, token string) (string, error)
     CreateChannel - creates new channel and generates UUID
 
-func (sdk *MgxSDK) CreateThing(data, token string) (string, error)
-    CreateThing - creates new client and generates client UUID
+func (sdk *MgxSDK) CreateClient(data, token string) (string, error)
+    CreateClient - creates new client and generates client UUID
 
 func (sdk *MgxSDK) CreateToken(user, pwd string) (string, error)
     CreateToken - create user token
@@ -53,8 +54,8 @@ func (sdk *MgxSDK) UpdatePassword(user, pwd string) error
 func (sdk *MgxSDK) DeleteChannel(id, token string) error
     DeleteChannel - removes channel
 
-func (sdk *MgxSDK) DeleteThing(id, token string) error
-    DeleteThing - removes thing
+func (sdk *MgxSDK) DeleteClient(id, token string) error
+    DeleteClient - removes client
 
 func (sdk *MgxSDK) DisconnectClient(clientID, chanID, token string) error
     DisconnectClient - connect client to a channel
@@ -66,18 +67,18 @@ func (sdk *MgxSDK) SetContentType(ct ContentType) error
     SetContentType - set message content type. Available options are SenML
     JSON, custom JSON and custom binary (octet-stream).
 
-func (sdk *MgxSDK) Thing(id, token string) (Thing, error)
-    Thing - gets client by ID
+func (sdk *MgxSDK) Client(id, token string) (Client, error)
+    Client - gets client by ID
 
-func (sdk *MgxSDK) Things(token string) ([]Thing, error)
-    Things - gets all things
+func (sdk *MgxSDK) Clients(token string) ([]Client, error)
+    Clients - gets all clients
 
 func (sdk *MgxSDK) UpdateChannel(channel Channel, token string) error
     UpdateChannel - update a channel
 
-func (sdk *MgxSDK) UpdateThing(client Thing, token string) error
-    UpdateThing - updates client by ID
+func (sdk *MgxSDK) UpdateClient(client Client, token string) error
+    UpdateClient - updates client by ID
 
 func (sdk *MgxSDK) Health() (magistrala.Health, error)
     Health - clients service health check
-````
+```
diff --git a/pkg/sdk/go/bootstrap.go b/pkg/sdk/go/bootstrap.go
index b26eec00d4..cd884a3334 100644
--- a/pkg/sdk/go/bootstrap.go
+++ b/pkg/sdk/go/bootstrap.go
@@ -19,19 +19,19 @@ import (
 )
 
 const (
-	configsEndpoint        = "clientss/configs"
-	bootstrapEndpoint      = "clientss/bootstrap"
-	whitelistEndpoint      = "clientss/state"
-	bootstrapCertsEndpoint = "clientss/configs/certs"
-	bootstrapConnEndpoint  = "clientss/configs/connections"
+	configsEndpoint        = "clients/configs"
+	bootstrapEndpoint      = "clients/bootstrap"
+	whitelistEndpoint      = "clients/state"
+	bootstrapCertsEndpoint = "clients/configs/certs"
+	bootstrapConnEndpoint  = "clients/configs/connections"
 	secureEndpoint         = "secure"
 )
 
 // BootstrapConfig represents Configuration entity. It wraps information about external entity
 // as well as info about corresponding Magistrala entities.
-// MGThing represents corresponding Magistrala Thing ID.
-// MGKey is key of corresponding Magistrala Thing.
-// MGChannels is a list of Magistrala Channels corresponding Magistrala Thing connects to.
+// MGClient represents corresponding Magistrala Client ID.
+// MGKey is key of corresponding Magistrala Client.
+// MGChannels is a list of Magistrala Channels corresponding Magistrala Client connects to.
 type BootstrapConfig struct {
 	Channels     interface{} `json:"channels,omitempty"`
 	ExternalID   string      `json:"external_id,omitempty"`
@@ -70,7 +70,7 @@ func (ts *BootstrapConfig) UnmarshalJSON(data []byte) error {
 		ExternalID   *string `json:"external_id,omitempty"`
 		ExternalKey  *string `json:"external_key,omitempty"`
 		ClientID     *string `json:"client_id,omitempty"`
-		ClientSecret *string `json:"client_key,omitempty"`
+		ClientSecret *string `json:"client_secret,omitempty"`
 		Name         *string `json:"name,omitempty"`
 		ClientCert   *string `json:"client_cert,omitempty"`
 		ClientKey    *string `json:"client_key,omitempty"`
@@ -133,8 +133,8 @@ func (sdk mgSDK) Bootstraps(pm PageMetadata, domainID, token string) (BootstrapP
 	return bb, nil
 }
 
-func (sdk mgSDK) Whitelist(thingID string, state int, domainID, token string) errors.SDKError {
-	if thingID == "" {
+func (sdk mgSDK) Whitelist(clientID string, state int, domainID, token string) errors.SDKError {
+	if clientID == "" {
 		return errors.NewSDKError(apiutil.ErrMissingID)
 	}
 
@@ -143,7 +143,7 @@ func (sdk mgSDK) Whitelist(thingID string, state int, domainID, token string) er
 		return errors.NewSDKError(err)
 	}
 
-	url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, whitelistEndpoint, thingID)
+	url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, whitelistEndpoint, clientID)
 
 	_, _, sdkerr := sdk.processRequest(http.MethodPut, url, token, data, nil, http.StatusCreated, http.StatusOK)
 
@@ -247,7 +247,7 @@ func (sdk mgSDK) Bootstrap(externalID, externalKey string) (BootstrapConfig, err
 	}
 	url := fmt.Sprintf("%s/%s/%s", sdk.bootstrapURL, bootstrapEndpoint, externalID)
 
-	_, body, err := sdk.processRequest(http.MethodGet, url, ThingPrefix+externalKey, nil, nil, http.StatusOK)
+	_, body, err := sdk.processRequest(http.MethodGet, url, ClientPrefix+externalKey, nil, nil, http.StatusOK)
 	if err != nil {
 		return BootstrapConfig{}, err
 	}
@@ -271,7 +271,7 @@ func (sdk mgSDK) BootstrapSecure(externalID, externalKey, cryptoKey string) (Boo
 		return BootstrapConfig{}, errors.NewSDKError(err)
 	}
 
-	_, body, sdkErr := sdk.processRequest(http.MethodGet, url, ThingPrefix+encExtKey, nil, nil, http.StatusOK)
+	_, body, sdkErr := sdk.processRequest(http.MethodGet, url, ClientPrefix+encExtKey, nil, nil, http.StatusOK)
 	if sdkErr != nil {
 		return BootstrapConfig{}, sdkErr
 	}
diff --git a/pkg/sdk/go/certs.go b/pkg/sdk/go/certs.go
index adf6092b5c..d09578cf74 100644
--- a/pkg/sdk/go/certs.go
+++ b/pkg/sdk/go/certs.go
@@ -28,9 +28,9 @@ type Cert struct {
 	ClientID     string    `json:"client_id,omitempty"`
 }
 
-func (sdk mgSDK) IssueCert(thingID, validity, domainID, token string) (Cert, errors.SDKError) {
+func (sdk mgSDK) IssueCert(clientID, validity, domainID, token string) (Cert, errors.SDKError) {
 	r := certReq{
-		ClientID: thingID,
+		ClientID: clientID,
 		Validity: validity,
 	}
 	d, err := json.Marshal(r)
@@ -68,11 +68,11 @@ func (sdk mgSDK) ViewCert(id, domainID, token string) (Cert, errors.SDKError) {
 	return cert, nil
 }
 
-func (sdk mgSDK) ViewCertByThing(thingID, domainID, token string) (CertSerials, errors.SDKError) {
-	if thingID == "" {
+func (sdk mgSDK) ViewCertByClient(clientID, domainID, token string) (CertSerials, errors.SDKError) {
+	if clientID == "" {
 		return CertSerials{}, errors.NewSDKError(apiutil.ErrMissingID)
 	}
-	url := fmt.Sprintf("%s/%s/%s/%s", sdk.certsURL, domainID, serialsEndpoint, thingID)
+	url := fmt.Sprintf("%s/%s/%s/%s", sdk.certsURL, domainID, serialsEndpoint, clientID)
 
 	_, body, err := sdk.processRequest(http.MethodGet, url, token, nil, nil, http.StatusOK)
 	if err != nil {
diff --git a/pkg/sdk/go/certs_test.go b/pkg/sdk/go/certs_test.go
index f678b26f61..aa5ded094e 100644
--- a/pkg/sdk/go/certs_test.go
+++ b/pkg/sdk/go/certs_test.go
@@ -279,7 +279,7 @@ func TestViewCert(t *testing.T) {
 	}
 }
 
-func TestViewCertByThing(t *testing.T) {
+func TestViewCertByClient(t *testing.T) {
 	ts, svc, auth := setupCerts()
 	defer ts.Close()
 
@@ -291,7 +291,7 @@ func TestViewCertByThing(t *testing.T) {
 
 	mgsdk := sdk.NewSDK(sdkConf)
 
-	viewCertThingRes := sdk.CertSerials{
+	viewCertClientRes := sdk.CertSerials{
 		Certs: []sdk.Cert{{
 			SerialNumber: serial,
 		}},
@@ -360,10 +360,10 @@ func TestViewCertByThing(t *testing.T) {
 			}
 			authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr)
 			svcCall := svc.On("ListSerials", mock.Anything, tc.clientID, certs.PageMetadata{Revoked: defRevoke, Offset: defOffset, Limit: defLimit}).Return(tc.svcRes, tc.svcErr)
-			resp, err := mgsdk.ViewCertByThing(tc.clientID, tc.domainID, tc.token)
+			resp, err := mgsdk.ViewCertByClient(tc.clientID, tc.domainID, tc.token)
 			assert.Equal(t, tc.err, err)
 			if tc.err == nil {
-				assert.Equal(t, viewCertThingRes, resp)
+				assert.Equal(t, viewCertClientRes, resp)
 				ok := svcCall.Parent.AssertCalled(t, "ListSerials", mock.Anything, tc.clientID, certs.PageMetadata{Revoked: defRevoke, Offset: defOffset, Limit: defLimit})
 				assert.True(t, ok)
 			}
diff --git a/pkg/sdk/go/channels.go b/pkg/sdk/go/channels.go
index b60b32d001..fa8b11adc1 100644
--- a/pkg/sdk/go/channels.go
+++ b/pkg/sdk/go/channels.go
@@ -73,7 +73,7 @@ func (sdk mgSDK) Channels(pm PageMetadata, domainID, token string) (ChannelsPage
 }
 
 func (sdk mgSDK) ChannelsByClient(clientID string, pm PageMetadata, domainID, token string) (ChannelsPage, errors.SDKError) {
-	url, err := sdk.withQueryParams(fmt.Sprintf("%s/%s/things/%s", sdk.clientsURL, domainID, clientID), channelsEndpoint, pm)
+	url, err := sdk.withQueryParams(fmt.Sprintf("%s/%s/clients/%s", sdk.clientsURL, domainID, clientID), channelsEndpoint, pm)
 	if err != nil {
 		return ChannelsPage{}, errors.NewSDKError(err)
 	}
diff --git a/pkg/sdk/go/channels_test.go b/pkg/sdk/go/channels_test.go
index 24501a5aba..66bc72d672 100644
--- a/pkg/sdk/go/channels_test.go
+++ b/pkg/sdk/go/channels_test.go
@@ -12,10 +12,11 @@ import (
 	"time"
 
 	authmocks "github.com/absmach/magistrala/auth/mocks"
+	"github.com/absmach/magistrala/channels"
+	chmocks "github.com/absmach/magistrala/channels/mocks"
+	"github.com/absmach/magistrala/clients"
 	thapi "github.com/absmach/magistrala/clients/api/http"
 	climocks "github.com/absmach/magistrala/clients/mocks"
-	"github.com/absmach/magistrala/groups"
-	gmocks "github.com/absmach/magistrala/groups/mocks"
 	"github.com/absmach/magistrala/internal/testsutil"
 	mglog "github.com/absmach/magistrala/logger"
 	"github.com/absmach/magistrala/pkg/apiutil"
@@ -40,10 +41,10 @@ var (
 	channel        = generateTestChannel(&testing.T{})
 )
 
-func setupChannels() (*httptest.Server, *gmocks.Service, *authnmocks.Authentication) {
+func setupChannels() (*httptest.Server, *chmocks.Service, *authnmocks.Authentication) {
 	tsvc := new(climocks.Service)
 	usvc := new(usmocks.Service)
-	gsvc := new(gmocks.Service)
+	gsvc := new(chmocks.Service)
 	logger := mglog.NewMock()
 	provider := new(oauth2mocks.Provider)
 	provider.On("Name").Return("test")
@@ -61,17 +62,17 @@ func TestCreateChannel(t *testing.T) {
 	ts, gsvc, auth := setupChannels()
 	defer ts.Close()
 
-	group := convertChannel(channel)
-	createGroupReq := groups.Group{
+	channel := convertChannel(channel)
+	createGroupReq := channels.Channel{
 		Name:     channel.Name,
-		Metadata: groups.Metadata{"role": "client"},
-		Status:   groups.EnabledStatus,
+		Metadata: clients.Metadata{"role": "client"},
+		Status:   clients.EnabledStatus,
 	}
 
 	channelReq := sdk.Channel{
 		Name:     channel.Name,
 		Metadata: validMetadata,
-		Status:   groups.EnabledStatus.String(),
+		Status:   clients.EnabledStatus.String(),
 	}
 
 	channelKind := "new_channel"
@@ -82,7 +83,7 @@ func TestCreateChannel(t *testing.T) {
 	pChannel.ParentID = parentID
 
 	iGroup := group
-	iGroup.Metadata = groups.Metadata{
+	iGroup.Metadata = clients.Metadata{
 		"test": make(chan int),
 	}
 
@@ -96,8 +97,8 @@ func TestCreateChannel(t *testing.T) {
 		domainID        string
 		token           string
 		session         mgauthn.Session
-		createGroupReq  groups.Group
-		svcRes          groups.Group
+		createGroupReq  channels.Channel
+		svcRes          channels.Channel
 		svcErr          error
 		authenticateRes mgauthn.Session
 		authenticateErr error
@@ -121,7 +122,7 @@ func TestCreateChannel(t *testing.T) {
 			domainID:       domainID,
 			token:          validToken,
 			createGroupReq: createGroupReq,
-			svcRes:         groups.Group{},
+			svcRes:         channels.Channel{},
 			svcErr:         svcerr.ErrCreateEntity,
 			response:       sdk.Channel{},
 			err:            errors.NewSDKErrorWithStatus(svcerr.ErrCreateEntity, http.StatusUnprocessableEntity),
@@ -136,8 +137,8 @@ func TestCreateChannel(t *testing.T) {
 			},
 			domainID:       domainID,
 			token:          validToken,
-			createGroupReq: groups.Group{},
-			svcRes:         groups.Group{},
+			createGroupReq: channels.Channel{},
+			svcRes:         channels.Channel{},
 			svcErr:         nil,
 			response:       sdk.Channel{},
 			err:            errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -147,14 +148,14 @@ func TestCreateChannel(t *testing.T) {
 			channelReq: sdk.Channel{
 				Name:     channel.Name,
 				ParentID: parentID,
-				Status:   groups.EnabledStatus.String(),
+				Status:   clients.EnabledStatus.String(),
 			},
 			domainID: domainID,
 			token:    validToken,
-			createGroupReq: groups.Group{
+			createGroupReq: channels.Channel{
 				Name:   channel.Name,
 				Parent: parentID,
-				Status: groups.EnabledStatus,
+				Status: clients.EnabledStatus,
 			},
 			svcRes:   pGroup,
 			svcErr:   nil,
@@ -166,16 +167,16 @@ func TestCreateChannel(t *testing.T) {
 			channelReq: sdk.Channel{
 				Name:     channel.Name,
 				ParentID: wrongID,
-				Status:   groups.EnabledStatus.String(),
+				Status:   clients.EnabledStatus.String(),
 			},
 			domainID: domainID,
 			token:    validToken,
-			createGroupReq: groups.Group{
+			createGroupReq: channels.Channel{
 				Name:   channel.Name,
 				Parent: wrongID,
-				Status: groups.EnabledStatus,
+				Status: clients.EnabledStatus,
 			},
-			svcRes:   groups.Group{},
+			svcRes:   channels.Channel{},
 			svcErr:   svcerr.ErrCreateEntity,
 			response: sdk.Channel{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrCreateEntity, http.StatusUnprocessableEntity),
@@ -183,12 +184,12 @@ func TestCreateChannel(t *testing.T) {
 		{
 			desc: "create channel with missing name",
 			channelReq: sdk.Channel{
-				Status: groups.EnabledStatus.String(),
+				Status: clients.EnabledStatus.String(),
 			},
 			domainID:       domainID,
 			token:          validToken,
-			createGroupReq: groups.Group{},
-			svcRes:         groups.Group{},
+			createGroupReq: channels.Channel{},
+			svcRes:         channels.Channel{},
 			svcErr:         nil,
 			response:       sdk.Channel{},
 			err:            errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrNameSize), http.StatusBadRequest),
@@ -203,19 +204,19 @@ func TestCreateChannel(t *testing.T) {
 				Metadata:    validMetadata,
 				CreatedAt:   group.CreatedAt,
 				UpdatedAt:   group.UpdatedAt,
-				Status:      groups.EnabledStatus.String(),
+				Status:      clients.EnabledStatus.String(),
 			},
 			domainID: domainID,
 			token:    validToken,
-			createGroupReq: groups.Group{
+			createGroupReq: channels.Channel{
 				ID:          group.ID,
 				Parent:      parentID,
 				Name:        channel.Name,
 				Description: description,
-				Metadata:    groups.Metadata{"role": "client"},
+				Metadata:    clients.Metadata{"role": "client"},
 				CreatedAt:   group.CreatedAt,
 				UpdatedAt:   group.UpdatedAt,
-				Status:      groups.EnabledStatus,
+				Status:      clients.EnabledStatus,
 			},
 			svcRes:   pGroup,
 			svcErr:   nil,
@@ -269,7 +270,7 @@ func TestListChannels(t *testing.T) {
 			ID:       generateUUID(t),
 			Name:     fmt.Sprintf("channel_%d", i),
 			Metadata: sdk.Metadata{"name": fmt.Sprintf("client_%d", i)},
-			Status:   groups.EnabledStatus.String(),
+			Status:   clients.EnabledStatus.String(),
 		}
 		chs = append(chs, gr)
 	}
@@ -279,15 +280,15 @@ func TestListChannels(t *testing.T) {
 		domainID        string
 		token           string
 		session         mgauthn.Session
-		status          groups.Status
+		status          channels.Status
 		total           uint64
 		offset          uint64
 		limit           uint64
 		level           int
 		name            string
 		metadata        sdk.Metadata
-		groupsPageMeta  groups.Page
-		svcRes          groups.Page
+		groupsPageMeta  channels.Page
+		svcRes          channels.Page
 		svcErr          error
 		authenticateRes mgauthn.Session
 		authenticateErr error
@@ -301,16 +302,14 @@ func TestListChannels(t *testing.T) {
 			limit:    limit,
 			offset:   offset,
 			total:    total,
-			groupsPageMeta: groups.Page{
-				PageMeta: groups.PageMeta{
+			groupsPageMeta: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: offset,
 					Limit:  limit,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: uint64(len(chs[offset:limit])),
 				},
 				Groups: convertChannels(chs[offset:limit]),
@@ -329,15 +328,13 @@ func TestListChannels(t *testing.T) {
 			domainID: domainID,
 			offset:   offset,
 			limit:    limit,
-			groupsPageMeta: groups.Page{
-				PageMeta: groups.PageMeta{
+			groupsPageMeta: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: offset,
 					Limit:  limit,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes:          groups.Page{},
+			svcRes:          channels.Page{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.ChannelsPage{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -348,8 +345,8 @@ func TestListChannels(t *testing.T) {
 			domainID:       validID,
 			offset:         offset,
 			limit:          limit,
-			groupsPageMeta: groups.Page{},
-			svcRes:         groups.Page{},
+			groupsPageMeta: channels.Page{},
+			svcRes:         channels.Page{},
 			svcErr:         nil,
 			response:       sdk.ChannelsPage{},
 			err:            errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -360,16 +357,14 @@ func TestListChannels(t *testing.T) {
 			domainID: domainID,
 			offset:   offset,
 			limit:    0,
-			groupsPageMeta: groups.Page{
-				PageMeta: groups.PageMeta{
+			groupsPageMeta: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: offset,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: uint64(len(chs[offset:])),
 				},
 				Groups: convertChannels(chs[offset:limit]),
@@ -389,8 +384,8 @@ func TestListChannels(t *testing.T) {
 			domainID:       domainID,
 			offset:         offset,
 			limit:          110,
-			groupsPageMeta: groups.Page{},
-			svcRes:         groups.Page{},
+			groupsPageMeta: channels.Page{},
+			svcRes:         channels.Page{},
 			svcErr:         nil,
 			response:       sdk.ChannelsPage{},
 			err:            errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrLimitSize), http.StatusBadRequest),
@@ -402,17 +397,14 @@ func TestListChannels(t *testing.T) {
 			offset:   0,
 			limit:    1,
 			level:    1,
-			groupsPageMeta: groups.Page{
-				PageMeta: groups.PageMeta{
+			groupsPageMeta: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: offset,
 					Limit:  1,
 				},
-				Level:      1,
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: 1,
 				},
 				Groups: convertChannels(chs[0:1]),
@@ -432,18 +424,16 @@ func TestListChannels(t *testing.T) {
 			domainID: domainID,
 			offset:   0,
 			limit:    10,
-			metadata: sdk.Metadata{"name": "thing_89"},
-			groupsPageMeta: groups.Page{
-				PageMeta: groups.PageMeta{
+			metadata: sdk.Metadata{"name": "client_89"},
+			groupsPageMeta: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset:   offset,
 					Limit:    10,
-					Metadata: groups.Metadata{"name": "thing_89"},
+					Metadata: clients.Metadata{"name": "client_89"},
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: 1,
 				},
 				Groups: convertChannels([]sdk.Channel{chs[89]}),
@@ -466,8 +456,8 @@ func TestListChannels(t *testing.T) {
 			metadata: sdk.Metadata{
 				"test": make(chan int),
 			},
-			groupsPageMeta: groups.Page{},
-			svcRes:         groups.Page{},
+			groupsPageMeta: channels.Page{},
+			svcRes:         channels.Page{},
 			svcErr:         nil,
 			response:       sdk.ChannelsPage{},
 			err:            errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -478,21 +468,19 @@ func TestListChannels(t *testing.T) {
 			domainID: domainID,
 			offset:   0,
 			limit:    10,
-			groupsPageMeta: groups.Page{
-				PageMeta: groups.PageMeta{
+			groupsPageMeta: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: 1,
 				},
-				Groups: []groups.Group{{
+				Groups: []channels.Channel{{
 					ID: generateUUID(t),
-					Metadata: groups.Metadata{
+					Metadata: clients.Metadata{
 						"test": make(chan int),
 					},
 				}},
@@ -545,7 +533,7 @@ func TestViewChannel(t *testing.T) {
 		token           string
 		session         mgauthn.Session
 		channelID       string
-		svcRes          groups.Group
+		svcRes          channels.Channel
 		svcErr          error
 		authenticateErr error
 		response        sdk.Channel
@@ -566,7 +554,7 @@ func TestViewChannel(t *testing.T) {
 			domainID:        domainID,
 			token:           invalidToken,
 			channelID:       groupRes.ID,
-			svcRes:          groups.Group{},
+			svcRes:          channels.Channel{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.Channel{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -576,7 +564,7 @@ func TestViewChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     "",
 			channelID: groupRes.ID,
-			svcRes:    groups.Group{},
+			svcRes:    channels.Channel{},
 			svcErr:    nil,
 			response:  sdk.Channel{},
 			err:       errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -586,7 +574,7 @@ func TestViewChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     validToken,
 			channelID: wrongID,
-			svcRes:    groups.Group{},
+			svcRes:    channels.Channel{},
 			svcErr:    svcerr.ErrViewEntity,
 			response:  sdk.Channel{},
 			err:       errors.NewSDKErrorWithStatus(svcerr.ErrViewEntity, http.StatusBadRequest),
@@ -596,7 +584,7 @@ func TestViewChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     validToken,
 			channelID: "",
-			svcRes:    groups.Group{},
+			svcRes:    channels.Channel{},
 			svcErr:    nil,
 			response:  sdk.Channel{},
 			err:       errors.NewSDKError(apiutil.ErrMissingID),
@@ -606,9 +594,9 @@ func TestViewChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     validToken,
 			channelID: groupRes.ID,
-			svcRes: groups.Group{
+			svcRes: channels.Channel{
 				ID: generateUUID(t),
-				Metadata: groups.Metadata{
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			},
@@ -659,7 +647,7 @@ func TestUpdateChannel(t *testing.T) {
 	dChannel.Description = newDescription
 
 	mGroup := group
-	mGroup.Metadata = groups.Metadata{
+	mGroup.Metadata = clients.Metadata{
 		"field": "value2",
 	}
 	mChannel := channel
@@ -670,7 +658,7 @@ func TestUpdateChannel(t *testing.T) {
 	aGroup := group
 	aGroup.Name = newName
 	aGroup.Description = newDescription
-	aGroup.Metadata = groups.Metadata{"field": "value2"}
+	aGroup.Metadata = clients.Metadata{"field": "value2"}
 	aChannel := channel
 	aChannel.Name = newName
 	aChannel.Description = newDescription
@@ -682,8 +670,8 @@ func TestUpdateChannel(t *testing.T) {
 		token           string
 		session         mgauthn.Session
 		channelReq      sdk.Channel
-		updateGroupReq  groups.Group
-		svcRes          groups.Group
+		updateGroupReq  channels.Channel
+		svcRes          channels.Channel
 		svcErr          error
 		authenticateErr error
 		response        sdk.Channel
@@ -697,7 +685,7 @@ func TestUpdateChannel(t *testing.T) {
 				ID:   channel.ID,
 				Name: newName,
 			},
-			updateGroupReq: groups.Group{
+			updateGroupReq: channels.Channel{
 				ID:   group.ID,
 				Name: newName,
 			},
@@ -714,7 +702,7 @@ func TestUpdateChannel(t *testing.T) {
 				ID:          channel.ID,
 				Description: newDescription,
 			},
-			updateGroupReq: groups.Group{
+			updateGroupReq: channels.Channel{
 				ID:          group.ID,
 				Description: newDescription,
 			},
@@ -733,9 +721,9 @@ func TestUpdateChannel(t *testing.T) {
 					"field": "value2",
 				},
 			},
-			updateGroupReq: groups.Group{
+			updateGroupReq: channels.Channel{
 				ID:       group.ID,
-				Metadata: groups.Metadata{"field": "value2"},
+				Metadata: clients.Metadata{"field": "value2"},
 			},
 			svcRes:   mGroup,
 			svcErr:   nil,
@@ -752,11 +740,11 @@ func TestUpdateChannel(t *testing.T) {
 				Description: newDescription,
 				Metadata:    sdk.Metadata{"field": "value2"},
 			},
-			updateGroupReq: groups.Group{
+			updateGroupReq: channels.Channel{
 				ID:          group.ID,
 				Name:        newName,
 				Description: newDescription,
-				Metadata:    groups.Metadata{"field": "value2"},
+				Metadata:    clients.Metadata{"field": "value2"},
 			},
 			svcRes:   aGroup,
 			svcErr:   nil,
@@ -771,11 +759,11 @@ func TestUpdateChannel(t *testing.T) {
 				ID:   wrongID,
 				Name: newName,
 			},
-			updateGroupReq: groups.Group{
+			updateGroupReq: channels.Channel{
 				ID:   wrongID,
 				Name: newName,
 			},
-			svcRes:   groups.Group{},
+			svcRes:   channels.Channel{},
 			svcErr:   svcerr.ErrNotFound,
 			response: sdk.Channel{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound),
@@ -788,11 +776,11 @@ func TestUpdateChannel(t *testing.T) {
 				ID:          wrongID,
 				Description: newDescription,
 			},
-			updateGroupReq: groups.Group{
+			updateGroupReq: channels.Channel{
 				ID:          wrongID,
 				Description: newDescription,
 			},
-			svcRes:   groups.Group{},
+			svcRes:   channels.Channel{},
 			svcErr:   svcerr.ErrNotFound,
 			response: sdk.Channel{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound),
@@ -807,11 +795,11 @@ func TestUpdateChannel(t *testing.T) {
 					"field": "value2",
 				},
 			},
-			updateGroupReq: groups.Group{
+			updateGroupReq: channels.Channel{
 				ID:       wrongID,
-				Metadata: groups.Metadata{"field": "value2"},
+				Metadata: clients.Metadata{"field": "value2"},
 			},
-			svcRes:   groups.Group{},
+			svcRes:   channels.Channel{},
 			svcErr:   svcerr.ErrNotFound,
 			response: sdk.Channel{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound),
@@ -824,11 +812,11 @@ func TestUpdateChannel(t *testing.T) {
 				ID:   channel.ID,
 				Name: newName,
 			},
-			updateGroupReq: groups.Group{
+			updateGroupReq: channels.Channel{
 				ID:   group.ID,
 				Name: newName,
 			},
-			svcRes:          groups.Group{},
+			svcRes:          channels.Channel{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.Channel{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -841,11 +829,11 @@ func TestUpdateChannel(t *testing.T) {
 				ID:   channel.ID,
 				Name: newName,
 			},
-			updateGroupReq: groups.Group{
+			updateGroupReq: channels.Channel{
 				ID:   group.ID,
 				Name: newName,
 			},
-			svcRes:   groups.Group{},
+			svcRes:   channels.Channel{},
 			svcErr:   nil,
 			response: sdk.Channel{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -858,8 +846,8 @@ func TestUpdateChannel(t *testing.T) {
 				ID:   channel.ID,
 				Name: strings.Repeat("a", 1025),
 			},
-			updateGroupReq: groups.Group{},
-			svcRes:         groups.Group{},
+			updateGroupReq: channels.Channel{},
+			svcRes:         channels.Channel{},
 			svcErr:         nil,
 			response:       sdk.Channel{},
 			err:            errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrNameSize), http.StatusBadRequest),
@@ -875,8 +863,8 @@ func TestUpdateChannel(t *testing.T) {
 					"test": make(chan int),
 				},
 			},
-			updateGroupReq: groups.Group{},
-			svcRes:         groups.Group{},
+			updateGroupReq: channels.Channel{},
+			svcRes:         channels.Channel{},
 			svcErr:         nil,
 			response:       sdk.Channel{},
 			err:            errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -889,13 +877,13 @@ func TestUpdateChannel(t *testing.T) {
 				ID:   channel.ID,
 				Name: newName,
 			},
-			updateGroupReq: groups.Group{
+			updateGroupReq: channels.Channel{
 				ID:   group.ID,
 				Name: newName,
 			},
-			svcRes: groups.Group{
+			svcRes: channels.Channel{
 				ID: generateUUID(t),
-				Metadata: groups.Metadata{
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			},
@@ -910,8 +898,8 @@ func TestUpdateChannel(t *testing.T) {
 			channelReq: sdk.Channel{
 				Name: newName,
 			},
-			updateGroupReq: groups.Group{},
-			svcRes:         groups.Group{},
+			updateGroupReq: channels.Channel{},
+			svcRes:         channels.Channel{},
 			svcErr:         nil,
 			response:       sdk.Channel{},
 			err:            errors.NewSDKError(apiutil.ErrMissingID),
@@ -937,7 +925,7 @@ func TestUpdateChannel(t *testing.T) {
 	}
 }
 
-func TestListChannelsByThing(t *testing.T) {
+func TestListChannelsByClient(t *testing.T) {
 	ts, gsvc, auth := setupChannels()
 	defer ts.Close()
 
@@ -954,7 +942,7 @@ func TestListChannelsByThing(t *testing.T) {
 			ID:       generateUUID(t),
 			Name:     fmt.Sprintf("membership_%d@example.com", i),
 			Metadata: sdk.Metadata{"role": "channel"},
-			Status:   groups.EnabledStatus.String(),
+			Status:   clients.EnabledStatus.String(),
 		}
 		aChannels = append(aChannels, channel)
 	}
@@ -966,8 +954,8 @@ func TestListChannelsByThing(t *testing.T) {
 		session         mgauthn.Session
 		ClientID        string
 		pageMeta        sdk.PageMetadata
-		listGroupsReq   groups.Page
-		svcRes          groups.Page
+		listGroupsReq   channels.Page
+		svcRes          channels.Page
 		svcErr          error
 		authenticateErr error
 		response        sdk.ChannelsPage
@@ -979,19 +967,17 @@ func TestListChannelsByThing(t *testing.T) {
 			token:    validToken,
 			ClientID: testsutil.GenerateUUID(t),
 			pageMeta: sdk.PageMetadata{},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: nChannels,
 				},
-				Groups: convertChannels(aChannels),
+				Channels: convertChannels(aChannels),
 			},
 			svcErr: nil,
 			response: sdk.ChannelsPage{
@@ -1011,19 +997,17 @@ func TestListChannelsByThing(t *testing.T) {
 				Offset: 6,
 				Limit:  nChannels,
 			},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 6,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: uint64(len(aChannels[6 : nChannels-1])),
 				},
-				Groups: convertChannels(aChannels[6 : nChannels-1]),
+				Channels: convertChannels(aChannels[6 : nChannels-1]),
 			},
 			svcErr: nil,
 			response: sdk.ChannelsPage{
@@ -1044,20 +1028,18 @@ func TestListChannelsByThing(t *testing.T) {
 				Offset: 0,
 				Limit:  nChannels,
 			},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Name:   "membership_8@example.com",
 					Offset: 0,
 					Limit:  nChannels,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: 1,
 				},
-				Groups: convertChannels([]sdk.Channel{aChannels[8]}),
+				Channels: convertChannels([]sdk.Channel{aChannels[8]}),
 			},
 			svcErr: nil,
 			response: sdk.ChannelsPage{
@@ -1074,15 +1056,13 @@ func TestListChannelsByThing(t *testing.T) {
 			token:    invalidToken,
 			ClientID: testsutil.GenerateUUID(t),
 			pageMeta: sdk.PageMetadata{},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes:          groups.Page{},
+			svcRes:          channels.Page{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.ChannelsPage{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -1093,8 +1073,8 @@ func TestListChannelsByThing(t *testing.T) {
 			token:         "",
 			ClientID:      testsutil.GenerateUUID(t),
 			pageMeta:      sdk.PageMetadata{},
-			listGroupsReq: groups.Page{},
-			svcRes:        groups.Page{},
+			listGroupsReq: channels.Page{},
+			svcRes:        channels.Page{},
 			svcErr:        nil,
 			response:      sdk.ChannelsPage{},
 			err:           errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -1107,8 +1087,8 @@ func TestListChannelsByThing(t *testing.T) {
 			pageMeta: sdk.PageMetadata{
 				Limit: 110,
 			},
-			listGroupsReq: groups.Page{},
-			svcRes:        groups.Page{},
+			listGroupsReq: channels.Page{},
+			svcRes:        channels.Page{},
 			svcErr:        nil,
 			response:      sdk.ChannelsPage{},
 			err:           errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrLimitSize), http.StatusBadRequest),
@@ -1123,8 +1103,8 @@ func TestListChannelsByThing(t *testing.T) {
 					"test": make(chan int),
 				},
 			},
-			listGroupsReq: groups.Page{},
-			svcRes:        groups.Page{},
+			listGroupsReq: channels.Page{},
+			svcRes:        channels.Page{},
 			svcErr:        nil,
 			response:      sdk.ChannelsPage{},
 			err:           errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -1138,21 +1118,19 @@ func TestListChannelsByThing(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: 1,
 				},
-				Groups: []groups.Group{{
+				Channels: []channels.Channel{{
 					ID: generateUUID(t),
-					Metadata: groups.Metadata{
+					Metadata: clients.Metadata{
 						"test": make(chan int),
 					},
 				}},
@@ -1169,7 +1147,7 @@ func TestListChannelsByThing(t *testing.T) {
 			}
 			authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr)
 			svcCall := gsvc.On("ListGroups", mock.Anything, tc.session, policies.ClientsKind, tc.ClientID, tc.listGroupsReq).Return(tc.svcRes, tc.svcErr)
-			resp, err := mgsdk.ChannelsByThing(tc.ClientID, tc.pageMeta, tc.domainID, tc.token)
+			resp, err := mgsdk.ChannelsByClient(tc.ClientID, tc.pageMeta, tc.domainID, tc.token)
 			assert.Equal(t, tc.err, err)
 			assert.Equal(t, tc.response, resp)
 			if tc.err == nil {
@@ -1198,7 +1176,7 @@ func TestEnableChannel(t *testing.T) {
 		token           string
 		session         mgauthn.Session
 		channelID       string
-		svcRes          groups.Group
+		svcRes          channels.Channel
 		svcErr          error
 		authenticateErr error
 		response        sdk.Channel
@@ -1219,7 +1197,7 @@ func TestEnableChannel(t *testing.T) {
 			domainID:        domainID,
 			token:           invalidToken,
 			channelID:       channel.ID,
-			svcRes:          groups.Group{},
+			svcRes:          channels.Channel{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.Channel{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -1229,7 +1207,7 @@ func TestEnableChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     "",
 			channelID: channel.ID,
-			svcRes:    groups.Group{},
+			svcRes:    channels.Channel{},
 			svcErr:    nil,
 			response:  sdk.Channel{},
 			err:       errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -1239,7 +1217,7 @@ func TestEnableChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     validToken,
 			channelID: wrongID,
-			svcRes:    groups.Group{},
+			svcRes:    channels.Channel{},
 			svcErr:    svcerr.ErrNotFound,
 			response:  sdk.Channel{},
 			err:       errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound),
@@ -1249,7 +1227,7 @@ func TestEnableChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     validToken,
 			channelID: "",
-			svcRes:    groups.Group{},
+			svcRes:    channels.Channel{},
 			svcErr:    nil,
 			response:  sdk.Channel{},
 			err:       errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrMissingID), http.StatusBadRequest),
@@ -1259,9 +1237,9 @@ func TestEnableChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     validToken,
 			channelID: channel.ID,
-			svcRes: groups.Group{
+			svcRes: channels.Channel{
 				ID: generateUUID(t),
-				Metadata: groups.Metadata{
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			},
@@ -1301,9 +1279,9 @@ func TestDisableChannel(t *testing.T) {
 
 	group := convertChannel(channel)
 	dGroup := group
-	dGroup.Status = groups.DisabledStatus
+	dGroup.Status = clients.DisabledStatus
 	dChannel := channel
-	dChannel.Status = groups.DisabledStatus.String()
+	dChannel.Status = clients.DisabledStatus.String()
 
 	cases := []struct {
 		desc            string
@@ -1311,7 +1289,7 @@ func TestDisableChannel(t *testing.T) {
 		token           string
 		session         mgauthn.Session
 		channelID       string
-		svcRes          groups.Group
+		svcRes          channels.Channel
 		svcErr          error
 		authenticateErr error
 		response        sdk.Channel
@@ -1332,7 +1310,7 @@ func TestDisableChannel(t *testing.T) {
 			domainID:        domainID,
 			token:           invalidToken,
 			channelID:       channel.ID,
-			svcRes:          groups.Group{},
+			svcRes:          channels.Channel{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.Channel{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -1342,7 +1320,7 @@ func TestDisableChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     "",
 			channelID: channel.ID,
-			svcRes:    groups.Group{},
+			svcRes:    channels.Channel{},
 			svcErr:    nil,
 			response:  sdk.Channel{},
 			err:       errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -1352,7 +1330,7 @@ func TestDisableChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     validToken,
 			channelID: wrongID,
-			svcRes:    groups.Group{},
+			svcRes:    channels.Channel{},
 			svcErr:    svcerr.ErrNotFound,
 			response:  sdk.Channel{},
 			err:       errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound),
@@ -1362,7 +1340,7 @@ func TestDisableChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     validToken,
 			channelID: "",
-			svcRes:    groups.Group{},
+			svcRes:    channels.Channel{},
 			svcErr:    nil,
 			response:  sdk.Channel{},
 			err:       errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrMissingID), http.StatusBadRequest),
@@ -1372,9 +1350,9 @@ func TestDisableChannel(t *testing.T) {
 			domainID:  domainID,
 			token:     validToken,
 			channelID: channel.ID,
-			svcRes: groups.Group{
+			svcRes: channels.Channel{
 				ID: generateUUID(t),
-				Metadata: groups.Metadata{
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			},
@@ -2043,14 +2021,14 @@ func TestListChannelUserGroups(t *testing.T) {
 	mgsdk := sdk.NewSDK(conf)
 
 	nGroups := uint64(10)
-	aGroups := []sdk.Group{}
+	aGroups := []sdk.Channel{}
 
 	for i := uint64(1); i < nGroups; i++ {
-		group := sdk.Group{
+		group := sdk.Channel{
 			ID:       generateUUID(t),
 			Name:     fmt.Sprintf("group_%d", i),
 			Metadata: sdk.Metadata{"role": "group"},
-			Status:   groups.EnabledStatus.String(),
+			Status:   clients.EnabledStatus.String(),
 		}
 		aGroups = append(aGroups, group)
 	}
@@ -2062,44 +2040,40 @@ func TestListChannelUserGroups(t *testing.T) {
 		session         mgauthn.Session
 		channelID       string
 		pageMeta        sdk.PageMetadata
-		listGroupsReq   groups.Page
-		svcRes          groups.Page
+		listGroupsReq   channels.Page
+		svcRes          channels.Page
 		svcErr          error
 		authenticateErr error
 		response        sdk.GroupsPage
 		err             errors.SDKError
 	}{
 		{
-			desc:      "list user groups successfully",
+			desc:      "list user channels successfully",
 			domainID:  domainID,
 			token:     validToken,
 			channelID: channel.ID,
 			pageMeta:  sdk.PageMetadata{},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: nGroups,
 				},
-				Groups: convertGroups(aGroups),
 			},
 			svcErr: nil,
 			response: sdk.GroupsPage{
 				PageRes: sdk.PageRes{
 					Total: nGroups,
 				},
-				Groups: aGroups,
 			},
 			err: nil,
 		},
 		{
-			desc:      "list user groups with offset and limit",
+			desc:      "list user channels with offset and limit",
 			domainID:  domainID,
 			token:     validToken,
 			channelID: channel.ID,
@@ -2107,112 +2081,102 @@ func TestListChannelUserGroups(t *testing.T) {
 				Offset: 6,
 				Limit:  nGroups,
 			},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 6,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: uint64(len(aGroups[6 : nGroups-1])),
 				},
-				Groups: convertGroups(aGroups[6 : nGroups-1]),
 			},
 			svcErr: nil,
 			response: sdk.GroupsPage{
 				PageRes: sdk.PageRes{
 					Total: uint64(len(aGroups[6 : nGroups-1])),
 				},
-				Groups: aGroups[6 : nGroups-1],
 			},
 			err: nil,
 		},
 		{
-			desc:      "list user groups with invalid token",
+			desc:      "list user channels with invalid token",
 			domainID:  domainID,
 			token:     invalidToken,
 			channelID: channel.ID,
 			pageMeta:  sdk.PageMetadata{},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes:          groups.Page{},
+			svcRes:          channels.Page{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.GroupsPage{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
 		},
 		{
-			desc:      "list user groups with empty token",
+			desc:      "list user channels with empty token",
 			domainID:  domainID,
 			token:     "",
 			channelID: channel.ID,
 			pageMeta:  sdk.PageMetadata{},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes:   groups.Page{},
+			svcRes:   channels.Page{},
 			svcErr:   nil,
 			response: sdk.GroupsPage{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
 		},
 		{
-			desc:      "list user groups with limit greater than max",
+			desc:      "list user channels with limit greater than max",
 			domainID:  domainID,
 			token:     validToken,
 			channelID: channel.ID,
 			pageMeta: sdk.PageMetadata{
 				Limit: 110,
 			},
-			listGroupsReq: groups.Page{},
-			svcRes:        groups.Page{},
+			listGroupsReq: channels.Page{},
+			svcRes:        channels.Page{},
 			svcErr:        nil,
 			response:      sdk.GroupsPage{},
 			err:           errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrLimitSize), http.StatusBadRequest),
 		},
 		{
-			desc:      "list user groups with invalid channel id",
+			desc:      "list user channels with invalid channel id",
 			domainID:  domainID,
 			token:     validToken,
 			channelID: wrongID,
 			pageMeta: sdk.PageMetadata{
 				DomainID: domainID,
 			},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes:   groups.Page{},
+			svcRes:   channels.Page{},
 			svcErr:   svcerr.ErrAuthorization,
 			response: sdk.GroupsPage{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
 		},
 		{
-			desc:      "list users groups with level exceeding max",
+			desc:      "list users channels with level exceeding max",
 			domainID:  domainID,
 			token:     validToken,
 			channelID: channel.ID,
 			pageMeta: sdk.PageMetadata{
 				Level: 10,
 			},
-			listGroupsReq: groups.Page{},
-			svcRes:        groups.Page{},
+			listGroupsReq: channels.Page{},
+			svcRes:        channels.Page{},
 			svcErr:        nil,
 			response:      sdk.GroupsPage{},
 			err:           errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrInvalidLevel), http.StatusBadRequest),
@@ -2229,36 +2193,28 @@ func TestListChannelUserGroups(t *testing.T) {
 					"test": make(chan int),
 				},
 			},
-			listGroupsReq: groups.Page{},
-			svcRes:        groups.Page{},
+			listGroupsReq: channels.Page{},
+			svcRes:        channels.Page{},
 			svcErr:        nil,
 			response:      sdk.GroupsPage{},
 			err:           errors.NewSDKError(errors.New("json: unsupported type: chan int")),
 		},
 		{
-			desc:      "list user groups with service response that can't be unmarshalled",
+			desc:      "list user channels with service response that can't be unmarshalled",
 			domainID:  domainID,
 			token:     validToken,
 			channelID: channel.ID,
 			pageMeta:  sdk.PageMetadata{},
-			listGroupsReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			listGroupsReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: 1,
 				},
-				Groups: []groups.Group{
-					{
-						ID:       generateUUID(t),
-						Metadata: groups.Metadata{"test": make(chan int)},
-					},
-				},
 			},
 			svcErr:   nil,
 			response: sdk.GroupsPage{},
@@ -2499,7 +2455,7 @@ func TestDisconnect(t *testing.T) {
 	}
 }
 
-func TestConnectThing(t *testing.T) {
+func TestConnectClient(t *testing.T) {
 	ts, gsvc, auth := setupChannels()
 	defer ts.Close()
 
@@ -2583,7 +2539,7 @@ func TestConnectThing(t *testing.T) {
 			}
 			authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr)
 			svcCall := gsvc.On("Assign", mock.Anything, tc.session, tc.channelID, policies.GroupRelation, policies.ClientsKind, []string{tc.clientID}).Return(tc.svcErr)
-			err := mgsdk.ConnectThing(tc.clientID, tc.channelID, tc.domainID, tc.token)
+			err := mgsdk.ConnectClient(tc.clientID, tc.channelID, tc.domainID, tc.token)
 			assert.Equal(t, tc.err, err)
 			if tc.err == nil {
 				ok := svcCall.Parent.AssertCalled(t, "Assign", mock.Anything, tc.session, tc.channelID, policies.GroupRelation, policies.ClientsKind, []string{tc.clientID})
@@ -2703,7 +2659,7 @@ func TestListGroupChannels(t *testing.T) {
 		ID:       testsutil.GenerateUUID(t),
 		Name:     "group_channel",
 		Metadata: sdk.Metadata{"role": "group"},
-		Status:   groups.EnabledStatus.String(),
+		Status:   clients.EnabledStatus.String(),
 	}
 
 	cases := []struct {
@@ -2713,8 +2669,8 @@ func TestListGroupChannels(t *testing.T) {
 		session         mgauthn.Session
 		groupID         string
 		pageMeta        sdk.PageMetadata
-		svcReq          groups.Page
-		svcRes          groups.Page
+		svcReq          channels.Page
+		svcRes          channels.Page
 		svcErr          error
 		authenticateErr error
 		response        sdk.ChannelsPage
@@ -2729,19 +2685,16 @@ func TestListGroupChannels(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: 1,
 				},
-				Groups: []groups.Group{convertChannel(groupChannel)},
 			},
 			svcErr: nil,
 			response: sdk.ChannelsPage{
@@ -2761,15 +2714,13 @@ func TestListGroupChannels(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes:          groups.Page{},
+			svcRes:          channels.Page{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.ChannelsPage{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -2783,8 +2734,8 @@ func TestListGroupChannels(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq:   groups.Page{},
-			svcRes:   groups.Page{},
+			svcReq:   channels.Page{},
+			svcRes:   channels.Page{},
 			svcErr:   nil,
 			response: sdk.ChannelsPage{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -2798,15 +2749,13 @@ func TestListGroupChannels(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes:   groups.Page{},
+			svcRes:   channels.Page{},
 			svcErr:   svcerr.ErrAuthorization,
 			response: sdk.ChannelsPage{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
@@ -2823,8 +2772,8 @@ func TestListGroupChannels(t *testing.T) {
 					"test": make(chan int),
 				},
 			},
-			svcReq:   groups.Page{},
-			svcRes:   groups.Page{},
+			svcReq:   channels.Page{},
+			svcRes:   channels.Page{},
 			svcErr:   nil,
 			response: sdk.ChannelsPage{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -2838,24 +2787,16 @@ func TestListGroupChannels(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcReq: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Offset: 0,
 					Limit:  10,
 				},
-				Permission: "view",
-				Direction:  -1,
 			},
-			svcRes: groups.Page{
-				PageMeta: groups.PageMeta{
+			svcRes: channels.Page{
+				PageMetadata: channels.PageMetadata{
 					Total: 1,
 				},
-				Groups: []groups.Group{
-					{
-						ID:       generateUUID(t),
-						Metadata: groups.Metadata{"test": make(chan int)},
-					},
-				},
 			},
 			svcErr:   nil,
 			response: sdk.ChannelsPage{},
@@ -2894,7 +2835,7 @@ func generateTestChannel(t *testing.T) sdk.Channel {
 		Metadata:    sdk.Metadata{"role": "client"},
 		CreatedAt:   createdAt,
 		UpdatedAt:   updatedAt,
-		Status:      groups.EnabledStatus.String(),
+		Status:      clients.EnabledStatus.String(),
 	}
 	return ch
 }
diff --git a/pkg/sdk/go/clients.go b/pkg/sdk/go/clients.go
index d76e011dc9..278aadc8b9 100644
--- a/pkg/sdk/go/clients.go
+++ b/pkg/sdk/go/clients.go
@@ -23,7 +23,7 @@ const (
 	unshareEndpoint     = "unshare"
 )
 
-// Client represents magistrala thing.
+// Client represents magistrala client.
 type Client struct {
 	ID          string                 `json:"id,omitempty"`
 	Name        string                 `json:"name,omitempty"`
@@ -250,32 +250,32 @@ func (sdk mgSDK) changeClientStatus(id, status, domainID, token string) (Client,
 	return t, nil
 }
 
-func (sdk mgSDK) ShareClient(thingID string, req UsersRelationRequest, domainID, token string) errors.SDKError {
+func (sdk mgSDK) ShareClient(clientID string, req UsersRelationRequest, domainID, token string) errors.SDKError {
 	data, err := json.Marshal(req)
 	if err != nil {
 		return errors.NewSDKError(err)
 	}
 
-	url := fmt.Sprintf("%s/%s/%s/%s/%s", sdk.clientsURL, domainID, clientsEndpoint, thingID, shareEndpoint)
+	url := fmt.Sprintf("%s/%s/%s/%s/%s", sdk.clientsURL, domainID, clientsEndpoint, clientID, shareEndpoint)
 
 	_, _, sdkerr := sdk.processRequest(http.MethodPost, url, token, data, nil, http.StatusCreated)
 	return sdkerr
 }
 
-func (sdk mgSDK) UnshareClient(thingID string, req UsersRelationRequest, domainID, token string) errors.SDKError {
+func (sdk mgSDK) UnshareClient(clientID string, req UsersRelationRequest, domainID, token string) errors.SDKError {
 	data, err := json.Marshal(req)
 	if err != nil {
 		return errors.NewSDKError(err)
 	}
 
-	url := fmt.Sprintf("%s/%s/%s/%s/%s", sdk.clientsURL, domainID, clientsEndpoint, thingID, unshareEndpoint)
+	url := fmt.Sprintf("%s/%s/%s/%s/%s", sdk.clientsURL, domainID, clientsEndpoint, clientID, unshareEndpoint)
 
 	_, _, sdkerr := sdk.processRequest(http.MethodPost, url, token, data, nil, http.StatusNoContent)
 	return sdkerr
 }
 
-func (sdk mgSDK) ListClientUsers(thingID string, pm PageMetadata, domainID, token string) (UsersPage, errors.SDKError) {
-	url, err := sdk.withQueryParams(sdk.usersURL, fmt.Sprintf("%s/%s/%s/%s", domainID, clientsEndpoint, thingID, usersEndpoint), pm)
+func (sdk mgSDK) ListClientUsers(clientID string, pm PageMetadata, domainID, token string) (UsersPage, errors.SDKError) {
+	url, err := sdk.withQueryParams(sdk.usersURL, fmt.Sprintf("%s/%s/%s/%s", domainID, clientsEndpoint, clientID, usersEndpoint), pm)
 	if err != nil {
 		return UsersPage{}, errors.NewSDKError(err)
 	}
diff --git a/pkg/sdk/go/clients_test.go b/pkg/sdk/go/clients_test.go
index b1736e9694..4f437ef13c 100644
--- a/pkg/sdk/go/clients_test.go
+++ b/pkg/sdk/go/clients_test.go
@@ -11,9 +11,9 @@ import (
 	"testing"
 	"time"
 
+	"github.com/absmach/magistrala/clients"
 	api "github.com/absmach/magistrala/clients/api/http"
 	"github.com/absmach/magistrala/clients/mocks"
-	gmocks "github.com/absmach/magistrala/groups/mocks"
 	"github.com/absmach/magistrala/internal/testsutil"
 	mglog "github.com/absmach/magistrala/logger"
 	"github.com/absmach/magistrala/pkg/apiutil"
@@ -30,12 +30,11 @@ import (
 
 func setupClients() (*httptest.Server, *mocks.Service, *authnmocks.Authentication) {
 	tsvc := new(mocks.Service)
-	gsvc := new(gmocks.Service)
 
 	logger := mglog.NewMock()
 	mux := chi.NewRouter()
 	authn := new(authnmocks.Authentication)
-	api.MakeHandler(tsvc, gsvc, authn, mux, logger, "")
+	api.MakeHandler(tsvc, authn, mux, logger, "")
 
 	return httptest.NewServer(mux), tsvc, authn
 }
@@ -65,8 +64,8 @@ func TestCreateClient(t *testing.T) {
 		token           string
 		session         mgauthn.Session
 		createClientReq sdk.Client
-		svcReq          mgthings.Client
-		svcRes          []mgthings.Client
+		svcReq          clients.Client
+		svcRes          []clients.Client
 		svcErr          error
 		authenticateErr error
 		response        sdk.Client
@@ -78,7 +77,7 @@ func TestCreateClient(t *testing.T) {
 			token:           validToken,
 			createClientReq: createClientReq,
 			svcReq:          convertClient(createClientReq),
-			svcRes:          []mgthings.Client{convertClient(client)},
+			svcRes:          []clients.Client{convertClient(client)},
 			svcErr:          nil,
 			response:        client,
 			err:             nil,
@@ -89,7 +88,7 @@ func TestCreateClient(t *testing.T) {
 			token:           invalidToken,
 			createClientReq: createClientReq,
 			svcReq:          convertClient(createClientReq),
-			svcRes:          []mgthings.Client{},
+			svcRes:          []clients.Client{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -100,18 +99,18 @@ func TestCreateClient(t *testing.T) {
 			token:           "",
 			createClientReq: createClientReq,
 			svcReq:          convertClient(createClientReq),
-			svcRes:          []mgthings.Client{},
+			svcRes:          []clients.Client{},
 			svcErr:          nil,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
 		},
 		{
-			desc:            "create an existing thing",
+			desc:            "create an existing client",
 			domainID:        domainID,
 			token:           validToken,
 			createClientReq: createClientReq,
 			svcReq:          convertClient(createClientReq),
-			svcRes:          []mgthings.Client{},
+			svcRes:          []clients.Client{},
 			svcErr:          svcerr.ErrCreateEntity,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrCreateEntity, http.StatusUnprocessableEntity),
@@ -127,8 +126,8 @@ func TestCreateClient(t *testing.T) {
 				Metadata:    client.Metadata,
 				Status:      client.Status,
 			},
-			svcReq:   mgthings.Client{},
-			svcRes:   []mgthings.Client{},
+			svcReq:   clients.Client{},
+			svcRes:   []clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrNameSize), http.StatusBadRequest),
@@ -145,8 +144,8 @@ func TestCreateClient(t *testing.T) {
 				Metadata:    client.Metadata,
 				Status:      client.Status,
 			},
-			svcReq:   mgthings.Client{},
-			svcRes:   []mgthings.Client{},
+			svcReq:   clients.Client{},
+			svcRes:   []clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrInvalidIDFormat), http.StatusBadRequest),
@@ -161,8 +160,8 @@ func TestCreateClient(t *testing.T) {
 					"test": make(chan int),
 				},
 			},
-			svcReq:   mgthings.Client{},
-			svcRes:   []mgthings.Client{},
+			svcReq:   clients.Client{},
+			svcRes:   []clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -173,11 +172,11 @@ func TestCreateClient(t *testing.T) {
 			token:           validToken,
 			createClientReq: createClientReq,
 			svcReq:          convertClient(createClientReq),
-			svcRes: []mgthings.Client{{
+			svcRes: []clients.Client{{
 				Name:        client.Name,
 				Tags:        client.Tags,
-				Credentials: mgthings.Credentials(client.Credentials),
-				Metadata: mgthings.Metadata{
+				Credentials: clients.Credentials(client.Credentials),
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			}},
@@ -210,10 +209,10 @@ func TestCreateClients(t *testing.T) {
 	ts, tsvc, auth := setupClients()
 	defer ts.Close()
 
-	clients := []sdk.Client{}
+	sdkClients := []sdk.Client{}
 	for i := 0; i < 3; i++ {
 		client := generateTestClient(t)
-		clients = append(clients, client)
+		sdkClients = append(sdkClients, client)
 	}
 
 	conf := sdk.Config{
@@ -227,8 +226,8 @@ func TestCreateClients(t *testing.T) {
 		token                string
 		session              mgauthn.Session
 		createClientsRequest []sdk.Client
-		svcReq               []mgthings.Client
-		svcRes               []mgthings.Client
+		svcReq               []clients.Client
+		svcRes               []clients.Client
 		svcErr               error
 		authenticateErr      error
 		response             []sdk.Client
@@ -238,20 +237,20 @@ func TestCreateClients(t *testing.T) {
 			desc:                 "create new clients successfully",
 			domainID:             domainID,
 			token:                validToken,
-			createClientsRequest: clients,
-			svcReq:               convertClients(clients...),
-			svcRes:               convertClients(clients...),
+			createClientsRequest: sdkClients,
+			svcReq:               convertClients(sdkClients...),
+			svcRes:               convertClients(sdkClients...),
 			svcErr:               nil,
-			response:             clients,
+			response:             sdkClients,
 			err:                  nil,
 		},
 		{
 			desc:                 "create new clients with invalid token",
 			domainID:             domainID,
 			token:                invalidToken,
-			createClientsRequest: clients,
-			svcReq:               convertClients(clients...),
-			svcRes:               []mgthings.Client{},
+			createClientsRequest: sdkClients,
+			svcReq:               convertClients(sdkClients...),
+			svcRes:               []clients.Client{},
 			authenticateErr:      svcerr.ErrAuthentication,
 			response:             []sdk.Client{},
 			err:                  errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -260,9 +259,9 @@ func TestCreateClients(t *testing.T) {
 			desc:                 "create new clients with empty token",
 			domainID:             domainID,
 			token:                "",
-			createClientsRequest: clients,
-			svcReq:               convertClients(clients...),
-			svcRes:               []mgthings.Client{},
+			createClientsRequest: sdkClients,
+			svcReq:               convertClients(sdkClients...),
+			svcRes:               []clients.Client{},
 			svcErr:               nil,
 			response:             []sdk.Client{},
 			err:                  errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -272,8 +271,8 @@ func TestCreateClients(t *testing.T) {
 			domainID:             domainID,
 			token:                validToken,
 			createClientsRequest: []sdk.Client{{Name: "test", Metadata: map[string]interface{}{"test": make(chan int)}}},
-			svcReq:               convertClients(clients...),
-			svcRes:               []mgthings.Client{},
+			svcReq:               convertClients(sdkClients...),
+			svcRes:               []clients.Client{},
 			svcErr:               nil,
 			response:             []sdk.Client{},
 			err:                  errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -282,13 +281,13 @@ func TestCreateClients(t *testing.T) {
 			desc:                 "create new clients with a response that can't be unmarshalled",
 			domainID:             domainID,
 			token:                validToken,
-			createClientsRequest: clients,
-			svcReq:               convertClients(clients...),
-			svcRes: []mgthings.Client{{
-				Name:        clients[0].Name,
-				Tags:        clients[0].Tags,
-				Credentials: mgthings.Credentials(clients[0].Credentials),
-				Metadata: mgthings.Metadata{
+			createClientsRequest: sdkClients,
+			svcReq:               convertClients(sdkClients...),
+			svcRes: []clients.Client{{
+				Name:        sdkClients[0].Name,
+				Tags:        sdkClients[0].Tags,
+				Credentials: clients.Credentials(sdkClients[0].Credentials),
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			}},
@@ -321,14 +320,14 @@ func TestListClients(t *testing.T) {
 	ts, tsvc, auth := setupClients()
 	defer ts.Close()
 
-	var clients []sdk.Client
+	var sdkClients []sdk.Client
 	for i := 10; i < 100; i++ {
 		c := generateTestClient(t)
 		if i == 50 {
-			c.Status = mgthings.DisabledStatus.String()
+			c.Status = clients.DisabledStatus.String()
 			c.Tags = []string{"tag1", "tag2"}
 		}
-		clients = append(clients, c)
+		sdkClients = append(sdkClients, c)
 	}
 
 	conf := sdk.Config{
@@ -342,8 +341,8 @@ func TestListClients(t *testing.T) {
 		domainID        string
 		session         mgauthn.Session
 		pageMeta        sdk.PageMetadata
-		svcReq          mgthings.Page
-		svcRes          mgthings.ClientsPage
+		svcReq          clients.Page
+		svcRes          clients.ClientsPage
 		svcErr          error
 		authenticateErr error
 		response        sdk.ClientsPage
@@ -357,26 +356,26 @@ func TestListClients(t *testing.T) {
 				Offset: 0,
 				Limit:  100,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 			},
-			svcRes: mgthings.ClientsPage{
-				Page: mgthings.Page{
+			svcRes: clients.ClientsPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
-					Total:  uint64(len(clients)),
+					Total:  uint64(len(sdkClients)),
 				},
-				Clients: convertClients(clients...),
+				Clients: convertClients(sdkClients...),
 			},
 			svcErr: nil,
 			response: sdk.ClientsPage{
 				PageRes: sdk.PageRes{
 					Limit: 100,
-					Total: uint64(len(clients)),
+					Total: uint64(len(sdkClients)),
 				},
-				Clients: clients,
+				Clients: sdkClients,
 			},
 		},
 		{
@@ -387,12 +386,12 @@ func TestListClients(t *testing.T) {
 				Offset: 0,
 				Limit:  100,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 			},
-			svcRes:          mgthings.ClientsPage{},
+			svcRes:          clients.ClientsPage{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.ClientsPage{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -405,8 +404,8 @@ func TestListClients(t *testing.T) {
 				Offset: 0,
 				Limit:  1000,
 			},
-			svcReq:   mgthings.Page{},
-			svcRes:   mgthings.ClientsPage{},
+			svcReq:   clients.Page{},
+			svcRes:   clients.ClientsPage{},
 			svcErr:   nil,
 			response: sdk.ClientsPage{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrLimitSize), http.StatusBadRequest),
@@ -420,8 +419,8 @@ func TestListClients(t *testing.T) {
 				Limit:  100,
 				Name:   strings.Repeat("a", 1025),
 			},
-			svcReq:   mgthings.Page{},
-			svcRes:   mgthings.ClientsPage{},
+			svcReq:   clients.Page{},
+			svcRes:   clients.ClientsPage{},
 			svcErr:   nil,
 			response: sdk.ClientsPage{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrNameSize), http.StatusBadRequest),
@@ -433,21 +432,21 @@ func TestListClients(t *testing.T) {
 			pageMeta: sdk.PageMetadata{
 				Offset: 0,
 				Limit:  100,
-				Status: mgthings.DisabledStatus.String(),
+				Status: clients.DisabledStatus.String(),
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
-				Status:     mgthings.DisabledStatus,
+				Status:     clients.DisabledStatus,
 			},
-			svcRes: mgthings.ClientsPage{
-				Page: mgthings.Page{
+			svcRes: clients.ClientsPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
 					Total:  1,
 				},
-				Clients: convertClients(clients[50]),
+				Clients: convertClients(sdkClients[50]),
 			},
 			svcErr: nil,
 			response: sdk.ClientsPage{
@@ -455,7 +454,7 @@ func TestListClients(t *testing.T) {
 					Limit: 100,
 					Total: 1,
 				},
-				Clients: []sdk.Client{clients[50]},
+				Clients: []sdk.Client{sdkClients[50]},
 			},
 			err: nil,
 		},
@@ -468,19 +467,19 @@ func TestListClients(t *testing.T) {
 				Limit:  100,
 				Tag:    "tag1",
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 				Tag:        "tag1",
 			},
-			svcRes: mgthings.ClientsPage{
-				Page: mgthings.Page{
+			svcRes: clients.ClientsPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
 					Total:  1,
 				},
-				Clients: convertClients(clients[50]),
+				Clients: convertClients(sdkClients[50]),
 			},
 			svcErr: nil,
 			response: sdk.ClientsPage{
@@ -488,7 +487,7 @@ func TestListClients(t *testing.T) {
 					Limit: 100,
 					Total: 1,
 				},
-				Clients: []sdk.Client{clients[50]},
+				Clients: []sdk.Client{sdkClients[50]},
 			},
 			err: nil,
 		},
@@ -503,8 +502,8 @@ func TestListClients(t *testing.T) {
 					"test": make(chan int),
 				},
 			},
-			svcReq:   mgthings.Page{},
-			svcRes:   mgthings.ClientsPage{},
+			svcReq:   clients.Page{},
+			svcRes:   clients.ClientsPage{},
 			svcErr:   nil,
 			response: sdk.ClientsPage{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -517,22 +516,22 @@ func TestListClients(t *testing.T) {
 				Offset: 0,
 				Limit:  100,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 			},
-			svcRes: mgthings.ClientsPage{
-				Page: mgthings.Page{
+			svcRes: clients.ClientsPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
 					Total:  1,
 				},
-				Clients: []mgthings.Client{{
-					Name:        clients[0].Name,
-					Tags:        clients[0].Tags,
-					Credentials: mgthings.Credentials(clients[0].Credentials),
-					Metadata: mgthings.Metadata{
+				Clients: []clients.Client{{
+					Name:        sdkClients[0].Name,
+					Tags:        sdkClients[0].Tags,
+					Credentials: clients.Credentials(sdkClients[0].Credentials),
+					Metadata: clients.Metadata{
 						"test": make(chan int),
 					},
 				}},
@@ -566,13 +565,13 @@ func TestListClientsByChannel(t *testing.T) {
 	ts, tsvc, auth := setupClients()
 	defer ts.Close()
 
-	var clients []sdk.Client
+	var sdkClients []sdk.Client
 	for i := 10; i < 100; i++ {
 		c := generateTestClient(t)
 		if i == 50 {
-			c.Status = mgthings.DisabledStatus.String()
+			c.Status = clients.DisabledStatus.String()
 		}
-		clients = append(clients, c)
+		sdkClients = append(sdkClients, c)
 	}
 
 	conf := sdk.Config{
@@ -587,8 +586,8 @@ func TestListClientsByChannel(t *testing.T) {
 		session         mgauthn.Session
 		channelID       string
 		pageMeta        sdk.PageMetadata
-		svcReq          mgthings.Page
-		svcRes          mgthings.MembersPage
+		svcReq          clients.Page
+		svcRes          clients.MembersPage
 		svcErr          error
 		authenticateErr error
 		response        sdk.ClientsPage
@@ -603,26 +602,26 @@ func TestListClientsByChannel(t *testing.T) {
 				Offset: 0,
 				Limit:  100,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 			},
-			svcRes: mgthings.MembersPage{
-				Page: mgthings.Page{
+			svcRes: clients.MembersPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
-					Total:  uint64(len(clients)),
+					Total:  uint64(len(sdkClients)),
 				},
-				Members: convertClients(clients...),
+				Members: convertClients(sdkClients...),
 			},
 			svcErr: nil,
 			response: sdk.ClientsPage{
 				PageRes: sdk.PageRes{
 					Limit: 100,
-					Total: uint64(len(clients)),
+					Total: uint64(len(sdkClients)),
 				},
-				Clients: clients,
+				Clients: sdkClients,
 			},
 		},
 		{
@@ -634,12 +633,12 @@ func TestListClientsByChannel(t *testing.T) {
 				Offset: 0,
 				Limit:  100,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 			},
-			svcRes:          mgthings.MembersPage{},
+			svcRes:          clients.MembersPage{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.ClientsPage{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -653,8 +652,8 @@ func TestListClientsByChannel(t *testing.T) {
 				Offset: 0,
 				Limit:  100,
 			},
-			svcReq:   mgthings.Page{},
-			svcRes:   mgthings.MembersPage{},
+			svcReq:   clients.Page{},
+			svcRes:   clients.MembersPage{},
 			svcErr:   nil,
 			response: sdk.ClientsPage{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -667,21 +666,21 @@ func TestListClientsByChannel(t *testing.T) {
 			pageMeta: sdk.PageMetadata{
 				Offset: 0,
 				Limit:  100,
-				Status: mgthings.DisabledStatus.String(),
+				Status: clients.DisabledStatus.String(),
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
-				Status:     mgthings.DisabledStatus,
+				Status:     clients.DisabledStatus,
 			},
-			svcRes: mgthings.MembersPage{
-				Page: mgthings.Page{
+			svcRes: clients.MembersPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
 					Total:  1,
 				},
-				Members: convertClients(clients[50]),
+				Members: convertClients(sdkClients[50]),
 			},
 			svcErr: nil,
 			response: sdk.ClientsPage{
@@ -689,7 +688,7 @@ func TestListClientsByChannel(t *testing.T) {
 					Limit: 100,
 					Total: 1,
 				},
-				Clients: []sdk.Client{clients[50]},
+				Clients: []sdk.Client{sdkClients[50]},
 			},
 			err: nil,
 		},
@@ -702,8 +701,8 @@ func TestListClientsByChannel(t *testing.T) {
 				Offset: 0,
 				Limit:  100,
 			},
-			svcReq:   mgthings.Page{},
-			svcRes:   mgthings.MembersPage{},
+			svcReq:   clients.Page{},
+			svcRes:   clients.MembersPage{},
 			svcErr:   nil,
 			response: sdk.ClientsPage{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrMissingID), http.StatusBadRequest),
@@ -720,8 +719,8 @@ func TestListClientsByChannel(t *testing.T) {
 					"test": make(chan int),
 				},
 			},
-			svcReq:   mgthings.Page{},
-			svcRes:   mgthings.MembersPage{},
+			svcReq:   clients.Page{},
+			svcRes:   clients.MembersPage{},
 			svcErr:   nil,
 			response: sdk.ClientsPage{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -735,22 +734,22 @@ func TestListClientsByChannel(t *testing.T) {
 				Offset: 0,
 				Limit:  100,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 			},
-			svcRes: mgthings.MembersPage{
-				Page: mgthings.Page{
+			svcRes: clients.MembersPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
 					Total:  1,
 				},
-				Members: []mgthings.Client{{
-					Name:        clients[0].Name,
-					Tags:        clients[0].Tags,
-					Credentials: mgthings.Credentials(clients[0].Credentials),
-					Metadata: mgthings.Metadata{
+				Members: []clients.Client{{
+					Name:        sdkClients[0].Name,
+					Tags:        sdkClients[0].Tags,
+					Credentials: clients.Credentials(sdkClients[0].Credentials),
+					Metadata: clients.Metadata{
 						"test": make(chan int),
 					},
 				}},
@@ -784,7 +783,7 @@ func TestViewClient(t *testing.T) {
 	ts, tsvc, auth := setupClients()
 	defer ts.Close()
 
-	client := generateTestClient(t)
+	sdkClient := generateTestClient(t)
 	conf := sdk.Config{
 		ClientsURL: ts.URL,
 	}
@@ -796,7 +795,7 @@ func TestViewClient(t *testing.T) {
 		token           string
 		session         mgauthn.Session
 		clientID        string
-		svcRes          mgthings.Client
+		svcRes          clients.Client
 		svcErr          error
 		authenticateErr error
 		response        sdk.Client
@@ -806,18 +805,18 @@ func TestViewClient(t *testing.T) {
 			desc:     "view client successfully",
 			domainID: domainID,
 			token:    validToken,
-			clientID: client.ID,
-			svcRes:   convertClient(client),
+			clientID: sdkClient.ID,
+			svcRes:   convertClient(sdkClient),
 			svcErr:   nil,
-			response: client,
+			response: sdkClient,
 			err:      nil,
 		},
 		{
 			desc:            "view client with an invalid token",
 			domainID:        domainID,
 			token:           invalidToken,
-			clientID:        client.ID,
-			svcRes:          mgthings.Client{},
+			clientID:        sdkClient.ID,
+			svcRes:          clients.Client{},
 			authenticateErr: svcerr.ErrAuthorization,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
@@ -826,8 +825,8 @@ func TestViewClient(t *testing.T) {
 			desc:     "view client with empty token",
 			domainID: domainID,
 			token:    "",
-			clientID: client.ID,
-			svcRes:   mgthings.Client{},
+			clientID: sdkClient.ID,
+			svcRes:   clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -837,7 +836,7 @@ func TestViewClient(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			clientID: wrongID,
-			svcRes:   mgthings.Client{},
+			svcRes:   clients.Client{},
 			svcErr:   svcerr.ErrViewEntity,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrViewEntity, http.StatusBadRequest),
@@ -847,7 +846,7 @@ func TestViewClient(t *testing.T) {
 			domainID: domainID,
 			token:    validToken,
 			clientID: "",
-			svcRes:   mgthings.Client{},
+			svcRes:   clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKError(apiutil.ErrMissingID),
@@ -856,12 +855,12 @@ func TestViewClient(t *testing.T) {
 			desc:     "view client with response that can't be unmarshalled",
 			domainID: domainID,
 			token:    validToken,
-			clientID: client.ID,
-			svcRes: mgthings.Client{
-				Name:        client.Name,
-				Tags:        client.Tags,
-				Credentials: mgthings.Credentials(client.Credentials),
-				Metadata: mgthings.Metadata{
+			clientID: sdkClient.ID,
+			svcRes: clients.Client{
+				Name:        sdkClient.Name,
+				Tags:        sdkClient.Tags,
+				Credentials: clients.Credentials(sdkClient.Credentials),
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			},
@@ -989,14 +988,14 @@ func TestUpdateClient(t *testing.T) {
 	ts, tsvc, auth := setupClients()
 	defer ts.Close()
 
-	client := generateTestClient(t)
-	updatedClient := thing
+	sdkClient := generateTestClient(t)
+	updatedClient := sdkClient
 	updatedClient.Name = "newName"
 	updatedClient.Metadata = map[string]interface{}{
 		"newKey": "newValue",
 	}
 	updateClientReq := sdk.Client{
-		ID:       thing.ID,
+		ID:       sdkClient.ID,
 		Name:     updatedClient.Name,
 		Metadata: updatedClient.Metadata,
 	}
@@ -1012,8 +1011,8 @@ func TestUpdateClient(t *testing.T) {
 		token           string
 		session         mgauthn.Session
 		updateClientReq sdk.Client
-		svcReq          mgthings.Client
-		svcRes          mgthings.Client
+		svcReq          clients.Client
+		svcRes          clients.Client
 		svcErr          error
 		authenticateErr error
 		response        sdk.Client
@@ -1036,7 +1035,7 @@ func TestUpdateClient(t *testing.T) {
 			token:           invalidToken,
 			updateClientReq: updateClientReq,
 			svcReq:          convertClient(updateClientReq),
-			svcRes:          mgthings.Client{},
+			svcRes:          clients.Client{},
 			authenticateErr: svcerr.ErrAuthorization,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
@@ -1047,7 +1046,7 @@ func TestUpdateClient(t *testing.T) {
 			token:           "",
 			updateClientReq: updateClientReq,
 			svcReq:          convertClient(updateClientReq),
-			svcRes:          mgthings.Client{},
+			svcRes:          clients.Client{},
 			svcErr:          nil,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -1064,7 +1063,7 @@ func TestUpdateClient(t *testing.T) {
 				ID:   wrongID,
 				Name: updatedClient.Name,
 			}),
-			svcRes:   mgthings.Client{},
+			svcRes:   clients.Client{},
 			svcErr:   svcerr.ErrUpdateEntity,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrUpdateEntity, http.StatusUnprocessableEntity),
@@ -1082,7 +1081,7 @@ func TestUpdateClient(t *testing.T) {
 				ID:   "",
 				Name: updatedClient.Name,
 			}),
-			svcRes:   mgthings.Client{},
+			svcRes:   clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKError(apiutil.ErrMissingID),
@@ -1098,8 +1097,8 @@ func TestUpdateClient(t *testing.T) {
 					"test": make(chan int),
 				},
 			},
-			svcReq:   mgthings.Client{},
-			svcRes:   mgthings.Client{},
+			svcReq:   clients.Client{},
+			svcRes:   clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -1110,11 +1109,11 @@ func TestUpdateClient(t *testing.T) {
 			token:           validToken,
 			updateClientReq: updateClientReq,
 			svcReq:          convertClient(updateClientReq),
-			svcRes: mgthings.Client{
+			svcRes: clients.Client{
 				Name:        updatedClient.Name,
 				Tags:        updatedClient.Tags,
-				Credentials: mgthings.Credentials(updatedClient.Credentials),
-				Metadata: mgthings.Metadata{
+				Credentials: clients.Credentials(updatedClient.Credentials),
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			},
@@ -1147,11 +1146,11 @@ func TestUpdateClientTags(t *testing.T) {
 	ts, tsvc, auth := setupClients()
 	defer ts.Close()
 
-	client := generateTestClient(t)
-	updatedClient := thing
+	sdkClient := generateTestClient(t)
+	updatedClient := sdkClient
 	updatedClient.Tags = []string{"newTag1", "newTag2"}
 	updateClientReq := sdk.Client{
-		ID:   thing.ID,
+		ID:   sdkClient.ID,
 		Tags: updatedClient.Tags,
 	}
 
@@ -1166,8 +1165,8 @@ func TestUpdateClientTags(t *testing.T) {
 		token           string
 		session         mgauthn.Session
 		updateClientReq sdk.Client
-		svcReq          mgthings.Client
-		svcRes          mgthings.Client
+		svcReq          clients.Client
+		svcRes          clients.Client
 		svcErr          error
 		authenticateErr error
 		response        sdk.Client
@@ -1190,7 +1189,7 @@ func TestUpdateClientTags(t *testing.T) {
 			token:           invalidToken,
 			updateClientReq: updateClientReq,
 			svcReq:          convertClient(updateClientReq),
-			svcRes:          mgthings.Client{},
+			svcRes:          clients.Client{},
 			authenticateErr: svcerr.ErrAuthorization,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
@@ -1201,7 +1200,7 @@ func TestUpdateClientTags(t *testing.T) {
 			token:           "",
 			updateClientReq: updateClientReq,
 			svcReq:          convertClient(updateClientReq),
-			svcRes:          mgthings.Client{},
+			svcRes:          clients.Client{},
 			svcErr:          nil,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -1218,7 +1217,7 @@ func TestUpdateClientTags(t *testing.T) {
 				ID:   wrongID,
 				Tags: updatedClient.Tags,
 			}),
-			svcRes:   mgthings.Client{},
+			svcRes:   clients.Client{},
 			svcErr:   svcerr.ErrUpdateEntity,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrUpdateEntity, http.StatusUnprocessableEntity),
@@ -1235,7 +1234,7 @@ func TestUpdateClientTags(t *testing.T) {
 				ID:   "",
 				Tags: updatedClient.Tags,
 			}),
-			svcRes:   mgthings.Client{},
+			svcRes:   clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrMissingID), http.StatusBadRequest),
@@ -1250,8 +1249,8 @@ func TestUpdateClientTags(t *testing.T) {
 					"test": make(chan int),
 				},
 			},
-			svcReq:   mgthings.Client{},
-			svcRes:   mgthings.Client{},
+			svcReq:   clients.Client{},
+			svcRes:   clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -1262,11 +1261,11 @@ func TestUpdateClientTags(t *testing.T) {
 			token:           validToken,
 			updateClientReq: updateClientReq,
 			svcReq:          convertClient(updateClientReq),
-			svcRes: mgthings.Client{
+			svcRes: clients.Client{
 				Name:        updatedClient.Name,
 				Tags:        updatedClient.Tags,
-				Credentials: mgthings.Credentials(updatedClient.Credentials),
-				Metadata: mgthings.Metadata{
+				Credentials: clients.Credentials(updatedClient.Credentials),
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			},
@@ -1299,9 +1298,9 @@ func TestUpdateClientSecret(t *testing.T) {
 	ts, tsvc, auth := setupClients()
 	defer ts.Close()
 
-	client := generateTestClient(t)
+	sdkClient := generateTestClient(t)
 	newSecret := generateUUID(t)
-	updatedClient := thing
+	updatedClient := sdkClient
 	updatedClient.Credentials.Secret = newSecret
 
 	conf := sdk.Config{
@@ -1316,7 +1315,7 @@ func TestUpdateClientSecret(t *testing.T) {
 		session         mgauthn.Session
 		clientID        string
 		newSecret       string
-		svcRes          mgthings.Client
+		svcRes          clients.Client
 		svcErr          error
 		authenticateErr error
 		response        sdk.Client
@@ -1326,7 +1325,7 @@ func TestUpdateClientSecret(t *testing.T) {
 			desc:      "update client secret successfully",
 			domainID:  domainID,
 			token:     validToken,
-			clientID:  thing.ID,
+			clientID:  sdkClient.ID,
 			newSecret: newSecret,
 			svcRes:    convertClient(updatedClient),
 			svcErr:    nil,
@@ -1337,9 +1336,9 @@ func TestUpdateClientSecret(t *testing.T) {
 			desc:            "update client secret with an invalid token",
 			domainID:        domainID,
 			token:           invalidToken,
-			clientID:        thing.ID,
+			clientID:        sdkClient.ID,
 			newSecret:       newSecret,
-			svcRes:          mgthings.Client{},
+			svcRes:          clients.Client{},
 			authenticateErr: svcerr.ErrAuthorization,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
@@ -1348,9 +1347,9 @@ func TestUpdateClientSecret(t *testing.T) {
 			desc:      "update client secret with empty token",
 			domainID:  domainID,
 			token:     "",
-			clientID:  thing.ID,
+			clientID:  sdkClient.ID,
 			newSecret: newSecret,
-			svcRes:    mgthings.Client{},
+			svcRes:    clients.Client{},
 			svcErr:    nil,
 			response:  sdk.Client{},
 			err:       errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -1361,7 +1360,7 @@ func TestUpdateClientSecret(t *testing.T) {
 			token:     validToken,
 			clientID:  wrongID,
 			newSecret: newSecret,
-			svcRes:    mgthings.Client{},
+			svcRes:    clients.Client{},
 			svcErr:    svcerr.ErrUpdateEntity,
 			response:  sdk.Client{},
 			err:       errors.NewSDKErrorWithStatus(svcerr.ErrUpdateEntity, http.StatusUnprocessableEntity),
@@ -1372,7 +1371,7 @@ func TestUpdateClientSecret(t *testing.T) {
 			token:     validToken,
 			clientID:  "",
 			newSecret: newSecret,
-			svcRes:    mgthings.Client{},
+			svcRes:    clients.Client{},
 			svcErr:    nil,
 			response:  sdk.Client{},
 			err:       errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrMissingID), http.StatusBadRequest),
@@ -1381,9 +1380,9 @@ func TestUpdateClientSecret(t *testing.T) {
 			desc:      "update client with empty new secret",
 			domainID:  domainID,
 			token:     validToken,
-			clientID:  thing.ID,
+			clientID:  sdkClient.ID,
 			newSecret: "",
-			svcRes:    mgthings.Client{},
+			svcRes:    clients.Client{},
 			svcErr:    nil,
 			response:  sdk.Client{},
 			err:       errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrMissingSecret), http.StatusBadRequest),
@@ -1392,13 +1391,13 @@ func TestUpdateClientSecret(t *testing.T) {
 			desc:      "update client secret with a response that can't be unmarshalled",
 			domainID:  domainID,
 			token:     validToken,
-			clientID:  thing.ID,
+			clientID:  sdkClient.ID,
 			newSecret: newSecret,
-			svcRes: mgthings.Client{
+			svcRes: clients.Client{
 				Name:        updatedClient.Name,
 				Tags:        updatedClient.Tags,
-				Credentials: mgthings.Credentials(updatedClient.Credentials),
-				Metadata: mgthings.Metadata{
+				Credentials: clients.Credentials(updatedClient.Credentials),
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			},
@@ -1432,8 +1431,8 @@ func TestEnableClient(t *testing.T) {
 	defer ts.Close()
 
 	client := generateTestClient(t)
-	enabledClient := thing
-	enabledClient.Status = mgthings.EnabledStatus.String()
+	enabledClient := client
+	enabledClient.Status = clients.EnabledStatus.String()
 
 	conf := sdk.Config{
 		ClientsURL: ts.URL,
@@ -1445,8 +1444,8 @@ func TestEnableClient(t *testing.T) {
 		domainID        string
 		token           string
 		session         mgauthn.Session
-		thingID         string
-		svcRes          mgthings.Client
+		clientID        string
+		svcRes          clients.Client
 		svcErr          error
 		authenticateErr error
 		response        sdk.Client
@@ -1456,7 +1455,7 @@ func TestEnableClient(t *testing.T) {
 			desc:     "enable client successfully",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  thing.ID,
+			clientID: client.ID,
 			svcRes:   convertClient(enabledClient),
 			svcErr:   nil,
 			response: enabledClient,
@@ -1466,8 +1465,8 @@ func TestEnableClient(t *testing.T) {
 			desc:            "enable client with an invalid token",
 			domainID:        domainID,
 			token:           invalidToken,
-			thingID:         thing.ID,
-			svcRes:          mgthings.Client{},
+			clientID:        client.ID,
+			svcRes:          clients.Client{},
 			authenticateErr: svcerr.ErrAuthorization,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
@@ -1476,8 +1475,8 @@ func TestEnableClient(t *testing.T) {
 			desc:     "enable client with an invalid client id",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  wrongID,
-			svcRes:   mgthings.Client{},
+			clientID: wrongID,
+			svcRes:   clients.Client{},
 			svcErr:   svcerr.ErrEnableClient,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrEnableClient, http.StatusUnprocessableEntity),
@@ -1486,8 +1485,8 @@ func TestEnableClient(t *testing.T) {
 			desc:     "enable client with empty client id",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  "",
-			svcRes:   mgthings.Client{},
+			clientID: "",
+			svcRes:   clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrMissingID), http.StatusBadRequest),
@@ -1496,12 +1495,12 @@ func TestEnableClient(t *testing.T) {
 			desc:     "enable client with a response that can't be unmarshalled",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  thing.ID,
-			svcRes: mgthings.Client{
+			clientID: client.ID,
+			svcRes: clients.Client{
 				Name:        enabledClient.Name,
 				Tags:        enabledClient.Tags,
-				Credentials: mgthings.Credentials(enabledClient.Credentials),
-				Metadata: mgthings.Metadata{
+				Credentials: clients.Credentials(enabledClient.Credentials),
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			},
@@ -1516,12 +1515,12 @@ func TestEnableClient(t *testing.T) {
 				tc.session = mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}
 			}
 			authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr)
-			svcCall := tsvc.On("Enable", mock.Anything, tc.session, tc.thingID).Return(tc.svcRes, tc.svcErr)
-			resp, err := mgsdk.EnableClient(tc.thingID, tc.domainID, tc.token)
+			svcCall := tsvc.On("Enable", mock.Anything, tc.session, tc.clientID).Return(tc.svcRes, tc.svcErr)
+			resp, err := mgsdk.EnableClient(tc.clientID, tc.domainID, tc.token)
 			assert.Equal(t, tc.err, err)
 			assert.Equal(t, tc.response, resp)
 			if tc.err == nil {
-				ok := svcCall.Parent.AssertCalled(t, "Enable", mock.Anything, tc.session, tc.thingID)
+				ok := svcCall.Parent.AssertCalled(t, "Enable", mock.Anything, tc.session, tc.clientID)
 				assert.True(t, ok)
 			}
 			svcCall.Unset()
@@ -1535,8 +1534,8 @@ func TestDisableClient(t *testing.T) {
 	defer ts.Close()
 
 	client := generateTestClient(t)
-	disabledClient := thing
-	disabledClient.Status = mgthings.DisabledStatus.String()
+	disabledClient := client
+	disabledClient.Status = clients.DisabledStatus.String()
 
 	conf := sdk.Config{
 		ClientsURL: ts.URL,
@@ -1548,8 +1547,8 @@ func TestDisableClient(t *testing.T) {
 		domainID        string
 		token           string
 		session         mgauthn.Session
-		thingID         string
-		svcRes          mgthings.Client
+		clientID        string
+		svcRes          clients.Client
 		svcErr          error
 		authenticateErr error
 		response        sdk.Client
@@ -1559,7 +1558,7 @@ func TestDisableClient(t *testing.T) {
 			desc:     "disable client successfully",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  thing.ID,
+			clientID: client.ID,
 			svcRes:   convertClient(disabledClient),
 			svcErr:   nil,
 			response: disabledClient,
@@ -1569,8 +1568,8 @@ func TestDisableClient(t *testing.T) {
 			desc:            "disable client with an invalid token",
 			domainID:        domainID,
 			token:           invalidToken,
-			thingID:         thing.ID,
-			svcRes:          mgthings.Client{},
+			clientID:        client.ID,
+			svcRes:          clients.Client{},
 			authenticateErr: svcerr.ErrAuthorization,
 			response:        sdk.Client{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
@@ -1579,8 +1578,8 @@ func TestDisableClient(t *testing.T) {
 			desc:     "disable client with an invalid client id",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  wrongID,
-			svcRes:   mgthings.Client{},
+			clientID: wrongID,
+			svcRes:   clients.Client{},
 			svcErr:   svcerr.ErrDisableClient,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrDisableClient, http.StatusInternalServerError),
@@ -1589,8 +1588,8 @@ func TestDisableClient(t *testing.T) {
 			desc:     "disable client with empty client id",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  "",
-			svcRes:   mgthings.Client{},
+			clientID: "",
+			svcRes:   clients.Client{},
 			svcErr:   nil,
 			response: sdk.Client{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrMissingID), http.StatusBadRequest),
@@ -1599,12 +1598,12 @@ func TestDisableClient(t *testing.T) {
 			desc:     "disable client with a response that can't be unmarshalled",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  thing.ID,
-			svcRes: mgthings.Client{
+			clientID: client.ID,
+			svcRes: clients.Client{
 				Name:        disabledClient.Name,
 				Tags:        disabledClient.Tags,
-				Credentials: mgthings.Credentials(disabledClient.Credentials),
-				Metadata: mgthings.Metadata{
+				Credentials: clients.Credentials(disabledClient.Credentials),
+				Metadata: clients.Metadata{
 					"test": make(chan int),
 				},
 			},
@@ -1619,12 +1618,12 @@ func TestDisableClient(t *testing.T) {
 				tc.session = mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}
 			}
 			authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr)
-			svcCall := tsvc.On("Disable", mock.Anything, tc.session, tc.thingID).Return(tc.svcRes, tc.svcErr)
-			resp, err := mgsdk.DisableClient(tc.thingID, tc.domainID, tc.token)
+			svcCall := tsvc.On("Disable", mock.Anything, tc.session, tc.clientID).Return(tc.svcRes, tc.svcErr)
+			resp, err := mgsdk.DisableClient(tc.clientID, tc.domainID, tc.token)
 			assert.Equal(t, tc.err, err)
 			assert.Equal(t, tc.response, resp)
 			if tc.err == nil {
-				ok := svcCall.Parent.AssertCalled(t, "Disable", mock.Anything, tc.session, tc.thingID)
+				ok := svcCall.Parent.AssertCalled(t, "Disable", mock.Anything, tc.session, tc.clientID)
 				assert.True(t, ok)
 			}
 			svcCall.Unset()
@@ -1649,7 +1648,7 @@ func TestShareClient(t *testing.T) {
 		domainID        string
 		token           string
 		session         mgauthn.Session
-		thingID         string
+		clientID        string
 		shareReq        sdk.UsersRelationRequest
 		authenticateErr error
 		svcErr          error
@@ -1659,7 +1658,7 @@ func TestShareClient(t *testing.T) {
 			desc:     "share client successfully",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  thing.ID,
+			clientID: client.ID,
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: policies.EditorRelation,
@@ -1671,7 +1670,7 @@ func TestShareClient(t *testing.T) {
 			desc:     "share client with an invalid token",
 			domainID: domainID,
 			token:    invalidToken,
-			thingID:  thing.ID,
+			clientID: client.ID,
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: policies.EditorRelation,
@@ -1683,7 +1682,7 @@ func TestShareClient(t *testing.T) {
 			desc:     "share client with empty token",
 			domainID: domainID,
 			token:    "",
-			thingID:  thing.ID,
+			clientID: client.ID,
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: policies.EditorRelation,
@@ -1695,7 +1694,7 @@ func TestShareClient(t *testing.T) {
 			desc:     "share client with an invalid client id",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  wrongID,
+			clientID: wrongID,
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: policies.EditorRelation,
@@ -1707,7 +1706,7 @@ func TestShareClient(t *testing.T) {
 			desc:     "share client with empty client id",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  "",
+			clientID: "",
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: policies.EditorRelation,
@@ -1719,7 +1718,7 @@ func TestShareClient(t *testing.T) {
 			desc:     "share client with empty relation",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  thing.ID,
+			clientID: client.ID,
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: "",
@@ -1734,11 +1733,11 @@ func TestShareClient(t *testing.T) {
 				tc.session = mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}
 			}
 			authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr)
-			svcCall := tsvc.On("Share", mock.Anything, tc.session, tc.thingID, tc.shareReq.Relation, tc.shareReq.UserIDs[0]).Return(tc.svcErr)
-			err := mgsdk.ShareClient(tc.thingID, tc.shareReq, tc.domainID, tc.token)
+			svcCall := tsvc.On("Share", mock.Anything, tc.session, tc.clientID, tc.shareReq.Relation, tc.shareReq.UserIDs[0]).Return(tc.svcErr)
+			err := mgsdk.ShareClient(tc.clientID, tc.shareReq, tc.domainID, tc.token)
 			assert.Equal(t, tc.err, err)
 			if tc.err == nil {
-				ok := svcCall.Parent.AssertCalled(t, "Share", mock.Anything, tc.session, tc.thingID, tc.shareReq.Relation, tc.shareReq.UserIDs[0])
+				ok := svcCall.Parent.AssertCalled(t, "Share", mock.Anything, tc.session, tc.clientID, tc.shareReq.Relation, tc.shareReq.UserIDs[0])
 				assert.True(t, ok)
 			}
 			svcCall.Unset()
@@ -1763,7 +1762,7 @@ func TestUnshareClient(t *testing.T) {
 		domainID        string
 		token           string
 		session         mgauthn.Session
-		thingID         string
+		clientID        string
 		shareReq        sdk.UsersRelationRequest
 		authenticateErr error
 		svcErr          error
@@ -1773,7 +1772,7 @@ func TestUnshareClient(t *testing.T) {
 			desc:     "unshare client successfully",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  thing.ID,
+			clientID: client.ID,
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: policies.EditorRelation,
@@ -1785,7 +1784,7 @@ func TestUnshareClient(t *testing.T) {
 			desc:     "unshare client with an invalid token",
 			domainID: domainID,
 			token:    invalidToken,
-			thingID:  thing.ID,
+			clientID: client.ID,
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: policies.EditorRelation,
@@ -1797,7 +1796,7 @@ func TestUnshareClient(t *testing.T) {
 			desc:     "unshare client with empty token",
 			domainID: domainID,
 			token:    "",
-			thingID:  thing.ID,
+			clientID: client.ID,
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: policies.EditorRelation,
@@ -1808,7 +1807,7 @@ func TestUnshareClient(t *testing.T) {
 			desc:     "unshare client with an invalid client id",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  wrongID,
+			clientID: wrongID,
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: policies.EditorRelation,
@@ -1820,7 +1819,7 @@ func TestUnshareClient(t *testing.T) {
 			desc:     "unshare client with empty client id",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  "",
+			clientID: "",
 			shareReq: sdk.UsersRelationRequest{
 				UserIDs:  []string{validID},
 				Relation: policies.EditorRelation,
@@ -1835,11 +1834,11 @@ func TestUnshareClient(t *testing.T) {
 				tc.session = mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}
 			}
 			authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr)
-			svcCall := tsvc.On("Unshare", mock.Anything, tc.session, tc.thingID, tc.shareReq.Relation, tc.shareReq.UserIDs[0]).Return(tc.svcErr)
-			err := mgsdk.UnshareClient(tc.thingID, tc.shareReq, tc.domainID, tc.token)
+			svcCall := tsvc.On("Unshare", mock.Anything, tc.session, tc.clientID, tc.shareReq.Relation, tc.shareReq.UserIDs[0]).Return(tc.svcErr)
+			err := mgsdk.UnshareClient(tc.clientID, tc.shareReq, tc.domainID, tc.token)
 			assert.Equal(t, tc.err, err)
 			if tc.err == nil {
-				ok := svcCall.Parent.AssertCalled(t, "Unshare", mock.Anything, tc.session, tc.thingID, tc.shareReq.Relation, tc.shareReq.UserIDs[0])
+				ok := svcCall.Parent.AssertCalled(t, "Unshare", mock.Anything, tc.session, tc.clientID, tc.shareReq.Relation, tc.shareReq.UserIDs[0])
 				assert.True(t, ok)
 			}
 			svcCall.Unset()
@@ -1864,7 +1863,7 @@ func TestDeleteClient(t *testing.T) {
 		domainID        string
 		token           string
 		session         mgauthn.Session
-		thingID         string
+		clientID        string
 		svcErr          error
 		authenticateErr error
 		err             errors.SDKError
@@ -1873,7 +1872,7 @@ func TestDeleteClient(t *testing.T) {
 			desc:     "delete client successfully",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  thing.ID,
+			clientID: client.ID,
 			svcErr:   nil,
 			err:      nil,
 		},
@@ -1881,7 +1880,7 @@ func TestDeleteClient(t *testing.T) {
 			desc:            "delete client with an invalid token",
 			domainID:        domainID,
 			token:           invalidToken,
-			thingID:         thing.ID,
+			clientID:        client.ID,
 			authenticateErr: svcerr.ErrAuthorization,
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
 		},
@@ -1889,7 +1888,7 @@ func TestDeleteClient(t *testing.T) {
 			desc:     "delete client with empty token",
 			domainID: domainID,
 			token:    "",
-			thingID:  thing.ID,
+			clientID: client.ID,
 			svcErr:   svcerr.ErrAuthentication,
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
 		},
@@ -1897,7 +1896,7 @@ func TestDeleteClient(t *testing.T) {
 			desc:     "delete client with an invalid client id",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  wrongID,
+			clientID: wrongID,
 			svcErr:   svcerr.ErrRemoveEntity,
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrRemoveEntity, http.StatusUnprocessableEntity),
 		},
@@ -1905,7 +1904,7 @@ func TestDeleteClient(t *testing.T) {
 			desc:     "delete client with empty client id",
 			domainID: domainID,
 			token:    validToken,
-			thingID:  "",
+			clientID: "",
 			svcErr:   nil,
 			err:      errors.NewSDKError(apiutil.ErrMissingID),
 		},
@@ -1916,11 +1915,11 @@ func TestDeleteClient(t *testing.T) {
 				tc.session = mgauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}
 			}
 			authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr)
-			svcCall := tsvc.On("Delete", mock.Anything, tc.session, tc.thingID).Return(tc.svcErr)
-			err := mgsdk.DeleteClient(tc.thingID, tc.domainID, tc.token)
+			svcCall := tsvc.On("Delete", mock.Anything, tc.session, tc.clientID).Return(tc.svcErr)
+			err := mgsdk.DeleteClient(tc.clientID, tc.domainID, tc.token)
 			assert.Equal(t, tc.err, err)
 			if tc.err == nil {
-				ok := svcCall.Parent.AssertCalled(t, "Delete", mock.Anything, tc.session, tc.thingID)
+				ok := svcCall.Parent.AssertCalled(t, "Delete", mock.Anything, tc.session, tc.clientID)
 				assert.True(t, ok)
 			}
 			svcCall.Unset()
@@ -1933,14 +1932,14 @@ func TestListUserClients(t *testing.T) {
 	ts, tsvc, auth := setupClients()
 	defer ts.Close()
 
-	var clients []sdk.Client
+	var sdkClients []sdk.Client
 	for i := 10; i < 100; i++ {
 		c := generateTestClient(t)
 		if i == 50 {
-			c.Status = mgthings.DisabledStatus.String()
+			c.Status = clients.DisabledStatus.String()
 			c.Tags = []string{"tag1", "tag2"}
 		}
-		clients = append(clients, c)
+		sdkClients = append(sdkClients, c)
 	}
 
 	conf := sdk.Config{
@@ -1954,8 +1953,8 @@ func TestListUserClients(t *testing.T) {
 		session         mgauthn.Session
 		userID          string
 		pageMeta        sdk.PageMetadata
-		svcReq          mgthings.Page
-		svcRes          mgthings.ClientsPage
+		svcReq          clients.Page
+		svcRes          clients.ClientsPage
 		svcErr          error
 		authenticateErr error
 		response        sdk.ClientsPage
@@ -1970,26 +1969,26 @@ func TestListUserClients(t *testing.T) {
 				Limit:    100,
 				DomainID: domainID,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 			},
-			svcRes: mgthings.ClientsPage{
-				Page: mgthings.Page{
+			svcRes: clients.ClientsPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
-					Total:  uint64(len(clients)),
+					Total:  uint64(len(sdkClients)),
 				},
-				Clients: convertClients(clients...),
+				Clients: convertClients(sdkClients...),
 			},
 			svcErr: nil,
 			response: sdk.ClientsPage{
 				PageRes: sdk.PageRes{
 					Limit: 100,
-					Total: uint64(len(clients)),
+					Total: uint64(len(sdkClients)),
 				},
-				Clients: clients,
+				Clients: sdkClients,
 			},
 		},
 		{
@@ -2001,12 +2000,12 @@ func TestListUserClients(t *testing.T) {
 				Limit:    100,
 				DomainID: domainID,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 			},
-			svcRes:          mgthings.ClientsPage{},
+			svcRes:          clients.ClientsPage{},
 			authenticateErr: svcerr.ErrAuthentication,
 			response:        sdk.ClientsPage{},
 			err:             errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -2020,8 +2019,8 @@ func TestListUserClients(t *testing.T) {
 				Limit:    1000,
 				DomainID: domainID,
 			},
-			svcReq:   mgthings.Page{},
-			svcRes:   mgthings.ClientsPage{},
+			svcReq:   clients.Page{},
+			svcRes:   clients.ClientsPage{},
 			svcErr:   nil,
 			response: sdk.ClientsPage{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrLimitSize), http.StatusBadRequest),
@@ -2036,8 +2035,8 @@ func TestListUserClients(t *testing.T) {
 				Name:     strings.Repeat("a", 1025),
 				DomainID: domainID,
 			},
-			svcReq:   mgthings.Page{},
-			svcRes:   mgthings.ClientsPage{},
+			svcReq:   clients.Page{},
+			svcRes:   clients.ClientsPage{},
 			svcErr:   nil,
 			response: sdk.ClientsPage{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrNameSize), http.StatusBadRequest),
@@ -2049,22 +2048,22 @@ func TestListUserClients(t *testing.T) {
 			pageMeta: sdk.PageMetadata{
 				Offset:   0,
 				Limit:    100,
-				Status:   mgthings.DisabledStatus.String(),
+				Status:   clients.DisabledStatus.String(),
 				DomainID: domainID,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
-				Status:     mgthings.DisabledStatus,
+				Status:     clients.DisabledStatus,
 			},
-			svcRes: mgthings.ClientsPage{
-				Page: mgthings.Page{
+			svcRes: clients.ClientsPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
 					Total:  1,
 				},
-				Clients: convertClients(clients[50]),
+				Clients: convertClients(sdkClients[50]),
 			},
 			svcErr: nil,
 			response: sdk.ClientsPage{
@@ -2072,7 +2071,7 @@ func TestListUserClients(t *testing.T) {
 					Limit: 100,
 					Total: 1,
 				},
-				Clients: []sdk.Client{clients[50]},
+				Clients: []sdk.Client{sdkClients[50]},
 			},
 			err: nil,
 		},
@@ -2086,19 +2085,19 @@ func TestListUserClients(t *testing.T) {
 				Tag:      "tag1",
 				DomainID: domainID,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 				Tag:        "tag1",
 			},
-			svcRes: mgthings.ClientsPage{
-				Page: mgthings.Page{
+			svcRes: clients.ClientsPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
 					Total:  1,
 				},
-				Clients: convertClients(clients[50]),
+				Clients: convertClients(sdkClients[50]),
 			},
 			svcErr: nil,
 			response: sdk.ClientsPage{
@@ -2106,7 +2105,7 @@ func TestListUserClients(t *testing.T) {
 					Limit: 100,
 					Total: 1,
 				},
-				Clients: []sdk.Client{clients[50]},
+				Clients: []sdk.Client{sdkClients[50]},
 			},
 			err: nil,
 		},
@@ -2122,8 +2121,8 @@ func TestListUserClients(t *testing.T) {
 				},
 				DomainID: domainID,
 			},
-			svcReq:   mgthings.Page{},
-			svcRes:   mgthings.ClientsPage{},
+			svcReq:   clients.Page{},
+			svcRes:   clients.ClientsPage{},
 			svcErr:   nil,
 			response: sdk.ClientsPage{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -2136,22 +2135,22 @@ func TestListUserClients(t *testing.T) {
 				Limit:    100,
 				DomainID: domainID,
 			},
-			svcReq: mgthings.Page{
+			svcReq: clients.Page{
 				Offset:     0,
 				Limit:      100,
 				Permission: policies.ViewPermission,
 			},
-			svcRes: mgthings.ClientsPage{
-				Page: mgthings.Page{
+			svcRes: clients.ClientsPage{
+				Page: clients.Page{
 					Offset: 0,
 					Limit:  100,
 					Total:  1,
 				},
-				Clients: []mgthings.Client{{
-					Name:        clients[0].Name,
-					Tags:        clients[0].Tags,
-					Credentials: mgthings.Credentials(clients[0].Credentials),
-					Metadata: mgthings.Metadata{
+				Clients: []clients.Client{{
+					Name:        sdkClients[0].Name,
+					Tags:        sdkClients[0].Tags,
+					Credentials: clients.Credentials(sdkClients[0].Credentials),
+					Metadata: clients.Metadata{
 						"test": make(chan int),
 					},
 				}},
@@ -2189,12 +2188,12 @@ func generateTestClient(t *testing.T) sdk.Client {
 		ID:   testsutil.GenerateUUID(t),
 		Name: "clientname",
 		Credentials: sdk.ClientCredentials{
-			Identity: "thing@example.com",
+			Identity: "client@example.com",
 			Secret:   generateUUID(t),
 		},
 		Tags:      []string{"tag1", "tag2"},
 		Metadata:  validMetadata,
-		Status:    mgthings.EnabledStatus.String(),
+		Status:    clients.EnabledStatus.String(),
 		CreatedAt: createdAt,
 		UpdatedAt: updatedAt,
 	}
diff --git a/pkg/sdk/go/domains_test.go b/pkg/sdk/go/domains_test.go
index b9bf0c162a..59ebb3c2c7 100644
--- a/pkg/sdk/go/domains_test.go
+++ b/pkg/sdk/go/domains_test.go
@@ -10,13 +10,14 @@ import (
 	"testing"
 	"time"
 
-	"github.com/absmach/magistrala/auth"
-	authmocks "github.com/absmach/magistrala/auth/mocks"
+	"github.com/absmach/magistrala/domains"
 	httpapi "github.com/absmach/magistrala/domains/api/http"
+	"github.com/absmach/magistrala/domains/mocks"
 	internalapi "github.com/absmach/magistrala/internal/api"
 	"github.com/absmach/magistrala/internal/testsutil"
 	mglog "github.com/absmach/magistrala/logger"
 	"github.com/absmach/magistrala/pkg/apiutil"
+	authnmocks "github.com/absmach/magistrala/pkg/authn/mocks"
 	"github.com/absmach/magistrala/pkg/errors"
 	svcerr "github.com/absmach/magistrala/pkg/errors/service"
 	policies "github.com/absmach/magistrala/pkg/policies"
@@ -28,7 +29,7 @@ import (
 
 var (
 	authDomain, sdkDomain = generateTestDomain(&testing.T{})
-	authDomainReq         = auth.Domain{
+	authDomainReq         = domains.Domain{
 		Name:     authDomain.Name,
 		Metadata: authDomain.Metadata,
 		Tags:     authDomain.Tags,
@@ -43,12 +44,13 @@ var (
 	updatedDomianName = "updated-domain"
 )
 
-func setupDomains() (*httptest.Server, *authmocks.Service) {
-	svc := new(authmocks.Service)
+func setupDomains() (*httptest.Server, *mocks.Service) {
+	svc := new(mocks.Service)
 	logger := mglog.NewMock()
 	mux := chi.NewRouter()
+	authn := new(authnmocks.Authentication)
 
-	mux = httpapi.MakeHandler(svc, mux, logger)
+	mux = httpapi.MakeHandler(svc, authn, mux, logger, "")
 	return httptest.NewServer(mux), svc
 }
 
@@ -67,8 +69,8 @@ func TestCreateDomain(t *testing.T) {
 		desc     string
 		token    string
 		domain   sdk.Domain
-		svcReq   auth.Domain
-		svcRes   auth.Domain
+		svcReq   domains.Domain
+		svcRes   domains.Domain
 		svcErr   error
 		response sdk.Domain
 		err      error
@@ -88,7 +90,7 @@ func TestCreateDomain(t *testing.T) {
 			token:    invalidToken,
 			domain:   sdkDomainReq,
 			svcReq:   authDomainReq,
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   svcerr.ErrAuthentication,
 			response: sdk.Domain{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -98,7 +100,7 @@ func TestCreateDomain(t *testing.T) {
 			token:    "",
 			domain:   sdkDomainReq,
 			svcReq:   authDomainReq,
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			response: sdk.Domain{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -112,8 +114,8 @@ func TestCreateDomain(t *testing.T) {
 				Tags:     sdkDomain.Tags,
 				Alias:    sdkDomain.Alias,
 			},
-			svcReq:   auth.Domain{},
-			svcRes:   auth.Domain{},
+			svcReq:   domains.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			response: sdk.Domain{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrMissingName, http.StatusBadRequest),
@@ -127,8 +129,8 @@ func TestCreateDomain(t *testing.T) {
 					"key": make(chan int),
 				},
 			},
-			svcReq:   auth.Domain{},
-			svcRes:   auth.Domain{},
+			svcReq:   domains.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			response: sdk.Domain{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -138,10 +140,10 @@ func TestCreateDomain(t *testing.T) {
 			token:  validToken,
 			domain: sdkDomainReq,
 			svcReq: authDomainReq,
-			svcRes: auth.Domain{
+			svcRes: domains.Domain{
 				ID:   authDomain.ID,
 				Name: authDomain.Name,
-				Metadata: auth.Metadata{
+				Metadata: domains.Metadata{
 					"key": make(chan int),
 				},
 			},
@@ -186,7 +188,7 @@ func TestUpdateDomain(t *testing.T) {
 		token    string
 		domainID string
 		domain   sdk.Domain
-		svcRes   auth.Domain
+		svcRes   domains.Domain
 		svcErr   error
 		response sdk.Domain
 		err      error
@@ -212,7 +214,7 @@ func TestUpdateDomain(t *testing.T) {
 				ID:   sdkDomain.ID,
 				Name: updatedDomianName,
 			},
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   svcerr.ErrAuthentication,
 			response: sdk.Domain{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -225,7 +227,7 @@ func TestUpdateDomain(t *testing.T) {
 				ID:   sdkDomain.ID,
 				Name: updatedDomianName,
 			},
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			response: sdk.Domain{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -238,7 +240,7 @@ func TestUpdateDomain(t *testing.T) {
 				ID:   wrongID,
 				Name: updatedDomianName,
 			},
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   svcerr.ErrAuthorization,
 			response: sdk.Domain{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
@@ -250,7 +252,7 @@ func TestUpdateDomain(t *testing.T) {
 			domain: sdk.Domain{
 				Name: sdkDomain.Name,
 			},
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			response: sdk.Domain{},
 			err:      errors.NewSDKError(apiutil.ErrMissingID),
@@ -266,7 +268,7 @@ func TestUpdateDomain(t *testing.T) {
 					"key": make(chan int),
 				},
 			},
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			response: sdk.Domain{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -279,10 +281,10 @@ func TestUpdateDomain(t *testing.T) {
 				ID:   sdkDomain.ID,
 				Name: sdkDomain.Name,
 			},
-			svcRes: auth.Domain{
+			svcRes: domains.Domain{
 				ID:   authDomain.ID,
 				Name: authDomain.Name,
-				Metadata: auth.Metadata{
+				Metadata: domains.Metadata{
 					"key": make(chan int),
 				},
 			},
@@ -321,7 +323,7 @@ func TestViewDomain(t *testing.T) {
 		desc     string
 		token    string
 		domainID string
-		svcRes   auth.Domain
+		svcRes   domains.Domain
 		svcErr   error
 		response sdk.Domain
 		err      error
@@ -339,7 +341,7 @@ func TestViewDomain(t *testing.T) {
 			desc:     "view domain with invalid token",
 			token:    invalidToken,
 			domainID: sdkDomain.ID,
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   svcerr.ErrAuthentication,
 			response: sdk.Domain{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -348,7 +350,7 @@ func TestViewDomain(t *testing.T) {
 			desc:     "view domain with empty token",
 			token:    "",
 			domainID: sdkDomain.ID,
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			response: sdk.Domain{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -357,7 +359,7 @@ func TestViewDomain(t *testing.T) {
 			desc:     "view domain with invalid domain ID",
 			token:    validToken,
 			domainID: wrongID,
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   svcerr.ErrAuthorization,
 			response: sdk.Domain{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden),
@@ -366,7 +368,7 @@ func TestViewDomain(t *testing.T) {
 			desc:     "view domain with empty id",
 			token:    validToken,
 			domainID: "",
-			svcRes:   auth.Domain{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			response: sdk.Domain{},
 			err:      errors.NewSDKError(apiutil.ErrMissingID),
@@ -375,10 +377,10 @@ func TestViewDomain(t *testing.T) {
 			desc:     "view domain with response that cannot be unmarshalled",
 			token:    validToken,
 			domainID: sdkDomain.ID,
-			svcRes: auth.Domain{
+			svcRes: domains.Domain{
 				ID:   authDomain.ID,
 				Name: authDomain.Name,
-				Metadata: auth.Metadata{
+				Metadata: domains.Metadata{
 					"key": make(chan int),
 				},
 			},
@@ -500,8 +502,8 @@ func TestListDomians(t *testing.T) {
 		desc     string
 		token    string
 		pageMeta sdk.PageMetadata
-		svcReq   auth.Page
-		svcRes   auth.DomainsPage
+		svcReq   domains.Page
+		svcRes   domains.DomainsPage
 		svcErr   error
 		response sdk.DomainsPage
 		err      error
@@ -513,15 +515,15 @@ func TestListDomians(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq: auth.Page{
+			svcReq: domains.Page{
 				Offset: 0,
 				Limit:  10,
 				Order:  internalapi.DefOrder,
 				Dir:    internalapi.DefDir,
 			},
-			svcRes: auth.DomainsPage{
+			svcRes: domains.DomainsPage{
 				Total:   1,
-				Domains: []auth.Domain{authDomain},
+				Domains: []domains.Domain{authDomain},
 			},
 			svcErr: nil,
 			response: sdk.DomainsPage{
@@ -539,13 +541,13 @@ func TestListDomians(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq: auth.Page{
+			svcReq: domains.Page{
 				Offset: 0,
 				Limit:  10,
 				Order:  internalapi.DefOrder,
 				Dir:    internalapi.DefDir,
 			},
-			svcRes:   auth.DomainsPage{},
+			svcRes:   domains.DomainsPage{},
 			svcErr:   svcerr.ErrAuthentication,
 			response: sdk.DomainsPage{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -557,8 +559,8 @@ func TestListDomians(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq:   auth.Page{},
-			svcRes:   auth.DomainsPage{},
+			svcReq:   domains.Page{},
+			svcRes:   domains.DomainsPage{},
 			svcErr:   nil,
 			response: sdk.DomainsPage{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrBearerToken), http.StatusUnauthorized),
@@ -573,8 +575,8 @@ func TestListDomians(t *testing.T) {
 					"key": make(chan int),
 				},
 			},
-			svcReq:   auth.Page{},
-			svcRes:   auth.DomainsPage{},
+			svcReq:   domains.Page{},
+			svcRes:   domains.DomainsPage{},
 			svcErr:   nil,
 			response: sdk.DomainsPage{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -586,17 +588,17 @@ func TestListDomians(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq: auth.Page{
+			svcReq: domains.Page{
 				Offset: 0,
 				Limit:  10,
 				Order:  internalapi.DefOrder,
 				Dir:    internalapi.DefDir,
 			},
-			svcRes: auth.DomainsPage{
+			svcRes: domains.DomainsPage{
 				Total: 1,
-				Domains: []auth.Domain{{
+				Domains: []domains.Domain{{
 					Name:     authDomain.Name,
-					Metadata: auth.Metadata{"key": make(chan int)},
+					Metadata: domains.Metadata{"key": make(chan int)},
 				}},
 			},
 			svcErr:   nil,
@@ -635,8 +637,8 @@ func TestListUserDomains(t *testing.T) {
 		token    string
 		userID   string
 		pageMeta sdk.PageMetadata
-		svcReq   auth.Page
-		svcRes   auth.DomainsPage
+		svcReq   domains.Page
+		svcRes   domains.DomainsPage
 		svcErr   error
 		response sdk.DomainsPage
 		err      error
@@ -649,15 +651,15 @@ func TestListUserDomains(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq: auth.Page{
+			svcReq: domains.Page{
 				Offset: 0,
 				Limit:  10,
 				Order:  internalapi.DefOrder,
 				Dir:    internalapi.DefDir,
 			},
-			svcRes: auth.DomainsPage{
+			svcRes: domains.DomainsPage{
 				Total:   1,
-				Domains: []auth.Domain{authDomain},
+				Domains: []domains.Domain{authDomain},
 			},
 			svcErr: nil,
 			response: sdk.DomainsPage{
@@ -676,13 +678,13 @@ func TestListUserDomains(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq: auth.Page{
+			svcReq: domains.Page{
 				Offset: 0,
 				Limit:  10,
 				Order:  internalapi.DefOrder,
 				Dir:    internalapi.DefDir,
 			},
-			svcRes:   auth.DomainsPage{},
+			svcRes:   domains.DomainsPage{},
 			svcErr:   svcerr.ErrAuthentication,
 			response: sdk.DomainsPage{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -695,8 +697,8 @@ func TestListUserDomains(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq:   auth.Page{},
-			svcRes:   auth.DomainsPage{},
+			svcReq:   domains.Page{},
+			svcRes:   domains.DomainsPage{},
 			svcErr:   nil,
 			response: sdk.DomainsPage{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
@@ -709,8 +711,8 @@ func TestListUserDomains(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq:   auth.Page{},
-			svcRes:   auth.DomainsPage{},
+			svcReq:   domains.Page{},
+			svcRes:   domains.DomainsPage{},
 			svcErr:   nil,
 			response: sdk.DomainsPage{},
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrMissingID, http.StatusBadRequest),
@@ -723,17 +725,17 @@ func TestListUserDomains(t *testing.T) {
 				Offset: 0,
 				Limit:  10,
 			},
-			svcReq: auth.Page{
+			svcReq: domains.Page{
 				Offset: 0,
 				Limit:  10,
 				Order:  internalapi.DefOrder,
 				Dir:    internalapi.DefDir,
 			},
-			svcRes: auth.DomainsPage{
+			svcRes: domains.DomainsPage{
 				Total: 1,
-				Domains: []auth.Domain{{
+				Domains: []domains.Domain{{
 					Name:     authDomain.Name,
-					Metadata: auth.Metadata{"key": make(chan int)},
+					Metadata: domains.Metadata{"key": make(chan int)},
 				}},
 			},
 			svcErr:   nil,
@@ -751,8 +753,8 @@ func TestListUserDomains(t *testing.T) {
 					"key": make(chan int),
 				},
 			},
-			svcReq:   auth.Page{},
-			svcRes:   auth.DomainsPage{},
+			svcReq:   domains.Page{},
+			svcRes:   domains.DomainsPage{},
 			svcErr:   nil,
 			response: sdk.DomainsPage{},
 			err:      errors.NewSDKError(errors.New("json: unsupported type: chan int")),
@@ -784,14 +786,14 @@ func TestEnableDomain(t *testing.T) {
 
 	mgsdk := sdk.NewSDK(sdkConf)
 
-	enable := auth.EnabledStatus
+	enable := domains.EnabledStatus
 
 	cases := []struct {
 		desc     string
 		token    string
 		domainID string
-		svcReq   auth.DomainReq
-		svcRes   auth.Domain
+		svcReq   domains.DomainReq
+		svcRes   domains.Domain
 		svcErr   error
 		err      error
 	}{
@@ -799,7 +801,7 @@ func TestEnableDomain(t *testing.T) {
 			desc:     "enable domain successfully",
 			token:    validToken,
 			domainID: sdkDomain.ID,
-			svcReq: auth.DomainReq{
+			svcReq: domains.DomainReq{
 				Status: &enable,
 			},
 			svcRes: authDomain,
@@ -810,10 +812,10 @@ func TestEnableDomain(t *testing.T) {
 			desc:     "enable domain with invalid token",
 			token:    invalidToken,
 			domainID: sdkDomain.ID,
-			svcReq: auth.DomainReq{
+			svcReq: domains.DomainReq{
 				Status: &enable,
 			},
-			svcRes: auth.Domain{},
+			svcRes: domains.Domain{},
 			svcErr: svcerr.ErrAuthentication,
 			err:    errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
 		},
@@ -821,8 +823,8 @@ func TestEnableDomain(t *testing.T) {
 			desc:     "enable domain with empty token",
 			token:    "",
 			domainID: sdkDomain.ID,
-			svcReq:   auth.DomainReq{},
-			svcRes:   auth.Domain{},
+			svcReq:   domains.DomainReq{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
 		},
@@ -830,8 +832,8 @@ func TestEnableDomain(t *testing.T) {
 			desc:     "enable domain with empty domain id",
 			token:    validToken,
 			domainID: "",
-			svcReq:   auth.DomainReq{},
-			svcRes:   auth.Domain{},
+			svcReq:   domains.DomainReq{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrMissingID, http.StatusBadRequest),
 		},
@@ -861,14 +863,14 @@ func TestDisableDomain(t *testing.T) {
 
 	mgsdk := sdk.NewSDK(sdkConf)
 
-	disable := auth.DisabledStatus
+	disable := domains.DisabledStatus
 
 	cases := []struct {
 		desc     string
 		token    string
 		domainID string
-		svcReq   auth.DomainReq
-		svcRes   auth.Domain
+		svcReq   domains.DomainReq
+		svcRes   domains.Domain
 		svcErr   error
 		err      error
 	}{
@@ -876,7 +878,7 @@ func TestDisableDomain(t *testing.T) {
 			desc:     "disable domain successfully",
 			token:    validToken,
 			domainID: sdkDomain.ID,
-			svcReq: auth.DomainReq{
+			svcReq: domains.DomainReq{
 				Status: &disable,
 			},
 			svcRes: authDomain,
@@ -887,10 +889,10 @@ func TestDisableDomain(t *testing.T) {
 			desc:     "disable domain with invalid token",
 			token:    invalidToken,
 			domainID: sdkDomain.ID,
-			svcReq: auth.DomainReq{
+			svcReq: domains.DomainReq{
 				Status: &disable,
 			},
-			svcRes: auth.Domain{},
+			svcRes: domains.Domain{},
 			svcErr: svcerr.ErrAuthentication,
 			err:    errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
 		},
@@ -898,8 +900,8 @@ func TestDisableDomain(t *testing.T) {
 			desc:     "disable domain with empty token",
 			token:    "",
 			domainID: sdkDomain.ID,
-			svcReq:   auth.DomainReq{},
-			svcRes:   auth.Domain{},
+			svcReq:   domains.DomainReq{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized),
 		},
@@ -907,8 +909,8 @@ func TestDisableDomain(t *testing.T) {
 			desc:     "disable domain with empty domain id",
 			token:    validToken,
 			domainID: "",
-			svcReq:   auth.DomainReq{},
-			svcRes:   auth.Domain{},
+			svcReq:   domains.DomainReq{},
+			svcRes:   domains.Domain{},
 			svcErr:   nil,
 			err:      errors.NewSDKErrorWithStatus(apiutil.ErrMissingID, http.StatusBadRequest),
 		},
@@ -1103,17 +1105,17 @@ func TestRemoveUserFromDomain(t *testing.T) {
 	}
 }
 
-func generateTestDomain(t *testing.T) (auth.Domain, sdk.Domain) {
+func generateTestDomain(t *testing.T) (domains.Domain, sdk.Domain) {
 	createdAt, err := time.Parse(time.RFC3339, "2024-04-01T00:00:00Z")
 	assert.Nil(t, err, fmt.Sprintf("Unexpected error parsing time: %s", err))
 	ownerID := testsutil.GenerateUUID(t)
-	ad := auth.Domain{
+	ad := domains.Domain{
 		ID:        testsutil.GenerateUUID(t),
 		Name:      "test-domain",
-		Metadata:  auth.Metadata(validMetadata),
+		Metadata:  domains.Metadata(validMetadata),
 		Tags:      []string{"tag1", "tag2"},
 		Alias:     "test-alias",
-		Status:    auth.EnabledStatus,
+		Status:    domains.EnabledStatus,
 		CreatedBy: ownerID,
 		CreatedAt: createdAt,
 		UpdatedBy: ownerID,
diff --git a/pkg/sdk/go/groups_test.go b/pkg/sdk/go/groups_test.go
index 0cf3fac032..3c0dec0fa6 100644
--- a/pkg/sdk/go/groups_test.go
+++ b/pkg/sdk/go/groups_test.go
@@ -11,8 +11,8 @@ import (
 	"testing"
 	"time"
 
-	authmocks "github.com/absmach/magistrala/auth/mocks"
 	"github.com/absmach/magistrala/groups"
+	httpapi "github.com/absmach/magistrala/groups/api/http"
 	"github.com/absmach/magistrala/groups/mocks"
 	"github.com/absmach/magistrala/internal/testsutil"
 	mglog "github.com/absmach/magistrala/logger"
@@ -24,8 +24,6 @@ import (
 	oauth2mocks "github.com/absmach/magistrala/pkg/oauth2/mocks"
 	policies "github.com/absmach/magistrala/pkg/policies"
 	sdk "github.com/absmach/magistrala/pkg/sdk/go"
-	"github.com/absmach/magistrala/users/api"
-	umocks "github.com/absmach/magistrala/users/mocks"
 	"github.com/go-chi/chi/v5"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
@@ -39,18 +37,16 @@ var (
 )
 
 func setupGroups() (*httptest.Server, *mocks.Service, *authnmocks.Authentication) {
-	usvc := new(umocks.Service)
-	gsvc := new(mocks.Service)
+	svc := new(mocks.Service)
 
 	logger := mglog.NewMock()
 	mux := chi.NewRouter()
 	provider := new(oauth2mocks.Provider)
 	provider.On("Name").Return("test")
 	authn := new(authnmocks.Authentication)
-	token := new(authmocks.TokenServiceClient)
-	api.MakeHandler(usvc, authn, token, true, gsvc, mux, logger, "", passRegex, provider)
+	httpapi.MakeHandler(svc, authn, mux, logger, "")
 
-	return httptest.NewServer(mux), gsvc, authn
+	return httptest.NewServer(mux), svc, authn
 }
 
 func TestCreateGroup(t *testing.T) {
@@ -327,8 +323,6 @@ func TestListGroups(t *testing.T) {
 					Offset: offset,
 					Limit:  100,
 				},
-				Permission: policies.ViewPermission,
-				Direction:  -1,
 			},
 			svcRes: groups.Page{
 				PageMeta: groups.PageMeta{
@@ -357,8 +351,6 @@ func TestListGroups(t *testing.T) {
 					Offset: offset,
 					Limit:  100,
 				},
-				Permission: policies.ViewPermission,
-				Direction:  -1,
 			},
 			svcRes:          groups.Page{},
 			authenticateErr: svcerr.ErrAuthentication,
@@ -392,8 +384,6 @@ func TestListGroups(t *testing.T) {
 					Offset: offset,
 					Limit:  10,
 				},
-				Permission: policies.ViewPermission,
-				Direction:  -1,
 			},
 			svcRes: groups.Page{
 				PageMeta: groups.PageMeta{
@@ -443,8 +433,6 @@ func TestListGroups(t *testing.T) {
 						"name": "user_89",
 					},
 				},
-				Permission: policies.ViewPermission,
-				Direction:  -1,
 			},
 			svcRes: groups.Page{
 				PageMeta: groups.PageMeta{
@@ -506,8 +494,6 @@ func TestListGroups(t *testing.T) {
 					Offset: offset,
 					Limit:  limit,
 				},
-				Permission: policies.ViewPermission,
-				Direction:  -1,
 			},
 			svcRes: groups.Page{
 				PageMeta: groups.PageMeta{
diff --git a/pkg/sdk/go/health_test.go b/pkg/sdk/go/health_test.go
index a771e90d1f..bff8b150b6 100644
--- a/pkg/sdk/go/health_test.go
+++ b/pkg/sdk/go/health_test.go
@@ -19,8 +19,8 @@ import (
 )
 
 func TestHealth(t *testing.T) {
-	thingsTs, _, _ := setupThings()
-	defer thingsTs.Close()
+	clientsTs, _, _ := setupClients()
+	defer clientsTs.Close()
 
 	usersTs, _, _ := setupUsers()
 	defer usersTs.Close()
@@ -38,7 +38,7 @@ func TestHealth(t *testing.T) {
 	defer httpAdapterTs.Close()
 
 	sdkConf := sdk.Config{
-		ClientsURL:      thingsTs.URL,
+		ClientsURL:      clientsTs.URL,
 		UsersURL:        usersTs.URL,
 		CertsURL:        certsTs.URL,
 		BootstrapURL:    bootstrapTs.URL,
diff --git a/pkg/sdk/go/message.go b/pkg/sdk/go/message.go
index 2dfdbd87dd..5b4d88eb0d 100644
--- a/pkg/sdk/go/message.go
+++ b/pkg/sdk/go/message.go
@@ -27,7 +27,7 @@ func (sdk mgSDK) SendMessage(chanName, msg, key string) errors.SDKError {
 
 	reqURL := fmt.Sprintf("%s/channels/%s/messages%s", sdk.httpAdapterURL, chanID, subtopicPart)
 
-	_, _, err := sdk.processRequest(http.MethodPost, reqURL, ThingPrefix+key, []byte(msg), nil, http.StatusAccepted)
+	_, _, err := sdk.processRequest(http.MethodPost, reqURL, ClientPrefix+key, []byte(msg), nil, http.StatusAccepted)
 
 	return err
 }
diff --git a/pkg/sdk/go/message_test.go b/pkg/sdk/go/message_test.go
index 0a2d7b70c9..8d2fad42c1 100644
--- a/pkg/sdk/go/message_test.go
+++ b/pkg/sdk/go/message_test.go
@@ -9,13 +9,14 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/absmach/magistrala"
+	chmocks "github.com/absmach/magistrala/channels/mocks"
 	climocks "github.com/absmach/magistrala/clients/mocks"
 	adapter "github.com/absmach/magistrala/http"
 	"github.com/absmach/magistrala/http/api"
+	grpcClientsV1 "github.com/absmach/magistrala/internal/grpc/clients/v1"
 	mglog "github.com/absmach/magistrala/logger"
 	"github.com/absmach/magistrala/pkg/apiutil"
-	authzmocks "github.com/absmach/magistrala/pkg/authz/mocks"
+	authnmocks "github.com/absmach/magistrala/pkg/authn/mocks"
 	"github.com/absmach/magistrala/pkg/errors"
 	svcerr "github.com/absmach/magistrala/pkg/errors/service"
 	pubsub "github.com/absmach/magistrala/pkg/messaging/mocks"
@@ -32,8 +33,10 @@ import (
 
 func setupMessages() (*httptest.Server, *climocks.ClientsServiceClient, *pubsub.PubSub) {
 	clients := new(climocks.ClientsServiceClient)
+	channels := new(chmocks.ChannelsServiceClient)
 	pub := new(pubsub.PubSub)
-	handler := adapter.NewHandler(pub, mglog.NewMock(), clients)
+	authn := new(authnmocks.Authentication)
+	handler := adapter.NewHandler(pub, authn, clients, channels, mglog.NewMock())
 
 	mux := api.MakeHandler(mglog.NewMock(), "")
 	target := httptest.NewServer(mux)
@@ -50,13 +53,14 @@ func setupMessages() (*httptest.Server, *climocks.ClientsServiceClient, *pubsub.
 	return httptest.NewServer(http.HandlerFunc(mp.ServeHTTP)), clients, pub
 }
 
-func setupReader() (*httptest.Server, *authzmocks.Authorization, *readersmocks.MessageRepository) {
+func setupReader() (*httptest.Server, *authnmocks.Authentication, *readersmocks.MessageRepository) {
 	repo := new(readersmocks.MessageRepository)
-	authz := new(authzmocks.Authorization)
+	authn := new(authnmocks.Authentication)
 	clients := new(climocks.ClientsServiceClient)
+	channels := new(chmocks.ChannelsServiceClient)
 
-	mux := readersapi.MakeHandler(repo, authz, clients, "test", "")
-	return httptest.NewServer(mux), authz, repo
+	mux := readersapi.MakeHandler(repo, authn, clients, channels, "test", "")
+	return httptest.NewServer(mux), authn, repo
 }
 
 func TestSendMessage(t *testing.T) {
@@ -64,7 +68,7 @@ func TestSendMessage(t *testing.T) {
 	defer ts.Close()
 
 	msg := `[{"n":"current","t":-1,"v":1.6}]`
-	thingKey := "thingKey"
+	clientKey := "clientKey"
 	channelID := "channelID"
 
 	sdkConf := sdk.Config{
@@ -76,81 +80,81 @@ func TestSendMessage(t *testing.T) {
 	mgsdk := sdk.NewSDK(sdkConf)
 
 	cases := []struct {
-		desc     string
-		chanName string
-		msg      string
-		thingKey string
-		authRes  *magistrala.ThingsAuthzRes
-		authErr  error
-		svcErr   error
-		err      errors.SDKError
+		desc      string
+		chanName  string
+		msg       string
+		clientKey string
+		authRes   *grpcClientsV1.AuthnRes
+		authErr   error
+		svcErr    error
+		err       errors.SDKError
 	}{
 		{
-			desc:     "publish message successfully",
-			chanName: channelID,
-			msg:      msg,
-			thingKey: thingKey,
-			authRes:  &magistrala.ThingsAuthzRes{Authorized: true, Id: ""},
-			authErr:  nil,
-			svcErr:   nil,
-			err:      nil,
+			desc:      "publish message successfully",
+			chanName:  channelID,
+			msg:       msg,
+			clientKey: clientKey,
+			authRes:   &grpcClientsV1.AuthnRes{Authenticated: true, Id: ""},
+			authErr:   nil,
+			svcErr:    nil,
+			err:       nil,
 		},
 		{
-			desc:     "publish message with empty client key",
-			chanName: channelID,
-			msg:      msg,
-			thingKey: "",
-			authRes:  &magistrala.ThingsAuthzRes{Authorized: false, Id: ""},
-			authErr:  svcerr.ErrAuthorization,
-			svcErr:   nil,
-			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusBadRequest),
+			desc:      "publish message with empty client key",
+			chanName:  channelID,
+			msg:       msg,
+			clientKey: "",
+			authRes:   &grpcClientsV1.AuthnRes{Authenticated: false, Id: ""},
+			authErr:   svcerr.ErrAuthorization,
+			svcErr:    nil,
+			err:       errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusBadRequest),
 		},
 		{
-			desc:     "publish message with invalid client key",
-			chanName: channelID,
-			msg:      msg,
-			thingKey: "invalid",
-			authRes:  &magistrala.ThingsAuthzRes{Authorized: false, Id: ""},
-			authErr:  svcerr.ErrAuthorization,
-			svcErr:   svcerr.ErrAuthorization,
-			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusBadRequest),
+			desc:      "publish message with invalid client key",
+			chanName:  channelID,
+			msg:       msg,
+			clientKey: "invalid",
+			authRes:   &grpcClientsV1.AuthnRes{Authenticated: false, Id: ""},
+			authErr:   svcerr.ErrAuthorization,
+			svcErr:    svcerr.ErrAuthorization,
+			err:       errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusBadRequest),
 		},
 		{
-			desc:     "publish message with invalid channel ID",
-			chanName: wrongID,
-			msg:      msg,
-			thingKey: thingKey,
-			authRes:  &magistrala.ThingsAuthzRes{Authorized: false, Id: ""},
-			authErr:  svcerr.ErrAuthorization,
-			svcErr:   svcerr.ErrAuthorization,
-			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusBadRequest),
+			desc:      "publish message with invalid channel ID",
+			chanName:  wrongID,
+			msg:       msg,
+			clientKey: clientKey,
+			authRes:   &grpcClientsV1.AuthnRes{Authenticated: false, Id: ""},
+			authErr:   svcerr.ErrAuthorization,
+			svcErr:    svcerr.ErrAuthorization,
+			err:       errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusBadRequest),
 		},
 		{
-			desc:     "publish message with empty message body",
-			chanName: channelID,
-			msg:      "",
-			thingKey: thingKey,
-			authRes:  &magistrala.ThingsAuthzRes{Authorized: true, Id: ""},
-			authErr:  nil,
-			svcErr:   nil,
-			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrEmptyMessage), http.StatusBadRequest),
+			desc:      "publish message with empty message body",
+			chanName:  channelID,
+			msg:       "",
+			clientKey: clientKey,
+			authRes:   &grpcClientsV1.AuthnRes{Authenticated: true, Id: ""},
+			authErr:   nil,
+			svcErr:    nil,
+			err:       errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrEmptyMessage), http.StatusBadRequest),
 		},
 		{
-			desc:     "publish message with channel subtopic",
-			chanName: channelID + ".subtopic",
-			msg:      msg,
-			thingKey: thingKey,
-			authRes:  &magistrala.ThingsAuthzRes{Authorized: true, Id: ""},
-			authErr:  nil,
-			svcErr:   nil,
-			err:      nil,
+			desc:      "publish message with channel subtopic",
+			chanName:  channelID + ".subtopic",
+			msg:       msg,
+			clientKey: clientKey,
+			authRes:   &grpcClientsV1.AuthnRes{Authenticated: true, Id: ""},
+			authErr:   nil,
+			svcErr:    nil,
+			err:       nil,
 		},
 	}
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
 			authCall := clients.On("Authorize", mock.Anything, mock.Anything).Return(tc.authRes, tc.authErr)
 			svcCall := pub.On("Publish", mock.Anything, channelID, mock.Anything).Return(tc.svcErr)
-			err := mgsdk.SendMessage(tc.chanName, tc.msg, tc.thingKey)
+			err := mgsdk.SendMessage(tc.chanName, tc.msg, tc.clientKey)
 			assert.Equal(t, tc.err, err)
 			if tc.err == nil {
 				ok := svcCall.Parent.AssertCalled(t, "Publish", mock.Anything, channelID, mock.Anything)
diff --git a/pkg/sdk/go/sdk.go b/pkg/sdk/go/sdk.go
index a77c61e708..85912f2e1a 100644
--- a/pkg/sdk/go/sdk.go
+++ b/pkg/sdk/go/sdk.go
@@ -38,7 +38,7 @@ const (
 
 	BearerPrefix = "Bearer "
 
-	ThingPrefix = "Thing "
+	ClientPrefix = "Client "
 )
 
 // ContentType represents all possible content types.
@@ -350,7 +350,7 @@ type SDK interface {
 	//  fmt.Println(channels)
 	ListUserGroups(userID string, pm PageMetadata, token string) (GroupsPage, errors.SDKError)
 
-	// ListUserThings list all clients belongs a particular user id.
+	// ListUserClients list all clients belongs a particular user id.
 	//
 	// example:
 	//	pm := sdk.PageMetadata{
@@ -358,8 +358,8 @@ type SDK interface {
 	//		Limit:  10,
 	//		Permission: "edit", // available Options:  "administrator", "administrator", "delete", edit", "view", "share", "owner", "owner", "admin", "editor", "contributor", "editor", "viewer", "guest", "create"
 	//	}
-	//  clients,  _ := sdk.ListUserThings("user_id_1", pm, "token")
-	//  fmt.Println(things)
+	//  clients,  _ := sdk.ListUserClients("user_id_1", pm, "token")
+	//  fmt.Println(clients)
 	ListUserClients(userID string, pm PageMetadata, token string) (ClientsPage, errors.SDKError)
 
 	// SeachUsers filters users and returns a page result.
@@ -383,7 +383,7 @@ type SDK interface {
 	//      "key": "value",
 	//    },
 	//  }
-	//  thing, _ := sdk.CreateClient(client, "domainID", "token")
+	//  client, _ := sdk.CreateClient(client, "domainID", "token")
 	//  fmt.Println(client)
 	CreateClient(client Client, domainID, token string) (Client, errors.SDKError)
 
@@ -426,95 +426,95 @@ type SDK interface {
 	//  pm := sdk.PageMetadata{
 	//    Offset: 0,
 	//    Limit:  10,
-	//    Name:   "My Thing",
+	//    Name:   "My Client",
 	//  }
 	//  clients, _ := sdk.ClientsByChannel("channelID", pm, "domainID", "token")
 	//  fmt.Println(clients)
 	ClientsByChannel(chanID string, pm PageMetadata, domainID, token string) (ClientsPage, errors.SDKError)
 
-	// Thing returns client object by id.
+	// Client returns client object by id.
 	//
 	// example:
-	//  thing, _ := sdk.Client("clientID", "domainID", "token")
+	//  client, _ := sdk.Client("clientID", "domainID", "token")
 	//  fmt.Println(client)
 	Client(id, domainID, token string) (Client, errors.SDKError)
 
-	// ThingPermissions returns user permissions on the client id.
+	// ClientPermissions returns user permissions on the client id.
 	//
 	// example:
-	//  thing, _ := sdk.Client("clientID", "domainID", "token")
+	//  client, _ := sdk.Client("clientID", "domainID", "token")
 	//  fmt.Println(client)
 	ClientPermissions(id, domainID, token string) (Client, errors.SDKError)
 
-	// UpdateThing updates existing thing.
+	// UpdateClient updates existing client.
 	//
 	// example:
 	//  client := sdk.Client{
 	//    ID:   "clientID",
-	//    Name: "My Thing",
+	//    Name: "My Client",
 	//    Metadata: sdk.Metadata{
 	//      "key": "value",
 	//    },
 	//  }
-	//  thing, _ := sdk.UpdateThing(thing, "domainID", "token")
+	//  client, _ := sdk.UpdateClient(client, "domainID", "token")
 	//  fmt.Println(client)
 	UpdateClient(client Client, domainID, token string) (Client, errors.SDKError)
 
-	// UpdateThingTags updates the client's tags.
+	// UpdateClientTags updates the client's tags.
 	//
 	// example:
-	//  client := sdk.Thing{
+	//  client := sdk.Client{
 	//    ID:   "clientID",
 	//    Tags: []string{"tag1", "tag2"},
 	//  }
-	//  thing, _ := sdk.UpdateThingTags(thing, "domainID", "token")
+	//  client, _ := sdk.UpdateClientTags(client, "domainID", "token")
 	//  fmt.Println(client)
 	UpdateClientTags(client Client, domainID, token string) (Client, errors.SDKError)
 
-	// UpdateThingSecret updates the client's secret
+	// UpdateClientSecret updates the client's secret
 	//
 	// example:
-	//  thing, err := sdk.UpdateThingSecret("clientID", "newSecret", "domainID," "token")
+	//  client, err := sdk.UpdateClientSecret("clientID", "newSecret", "domainID," "token")
 	//  fmt.Println(client)
 	UpdateClientSecret(id, secret, domainID, token string) (Client, errors.SDKError)
 
-	// EnableThing changes client status to enabled.
+	// EnableClient changes client status to enabled.
 	//
 	// example:
-	//  thing, _ := sdk.EnableThing("clientID", "domainID", "token")
+	//  client, _ := sdk.EnableClient("clientID", "domainID", "token")
 	//  fmt.Println(client)
 	EnableClient(id, domainID, token string) (Client, errors.SDKError)
 
-	// DisableThing changes client status to disabled - soft delete.
+	// DisableClient changes client status to disabled - soft delete.
 	//
 	// example:
-	//  thing, _ := sdk.DisableThing("clientID", "domainID", "token")
+	//  client, _ := sdk.DisableClient("clientID", "domainID", "token")
 	//  fmt.Println(client)
 	DisableClient(id, domainID, token string) (Client, errors.SDKError)
 
-	// ShareThing shares client with other users.
+	// ShareClient shares client with other users.
 	//
 	// example:
 	// req := sdk.UsersRelationRequest{
 	//		Relation: "contributor", // available options: "owner", "admin", "editor", "contributor", "guest"
 	//  	UserIDs: ["user_id_1", "user_id_2", "user_id_3"]
 	// }
-	//  err := sdk.ShareThing("client_id", req, "domainID","token")
+	//  err := sdk.ShareClient("client_id", req, "domainID","token")
 	//  fmt.Println(err)
 	ShareClient(id string, req UsersRelationRequest, domainID, token string) errors.SDKError
 
-	// UnshareThing unshare a client with other users.
+	// UnshareClient unshare a client with other users.
 	//
 	// example:
 	// req := sdk.UsersRelationRequest{
 	//		Relation: "contributor", // available options: "owner", "admin", "editor", "contributor", "guest"
 	//  	UserIDs: ["user_id_1", "user_id_2", "user_id_3"]
 	// }
-	//  err := sdk.UnshareThing("client_id", req, "domainID", "token")
+	//  err := sdk.UnshareClient("client_id", req, "domainID", "token")
 	//  fmt.Println(err)
 	UnshareClient(id string, req UsersRelationRequest, domainID, token string) errors.SDKError
 
-	// ListThingUsers all users in a thing.
+	// ListClientUsers all users in a client.
 	//
 	// example:
 	//	pm := sdk.PageMetadata{
@@ -522,14 +522,14 @@ type SDK interface {
 	//		Limit:  10,
 	//		Permission: "edit", // available Options:  "administrator", "administrator", "delete", edit", "view", "share", "owner", "owner", "admin", "editor", "contributor", "editor", "viewer", "guest", "create"
 	//	}
-	//  users, _ := sdk.ListThingUsers("client_id", pm, "domainID", "token")
+	//  users, _ := sdk.ListClientUsers("client_id", pm, "domainID", "token")
 	//  fmt.Println(users)
 	ListClientUsers(id string, pm PageMetadata, domainID, token string) (UsersPage, errors.SDKError)
 
-	// DeleteThing deletes a client with the given id.
+	// DeleteClient deletes a client with the given id.
 	//
 	// example:
-	//  err := sdk.DeleteThing("clientID", "domainID", "token")
+	//  err := sdk.DeleteClient("clientID", "domainID", "token")
 	//  fmt.Println(err)
 	DeleteClient(id, domainID, token string) errors.SDKError
 
@@ -702,7 +702,7 @@ type SDK interface {
 	//  fmt.Println(channels)
 	Channels(pm PageMetadata, domainID, token string) (ChannelsPage, errors.SDKError)
 
-	// ChannelsByThing returns page of channels that are connected to specified thing.
+	// ChannelsByClient returns page of channels that are connected to specified client.
 	//
 	// example:
 	//  pm := sdk.PageMetadata{
@@ -710,7 +710,7 @@ type SDK interface {
 	//    Limit:  10,
 	//    Name:   "My Channel",
 	//  }
-	//  channels, _ := sdk.ChannelsByThing("clientID", pm, "domainID" "token")
+	//  channels, _ := sdk.ChannelsByClient("clientID", pm, "domainID" "token")
 	//  fmt.Println(channels)
 	ChannelsByClient(clientID string, pm PageMetadata, domainID, token string) (ChannelsPage, errors.SDKError)
 
@@ -851,18 +851,18 @@ type SDK interface {
 	//  fmt.Println(err)
 	Disconnect(connIDs Connection, domainID, token string) errors.SDKError
 
-	// ConnectThing connects client to specified channel by id.
+	// ConnectClient connects client to specified channel by id.
 	//
-	// The `ConnectThing` method calls the `CreateThingPolicy` method under the hood.
+	// The `ConnectClient` method calls the `CreateClientPolicy` method under the hood.
 	//
 	// example:
-	//  err := sdk.ConnectThing("clientID", "channelID", "token")
+	//  err := sdk.ConnectClient("clientID", "channelID", "token")
 	//  fmt.Println(err)
 	ConnectClient(clientID, chanID, domainID, token string) errors.SDKError
 
 	// DisconnectClient disconnect client from specified channel by id.
 	//
-	// The `DisconnectClient` method calls the `DeleteThingPolicy` method under the hood.
+	// The `DisconnectClient` method calls the `DeleteClientPolicy` method under the hood.
 	//
 	// example:
 	//  err := sdk.DisconnectClient("clientID", "channelID", "token")
@@ -873,7 +873,7 @@ type SDK interface {
 	//
 	// example:
 	//  msg := '[{"bn":"some-base-name:","bt":1.276020076001e+09, "bu":"A","bver":5, "n":"voltage","u":"V","v":120.1}, {"n":"current","t":-5,"v":1.2}, {"n":"current","t":-4,"v":1.3}]'
-	//  err := sdk.SendMessage("channelID", msg, "thingSecret")
+	//  err := sdk.SendMessage("channelID", msg, "clientSecret")
 	//  fmt.Println(err)
 	SendMessage(chanID, msg, key string) errors.SDKError
 
@@ -916,7 +916,7 @@ type SDK interface {
 	//  fmt.Println(id)
 	AddBootstrap(cfg BootstrapConfig, domainID, token string) (string, errors.SDKError)
 
-	// View returns Thing Config with given ID belonging to the user identified by the given token.
+	// View returns Client Config with given ID belonging to the user identified by the given token.
 	//
 	// example:
 	//  bootstrap, _ := sdk.ViewBootstrap("id", "domainID", "token")
@@ -944,7 +944,7 @@ type SDK interface {
 	//  fmt.Println(err)
 	UpdateBootstrapCerts(id string, clientCert, clientKey, ca string, domainID, token string) (BootstrapConfig, errors.SDKError)
 
-	// UpdateBootstrapConnection updates connections performs update of the channel list corresponding Thing is connected to.
+	// UpdateBootstrapConnection updates connections performs update of the channel list corresponding Client is connected to.
 	//
 	// example:
 	//  err := sdk.UpdateBootstrapConnection("id", []string{"channel1", "channel2"}, "domainID", "token")
@@ -958,7 +958,7 @@ type SDK interface {
 	//  fmt.Println(err)
 	RemoveBootstrap(id, domainID, token string) errors.SDKError
 
-	// Bootstrap returns Config to the Thing with provided external ID using external key.
+	// Bootstrap returns Config to the Client with provided external ID using external key.
 	//
 	// example:
 	//  bootstrap, _ := sdk.Bootstrap("externalID", "externalKey")
@@ -983,19 +983,19 @@ type SDK interface {
 	//  fmt.Println(bootstraps)
 	Bootstraps(pm PageMetadata, domainID, token string) (BootstrapPage, errors.SDKError)
 
-	// Whitelist updates Thing state Config with given ID belonging to the user identified by the given token.
+	// Whitelist updates Client state Config with given ID belonging to the user identified by the given token.
 	//
 	// example:
 	//  err := sdk.Whitelist("clientID", 1, "domainID", "token")
 	//  fmt.Println(err)
-	Whitelist(thingID string, state int, domainID, token string) errors.SDKError
+	Whitelist(clientID string, state int, domainID, token string) errors.SDKError
 
 	// IssueCert issues a certificate for a client required for mTLS.
 	//
 	// example:
 	//  cert, _ := sdk.IssueCert("clientID", "24h", "domainID", "token")
 	//  fmt.Println(cert)
-	IssueCert(thingID, validity, domainID, token string) (Cert, errors.SDKError)
+	IssueCert(clientID, validity, domainID, token string) (Cert, errors.SDKError)
 
 	// ViewCert returns a certificate given certificate ID
 	//
@@ -1004,19 +1004,19 @@ type SDK interface {
 	//  fmt.Println(cert)
 	ViewCert(certID, domainID, token string) (Cert, errors.SDKError)
 
-	// ViewCertByThing retrieves a list of certificates' serial IDs for a given client ID.
+	// ViewCertByClient retrieves a list of certificates' serial IDs for a given client ID.
 	//
 	// example:
-	//  cserial, _ := sdk.ViewCertByThing("clientID", "domainID", "token")
+	//  cserial, _ := sdk.ViewCertByClient("clientID", "domainID", "token")
 	//  fmt.Println(cserial)
-	ViewCertByThing(thingID, domainID, token string) (CertSerials, errors.SDKError)
+	ViewCertByClient(clientID, domainID, token string) (CertSerials, errors.SDKError)
 
-	// RevokeCert revokes certificate for client with thingID
+	// RevokeCert revokes certificate for client with clientID
 	//
 	// example:
 	//  tm, _ := sdk.RevokeCert("clientID", "domainID", "token")
 	//  fmt.Println(tm)
-	RevokeCert(thingID, domainID, token string) (time.Time, errors.SDKError)
+	RevokeCert(clientID, domainID, token string) (time.Time, errors.SDKError)
 
 	// CreateSubscription creates a new subscription
 	//
@@ -1293,7 +1293,7 @@ func (sdk mgSDK) processRequest(method, reqUrl, token string, data []byte, heade
 	}
 
 	if token != "" {
-		if !strings.Contains(token, ThingPrefix) {
+		if !strings.Contains(token, ClientPrefix) {
 			token = BearerPrefix + token
 		}
 		req.Header.Set("Authorization", token)
diff --git a/pkg/sdk/go/setup_test.go b/pkg/sdk/go/setup_test.go
index 2921b31c2c..d76b4ad893 100644
--- a/pkg/sdk/go/setup_test.go
+++ b/pkg/sdk/go/setup_test.go
@@ -10,6 +10,8 @@ import (
 	"testing"
 	"time"
 
+	mgchannels "github.com/absmach/magistrala/channels"
+	"github.com/absmach/magistrala/clients"
 	mggroups "github.com/absmach/magistrala/groups"
 	"github.com/absmach/magistrala/internal/testsutil"
 	"github.com/absmach/magistrala/invitations"
@@ -63,11 +65,11 @@ func convertUsers(cs []sdk.User) []users.User {
 	return ccs
 }
 
-func convertThings(cs ...sdk.Client) []things.Client {
-	ccs := []things.Client{}
+func convertClients(cs ...sdk.Client) []clients.Client {
+	ccs := []clients.Client{}
 
 	for _, c := range cs {
-		ccs = append(ccs, convertThing(c))
+		ccs = append(ccs, convertClient(c))
 	}
 
 	return ccs
@@ -83,14 +85,14 @@ func convertGroups(cs []sdk.Group) []mggroups.Group {
 	return cgs
 }
 
-func convertChannels(cs []sdk.Channel) []mggroups.Group {
-	cgs := []mggroups.Group{}
+func convertChannels(cs []sdk.Channel) []mgchannels.Channel {
+	chs := []mgchannels.Channel{}
 
 	for _, c := range cs {
-		cgs = append(cgs, convertChannel(c))
+		chs = append(chs, convertChannel(c))
 	}
 
-	return cgs
+	return chs
 }
 
 func convertGroup(g sdk.Group) mggroups.Group {
@@ -161,44 +163,41 @@ func convertUser(c sdk.User) users.User {
 	}
 }
 
-func convertThing(c sdk.Client) things.Client {
+func convertClient(c sdk.Client) clients.Client {
 	if c.Status == "" {
-		c.Status = things.EnabledStatus.String()
+		c.Status = clients.EnabledStatus.String()
 	}
-	status, err := things.ToStatus(c.Status)
+	status, err := clients.ToStatus(c.Status)
 	if err != nil {
-		return things.Client{}
+		return clients.Client{}
 	}
-	return things.Client{
+	return clients.Client{
 		ID:          c.ID,
 		Name:        c.Name,
 		Tags:        c.Tags,
 		Domain:      c.DomainID,
-		Credentials: things.Credentials(c.Credentials),
-		Metadata:    things.Metadata(c.Metadata),
+		Credentials: clients.Credentials(c.Credentials),
+		Metadata:    clients.Metadata(c.Metadata),
 		CreatedAt:   c.CreatedAt,
 		UpdatedAt:   c.UpdatedAt,
 		Status:      status,
 	}
 }
 
-func convertChannel(g sdk.Channel) mggroups.Group {
+func convertChannel(g sdk.Channel) mgchannels.Channel {
 	if g.Status == "" {
-		g.Status = mggroups.EnabledStatus.String()
+		g.Status = clients.EnabledStatus.String()
 	}
-	status, err := mggroups.ToStatus(g.Status)
+	status, err := clients.ToStatus(g.Status)
 	if err != nil {
-		return mggroups.Group{}
+		return mgchannels.Channel{}
 	}
-	return mggroups.Group{
+	return mgchannels.Channel{
 		ID:          g.ID,
 		Domain:      g.DomainID,
-		Parent:      g.ParentID,
+		ParentGroup: g.ParentID,
 		Name:        g.Name,
-		Description: g.Description,
-		Metadata:    mggroups.Metadata(g.Metadata),
-		Level:       g.Level,
-		Path:        g.Path,
+		Metadata:    clients.Metadata(g.Metadata),
 		CreatedAt:   g.CreatedAt,
 		UpdatedAt:   g.UpdatedAt,
 		Status:      status,
diff --git a/pkg/sdk/go/tokens_test.go b/pkg/sdk/go/tokens_test.go
index 809d45367a..912053af9e 100644
--- a/pkg/sdk/go/tokens_test.go
+++ b/pkg/sdk/go/tokens_test.go
@@ -7,8 +7,8 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/absmach/magistrala"
 	mgauth "github.com/absmach/magistrala/auth"
+	grpcTokenV1 "github.com/absmach/magistrala/internal/grpc/token/v1"
 	"github.com/absmach/magistrala/pkg/apiutil"
 	mgauthn "github.com/absmach/magistrala/pkg/authn"
 	"github.com/absmach/magistrala/pkg/errors"
@@ -33,7 +33,7 @@ func TestIssueToken(t *testing.T) {
 	cases := []struct {
 		desc     string
 		login    sdk.Login
-		svcRes   *magistrala.Token
+		svcRes   *grpcTokenV1.Token
 		svcErr   error
 		response sdk.Token
 		err      errors.SDKError
@@ -44,7 +44,7 @@ func TestIssueToken(t *testing.T) {
 				Identity: client.Credentials.Username,
 				Secret:   client.Credentials.Secret,
 			},
-			svcRes: &magistrala.Token{
+			svcRes: &grpcTokenV1.Token{
 				AccessToken:  token.AccessToken,
 				RefreshToken: &token.RefreshToken,
 				AccessType:   mgauth.AccessKey.String(),
@@ -59,7 +59,7 @@ func TestIssueToken(t *testing.T) {
 				Identity: invalidIdentity,
 				Secret:   client.Credentials.Secret,
 			},
-			svcRes:   &magistrala.Token{},
+			svcRes:   &grpcTokenV1.Token{},
 			svcErr:   svcerr.ErrAuthentication,
 			response: sdk.Token{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized),
@@ -70,7 +70,7 @@ func TestIssueToken(t *testing.T) {
 				Identity: client.Credentials.Username,
 				Secret:   "invalid",
 			},
-			svcRes:   &magistrala.Token{},
+			svcRes:   &grpcTokenV1.Token{},
 			svcErr:   svcerr.ErrLogin,
 			response: sdk.Token{},
 			err:      errors.NewSDKErrorWithStatus(svcerr.ErrLogin, http.StatusUnauthorized),
@@ -81,7 +81,7 @@ func TestIssueToken(t *testing.T) {
 				Identity: "",
 				Secret:   client.Credentials.Secret,
 			},
-			svcRes:   &magistrala.Token{},
+			svcRes:   &grpcTokenV1.Token{},
 			svcErr:   nil,
 			response: sdk.Token{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrMissingIdentity), http.StatusBadRequest),
@@ -92,7 +92,7 @@ func TestIssueToken(t *testing.T) {
 				Identity: client.Credentials.Username,
 				Secret:   "",
 			},
-			svcRes:   &magistrala.Token{},
+			svcRes:   &grpcTokenV1.Token{},
 			svcErr:   nil,
 			response: sdk.Token{},
 			err:      errors.NewSDKErrorWithStatus(errors.Wrap(apiutil.ErrValidation, apiutil.ErrMissingPass), http.StatusBadRequest),
@@ -127,7 +127,7 @@ func TestRefreshToken(t *testing.T) {
 	cases := []struct {
 		desc        string
 		token       string
-		svcRes      *magistrala.Token
+		svcRes      *grpcTokenV1.Token
 		svcErr      error
 		identifyErr error
 		response    sdk.Token
@@ -136,7 +136,7 @@ func TestRefreshToken(t *testing.T) {
 		{
 			desc:  "refresh token successfully",
 			token: token.RefreshToken,
-			svcRes: &magistrala.Token{
+			svcRes: &grpcTokenV1.Token{
 				AccessToken:  token.AccessToken,
 				RefreshToken: &token.RefreshToken,
 				AccessType:   token.AccessType,
diff --git a/pkg/sdk/mocks/sdk.go b/pkg/sdk/mocks/sdk.go
index 9d4418fbc4..a11e71ade5 100644
--- a/pkg/sdk/mocks/sdk.go
+++ b/pkg/sdk/mocks/sdk.go
@@ -1492,9 +1492,9 @@ func (_m *SDK) Invitations(pm sdk.PageMetadata, domainID string, token string) (
 	return r0, r1
 }
 
-// IssueCert provides a mock function with given fields: thingID, validity, domainID, token
-func (_m *SDK) IssueCert(thingID string, validity string, domainID string, token string) (sdk.Cert, errors.SDKError) {
-	ret := _m.Called(thingID, validity, domainID, token)
+// IssueCert provides a mock function with given fields: clientID, validity, domainID, token
+func (_m *SDK) IssueCert(clientID string, validity string, domainID string, token string) (sdk.Cert, errors.SDKError) {
+	ret := _m.Called(clientID, validity, domainID, token)
 
 	if len(ret) == 0 {
 		panic("no return value specified for IssueCert")
@@ -1503,16 +1503,16 @@ func (_m *SDK) IssueCert(thingID string, validity string, domainID string, token
 	var r0 sdk.Cert
 	var r1 errors.SDKError
 	if rf, ok := ret.Get(0).(func(string, string, string, string) (sdk.Cert, errors.SDKError)); ok {
-		return rf(thingID, validity, domainID, token)
+		return rf(clientID, validity, domainID, token)
 	}
 	if rf, ok := ret.Get(0).(func(string, string, string, string) sdk.Cert); ok {
-		r0 = rf(thingID, validity, domainID, token)
+		r0 = rf(clientID, validity, domainID, token)
 	} else {
 		r0 = ret.Get(0).(sdk.Cert)
 	}
 
 	if rf, ok := ret.Get(1).(func(string, string, string, string) errors.SDKError); ok {
-		r1 = rf(thingID, validity, domainID, token)
+		r1 = rf(clientID, validity, domainID, token)
 	} else {
 		if ret.Get(1) != nil {
 			r1 = ret.Get(1).(errors.SDKError)
@@ -2158,9 +2158,9 @@ func (_m *SDK) ResetPasswordRequest(email string) errors.SDKError {
 	return r0
 }
 
-// RevokeCert provides a mock function with given fields: thingID, domainID, token
-func (_m *SDK) RevokeCert(thingID string, domainID string, token string) (time.Time, errors.SDKError) {
-	ret := _m.Called(thingID, domainID, token)
+// RevokeCert provides a mock function with given fields: clientID, domainID, token
+func (_m *SDK) RevokeCert(clientID string, domainID string, token string) (time.Time, errors.SDKError) {
+	ret := _m.Called(clientID, domainID, token)
 
 	if len(ret) == 0 {
 		panic("no return value specified for RevokeCert")
@@ -2169,16 +2169,16 @@ func (_m *SDK) RevokeCert(thingID string, domainID string, token string) (time.T
 	var r0 time.Time
 	var r1 errors.SDKError
 	if rf, ok := ret.Get(0).(func(string, string, string) (time.Time, errors.SDKError)); ok {
-		return rf(thingID, domainID, token)
+		return rf(clientID, domainID, token)
 	}
 	if rf, ok := ret.Get(0).(func(string, string, string) time.Time); ok {
-		r0 = rf(thingID, domainID, token)
+		r0 = rf(clientID, domainID, token)
 	} else {
 		r0 = ret.Get(0).(time.Time)
 	}
 
 	if rf, ok := ret.Get(1).(func(string, string, string) errors.SDKError); ok {
-		r1 = rf(thingID, domainID, token)
+		r1 = rf(clientID, domainID, token)
 	} else {
 		if ret.Get(1) != nil {
 			r1 = ret.Get(1).(errors.SDKError)
@@ -2926,27 +2926,27 @@ func (_m *SDK) ViewCert(certID string, domainID string, token string) (sdk.Cert,
 	return r0, r1
 }
 
-// ViewCertByThing provides a mock function with given fields: thingID, domainID, token
-func (_m *SDK) ViewCertByThing(thingID string, domainID string, token string) (sdk.CertSerials, errors.SDKError) {
-	ret := _m.Called(thingID, domainID, token)
+// ViewCertByClient provides a mock function with given fields: clientID, domainID, token
+func (_m *SDK) ViewCertByClient(clientID string, domainID string, token string) (sdk.CertSerials, errors.SDKError) {
+	ret := _m.Called(clientID, domainID, token)
 
 	if len(ret) == 0 {
-		panic("no return value specified for ViewCertByThing")
+		panic("no return value specified for ViewCertByClient")
 	}
 
 	var r0 sdk.CertSerials
 	var r1 errors.SDKError
 	if rf, ok := ret.Get(0).(func(string, string, string) (sdk.CertSerials, errors.SDKError)); ok {
-		return rf(thingID, domainID, token)
+		return rf(clientID, domainID, token)
 	}
 	if rf, ok := ret.Get(0).(func(string, string, string) sdk.CertSerials); ok {
-		r0 = rf(thingID, domainID, token)
+		r0 = rf(clientID, domainID, token)
 	} else {
 		r0 = ret.Get(0).(sdk.CertSerials)
 	}
 
 	if rf, ok := ret.Get(1).(func(string, string, string) errors.SDKError); ok {
-		r1 = rf(thingID, domainID, token)
+		r1 = rf(clientID, domainID, token)
 	} else {
 		if ret.Get(1) != nil {
 			r1 = ret.Get(1).(errors.SDKError)
@@ -2986,9 +2986,9 @@ func (_m *SDK) ViewSubscription(id string, token string) (sdk.Subscription, erro
 	return r0, r1
 }
 
-// Whitelist provides a mock function with given fields: thingID, state, domainID, token
-func (_m *SDK) Whitelist(thingID string, state int, domainID string, token string) errors.SDKError {
-	ret := _m.Called(thingID, state, domainID, token)
+// Whitelist provides a mock function with given fields: clientID, state, domainID, token
+func (_m *SDK) Whitelist(clientID string, state int, domainID string, token string) errors.SDKError {
+	ret := _m.Called(clientID, state, domainID, token)
 
 	if len(ret) == 0 {
 		panic("no return value specified for Whitelist")
@@ -2996,7 +2996,7 @@ func (_m *SDK) Whitelist(thingID string, state int, domainID string, token strin
 
 	var r0 errors.SDKError
 	if rf, ok := ret.Get(0).(func(string, int, string, string) errors.SDKError); ok {
-		r0 = rf(thingID, state, domainID, token)
+		r0 = rf(clientID, state, domainID, token)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).(errors.SDKError)
diff --git a/provision/README.md b/provision/README.md
index 5efa60d0bc..2980b32643 100644
--- a/provision/README.md
+++ b/provision/README.md
@@ -1,13 +1,13 @@
 # Provision service
 
 Provision service provides an HTTP API to interact with [Magistrala][magistrala].
-Provision service is used to setup initial applications configuration i.e. things, channels, connections and certificates that will be required for the specific use case especially useful for gateway provision.
+Provision service is used to setup initial applications configuration i.e. clients, channels, connections and certificates that will be required for the specific use case especially useful for gateway provision.
 
-For gateways to communicate with [Magistrala][magistrala] configuration is required (mqtt host, thing, channels, certificates...). To get the configuration gateway will send a request to [Bootstrap][bootstrap] service providing `<external_id>` and `<external_key>` in request. To make a request to [Bootstrap][bootstrap] service you can use [Agent][agent] service on a gateway.
+For gateways to communicate with [Magistrala][magistrala] configuration is required (mqtt host, client, channels, certificates...). To get the configuration gateway will send a request to [Bootstrap][bootstrap] service providing `<external_id>` and `<external_key>` in request. To make a request to [Bootstrap][bootstrap] service you can use [Agent][agent] service on a gateway.
 
 To create bootstrap configuration you can use [Bootstrap][bootstrap] or `Provision` service. [Magistrala UI][mgxui] uses [Bootstrap][bootstrap] service for creating gateway configurations. `Provision` service should provide an easy way of provisioning your gateways i.e creating bootstrap configuration and as many clients and channels that your setup requires.
 
-Also you may use provision service to create certificates for each thing. Each service running on gateway may require more than one client and channel for communication. Let's say that you are using services [Agent][agent] and [Export][export] on a gateway you will need two channels for `Agent` (`data` and `control`) and one for `Export` and one thing. Additionally if you enabled mtls each service will need its own client and certificate for access to [Magistrala][magistrala]. Your setup could require any number of clients and channels this kind of setup we can call `provision layout`.
+Also you may use provision service to create certificates for each client. Each service running on gateway may require more than one client and channel for communication. Let's say that you are using services [Agent][agent] and [Export][export] on a gateway you will need two channels for `Agent` (`data` and `control`) and one for `Export` and one client. Additionally if you enabled mtls each service will need its own client and certificate for access to [Magistrala][magistrala]. Your setup could require any number of clients and channels this kind of setup we can call `provision layout`.
 
 Provision service provides a way of specifying this `provision layout` and creating a setup according to that layout by serving requests on `/mapping` endpoint. Provision layout is configured in [config.toml](configs/config.toml).
 
@@ -29,7 +29,7 @@ default values.
 | MG_PROVISION_SERVER_CERT            | Magistrala gRPC secure server cert                 |                         |
 | MG_PROVISION_SERVER_KEY             | Magistrala gRPC secure server key                  |                         |
 | MG_PROVISION_USERS_LOCATION         | Users service URL                                  | <http://users:9002>     |
-| MG_PROVISION_CLIENTS_LOCATION       | Clients service URL                                | <http://things:9000>    |
+| MG_PROVISION_CLIENTS_LOCATION       | Clients service URL                                | <http://clients:9000>    |
 | MG_PROVISION_BS_SVC_URL             | Magistrala Bootstrap service URL                   | <http://bootstrap:9013> |
 | MG_PROVISION_CERTS_SVC_URL          | Certificates service URL                           | <http://certs:9019>     |
 | MG_PROVISION_X509_PROVISIONING      | Should X509 client cert be provisioned             | false                   |
@@ -49,16 +49,16 @@ Configuration can be specified in [config.toml](configs/config.toml). Config fil
 
 In `config.toml` we can enlist array of clients and channels that we want to create and make connections between them which we call provision layout.
 
-Metadata can be whatever suits your needs except that at least one client needs to have `external_id` (which is populated with value from [request](#example)). Thing that has `external_id` will be used for creating bootstrap configuration which can be fetched with [Agent][agent].
+Metadata can be whatever suits your needs except that at least one client needs to have `external_id` (which is populated with value from [request](#example)). Client that has `external_id` will be used for creating bootstrap configuration which can be fetched with [Agent][agent].
 For channels metadata `type` is reserved for `control` and `data` which we use with [Agent][agent].
 
 Example of provision layout below
 
 ```toml
-[[things]]
+[[clients]]
   name = "client"
 
-  [things.metadata]
+  [clients.metadata]
     external_id = "xxxxxx"
 
 
@@ -182,8 +182,8 @@ curl -s  -X POST  http://localhost:8190/certs -H "Authorization: Bearer <users_t
 
 ```json
 {
-  "thing_cert": "-----BEGIN CERTIFICATE-----\nMIIEmDCCA4CgAwIBAgIQCZ0NOq2oKLo+XftbAu0TfzANBgkqhkiG9w0BAQsFADBX\nMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAPBgNVBAoMCE1haW5mbHV4MQwwCgYDVQQL\nDANJb1QxIDAeBgkqhkiG9w0BCQEWEWluZm9AbWFpbmZsdXguY29tMB4XDTIwMDYw\nNTEyMzc1M1oXDTIwMDkxMzEyMzc1M1owVTERMA8GA1UEChMITWFpbmZsdXgxETAP\nBgNVBAsTCG1haW5mbHV4MS0wKwYDVQQDEyQyYmZlYmZmMC05ODZhLTQ3ZTAtOGQ3\nYS00YTRiN2UyYjU3OGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn\nWvTuOIdhqOLEREcEJqfQAtDoYu3rUDijOffXuWFZgNqfZTGmoD5ZqJXxwbZ4tCST\npdSteHtyr7JXnPJQN1dsslU+q3haKjFoZRc39/7u4/8XCTwlqbMl9YVcwqS+FLkM\niLSyyqzryP7Y8H8cidTKg56p5JALaEKfzZS6Km3G+CCinR6hNNW9ckWsy29a0/9E\nMAUtM+Lsk5OjsHzOnWruuqHsCx4ODI5aJQaMC1qntkbXkht0WDiwAt9SDQ3uLWru\nAoSJDK9a6EgR3a0Jf7ZiVPiwlZNjrB/I5OQyFDGqcmSAl2rdJqPkmaDXKKFyL1cG\nMIyHv62QzJoMdRoXu20lxyGxAvEjQNVHux4LA3dbf/85nEVTI2uP8crMf2Jnzbg5\n9zF+iTMJGpUlatCyK2RJS/mvHbbUIf5Ro3VbcPHbgFroJ7qMFz0Fc5kYY8IdwXjG\nlyG9MobKEO2CfBGRjPmCuTQq2HcuOy7F6KfQf3HToI8MmC5hBtCmTNbV8I3GIjWA\n/xJQLm2pVZ41QhrnNGtuqAYoe3Zt6OldxGRcoAj7KlIpYcPZ55PJ6mWcV6dB9Fnl\n5mYOwQL8jtfybbGWvqJldhTxUqm7/EbAaF0Qjmh4oOHMl2xADrmYzJHvf0llwr6g\noRQuzqxPi0aW3tkFNsm63NX1Ab5BXFQhMSj5+82blwIDAQABo2IwYDAOBgNVHQ8B\nAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1UdDgQH\nBAUBAgMEBjAfBgNVHSMEGDAWgBRs4xR91qEjNRGmw391xS7x6Tc+8jANBgkqhkiG\n9w0BAQsFAAOCAQEAphLT8PjawRRWswU1B5oWnnqeTllnvGB88sjDPLAG0UiBlDLX\nwoPiBVPWuYV+MMJuaREgheYF1Ahx4Jrfy9stFDU7B99ON1T58oM1aKEq4rKc+/Ke\nyxrAFTonclC0LNaaOvpZZjsPFWr2muTQO8XHiS8icw3BLxEzoF+5aJ8ihtxRtfKL\nUvtHDqC6IPAbSUcvqyjrFh3RrTUAyGOzW12IEWSXP9DLwoiLPwJ6kCVoXdG/asjz\nUpk/jj7AUn9oJNF8nUbyhdOnmeJ2z0x1ylgYrIAxvGzm8zs+NEVN67CrBYKwstlN\nvw7DRQsCvGJjZzWj28VV3FGLtXFgu52bFZNBww==\n-----END CERTIFICATE-----\n",
-  "thing_cert_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJJwIBAAKCAgEAp1r07jiHYajixERHBCan0ALQ6GLt61A4ozn317lhWYDan2Ux\npqA+WaiV8cG2eLQkk6XUrXh7cq+yV5zyUDdXbLJVPqt4WioxaGUXN/f+7uP/Fwk8\nJamzJfWFXMKkvhS5DIi0ssqs68j+2PB/HInUyoOeqeSQC2hCn82Uuiptxvggop0e\noTTVvXJFrMtvWtP/RDAFLTPi7JOTo7B8zp1q7rqh7AseDgyOWiUGjAtap7ZG15Ib\ndFg4sALfUg0N7i1q7gKEiQyvWuhIEd2tCX+2YlT4sJWTY6wfyOTkMhQxqnJkgJdq\n3Saj5Jmg1yihci9XBjCMh7+tkMyaDHUaF7ttJcchsQLxI0DVR7seCwN3W3//OZxF\nUyNrj/HKzH9iZ824OfcxfokzCRqVJWrQsitkSUv5rx221CH+UaN1W3Dx24Ba6Ce6\njBc9BXOZGGPCHcF4xpchvTKGyhDtgnwRkYz5grk0Kth3Ljsuxein0H9x06CPDJgu\nYQbQpkzW1fCNxiI1gP8SUC5tqVWeNUIa5zRrbqgGKHt2bejpXcRkXKAI+ypSKWHD\n2eeTyeplnFenQfRZ5eZmDsEC/I7X8m2xlr6iZXYU8VKpu/xGwGhdEI5oeKDhzJds\nQA65mMyR739JZcK+oKEULs6sT4tGlt7ZBTbJutzV9QG+QVxUITEo+fvNm5cCAwEA\nAQKCAgAmCIfNc89gpG8Ux6eUC+zrWxh7F7CWX97fSZdH0XuMSbplqyvDgHtrCOM6\n1BlSCS6e13skCVOU1tUjECoJjOoza7vvyCxL4XblEMRcFeI8DFi2tYST0qNCJzAt\nypaCFFeRv6fBUkpGM6GnT9Czfad8drkiRy1tSj6J7sC0JlxYcZ+JFUgWvtksesHW\n6UzfSXqj1n32reoOdeOBueRDWIcqxgNyj3w/GR9o4S1BunrZzpT+/Nd8c2g+qAh0\nrz7ROEUq3iucseNQN6XZWZWvqPScGE+EYhni9wUqNMqfjvNSlzi7+K1yoQtyMm/Z\nNgSq3JNcdsAZQbiCRd1ko2BQsGm3ZBnbsAJ1Dxcn+i9nF5DT/ddWjUWin6LYWuUM\n/0Bqfv3etlrFuP6yxc8bPEMX0ucJg4yVxdkDrm1tYlJ+ANEQoOlZqhngvjz0f8uO\nOtEcDLmiG5VG6Yl72UtWIw+ALnKc5U7ib43Qve0bDAKR5zlHODcRetN9BCMvpekY\nOA4hohkllTP25xmMzLokBqY9n38zEt74kJOp67VKMvhoF7QkrLOfKWCRJjFL7/9I\nHDa6jb31INA9Wu+p/2LIa6I1SUYnMvCUqISgF2hBG9Q9S9TZvKnYUvfurhFS9jZv\n18sxW7IFYWmQyioo+gsAmfKLolJtLl9hCmTfYi7oqCh/EtZdIQKCAQEA0Umkp0Uu\nimVilLjgYGTWLcg8T3NWaELQzb2HYRXSzEq/M8GOtEr7TR7noJBm8fcgl55HEnPl\ni4cEJrr+VprzGbdMtXjHbCD+I945GA6vv3khg7mbqS9a1Uw6gjrQEZgZQU+/IVCu\n9Pbvx8Af32xaBWuN2cFzC7Z6iB815LPc2O5qyZ3+3nEUPah+Z+a9WEeTR6M0hy5c\nkkaRqhehugHDgqMRWGt8GfsFOmaR13kvfFfKadPRPkaGkftCSKBMWjrU4uX7aulm\nD7k4VDbnXIBMhI039+0znSkhZdcV1zk6qwBYn9TtZ11PTlspFPjtPxqS5M6IGflw\nsXkZGv4rZ5CkiQKCAQEAzLVdw2qw/8rWGsCV39EKp7hXLvp7+FuodPvX1L55lWB0\nvmSOldGcNvb2ZsK3RNvgteb8VfKRgaY6waeN5Qm1UXazsOX4F+GThPGHstdNuzkt\nJofRQQHQVR3npZbCngSkSZdahQ9SjiLIDKn8baPN8I8HfpJ4oHLUvkayavbch1kJ\nYWUfGtVKxHGX5m/nnxLdgbJEx9Q+3Qa7DDHuxTqsEqhkk0R0Ganred34HjpDNMs6\nV95HFNolW3yKfuHETKA1bLhej+XdMa11Ts5hBVGCMnnT07WcGhxtyK2dSa656SyT\ngT9+Hd1VWZ/KPpAkQmH9boOr2ihE+oAXiZ4D1t53HwKCAQAD0cA7fTu4Mtl1tVoC\n6FQwSbMwD/7HsFB3MLpDv041hDexDhs4lxW29pVrjLcUO1pQ6gaKA6twvGoK+uah\nVfqRwZKYzTd2dbOtm+SW183FRMSjzsNUdxTFR7rZnZEmgQwU8Quf5AUNW2RM1Oi/\n/w41gxz3mFwtHotl6IvnPJEPNGqme0enb5Da/zQvWTqjXcsGR6gxv1rZIIiP/hZp\nepbCz48FehCtuLMDudN3hzKipkd/Xuo2pLrX9ynigWpjSyePbHsGHHRMXSj2AHqA\naab71EftMlr6x0FgxmgToWu8qyjy4cPjWwSTfX5mb5SEzktX+ZzqPG8eDgOzRmgs\nX6thAoIBADL3kQG/hZQaL1Z3zpjsFggOKH7E1KrQP0/pCCKqzeC4JDjnFm0MxCUX\nNd/96N1XFUqU2QyZGUs7VPO0QOrekOtYb4LCrxNbEXyPGicX3f2YTbqDJEFYL0OR\n74PV1ly7cR/1dA8e8oH6/O3SQMwXdYXIRqhn1Wq1TGyXc4KYNe3o6CH8qFLo+fWR\nBq3T/MopS0coWGGcYY5sR5PQts8aPY9jp67W40UkfkFYV5dHEEaLttn7uJzjd1ug\n1Waj1VjypnqMKNcQ9xKQSl21mohVc+IXXPsgA16o51iIiVm4DAeXFp6ebUsIOWDY\nHOWYw75XYV7rn5TwY8Qusi2MTw5nUycCggEAB/45U0LW7ZGpks/aF/BeGaSWiLIG\nodBWUjRQ4w+Le/pTC8Ci9fiidxuCDH6TQbsUTGKOk7GsfncWHTQJogaMyO26IJ1N\nmYGgK2JJvs7PKyIkocPDVD/Yh0gIzQIE92ZdyXUT21pIYKDUB9e3p0fy/+E0pyeI\nsmsV8oaLr4tZRY1cMogI+pvtUUferbLQmZHhFd9X3m3RslR43Dl1qpYQyzE3x/a3\nWA2NJZbJhh+LiAKzqk7swXOqrTrmXuzLcjMG+T/3lizrbLLuKjQrf+eehlpw0db0\nHVVvkMLOP5ZH/ImkmvOZJY7xxup89VV7LD7TfMKwXafOrjMDdvTAYPtgxw==\n-----END RSA PRIVATE KEY-----\n"
+  "client_cert": "-----BEGIN CERTIFICATE-----\nMIIEmDCCA4CgAwIBAgIQCZ0NOq2oKLo+XftbAu0TfzANBgkqhkiG9w0BAQsFADBX\nMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAPBgNVBAoMCE1haW5mbHV4MQwwCgYDVQQL\nDANJb1QxIDAeBgkqhkiG9w0BCQEWEWluZm9AbWFpbmZsdXguY29tMB4XDTIwMDYw\nNTEyMzc1M1oXDTIwMDkxMzEyMzc1M1owVTERMA8GA1UEChMITWFpbmZsdXgxETAP\nBgNVBAsTCG1haW5mbHV4MS0wKwYDVQQDEyQyYmZlYmZmMC05ODZhLTQ3ZTAtOGQ3\nYS00YTRiN2UyYjU3OGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn\nWvTuOIdhqOLEREcEJqfQAtDoYu3rUDijOffXuWFZgNqfZTGmoD5ZqJXxwbZ4tCST\npdSteHtyr7JXnPJQN1dsslU+q3haKjFoZRc39/7u4/8XCTwlqbMl9YVcwqS+FLkM\niLSyyqzryP7Y8H8cidTKg56p5JALaEKfzZS6Km3G+CCinR6hNNW9ckWsy29a0/9E\nMAUtM+Lsk5OjsHzOnWruuqHsCx4ODI5aJQaMC1qntkbXkht0WDiwAt9SDQ3uLWru\nAoSJDK9a6EgR3a0Jf7ZiVPiwlZNjrB/I5OQyFDGqcmSAl2rdJqPkmaDXKKFyL1cG\nMIyHv62QzJoMdRoXu20lxyGxAvEjQNVHux4LA3dbf/85nEVTI2uP8crMf2Jnzbg5\n9zF+iTMJGpUlatCyK2RJS/mvHbbUIf5Ro3VbcPHbgFroJ7qMFz0Fc5kYY8IdwXjG\nlyG9MobKEO2CfBGRjPmCuTQq2HcuOy7F6KfQf3HToI8MmC5hBtCmTNbV8I3GIjWA\n/xJQLm2pVZ41QhrnNGtuqAYoe3Zt6OldxGRcoAj7KlIpYcPZ55PJ6mWcV6dB9Fnl\n5mYOwQL8jtfybbGWvqJldhTxUqm7/EbAaF0Qjmh4oOHMl2xADrmYzJHvf0llwr6g\noRQuzqxPi0aW3tkFNsm63NX1Ab5BXFQhMSj5+82blwIDAQABo2IwYDAOBgNVHQ8B\nAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1UdDgQH\nBAUBAgMEBjAfBgNVHSMEGDAWgBRs4xR91qEjNRGmw391xS7x6Tc+8jANBgkqhkiG\n9w0BAQsFAAOCAQEAphLT8PjawRRWswU1B5oWnnqeTllnvGB88sjDPLAG0UiBlDLX\nwoPiBVPWuYV+MMJuaREgheYF1Ahx4Jrfy9stFDU7B99ON1T58oM1aKEq4rKc+/Ke\nyxrAFTonclC0LNaaOvpZZjsPFWr2muTQO8XHiS8icw3BLxEzoF+5aJ8ihtxRtfKL\nUvtHDqC6IPAbSUcvqyjrFh3RrTUAyGOzW12IEWSXP9DLwoiLPwJ6kCVoXdG/asjz\nUpk/jj7AUn9oJNF8nUbyhdOnmeJ2z0x1ylgYrIAxvGzm8zs+NEVN67CrBYKwstlN\nvw7DRQsCvGJjZzWj28VV3FGLtXFgu52bFZNBww==\n-----END CERTIFICATE-----\n",
+  "client_cert_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJJwIBAAKCAgEAp1r07jiHYajixERHBCan0ALQ6GLt61A4ozn317lhWYDan2Ux\npqA+WaiV8cG2eLQkk6XUrXh7cq+yV5zyUDdXbLJVPqt4WioxaGUXN/f+7uP/Fwk8\nJamzJfWFXMKkvhS5DIi0ssqs68j+2PB/HInUyoOeqeSQC2hCn82Uuiptxvggop0e\noTTVvXJFrMtvWtP/RDAFLTPi7JOTo7B8zp1q7rqh7AseDgyOWiUGjAtap7ZG15Ib\ndFg4sALfUg0N7i1q7gKEiQyvWuhIEd2tCX+2YlT4sJWTY6wfyOTkMhQxqnJkgJdq\n3Saj5Jmg1yihci9XBjCMh7+tkMyaDHUaF7ttJcchsQLxI0DVR7seCwN3W3//OZxF\nUyNrj/HKzH9iZ824OfcxfokzCRqVJWrQsitkSUv5rx221CH+UaN1W3Dx24Ba6Ce6\njBc9BXOZGGPCHcF4xpchvTKGyhDtgnwRkYz5grk0Kth3Ljsuxein0H9x06CPDJgu\nYQbQpkzW1fCNxiI1gP8SUC5tqVWeNUIa5zRrbqgGKHt2bejpXcRkXKAI+ypSKWHD\n2eeTyeplnFenQfRZ5eZmDsEC/I7X8m2xlr6iZXYU8VKpu/xGwGhdEI5oeKDhzJds\nQA65mMyR739JZcK+oKEULs6sT4tGlt7ZBTbJutzV9QG+QVxUITEo+fvNm5cCAwEA\nAQKCAgAmCIfNc89gpG8Ux6eUC+zrWxh7F7CWX97fSZdH0XuMSbplqyvDgHtrCOM6\n1BlSCS6e13skCVOU1tUjECoJjOoza7vvyCxL4XblEMRcFeI8DFi2tYST0qNCJzAt\nypaCFFeRv6fBUkpGM6GnT9Czfad8drkiRy1tSj6J7sC0JlxYcZ+JFUgWvtksesHW\n6UzfSXqj1n32reoOdeOBueRDWIcqxgNyj3w/GR9o4S1BunrZzpT+/Nd8c2g+qAh0\nrz7ROEUq3iucseNQN6XZWZWvqPScGE+EYhni9wUqNMqfjvNSlzi7+K1yoQtyMm/Z\nNgSq3JNcdsAZQbiCRd1ko2BQsGm3ZBnbsAJ1Dxcn+i9nF5DT/ddWjUWin6LYWuUM\n/0Bqfv3etlrFuP6yxc8bPEMX0ucJg4yVxdkDrm1tYlJ+ANEQoOlZqhngvjz0f8uO\nOtEcDLmiG5VG6Yl72UtWIw+ALnKc5U7ib43Qve0bDAKR5zlHODcRetN9BCMvpekY\nOA4hohkllTP25xmMzLokBqY9n38zEt74kJOp67VKMvhoF7QkrLOfKWCRJjFL7/9I\nHDa6jb31INA9Wu+p/2LIa6I1SUYnMvCUqISgF2hBG9Q9S9TZvKnYUvfurhFS9jZv\n18sxW7IFYWmQyioo+gsAmfKLolJtLl9hCmTfYi7oqCh/EtZdIQKCAQEA0Umkp0Uu\nimVilLjgYGTWLcg8T3NWaELQzb2HYRXSzEq/M8GOtEr7TR7noJBm8fcgl55HEnPl\ni4cEJrr+VprzGbdMtXjHbCD+I945GA6vv3khg7mbqS9a1Uw6gjrQEZgZQU+/IVCu\n9Pbvx8Af32xaBWuN2cFzC7Z6iB815LPc2O5qyZ3+3nEUPah+Z+a9WEeTR6M0hy5c\nkkaRqhehugHDgqMRWGt8GfsFOmaR13kvfFfKadPRPkaGkftCSKBMWjrU4uX7aulm\nD7k4VDbnXIBMhI039+0znSkhZdcV1zk6qwBYn9TtZ11PTlspFPjtPxqS5M6IGflw\nsXkZGv4rZ5CkiQKCAQEAzLVdw2qw/8rWGsCV39EKp7hXLvp7+FuodPvX1L55lWB0\nvmSOldGcNvb2ZsK3RNvgteb8VfKRgaY6waeN5Qm1UXazsOX4F+GThPGHstdNuzkt\nJofRQQHQVR3npZbCngSkSZdahQ9SjiLIDKn8baPN8I8HfpJ4oHLUvkayavbch1kJ\nYWUfGtVKxHGX5m/nnxLdgbJEx9Q+3Qa7DDHuxTqsEqhkk0R0Ganred34HjpDNMs6\nV95HFNolW3yKfuHETKA1bLhej+XdMa11Ts5hBVGCMnnT07WcGhxtyK2dSa656SyT\ngT9+Hd1VWZ/KPpAkQmH9boOr2ihE+oAXiZ4D1t53HwKCAQAD0cA7fTu4Mtl1tVoC\n6FQwSbMwD/7HsFB3MLpDv041hDexDhs4lxW29pVrjLcUO1pQ6gaKA6twvGoK+uah\nVfqRwZKYzTd2dbOtm+SW183FRMSjzsNUdxTFR7rZnZEmgQwU8Quf5AUNW2RM1Oi/\n/w41gxz3mFwtHotl6IvnPJEPNGqme0enb5Da/zQvWTqjXcsGR6gxv1rZIIiP/hZp\nepbCz48FehCtuLMDudN3hzKipkd/Xuo2pLrX9ynigWpjSyePbHsGHHRMXSj2AHqA\naab71EftMlr6x0FgxmgToWu8qyjy4cPjWwSTfX5mb5SEzktX+ZzqPG8eDgOzRmgs\nX6thAoIBADL3kQG/hZQaL1Z3zpjsFggOKH7E1KrQP0/pCCKqzeC4JDjnFm0MxCUX\nNd/96N1XFUqU2QyZGUs7VPO0QOrekOtYb4LCrxNbEXyPGicX3f2YTbqDJEFYL0OR\n74PV1ly7cR/1dA8e8oH6/O3SQMwXdYXIRqhn1Wq1TGyXc4KYNe3o6CH8qFLo+fWR\nBq3T/MopS0coWGGcYY5sR5PQts8aPY9jp67W40UkfkFYV5dHEEaLttn7uJzjd1ug\n1Waj1VjypnqMKNcQ9xKQSl21mohVc+IXXPsgA16o51iIiVm4DAeXFp6ebUsIOWDY\nHOWYw75XYV7rn5TwY8Qusi2MTw5nUycCggEAB/45U0LW7ZGpks/aF/BeGaSWiLIG\nodBWUjRQ4w+Le/pTC8Ci9fiidxuCDH6TQbsUTGKOk7GsfncWHTQJogaMyO26IJ1N\nmYGgK2JJvs7PKyIkocPDVD/Yh0gIzQIE92ZdyXUT21pIYKDUB9e3p0fy/+E0pyeI\nsmsV8oaLr4tZRY1cMogI+pvtUUferbLQmZHhFd9X3m3RslR43Dl1qpYQyzE3x/a3\nWA2NJZbJhh+LiAKzqk7swXOqrTrmXuzLcjMG+T/3lizrbLLuKjQrf+eehlpw0db0\nHVVvkMLOP5ZH/ImkmvOZJY7xxup89VV7LD7TfMKwXafOrjMDdvTAYPtgxw==\n-----END RSA PRIVATE KEY-----\n"
 }
 ```
 
diff --git a/provision/api/logging.go b/provision/api/logging.go
index 033e4c4034..2156c722f9 100644
--- a/provision/api/logging.go
+++ b/provision/api/logging.go
@@ -42,22 +42,22 @@ func (lm *loggingMiddleware) Provision(domainID, token, name, externalID, extern
 	return lm.svc.Provision(domainID, token, name, externalID, externalKey)
 }
 
-func (lm *loggingMiddleware) Cert(domainID, token, thingID, duration string) (cert, key string, err error) {
+func (lm *loggingMiddleware) Cert(domainID, token, clientID, duration string) (cert, key string, err error) {
 	defer func(begin time.Time) {
 		args := []any{
 			slog.String("duration", time.Since(begin).String()),
-			slog.String("client_id", thingID),
+			slog.String("client_id", clientID),
 			slog.String("ttl", duration),
 		}
 		if err != nil {
 			args = append(args, slog.Any("error", err))
-			lm.logger.Warn("Thing certificate failed to create successfully", args...)
+			lm.logger.Warn("Client certificate failed to create successfully", args...)
 			return
 		}
-		lm.logger.Info("Thing certificate created successfully", args...)
+		lm.logger.Info("Client certificate created successfully", args...)
 	}(time.Now())
 
-	return lm.svc.Cert(domainID, token, thingID, duration)
+	return lm.svc.Cert(domainID, token, clientID, duration)
 }
 
 func (lm *loggingMiddleware) Mapping(token string) (res map[string]interface{}, err error) {
diff --git a/provision/config_test.go b/provision/config_test.go
index 395409a87a..13b6404cd1 100644
--- a/provision/config_test.go
+++ b/provision/config_test.go
@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	"github.com/absmach/magistrala/channels"
+	"github.com/absmach/magistrala/clients"
 	"github.com/absmach/magistrala/pkg/errors"
 	"github.com/absmach/magistrala/provision"
 	"github.com/pelletier/go-toml"
@@ -30,7 +31,7 @@ var (
 				"test": "test",
 			},
 		},
-		Clients: []things.Client{
+		Clients: []clients.Client{
 			{
 				ID:   "1234567890",
 				Name: "test",
diff --git a/provision/mocks/service.go b/provision/mocks/service.go
index ff45e5faca..1ee4a20065 100644
--- a/provision/mocks/service.go
+++ b/provision/mocks/service.go
@@ -14,9 +14,9 @@ type Service struct {
 	mock.Mock
 }
 
-// Cert provides a mock function with given fields: domainID, token, thingID, duration
-func (_m *Service) Cert(domainID string, token string, thingID string, duration string) (string, string, error) {
-	ret := _m.Called(domainID, token, thingID, duration)
+// Cert provides a mock function with given fields: domainID, token, clientID, duration
+func (_m *Service) Cert(domainID string, token string, clientID string, duration string) (string, string, error) {
+	ret := _m.Called(domainID, token, clientID, duration)
 
 	if len(ret) == 0 {
 		panic("no return value specified for Cert")
@@ -26,22 +26,22 @@ func (_m *Service) Cert(domainID string, token string, thingID string, duration
 	var r1 string
 	var r2 error
 	if rf, ok := ret.Get(0).(func(string, string, string, string) (string, string, error)); ok {
-		return rf(domainID, token, thingID, duration)
+		return rf(domainID, token, clientID, duration)
 	}
 	if rf, ok := ret.Get(0).(func(string, string, string, string) string); ok {
-		r0 = rf(domainID, token, thingID, duration)
+		r0 = rf(domainID, token, clientID, duration)
 	} else {
 		r0 = ret.Get(0).(string)
 	}
 
 	if rf, ok := ret.Get(1).(func(string, string, string, string) string); ok {
-		r1 = rf(domainID, token, thingID, duration)
+		r1 = rf(domainID, token, clientID, duration)
 	} else {
 		r1 = ret.Get(1).(string)
 	}
 
 	if rf, ok := ret.Get(2).(func(string, string, string, string) error); ok {
-		r2 = rf(domainID, token, thingID, duration)
+		r2 = rf(domainID, token, clientID, duration)
 	} else {
 		r2 = ret.Error(2)
 	}
diff --git a/provision/service.go b/provision/service.go
index ea2aac8d78..be0ec763cc 100644
--- a/provision/service.go
+++ b/provision/service.go
@@ -25,13 +25,13 @@ const (
 var (
 	ErrUnauthorized             = errors.New("unauthorized access")
 	ErrFailedToCreateToken      = errors.New("failed to create access token")
-	ErrEmptyThingsList          = errors.New("clients list in configuration empty")
-	ErrThingUpdate              = errors.New("failed to update thing")
+	ErrEmptyClientsList         = errors.New("clients list in configuration empty")
+	ErrClientUpdate             = errors.New("failed to update client")
 	ErrEmptyChannelsList        = errors.New("channels list in configuration is empty")
 	ErrFailedChannelCreation    = errors.New("failed to create channel")
 	ErrFailedChannelRetrieval   = errors.New("failed to retrieve channel")
-	ErrFailedThingCreation      = errors.New("failed to create thing")
-	ErrFailedThingRetrieval     = errors.New("failed to retrieve thing")
+	ErrFailedClientCreation     = errors.New("failed to create client")
+	ErrFailedClientRetrieval    = errors.New("failed to retrieve client")
 	ErrMissingCredentials       = errors.New("missing credentials")
 	ErrFailedBootstrapRetrieval = errors.New("failed to retrieve bootstrap")
 	ErrFailedCertCreation       = errors.New("failed to create certificates")
@@ -52,10 +52,10 @@ var _ Service = (*provisionService)(nil)
 type Service interface {
 	// Provision is the only method this API specifies. Depending on the configuration,
 	// the following actions will can be executed:
-	// - create a Thing based on external_id (eg. MAC address)
+	// - create a Client based on external_id (eg. MAC address)
 	// - create multiple Channels
 	// - create Bootstrap configuration
-	// - whitelist Thing in Bootstrap configuration == connect Thing to Channels
+	// - whitelist Client in Bootstrap configuration == connect Client to Channels
 	Provision(domainID, token, name, externalID, externalKey string) (Result, error)
 
 	// Mapping returns current configuration used for provision
@@ -67,7 +67,7 @@ type Service interface {
 	// A duration string is a possibly signed sequence of decimal numbers,
 	// each with optional fraction and a unit suffix, such as "300ms", "-1.5h" or "2h45m".
 	// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
-	Cert(domainID, token, thingID, duration string) (string, string, error)
+	Cert(domainID, token, clientID, duration string) (string, string, error)
 }
 
 type provisionService struct {
@@ -123,7 +123,7 @@ func (ps *provisionService) Provision(domainID, token, name, externalID, externa
 	}
 
 	if len(ps.conf.Clients) == 0 {
-		return res, ErrEmptyThingsList
+		return res, ErrEmptyClientsList
 	}
 	if len(ps.conf.Channels) == 0 {
 		return res, ErrEmptyChannelsList
@@ -145,14 +145,14 @@ func (ps *provisionService) Provision(domainID, token, name, externalID, externa
 		cli, err := ps.sdk.CreateClient(cli, domainID, token)
 		if err != nil {
 			res.Error = err.Error()
-			return res, errors.Wrap(ErrFailedThingCreation, err)
+			return res, errors.Wrap(ErrFailedClientCreation, err)
 		}
 
 		// Get newly created client (in order to get the key).
 		cli, err = ps.sdk.Client(cli.ID, domainID, token)
 		if err != nil {
-			e := errors.Wrap(err, fmt.Errorf("thing id: %s", cli.ID))
-			return res, errors.Wrap(ErrFailedThingRetrieval, e)
+			e := errors.Wrap(err, fmt.Errorf("client id: %s", cli.ID))
+			return res, errors.Wrap(ErrFailedClientRetrieval, e)
 		}
 		clients = append(clients, cli)
 	}
@@ -222,7 +222,7 @@ func (ps *provisionService) Provision(domainID, token, name, externalID, externa
 
 			cert, err = ps.sdk.IssueCert(c.ID, ps.conf.Cert.TTL, domainID, token)
 			if err != nil {
-				e := errors.Wrap(err, fmt.Errorf("thing id: %s", c.ID))
+				e := errors.Wrap(err, fmt.Errorf("client id: %s", c.ID))
 				return res, errors.Wrap(ErrFailedCertCreation, e)
 			}
 			cert, err := ps.sdk.ViewCert(cert.SerialNumber, domainID, token)
@@ -244,7 +244,7 @@ func (ps *provisionService) Provision(domainID, token, name, externalID, externa
 		if ps.conf.Bootstrap.AutoWhiteList {
 			if err := ps.sdk.Whitelist(c.ID, Active, domainID, token); err != nil {
 				res.Error = err.Error()
-				return res, ErrThingUpdate
+				return res, ErrClientUpdate
 			}
 			res.Whitelisted[c.ID] = true
 		}
@@ -362,7 +362,7 @@ func (ps *provisionService) recover(e *error, ths *[]sdk.Client, chs *[]sdk.Chan
 	}
 	clients, channels, domainID, token, err := *ths, *chs, *dm, *tkn, *e
 
-	if errors.Contains(err, ErrFailedThingRetrieval) || errors.Contains(err, ErrFailedChannelCreation) {
+	if errors.Contains(err, ErrFailedClientRetrieval) || errors.Contains(err, ErrFailedChannelCreation) {
 		for _, c := range clients {
 			err := ps.sdk.DeleteClient(c.ID, domainID, token)
 			ps.errLog(err)
@@ -396,7 +396,7 @@ func (ps *provisionService) recover(e *error, ths *[]sdk.Client, chs *[]sdk.Chan
 		}
 	}
 
-	if errors.Contains(err, ErrThingUpdate) || errors.Contains(err, ErrGatewayUpdate) {
+	if errors.Contains(err, ErrClientUpdate) || errors.Contains(err, ErrGatewayUpdate) {
 		clean(ps, clients, channels, domainID, token)
 		for _, th := range clients {
 			if ps.conf.Bootstrap.X509Provision && needsBootstrap(th) {
diff --git a/provision/service_test.go b/provision/service_test.go
index 6d2aeb1a71..70c8f46524 100644
--- a/provision/service_test.go
+++ b/provision/service_test.go
@@ -62,33 +62,33 @@ func TestMapping(t *testing.T) {
 
 func TestCert(t *testing.T) {
 	cases := []struct {
-		desc        string
-		config      provision.Config
-		domainID    string
-		token       string
-		thingID     string
-		ttl         string
-		serial      string
-		cert        string
-		key         string
-		sdkThingErr error
-		sdkCertErr  error
-		sdkTokenErr error
-		err         error
+		desc         string
+		config       provision.Config
+		domainID     string
+		token        string
+		clientID     string
+		ttl          string
+		serial       string
+		cert         string
+		key          string
+		sdkClientErr error
+		sdkCertErr   error
+		sdkTokenErr  error
+		err          error
 	}{
 		{
-			desc:        "valid",
-			config:      validConfig,
-			domainID:    testsutil.GenerateUUID(t),
-			token:       validToken,
-			thingID:     testsutil.GenerateUUID(t),
-			ttl:         "1h",
-			cert:        "cert",
-			key:         "key",
-			sdkThingErr: nil,
-			sdkCertErr:  nil,
-			sdkTokenErr: nil,
-			err:         nil,
+			desc:         "valid",
+			config:       validConfig,
+			domainID:     testsutil.GenerateUUID(t),
+			token:        validToken,
+			clientID:     testsutil.GenerateUUID(t),
+			ttl:          "1h",
+			cert:         "cert",
+			key:          "key",
+			sdkClientErr: nil,
+			sdkCertErr:   nil,
+			sdkTokenErr:  nil,
+			err:          nil,
 		},
 		{
 			desc: "empty token with config API key",
@@ -96,16 +96,16 @@ func TestCert(t *testing.T) {
 				Server: provision.ServiceConf{MgAPIKey: "key"},
 				Cert:   provision.Cert{TTL: "1h"},
 			},
-			domainID:    testsutil.GenerateUUID(t),
-			token:       "",
-			thingID:     testsutil.GenerateUUID(t),
-			ttl:         "1h",
-			cert:        "cert",
-			key:         "key",
-			sdkThingErr: nil,
-			sdkCertErr:  nil,
-			sdkTokenErr: nil,
-			err:         nil,
+			domainID:     testsutil.GenerateUUID(t),
+			token:        "",
+			clientID:     testsutil.GenerateUUID(t),
+			ttl:          "1h",
+			cert:         "cert",
+			key:          "key",
+			sdkClientErr: nil,
+			sdkCertErr:   nil,
+			sdkTokenErr:  nil,
+			err:          nil,
 		},
 		{
 			desc: "empty token with username and password",
@@ -117,16 +117,16 @@ func TestCert(t *testing.T) {
 				},
 				Cert: provision.Cert{TTL: "1h"},
 			},
-			domainID:    testsutil.GenerateUUID(t),
-			token:       "",
-			thingID:     testsutil.GenerateUUID(t),
-			ttl:         "1h",
-			cert:        "cert",
-			key:         "key",
-			sdkThingErr: nil,
-			sdkCertErr:  nil,
-			sdkTokenErr: nil,
-			err:         nil,
+			domainID:     testsutil.GenerateUUID(t),
+			token:        "",
+			clientID:     testsutil.GenerateUUID(t),
+			ttl:          "1h",
+			cert:         "cert",
+			key:          "key",
+			sdkClientErr: nil,
+			sdkCertErr:   nil,
+			sdkTokenErr:  nil,
+			err:          nil,
 		},
 		{
 			desc: "empty token with username and invalid password",
@@ -138,16 +138,16 @@ func TestCert(t *testing.T) {
 				},
 				Cert: provision.Cert{TTL: "1h"},
 			},
-			domainID:    testsutil.GenerateUUID(t),
-			token:       "",
-			thingID:     testsutil.GenerateUUID(t),
-			ttl:         "1h",
-			cert:        "",
-			key:         "",
-			sdkThingErr: nil,
-			sdkCertErr:  nil,
-			sdkTokenErr: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, 401),
-			err:         provision.ErrFailedToCreateToken,
+			domainID:     testsutil.GenerateUUID(t),
+			token:        "",
+			clientID:     testsutil.GenerateUUID(t),
+			ttl:          "1h",
+			cert:         "",
+			key:          "",
+			sdkClientErr: nil,
+			sdkCertErr:   nil,
+			sdkTokenErr:  errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, 401),
+			err:          provision.ErrFailedToCreateToken,
 		},
 		{
 			desc: "empty token with empty username and password",
@@ -155,58 +155,58 @@ func TestCert(t *testing.T) {
 				Server: provision.ServiceConf{},
 				Cert:   provision.Cert{TTL: "1h"},
 			},
-			domainID:    testsutil.GenerateUUID(t),
-			token:       "",
-			thingID:     testsutil.GenerateUUID(t),
-			ttl:         "1h",
-			cert:        "",
-			key:         "",
-			sdkThingErr: nil,
-			sdkCertErr:  nil,
-			sdkTokenErr: nil,
-			err:         provision.ErrMissingCredentials,
+			domainID:     testsutil.GenerateUUID(t),
+			token:        "",
+			clientID:     testsutil.GenerateUUID(t),
+			ttl:          "1h",
+			cert:         "",
+			key:          "",
+			sdkClientErr: nil,
+			sdkCertErr:   nil,
+			sdkTokenErr:  nil,
+			err:          provision.ErrMissingCredentials,
 		},
 		{
-			desc:        "invalid thingID",
-			config:      validConfig,
-			domainID:    testsutil.GenerateUUID(t),
-			token:       "invalid",
-			thingID:     testsutil.GenerateUUID(t),
-			ttl:         "1h",
-			cert:        "",
-			key:         "",
-			sdkThingErr: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, 401),
-			sdkCertErr:  nil,
-			sdkTokenErr: nil,
-			err:         provision.ErrUnauthorized,
+			desc:         "invalid clientID",
+			config:       validConfig,
+			domainID:     testsutil.GenerateUUID(t),
+			token:        "invalid",
+			clientID:     testsutil.GenerateUUID(t),
+			ttl:          "1h",
+			cert:         "",
+			key:          "",
+			sdkClientErr: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, 401),
+			sdkCertErr:   nil,
+			sdkTokenErr:  nil,
+			err:          provision.ErrUnauthorized,
 		},
 		{
-			desc:        "invalid thingID",
-			config:      validConfig,
-			domainID:    testsutil.GenerateUUID(t),
-			token:       validToken,
-			thingID:     "invalid",
-			ttl:         "1h",
-			cert:        "",
-			key:         "",
-			sdkThingErr: errors.NewSDKErrorWithStatus(repoerr.ErrNotFound, 404),
-			sdkCertErr:  nil,
-			sdkTokenErr: nil,
-			err:         provision.ErrUnauthorized,
+			desc:         "invalid clientID",
+			config:       validConfig,
+			domainID:     testsutil.GenerateUUID(t),
+			token:        validToken,
+			clientID:     "invalid",
+			ttl:          "1h",
+			cert:         "",
+			key:          "",
+			sdkClientErr: errors.NewSDKErrorWithStatus(repoerr.ErrNotFound, 404),
+			sdkCertErr:   nil,
+			sdkTokenErr:  nil,
+			err:          provision.ErrUnauthorized,
 		},
 		{
-			desc:        "failed to issue cert",
-			config:      validConfig,
-			domainID:    testsutil.GenerateUUID(t),
-			token:       validToken,
-			thingID:     testsutil.GenerateUUID(t),
-			ttl:         "1h",
-			cert:        "",
-			key:         "",
-			sdkThingErr: nil,
-			sdkTokenErr: nil,
-			sdkCertErr:  errors.NewSDKError(repoerr.ErrCreateEntity),
-			err:         repoerr.ErrCreateEntity,
+			desc:         "failed to issue cert",
+			config:       validConfig,
+			domainID:     testsutil.GenerateUUID(t),
+			token:        validToken,
+			clientID:     testsutil.GenerateUUID(t),
+			ttl:          "1h",
+			cert:         "",
+			key:          "",
+			sdkClientErr: nil,
+			sdkTokenErr:  nil,
+			sdkCertErr:   errors.NewSDKError(repoerr.ErrCreateEntity),
+			err:          repoerr.ErrCreateEntity,
 		},
 	}
 
@@ -215,15 +215,15 @@ func TestCert(t *testing.T) {
 			mgsdk := new(sdkmocks.SDK)
 			svc := provision.New(c.config, mgsdk, mglog.NewMock())
 
-			mgsdk.On("Thing", c.thingID, c.domainID, mock.Anything).Return(sdk.Client{ID: c.thingID}, c.sdkThingErr)
-			mgsdk.On("IssueCert", c.thingID, c.config.Cert.TTL, c.domainID, mock.Anything).Return(sdk.Cert{SerialNumber: c.serial}, c.sdkCertErr)
+			mgsdk.On("Client", c.clientID, c.domainID, mock.Anything).Return(sdk.Client{ID: c.clientID}, c.sdkClientErr)
+			mgsdk.On("IssueCert", c.clientID, c.config.Cert.TTL, c.domainID, mock.Anything).Return(sdk.Cert{SerialNumber: c.serial}, c.sdkCertErr)
 			mgsdk.On("ViewCert", c.serial, mock.Anything, mock.Anything).Return(sdk.Cert{Certificate: c.cert, Key: c.key}, c.sdkCertErr)
 			login := sdk.Login{
 				Identity: c.config.Server.MgUsername,
 				Secret:   c.config.Server.MgPass,
 			}
 			mgsdk.On("CreateToken", login).Return(sdk.Token{AccessToken: validToken}, c.sdkTokenErr)
-			cert, key, err := svc.Cert(c.domainID, c.token, c.thingID, c.ttl)
+			cert, key, err := svc.Cert(c.domainID, c.token, c.clientID, c.ttl)
 			assert.Equal(t, c.cert, cert)
 			assert.Equal(t, c.key, key)
 			assert.True(t, errors.Contains(err, c.err), fmt.Sprintf("expected error %v, got %v", c.err, err))
diff --git a/readers/api/endpoint_test.go b/readers/api/endpoint_test.go
index 5d19465b3a..2e7fea0187 100644
--- a/readers/api/endpoint_test.go
+++ b/readers/api/endpoint_test.go
@@ -26,7 +26,7 @@ import (
 
 const (
 	svcName       = "test-service"
-	thingToken    = "1"
+	clientToken   = "1"
 	userToken     = "token"
 	invalidToken  = "invalid"
 	email         = "user@example.com"
@@ -169,63 +169,63 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with negative offset as thing",
+			desc:         "read page with negative offset as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?offset=-1&limit=10", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with negative limit as thing",
+			desc:         "read page with negative limit as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?offset=0&limit=-10", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with zero limit as thing",
+			desc:         "read page with zero limit as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?offset=0&limit=0", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with non-integer offset as thing",
+			desc:         "read page with non-integer offset as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?offset=abc&limit=10", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with non-integer limit as thing",
+			desc:         "read page with non-integer limit as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?offset=0&limit=abc", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with invalid channel id as thing",
+			desc:         "read page with invalid channel id as client",
 			url:          fmt.Sprintf("%s/channels//messages?offset=0&limit=10", ts.URL),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with multiple offset as thing",
+			desc:         "read page with multiple offset as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?offset=0&offset=1&limit=10", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with multiple limit as thing",
+			desc:         "read page with multiple limit as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?offset=0&limit=20&limit=10", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with empty token as thing",
+			desc:         "read page with empty token as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?offset=0&limit=10", ts.URL, chanID),
 			token:        "",
 			authResponse: false,
@@ -233,9 +233,9 @@ func TestReadAll(t *testing.T) {
 			err:          svcerr.ErrAuthorization,
 		},
 		{
-			desc:         "read page with default offset as thing",
+			desc:         "read page with default offset as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?limit=10", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -245,9 +245,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with default limit as thing",
+			desc:         "read page with default limit as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?offset=0", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -257,9 +257,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with senml format as thing",
+			desc:         "read page with senml format as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?format=messages", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -269,9 +269,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with subtopic as thing",
+			desc:         "read page with subtopic as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?subtopic=%s&protocol=%s", ts.URL, chanID, subtopic, httpProt),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -281,9 +281,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with subtopic and protocol as thing",
+			desc:         "read page with subtopic and protocol as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?subtopic=%s&protocol=%s", ts.URL, chanID, subtopic, httpProt),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -293,9 +293,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with publisher as thing",
+			desc:         "read page with publisher as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?publisher=%s", ts.URL, chanID, pubID2),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -306,9 +306,9 @@ func TestReadAll(t *testing.T) {
 		},
 
 		{
-			desc:         "read page with protocol as thing",
+			desc:         "read page with protocol as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?protocol=http", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -318,9 +318,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with name as thing",
+			desc:         "read page with name as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?name=%s", ts.URL, chanID, msgName),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -330,9 +330,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with value as thing",
+			desc:         "read page with value as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?v=%f", ts.URL, chanID, v),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -342,9 +342,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with value and equal comparator as thing",
+			desc:         "read page with value and equal comparator as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?v=%f&comparator=%s", ts.URL, chanID, v, readers.EqualKey),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -354,9 +354,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with value and lower-than comparator as thing",
+			desc:         "read page with value and lower-than comparator as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?v=%f&comparator=%s", ts.URL, chanID, v+1, readers.LowerThanKey),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -366,9 +366,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with value and lower-than-or-equal comparator as thing",
+			desc:         "read page with value and lower-than-or-equal comparator as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?v=%f&comparator=%s", ts.URL, chanID, v+1, readers.LowerThanEqualKey),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -378,9 +378,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with value and greater-than comparator as thing",
+			desc:         "read page with value and greater-than comparator as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?v=%f&comparator=%s", ts.URL, chanID, v-1, readers.GreaterThanKey),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -390,9 +390,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with value and greater-than-or-equal comparator as thing",
+			desc:         "read page with value and greater-than-or-equal comparator as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?v=%f&comparator=%s", ts.URL, chanID, v-1, readers.GreaterThanEqualKey),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -402,23 +402,23 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with non-float value as thing",
+			desc:         "read page with non-float value as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?v=ab01", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with value and wrong comparator as thing",
+			desc:         "read page with value and wrong comparator as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?v=%f&comparator=wrong", ts.URL, chanID, v-1),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with boolean value as thing",
+			desc:         "read page with boolean value as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?vb=true", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -428,16 +428,16 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with non-boolean value as thing",
+			desc:         "read page with non-boolean value as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?vb=yes", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with string value as thing",
+			desc:         "read page with string value as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?vs=%s", ts.URL, chanID, vs),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -447,9 +447,9 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with data value as thing",
+			desc:         "read page with data value as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?vd=%s", ts.URL, chanID, vd),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -459,23 +459,23 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with non-float from as thing",
+			desc:         "read page with non-float from as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?from=ABCD", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with non-float to as thing",
+			desc:         "read page with non-float to as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?to=ABCD", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with from/to as thing",
+			desc:         "read page with from/to as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?from=%f&to=%f", ts.URL, chanID, messages[19].Time, messages[4].Time),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -485,16 +485,16 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with aggregation as thing",
+			desc:         "read page with aggregation as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?aggregation=MAX", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with interval as thing",
+			desc:         "read page with interval as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?interval=10h", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -504,16 +504,16 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with aggregation and interval as thing",
+			desc:         "read page with aggregation and interval as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?aggregation=MAX&interval=10h", ts.URL, chanID),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with aggregation, interval, to and from as thing",
+			desc:         "read page with aggregation, interval, to and from as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?aggregation=MAX&interval=10h&from=%f&to=%f", ts.URL, chanID, messages[19].Time, messages[4].Time),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusOK,
 			res: pageRes{
@@ -523,37 +523,37 @@ func TestReadAll(t *testing.T) {
 			},
 		},
 		{
-			desc:         "read page with invalid aggregation and valid interval, to and from as thing",
+			desc:         "read page with invalid aggregation and valid interval, to and from as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?aggregation=invalid&interval=10h&from=%f&to=%f", ts.URL, chanID, messages[19].Time, messages[4].Time),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with invalid interval and valid aggregation, to and from as thing",
+			desc:         "read page with invalid interval and valid aggregation, to and from as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?aggregation=MAX&interval=10hrs&from=%f&to=%f", ts.URL, chanID, messages[19].Time, messages[4].Time),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with aggregation, interval and to with missing from as thing",
+			desc:         "read page with aggregation, interval and to with missing from as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?aggregation=MAX&interval=10h&to=%f", ts.URL, chanID, messages[4].Time),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with aggregation, interval and to with invalid from as thing",
+			desc:         "read page with aggregation, interval and to with invalid from as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?aggregation=MAX&interval=10h&to=ABCD&from=%f", ts.URL, chanID, messages[4].Time),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
 		{
-			desc:         "read page with aggregation, interval and to with invalid to as thing",
+			desc:         "read page with aggregation, interval and to with invalid to as client",
 			url:          fmt.Sprintf("%s/channels/%s/messages?aggregation=MAX&interval=10h&from=%f&to=ABCD", ts.URL, chanID, messages[4].Time),
-			key:          thingToken,
+			key:          clientToken,
 			authResponse: true,
 			status:       http.StatusBadRequest,
 		},
diff --git a/scripts/csv/clients.csv b/scripts/csv/clients.csv
new file mode 100644
index 0000000000..b5bc8e7fbc
--- /dev/null
+++ b/scripts/csv/clients.csv
@@ -0,0 +1,10 @@
+client_1
+client_2
+client_3
+client_4
+client_5
+client_6
+client_7
+client_8
+client_9
+client_10
diff --git a/scripts/csv/things.csv b/scripts/csv/things.csv
deleted file mode 100644
index 4636a47627..0000000000
--- a/scripts/csv/things.csv
+++ /dev/null
@@ -1,10 +0,0 @@
-thing_1
-thing_2
-thing_3
-thing_4
-thing_5
-thing_6
-thing_7
-thing_8
-thing_9
-thing_10
diff --git a/scripts/provision-dev.sh b/scripts/provision-dev.sh
index ce73f0993d..a4d44edd75 100755
--- a/scripts/provision-dev.sh
+++ b/scripts/provision-dev.sh
@@ -31,13 +31,13 @@ curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -X POST -H
 JWTTOKEN=$(curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -X POST -H "Content-Type: application/json" https://localhost/users/tokens/issue -d '{"identity":"'"$EMAIL"'", "secret":"'"$PASSWORD"'"}' | grep -oP '"access_token":"\K[^"]+' )
 printf "JWT TOKEN for user is $JWTTOKEN \n"
 
-#provision thing
+#provision client
 printf "Provisioning client with name $DEVICE \n"
-DEVICEID=$(curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $JWTTOKEN" https://localhost/things -d '{"name":"'"$DEVICE"'", "status": "enabled"}' | grep -oP '"id":"\K[^"]+' )
-curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWTTOKEN" https://localhost/things/$DEVICEID
+DEVICEID=$(curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $JWTTOKEN" https://localhost/clients -d '{"name":"'"$DEVICE"'", "status": "enabled"}' | grep -oP '"id":"\K[^"]+' )
+curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWTTOKEN" https://localhost/clients/$DEVICEID
 
 #get client token
-DEVICETOKEN=$(curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -H "Authorization: Bearer $JWTTOKEN" https://localhost/things/$DEVICEID | grep -oP '"secret":"\K[^"]+' )
+DEVICETOKEN=$(curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -H "Authorization: Bearer $JWTTOKEN" https://localhost/clients/$DEVICEID | grep -oP '"secret":"\K[^"]+' )
 printf "Device token is $DEVICETOKEN \n"
 
 #provision channel
@@ -47,4 +47,4 @@ curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -X GET -H
 
 #connect client to channel
 printf "Connecting client of id $DEVICEID to channel of id $CHANNELID \n"
-curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -X PUT -H "Authorization: Bearer $JWTTOKEN" https://localhost/channels/$CHANNELID/things/$DEVICEID
+curl -s -S --cacert docker/ssl/certs/magistrala-server.crt --insecure -X PUT -H "Authorization: Bearer $JWTTOKEN" https://localhost/channels/$CHANNELID/clients/$DEVICEID
diff --git a/tools/e2e/README.md b/tools/e2e/README.md
index 19b146f3c0..dcbe2788f4 100644
--- a/tools/e2e/README.md
+++ b/tools/e2e/README.md
@@ -1,4 +1,4 @@
-# Magistrala Users Groups Things and Channels E2E Testing Tool
+# Magistrala Users Groups Clients and Channels E2E Testing Tool
 
 A simple utility to create a list of groups and users connected to these groups and channels and clients connected to these channels.
 
diff --git a/tools/e2e/e2e.go b/tools/e2e/e2e.go
index c55ec430f5..e86607737b 100644
--- a/tools/e2e/e2e.go
+++ b/tools/e2e/e2e.go
@@ -26,7 +26,7 @@ const (
 	numAdapters = 4
 	batchSize   = 99
 	usersPort   = "9002"
-	thingsPort  = "9000"
+	clientsPort = "9000"
 	domainsPort = "8189"
 )
 
@@ -55,8 +55,8 @@ type Config struct {
 // - Create groups using hierarchy
 // - Do Read, Update and Change of Status operations on groups.
 
-// - Create things
-// - Do Read, Update and Change of Status operations on things.
+// - Create clients
+// - Do Read, Update and Change of Status operations on clients.
 
 // - Create channels
 // - Do Read, Update and Change of Status operations on channels.
@@ -65,7 +65,7 @@ type Config struct {
 // - Publish message from HTTP, MQTT, WS and CoAP Adapters.
 func Test(conf Config) {
 	sdkConf := sdk.Config{
-		ClientsURL:      fmt.Sprintf("http://%s:%s", conf.Host, thingsPort),
+		ClientsURL:      fmt.Sprintf("http://%s:%s", conf.Host, clientsPort),
 		UsersURL:        fmt.Sprintf("http://%s:%s", conf.Host, usersPort),
 		DomainsURL:      fmt.Sprintf("http://%s:%s", conf.Host, domainsPort),
 		HTTPAdapterURL:  fmt.Sprintf("http://%s/http", conf.Host),
@@ -95,9 +95,9 @@ func Test(conf Config) {
 	}
 	color.Success.Printf("created groups of ids:\n%s\n", magenta(getIDS(groups)))
 
-	clients, err := createThings(s, conf, domainID, token)
+	clients, err := createClients(s, conf, domainID, token)
 	if err != nil {
-		errExit(fmt.Errorf("unable to create things: %w", err))
+		errExit(fmt.Errorf("unable to create clients: %w", err))
 	}
 	color.Success.Printf("created clients of ids:\n%s\n", magenta(getIDS(clients)))
 
@@ -227,50 +227,50 @@ func createGroups(s sdk.SDK, conf Config, domainID, token string) ([]sdk.Group,
 	return groups, nil
 }
 
-func createThingsInBatch(s sdk.SDK, conf Config, domainID, token string, num uint64) ([]sdk.Client, error) {
+func createClientsInBatch(s sdk.SDK, conf Config, domainID, token string, num uint64) ([]sdk.Client, error) {
 	var err error
-	things := make([]sdk.Client, num)
+	clients := make([]sdk.Client, num)
 
 	for i := uint64(0); i < num; i++ {
-		things[i] = sdk.Client{
+		clients[i] = sdk.Client{
 			Name: fmt.Sprintf("%s%s", conf.Prefix, namesgenerator.Generate()),
 		}
 	}
 
-	things, err = s.CreateThings(things, domainID, token)
+	clients, err = s.CreateClients(clients, domainID, token)
 	if err != nil {
-		return []sdk.Client{}, fmt.Errorf("failed to create the things: %w", err)
+		return []sdk.Client{}, fmt.Errorf("failed to create the clients: %w", err)
 	}
 
-	return things, nil
+	return clients, nil
 }
 
-func createThings(s sdk.SDK, conf Config, domainID, token string) ([]sdk.Client, error) {
-	things := []sdk.Client{}
+func createClients(s sdk.SDK, conf Config, domainID, token string) ([]sdk.Client, error) {
+	clients := []sdk.Client{}
 
 	if conf.Num > batchSize {
 		batches := int(conf.Num) / batchSize
 		for i := 0; i < batches; i++ {
-			ths, err := createThingsInBatch(s, conf, domainID, token, batchSize)
+			ths, err := createClientsInBatch(s, conf, domainID, token, batchSize)
 			if err != nil {
-				return []sdk.Client{}, fmt.Errorf("failed to create the things: %w", err)
+				return []sdk.Client{}, fmt.Errorf("failed to create the clients: %w", err)
 			}
-			things = append(things, ths...)
+			clients = append(clients, ths...)
 		}
-		ths, err := createThingsInBatch(s, conf, domainID, token, conf.Num%uint64(batchSize))
+		ths, err := createClientsInBatch(s, conf, domainID, token, conf.Num%uint64(batchSize))
 		if err != nil {
-			return []sdk.Client{}, fmt.Errorf("failed to create the things: %w", err)
+			return []sdk.Client{}, fmt.Errorf("failed to create the clients: %w", err)
 		}
-		things = append(things, ths...)
+		clients = append(clients, ths...)
 	} else {
-		ths, err := createThingsInBatch(s, conf, domainID, token, conf.Num)
+		ths, err := createClientsInBatch(s, conf, domainID, token, conf.Num)
 		if err != nil {
-			return []sdk.Client{}, fmt.Errorf("failed to create the things: %w", err)
+			return []sdk.Client{}, fmt.Errorf("failed to create the clients: %w", err)
 		}
-		things = append(things, ths...)
+		clients = append(clients, ths...)
 	}
 
-	return things, nil
+	return clients, nil
 }
 
 func createChannelsInBatch(s sdk.SDK, conf Config, domainID, token string, num uint64) ([]sdk.Channel, error) {
@@ -461,45 +461,45 @@ func update(s sdk.SDK, domainID, token string, users []sdk.User, groups []sdk.Gr
 	for _, t := range clients {
 		t.Name = namesgenerator.Generate()
 		t.Metadata = sdk.Metadata{"Update": namesgenerator.Generate()}
-		rThing, err := s.UpdateClient(t, domainID, token)
+		rClient, err := s.UpdateClient(t, domainID, token)
 		if err != nil {
 			return fmt.Errorf("failed to update client %w", err)
 		}
-		if rThing.Name != t.Name {
-			return fmt.Errorf("failed to update client name before %s after %s", t.Name, rThing.Name)
+		if rClient.Name != t.Name {
+			return fmt.Errorf("failed to update client name before %s after %s", t.Name, rClient.Name)
 		}
-		if rThing.Metadata["Update"] != t.Metadata["Update"] {
-			return fmt.Errorf("failed to update client metadata before %s after %s", t.Metadata["Update"], rThing.Metadata["Update"])
+		if rClient.Metadata["Update"] != t.Metadata["Update"] {
+			return fmt.Errorf("failed to update client metadata before %s after %s", t.Metadata["Update"], rClient.Metadata["Update"])
 		}
-		t = rThing
-		rThing, err = s.UpdateClientSecret(t.ID, t.Credentials.Secret, domainID, token)
+		t = rClient
+		rClient, err = s.UpdateClientSecret(t.ID, t.Credentials.Secret, domainID, token)
 		if err != nil {
 			return fmt.Errorf("failed to update client secret %w", err)
 		}
-		t = rThing
+		t = rClient
 		t.Tags = []string{namesgenerator.Generate()}
-		rThing, err = s.UpdateClientTags(t, domainID, token)
+		rClient, err = s.UpdateClientTags(t, domainID, token)
 		if err != nil {
 			return fmt.Errorf("failed to update client tags %w", err)
 		}
-		if rThing.Tags[0] != t.Tags[0] {
-			return fmt.Errorf("failed to update client tags before %s after %s", t.Tags[0], rThing.Tags[0])
+		if rClient.Tags[0] != t.Tags[0] {
+			return fmt.Errorf("failed to update client tags before %s after %s", t.Tags[0], rClient.Tags[0])
 		}
-		t = rThing
-		rThing, err = s.DisableClient(t.ID, domainID, token)
+		t = rClient
+		rClient, err = s.DisableClient(t.ID, domainID, token)
 		if err != nil {
 			return fmt.Errorf("failed to disable client %w", err)
 		}
-		if rThing.Status != sdk.DisabledStatus {
-			return fmt.Errorf("failed to disable client before %s after %s", t.Status, rThing.Status)
+		if rClient.Status != sdk.DisabledStatus {
+			return fmt.Errorf("failed to disable client before %s after %s", t.Status, rClient.Status)
 		}
-		t = rThing
-		rThing, err = s.EnableClient(t.ID, domainID, token)
+		t = rClient
+		rClient, err = s.EnableClient(t.ID, domainID, token)
 		if err != nil {
 			return fmt.Errorf("failed to enable client %w", err)
 		}
-		if rThing.Status != sdk.EnabledStatus {
-			return fmt.Errorf("failed to enable client before %s after %s", t.Status, rThing.Status)
+		if rClient.Status != sdk.EnabledStatus {
+			return fmt.Errorf("failed to enable client before %s after %s", t.Status, rClient.Status)
 		}
 	}
 	for _, channel := range channels {
@@ -558,21 +558,21 @@ func messaging(s sdk.SDK, conf Config, domainID, token string, clients []sdk.Cli
 				func(num int64, client sdk.Client, channel sdk.Channel) {
 					g.Go(func() error {
 						msg := fmt.Sprintf(msgFormat, num+1, rand.Int())
-						return sendHTTPMessage(s, msg, thing, channel.ID)
+						return sendHTTPMessage(s, msg, client, channel.ID)
 					})
 					g.Go(func() error {
 						msg := fmt.Sprintf(msgFormat, num+2, rand.Int())
-						return sendCoAPMessage(msg, thing, channel.ID)
+						return sendCoAPMessage(msg, client, channel.ID)
 					})
 					g.Go(func() error {
 						msg := fmt.Sprintf(msgFormat, num+3, rand.Int())
-						return sendMQTTMessage(msg, thing, channel.ID)
+						return sendMQTTMessage(msg, client, channel.ID)
 					})
 					g.Go(func() error {
 						msg := fmt.Sprintf(msgFormat, num+4, rand.Int())
-						return sendWSMessage(conf, msg, thing, channel.ID)
+						return sendWSMessage(conf, msg, client, channel.ID)
 					})
-				}(bt, thing, channel)
+				}(bt, client, channel)
 				bt += numAdapters
 			}
 		}
@@ -582,26 +582,26 @@ func messaging(s sdk.SDK, conf Config, domainID, token string, clients []sdk.Cli
 }
 
 func sendHTTPMessage(s sdk.SDK, msg string, client sdk.Client, chanID string) error {
-	if err := s.SendMessage(chanID, msg, thing.Credentials.Secret); err != nil {
-		return fmt.Errorf("HTTP failed to send message from client %s to channel %s: %w", thing.ID, chanID, err)
+	if err := s.SendMessage(chanID, msg, client.Credentials.Secret); err != nil {
+		return fmt.Errorf("HTTP failed to send message from client %s to channel %s: %w", client.ID, chanID, err)
 	}
 
 	return nil
 }
 
 func sendCoAPMessage(msg string, client sdk.Client, chanID string) error {
-	cmd := exec.Command("coap-cli", "post", fmt.Sprintf("channels/%s/messages", chanID), "--auth", thing.Credentials.Secret, "-d", msg)
+	cmd := exec.Command("coap-cli", "post", fmt.Sprintf("channels/%s/messages", chanID), "--auth", client.Credentials.Secret, "-d", msg)
 	if _, err := cmd.CombinedOutput(); err != nil {
-		return fmt.Errorf("CoAP failed to send message from client %s to channel %s: %w", thing.ID, chanID, err)
+		return fmt.Errorf("CoAP failed to send message from client %s to channel %s: %w", client.ID, chanID, err)
 	}
 
 	return nil
 }
 
 func sendMQTTMessage(msg string, client sdk.Client, chanID string) error {
-	cmd := exec.Command("mosquitto_pub", "--id-prefix", "magistrala", "-u", thing.ID, "-P", thing.Credentials.Secret, "-t", fmt.Sprintf("channels/%s/messages", chanID), "-h", "localhost", "-m", msg)
+	cmd := exec.Command("mosquitto_pub", "--id-prefix", "magistrala", "-u", client.ID, "-P", client.Credentials.Secret, "-t", fmt.Sprintf("channels/%s/messages", chanID), "-h", "localhost", "-m", msg)
 	if _, err := cmd.CombinedOutput(); err != nil {
-		return fmt.Errorf("MQTT failed to send message from client %s to channel %s: %w", thing.ID, chanID, err)
+		return fmt.Errorf("MQTT failed to send message from client %s to channel %s: %w", client.ID, chanID, err)
 	}
 
 	return nil
@@ -609,14 +609,14 @@ func sendMQTTMessage(msg string, client sdk.Client, chanID string) error {
 
 func sendWSMessage(conf Config, msg string, client sdk.Client, chanID string) error {
 	socketURL := fmt.Sprintf("ws://%s:%s/channels/%s/messages", conf.Host, defWSPort, chanID)
-	header := http.Header{"Authorization": []string{thing.Credentials.Secret}}
+	header := http.Header{"Authorization": []string{client.Credentials.Secret}}
 	conn, _, err := websocket.DefaultDialer.Dial(socketURL, header)
 	if err != nil {
 		return fmt.Errorf("unable to connect to websocket: %w", err)
 	}
 	defer conn.Close()
 	if err := conn.WriteMessage(websocket.TextMessage, []byte(msg)); err != nil {
-		return fmt.Errorf("WS failed to send message from client %s to channel %s: %w", thing.ID, chanID, err)
+		return fmt.Errorf("WS failed to send message from client %s to channel %s: %w", client.ID, chanID, err)
 	}
 
 	return nil
diff --git a/tools/mqtt-bench/README.md b/tools/mqtt-bench/README.md
index 27c3d7f2db..4510a9dd86 100644
--- a/tools/mqtt-bench/README.md
+++ b/tools/mqtt-bench/README.md
@@ -46,7 +46,7 @@ Flags:
 
 Two output formats supported: human-readable plain text and JSON.
 
-Before use you need a `mgconn.toml` - a TOML file that describes Magistrala connection data (channels, thingIDs, thingKeys, certs).
+Before use you need a `mgconn.toml` - a TOML file that describes Magistrala connection data (channels, clientIDs, clientKeys, certs).
 You can use `provision` tool (in tools/provision) to create this TOML config file.
 
 ```bash
diff --git a/tools/provision/README.md b/tools/provision/README.md
index bdd53e8ade..5da5f9cf8d 100644
--- a/tools/provision/README.md
+++ b/tools/provision/README.md
@@ -1,4 +1,4 @@
-# Magistrala Things and Channels Provisioning Tool
+# Magistrala Clients and Channels Provisioning Tool
 
 A simple utility to create a list of channels and clients connected to these channels with possibility to create certificates for mTLS use case.
 
@@ -6,13 +6,15 @@ This tool is useful for testing, and it creates a TOML format output (on stdout,
 that can be used by Magistrala MQTT benchmarking tool (`mqtt-bench`).
 
 ## Installation
-```
+
+```bash
 cd tools/provision
 make
 ```
 
 ### Usage
-```
+
+```bash
 ./provision --help
 Tool for provisioning series of Magistrala channels and clients and connecting them together.
 Complete documentation is available at https://docs.magistrala.abstractmachines.fr
@@ -33,29 +35,29 @@ Flags:
 ```
 
 Example:
-```
+
+```bash
 go run tools/provision/cmd/main.go -u test@magistrala.com -p test1234 --host https://142.93.118.47
 ```
 
 If you want to create a list of channels with certificates:
 
-```
+```bash
 go run tools/provision/cmd/main.go  --host http://localhost --num 10 -u test@magistrala.com -p test1234 --ssl true --ca docker/ssl/certs/ca.crt --cakey docker/ssl/certs/ca.key
 
 ```
 
->`ca.crt` and `ca.key` are used for creating clients certificate and for HTTPS,
+> `ca.crt` and `ca.key` are used for creating clients certificate and for HTTPS,
 > if you are provisioning on remote server you will have to get these files to your local
-> directory so that you can create certificates for things
-
+> directory so that you can create certificates for clients
 
 Example of output:
 
-```
+```bash
 # List of clients that can be connected to MQTT broker
-[[things]]
+[[clients]]
 client_id = "0eac601b-6d54-4767-b8b7-594aaf9990d3"
-thing_key = "07713103-513f-43c7-b7fe-500c1af23d7d"
+client_key = "07713103-513f-43c7-b7fe-500c1af23d7d"
 mtls_cert = """-----BEGIN CERTIFICATE-----
 MIIEmTCCA4GgAwIBAgIRAO50qOfXsU+cHm/QY2NYu+0wDQYJKoZIhvcNAQELBQAw
 VzESMBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWluZmx1eDEMMAoGA1UE
@@ -139,7 +141,7 @@ uCRt+TFMyEfqilipmNsV7esgbroiyEGXGMI8JdBY9OsnK6ZSlXaMnQ9vq2kK
 
 # List of channels that clients can publish to
 # each channel is connected to each client from clients list
-# Things connected to channel 1f18afa1-29c4-4634-99d1-68dfa1b74e6a: 0eac601b-6d54-4767-b8b7-594aaf9990d3
+# Clients connected to channel 1f18afa1-29c4-4634-99d1-68dfa1b74e6a: 0eac601b-6d54-4767-b8b7-594aaf9990d3
 [[channels]]
 channel_id = "1f18afa1-29c4-4634-99d1-68dfa1b74e6a"
 
diff --git a/tools/provision/provision.go b/tools/provision/provision.go
index 0e3dbfc272..c26617cae4 100644
--- a/tools/provision/provision.go
+++ b/tools/provision/provision.go
@@ -155,13 +155,13 @@ func Provision(conf Config) error {
 	fmt.Println("# List of clients that can be connected to MQTT broker")
 
 	for i := 0; i < conf.Num; i++ {
-		clients[i] = sdk.Client{Name: fmt.Sprintf("%s-thing-%d", conf.Prefix, i)}
+		clients[i] = sdk.Client{Name: fmt.Sprintf("%s-client-%d", conf.Prefix, i)}
 		channels[i] = sdk.Channel{Name: fmt.Sprintf("%s-channel-%d", conf.Prefix, i)}
 	}
 
 	clients, err = s.CreateClients(clients, domain.ID, token.AccessToken)
 	if err != nil {
-		return fmt.Errorf("failed to create the things: %s", err.Error())
+		return fmt.Errorf("failed to create the clients: %s", err.Error())
 	}
 
 	var chs []sdk.Channel
@@ -241,7 +241,7 @@ func Provision(conf Config) error {
 		}
 
 		// Print output
-		fmt.Printf("[[things]]\nclient_id = \"%s\"\nthing_key = \"%s\"\n", clients[i].ID, clients[i].Credentials.Secret)
+		fmt.Printf("[[clients]]\nclient_id = \"%s\"\nclient_key = \"%s\"\n", clients[i].ID, clients[i].Credentials.Secret)
 		if conf.SSL {
 			fmt.Printf("mtls_cert = \"\"\"%s\"\"\"\n", cert)
 			fmt.Printf("mtls_key = \"\"\"%s\"\"\"\n", key)
diff --git a/users/api/endpoint_test.go b/users/api/endpoint_test.go
index 6aacb68078..b886129b6e 100644
--- a/users/api/endpoint_test.go
+++ b/users/api/endpoint_test.go
@@ -2359,8 +2359,8 @@ func TestEnable(t *testing.T) {
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
 			status:   http.StatusUnprocessableEntity,
-			svcErr:   svcerr.ErrUpdateEntity,
-			err:      svcerr.ErrUpdateEntity,
+			svcErr:   svcerr.ErrEnableUser,
+			err:      svcerr.ErrEnableUser,
 		},
 	}
 
@@ -2459,8 +2459,8 @@ func TestDisable(t *testing.T) {
 			token:    validToken,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
 			status:   http.StatusUnprocessableEntity,
-			svcErr:   svcerr.ErrUpdateEntity,
-			err:      svcerr.ErrUpdateEntity,
+			svcErr:   svcerr.ErrDisableUser,
+			err:      svcerr.ErrDisableUser,
 		},
 	}
 
@@ -3580,7 +3580,7 @@ func TestListUsersByClientID(t *testing.T) {
 	cases := []struct {
 		desc              string
 		token             string
-		thingID           string
+		clientID          string
 		page              users.Page
 		status            int
 		query             string
@@ -3590,10 +3590,10 @@ func TestListUsersByClientID(t *testing.T) {
 		err               error
 	}{
 		{
-			desc:    "list users with valid token",
-			token:   validToken,
-			thingID: validID,
-			status:  http.StatusOK,
+			desc:     "list users with valid token",
+			token:    validToken,
+			clientID: validID,
+			status:   http.StatusOK,
 			listUsersResponse: users.UsersPage{
 				Page: users.Page{
 					Total: 1,
@@ -3606,7 +3606,7 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with empty token",
 			token:    "",
-			thingID:  validID,
+			clientID: validID,
 			status:   http.StatusUnauthorized,
 			authnErr: svcerr.ErrAuthentication,
 			err:      apiutil.ErrBearerToken,
@@ -3614,15 +3614,15 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with invalid token",
 			token:    inValidToken,
-			thingID:  validID,
+			clientID: validID,
 			status:   http.StatusUnauthorized,
 			authnErr: svcerr.ErrAuthentication,
 			err:      svcerr.ErrAuthentication,
 		},
 		{
-			desc:    "list users with offset",
-			token:   validToken,
-			thingID: validID,
+			desc:     "list users with offset",
+			token:    validToken,
+			clientID: validID,
 			listUsersResponse: users.UsersPage{
 				Page: users.Page{
 					Offset: 1,
@@ -3638,16 +3638,16 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with invalid offset",
 			token:    validToken,
-			thingID:  validID,
+			clientID: validID,
 			query:    "offset=invalid",
 			status:   http.StatusBadRequest,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
 			err:      apiutil.ErrValidation,
 		},
 		{
-			desc:    "list users with limit",
-			token:   validToken,
-			thingID: validID,
+			desc:     "list users with limit",
+			token:    validToken,
+			clientID: validID,
 			listUsersResponse: users.UsersPage{
 				Page: users.Page{
 					Limit: 1,
@@ -3663,7 +3663,7 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with invalid limit",
 			token:    validToken,
-			thingID:  validID,
+			clientID: validID,
 			query:    "limit=invalid",
 			status:   http.StatusBadRequest,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
@@ -3672,16 +3672,16 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with limit greater than max",
 			token:    validToken,
-			thingID:  validID,
+			clientID: validID,
 			query:    fmt.Sprintf("limit=%d", api.MaxLimitSize+1),
 			status:   http.StatusBadRequest,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
 			err:      apiutil.ErrValidation,
 		},
 		{
-			desc:    "list users with name",
-			token:   validToken,
-			thingID: validID,
+			desc:     "list users with name",
+			token:    validToken,
+			clientID: validID,
 			listUsersResponse: users.UsersPage{
 				Page: users.Page{
 					Total: 1,
@@ -3696,24 +3696,24 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with invalid user name",
 			token:    validToken,
-			thingID:  validID,
+			clientID: validID,
 			query:    "username=invalid",
 			status:   http.StatusBadRequest,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
 			err:      apiutil.ErrValidation,
 		},
 		{
-			desc:    "list users with duplicate user name",
-			token:   validToken,
-			thingID: validID,
-			query:   "username=1&username=2",
-			status:  http.StatusBadRequest,
-			err:     apiutil.ErrInvalidQueryParams,
+			desc:     "list users with duplicate user name",
+			token:    validToken,
+			clientID: validID,
+			query:    "username=1&username=2",
+			status:   http.StatusBadRequest,
+			err:      apiutil.ErrInvalidQueryParams,
 		},
 		{
-			desc:    "list users with status",
-			token:   validToken,
-			thingID: validID,
+			desc:     "list users with status",
+			token:    validToken,
+			clientID: validID,
 			listUsersResponse: users.UsersPage{
 				Page: users.Page{
 					Total: 1,
@@ -3728,7 +3728,7 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with invalid status",
 			token:    validToken,
-			thingID:  validID,
+			clientID: validID,
 			query:    "status=invalid",
 			status:   http.StatusBadRequest,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
@@ -3742,9 +3742,9 @@ func TestListUsersByClientID(t *testing.T) {
 			err:    apiutil.ErrInvalidQueryParams,
 		},
 		{
-			desc:    "list users with tags",
-			token:   validToken,
-			thingID: validID,
+			desc:     "list users with tags",
+			token:    validToken,
+			clientID: validID,
 			listUsersResponse: users.UsersPage{
 				Page: users.Page{
 					Total: 1,
@@ -3759,7 +3759,7 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with invalid tags",
 			token:    validToken,
-			thingID:  validID,
+			clientID: validID,
 			query:    "tag=invalid",
 			status:   http.StatusBadRequest,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
@@ -3773,9 +3773,9 @@ func TestListUsersByClientID(t *testing.T) {
 			err:    apiutil.ErrInvalidQueryParams,
 		},
 		{
-			desc:    "list users with metadata",
-			token:   validToken,
-			thingID: validID,
+			desc:     "list users with metadata",
+			token:    validToken,
+			clientID: validID,
 			listUsersResponse: users.UsersPage{
 				Page: users.Page{
 					Total: 1,
@@ -3790,7 +3790,7 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with invalid metadata",
 			token:    validToken,
-			thingID:  validID,
+			clientID: validID,
 			query:    "metadata=invalid",
 			status:   http.StatusBadRequest,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
@@ -3799,16 +3799,16 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with duplicate metadata",
 			token:    validToken,
-			thingID:  validID,
+			clientID: validID,
 			query:    "metadata=%7B%22domain%22%3A%20%22example.com%22%7D&metadata=%7B%22domain%22%3A%20%22example.com%22%7D",
 			status:   http.StatusBadRequest,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
 			err:      apiutil.ErrInvalidQueryParams,
 		},
 		{
-			desc:    "list users with permissions",
-			token:   validToken,
-			thingID: validID,
+			desc:     "list users with permissions",
+			token:    validToken,
+			clientID: validID,
 			listUsersResponse: users.UsersPage{
 				Page: users.Page{
 					Total: 1,
@@ -3828,10 +3828,10 @@ func TestListUsersByClientID(t *testing.T) {
 			err:    apiutil.ErrInvalidQueryParams,
 		},
 		{
-			desc:    "list users with email",
-			token:   validToken,
-			thingID: validID,
-			query:   fmt.Sprintf("email=%s", user.Email),
+			desc:     "list users with email",
+			token:    validToken,
+			clientID: validID,
+			query:    fmt.Sprintf("email=%s", user.Email),
 			listUsersResponse: users.UsersPage{
 				Page: users.Page{
 					Total: 1,
@@ -3847,7 +3847,7 @@ func TestListUsersByClientID(t *testing.T) {
 		{
 			desc:     "list users with invalid email",
 			token:    validToken,
-			thingID:  validID,
+			clientID: validID,
 			query:    "email=invalid",
 			status:   http.StatusBadRequest,
 			authnRes: mgauthn.Session{UserID: validID, DomainID: domainID},
@@ -3867,7 +3867,7 @@ func TestListUsersByClientID(t *testing.T) {
 			req := testRequest{
 				user:   us.Client(),
 				method: http.MethodGet,
-				url:    fmt.Sprintf("%s/%s/things/%s/users?", us.URL, validID, validID) + tc.query,
+				url:    fmt.Sprintf("%s/%s/clients/%s/users?", us.URL, validID, validID) + tc.query,
 				token:  tc.token,
 			}
 
diff --git a/users/api/endpoints.go b/users/api/endpoints.go
index f237997c69..eb4f79870f 100644
--- a/users/api/endpoints.go
+++ b/users/api/endpoints.go
@@ -209,7 +209,7 @@ func listMembersByChannelEndpoint(svc users.Service) endpoint.Endpoint {
 	}
 }
 
-func listMembersByThingEndpoint(svc users.Service) endpoint.Endpoint {
+func listMembersByClientEndpoint(svc users.Service) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
 		req := request.(listMembersByObjectReq)
 		req.objectKind = "clients"
diff --git a/users/api/users.go b/users/api/users.go
index 4d5f8fa12d..66b747676a 100644
--- a/users/api/users.go
+++ b/users/api/users.go
@@ -200,9 +200,9 @@ func usersHandler(svc users.Service, authn mgauthn.Authentication, tokenClient g
 			opts...,
 		), "list_users_by_channel_id").ServeHTTP)
 
-		r.Get("/{domainID}/things/{thingID}/users", otelhttp.NewHandler(kithttp.NewServer(
-			listMembersByThingEndpoint(svc),
-			decodeListMembersByThing,
+		r.Get("/{domainID}/clients/{clientID}/users", otelhttp.NewHandler(kithttp.NewServer(
+			listMembersByClientEndpoint(svc),
+			decodeListMembersByClient,
 			api.EncodeResponse,
 			opts...,
 		), "list_users_by_client_id").ServeHTTP)
@@ -576,7 +576,7 @@ func decodeListMembersByChannel(_ context.Context, r *http.Request) (interface{}
 	return req, nil
 }
 
-func decodeListMembersByThing(_ context.Context, r *http.Request) (interface{}, error) {
+func decodeListMembersByClient(_ context.Context, r *http.Request) (interface{}, error) {
 	page, err := queryPageParams(r, api.DefPermission)
 	if err != nil {
 		return nil, err
diff --git a/users/errors.go b/users/errors.go
deleted file mode 100644
index 7dc6b0a9a3..0000000000
--- a/users/errors.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright (c) Abstract Machines
-// SPDX-License-Identifier: Apache-2.0
-
-package users
-
-import "errors"
-
-var (
-	// ErrEnableClient indicates error in enabling client.
-	ErrEnableClient = errors.New("failed to enable client")
-
-	// ErrDisableClient indicates error in disabling client.
-	ErrDisableClient = errors.New("failed to disable client")
-)
diff --git a/users/service.go b/users/service.go
index d5d152ce24..79bddcb20c 100644
--- a/users/service.go
+++ b/users/service.go
@@ -409,7 +409,7 @@ func (svc service) Enable(ctx context.Context, session authn.Session, id string)
 	}
 	user, err := svc.changeUserStatus(ctx, session, u)
 	if err != nil {
-		return User{}, errors.Wrap(ErrEnableClient, err)
+		return User{}, errors.Wrap(svcerr.ErrEnableUser, err)
 	}
 
 	return user, nil
@@ -423,7 +423,7 @@ func (svc service) Disable(ctx context.Context, session authn.Session, id string
 	}
 	user, err := svc.changeUserStatus(ctx, session, user)
 	if err != nil {
-		return User{}, err
+		return User{}, errors.Wrap(svcerr.ErrDisableUser, err)
 	}
 
 	return user, nil
diff --git a/users/users.go b/users/users.go
index 0472fc4f95..35e756dcae 100644
--- a/users/users.go
+++ b/users/users.go
@@ -151,7 +151,7 @@ type Service interface {
 	// ListUsers retrieves users list for a valid auth token.
 	ListUsers(ctx context.Context, session authn.Session, pm Page) (UsersPage, error)
 
-	// ListMembers retrieves everything that is assigned to a group/thing identified by objectID.
+	// ListMembers retrieves everything that is assigned to a group/client identified by objectID.
 	ListMembers(ctx context.Context, session authn.Session, objectKind, objectID string, pm Page) (MembersPage, error)
 
 	// SearchUsers searches for users with provided filters for a valid auth token.
diff --git a/ws/adapter.go b/ws/adapter.go
index 6cf5029bc0..ba4e6f604b 100644
--- a/ws/adapter.go
+++ b/ws/adapter.go
@@ -28,46 +28,46 @@ var (
 	// errFailedUnsubscribe indicates that client couldn't unsubscribe from specified channel.
 	errFailedUnsubscribe = errors.New("failed to unsubscribe from a channel")
 
-	// ErrEmptyTopic indicate absence of thingKey in the request.
+	// ErrEmptyTopic indicate absence of clientKey in the request.
 	ErrEmptyTopic = errors.New("empty topic")
 )
 
 // Service specifies web socket service API.
 type Service interface {
-	// Subscribe subscribes message from the broker using the thingKey for authorization,
+	// Subscribe subscribes message from the broker using the clientKey for authorization,
 	// and the channelID for subscription. Subtopic is optional.
 	// If the subscription is successful, nil is returned otherwise error is returned.
-	Subscribe(ctx context.Context, thingKey, chanID, subtopic string, client *Client) error
+	Subscribe(ctx context.Context, clientKey, chanID, subtopic string, client *Client) error
 }
 
 var _ Service = (*adapterService)(nil)
 
 type adapterService struct {
-	things   grpcClientsV1.ClientsServiceClient
+	clients  grpcClientsV1.ClientsServiceClient
 	channels grpcChannelsV1.ChannelsServiceClient
 	pubsub   messaging.PubSub
 }
 
 // New instantiates the WS adapter implementation.
-func New(things grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.ChannelsServiceClient, pubsub messaging.PubSub) Service {
+func New(clients grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.ChannelsServiceClient, pubsub messaging.PubSub) Service {
 	return &adapterService{
-		things:   things,
+		clients:  clients,
 		channels: channels,
 		pubsub:   pubsub,
 	}
 }
 
-func (svc *adapterService) Subscribe(ctx context.Context, thingKey, chanID, subtopic string, c *Client) error {
-	if chanID == "" || thingKey == "" {
+func (svc *adapterService) Subscribe(ctx context.Context, clientKey, chanID, subtopic string, c *Client) error {
+	if chanID == "" || clientKey == "" {
 		return svcerr.ErrAuthentication
 	}
 
-	thingID, err := svc.authorize(ctx, thingKey, chanID, connections.Subscribe)
+	clientID, err := svc.authorize(ctx, clientKey, chanID, connections.Subscribe)
 	if err != nil {
 		return svcerr.ErrAuthorization
 	}
 
-	c.id = thingID
+	c.id = clientID
 
 	subject := fmt.Sprintf("%s.%s", chansPrefix, chanID)
 	if subtopic != "" {
@@ -75,7 +75,7 @@ func (svc *adapterService) Subscribe(ctx context.Context, thingKey, chanID, subt
 	}
 
 	subCfg := messaging.SubscriberConfig{
-		ID:      thingID,
+		ID:      clientID,
 		Topic:   subject,
 		Handler: c,
 	}
@@ -86,13 +86,13 @@ func (svc *adapterService) Subscribe(ctx context.Context, thingKey, chanID, subt
 	return nil
 }
 
-// authorize checks if the thingKey is authorized to access the channel
-// and returns the thingID if it is.
-func (svc *adapterService) authorize(ctx context.Context, thingKey, chanID string, msgType connections.ConnType) (string, error) {
+// authorize checks if the clientKey is authorized to access the channel
+// and returns the clientID if it is.
+func (svc *adapterService) authorize(ctx context.Context, clientKey, chanID string, msgType connections.ConnType) (string, error) {
 	authnReq := &grpcClientsV1.AuthnReq{
-		ClientSecret: thingKey,
+		ClientSecret: clientKey,
 	}
-	authnRes, err := svc.things.Authenticate(ctx, authnReq)
+	authnRes, err := svc.clients.Authenticate(ctx, authnReq)
 	if err != nil {
 		return "", errors.Wrap(svcerr.ErrAuthentication, err)
 	}
diff --git a/ws/adapter_test.go b/ws/adapter_test.go
index b71d20a693..cbd8e6fcc7 100644
--- a/ws/adapter_test.go
+++ b/ws/adapter_test.go
@@ -24,7 +24,7 @@ const (
 	invalidID  = "invalidID"
 	invalidKey = "invalidKey"
 	id         = "1"
-	thingKey   = "thing_key"
+	clientKey   = "client_key"
 	subTopic   = "subtopic"
 	protocol   = "ws"
 )
@@ -39,10 +39,10 @@ var msg = messaging.Message{
 
 func newService() (ws.Service, *mocks.PubSub, *climocks.ClientsServiceClient, *chmocks.ChannelsServiceClient) {
 	pubsub := new(mocks.PubSub)
-	things := new(climocks.ClientsServiceClient)
+	clients := new(climocks.ClientsServiceClient)
 	channels := new(chmocks.ChannelsServiceClient)
 
-	return ws.New(things, channels, pubsub), pubsub, things, channels
+	return ws.New(clients, channels, pubsub), pubsub, clients, channels
 }
 
 func TestSubscribe(t *testing.T) {
@@ -52,56 +52,56 @@ func TestSubscribe(t *testing.T) {
 
 	cases := []struct {
 		desc     string
-		thingKey string
+		clientKey string
 		chanID   string
 		subtopic string
 		err      error
 	}{
 		{
-			desc:     "subscribe to channel with valid thingKey, chanID, subtopic",
-			thingKey: thingKey,
+			desc:     "subscribe to channel with valid clientKey, chanID, subtopic",
+			clientKey: clientKey,
 			chanID:   chanID,
 			subtopic: subTopic,
 			err:      nil,
 		},
 		{
-			desc:     "subscribe again to channel with valid thingKey, chanID, subtopic",
-			thingKey: thingKey,
+			desc:     "subscribe again to channel with valid clientKey, chanID, subtopic",
+			clientKey: clientKey,
 			chanID:   chanID,
 			subtopic: subTopic,
 			err:      nil,
 		},
 		{
 			desc:     "subscribe to channel with subscribe set to fail",
-			thingKey: thingKey,
+			clientKey: clientKey,
 			chanID:   chanID,
 			subtopic: subTopic,
 			err:      ws.ErrFailedSubscription,
 		},
 		{
-			desc:     "subscribe to channel with invalid chanID and invalid thingKey",
-			thingKey: invalidKey,
+			desc:     "subscribe to channel with invalid chanID and invalid clientKey",
+			clientKey: invalidKey,
 			chanID:   invalidID,
 			subtopic: subTopic,
 			err:      ws.ErrFailedSubscription,
 		},
 		{
 			desc:     "subscribe to channel with empty channel",
-			thingKey: thingKey,
+			clientKey: clientKey,
 			chanID:   "",
 			subtopic: subTopic,
 			err:      svcerr.ErrAuthentication,
 		},
 		{
-			desc:     "subscribe to channel with empty thingKey",
-			thingKey: "",
+			desc:     "subscribe to channel with empty clientKey",
+			clientKey: "",
 			chanID:   chanID,
 			subtopic: subTopic,
 			err:      svcerr.ErrAuthentication,
 		},
 		{
-			desc:     "subscribe to channel with empty thingKey and empty channel",
-			thingKey: "",
+			desc:     "subscribe to channel with empty clientKey and empty channel",
+			clientKey: "",
 			chanID:   "",
 			subtopic: subTopic,
 			err:      svcerr.ErrAuthentication,
@@ -109,14 +109,14 @@ func TestSubscribe(t *testing.T) {
 	}
 
 	for _, tc := range cases {
-		thingID := testsutil.GenerateUUID(t)
+		clientID := testsutil.GenerateUUID(t)
 		subConfig := messaging.SubscriberConfig{
-			ID:      thingID,
+			ID:      clientID,
 			Topic:   "channels." + tc.chanID + "." + subTopic,
 			Handler: c,
 		}
 		repocall := pubsub.On("Subscribe", mock.Anything, subConfig).Return(tc.err)
-		err := svc.Subscribe(context.Background(), tc.thingKey, tc.chanID, tc.subtopic, c)
+		err := svc.Subscribe(context.Background(), tc.clientKey, tc.chanID, tc.subtopic, c)
 		assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
 		repocall.Unset()
 	}
diff --git a/ws/api/endpoint_test.go b/ws/api/endpoint_test.go
index ceff062d89..4efb797986 100644
--- a/ws/api/endpoint_test.go
+++ b/ws/api/endpoint_test.go
@@ -32,16 +32,16 @@ import (
 const (
 	chanID     = "30315311-56ba-484d-b500-c1e08305511f"
 	id         = "1"
-	thingKey   = "c02ff576-ccd5-40f6-ba5f-c85377aad529"
+	clientKey  = "c02ff576-ccd5-40f6-ba5f-c85377aad529"
 	protocol   = "ws"
 	instanceID = "5de9b29a-feb9-11ed-be56-0242ac120002"
 )
 
 var msg = []byte(`[{"n":"current","t":-1,"v":1.6}]`)
 
-func newService(things grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.ChannelsServiceClient) (ws.Service, *mocks.PubSub) {
+func newService(clients grpcClientsV1.ClientsServiceClient, channels grpcChannelsV1.ChannelsServiceClient) (ws.Service, *mocks.PubSub) {
 	pubsub := new(mocks.PubSub)
-	return ws.New(things, channels, pubsub), pubsub
+	return ws.New(clients, channels, pubsub), pubsub
 }
 
 func newHTTPServer(svc ws.Service) *httptest.Server {
@@ -58,7 +58,7 @@ func newProxyHTPPServer(svc session.Handler, targetServer *httptest.Server) (*ht
 	return httptest.NewServer(http.HandlerFunc(mp.Handler)), nil
 }
 
-func makeURL(tsURL, chanID, subtopic, thingKey string, header bool) (string, error) {
+func makeURL(tsURL, chanID, subtopic, clientKey string, header bool) (string, error) {
 	u, _ := url.Parse(tsURL)
 	u.Scheme = protocol
 
@@ -66,7 +66,7 @@ func makeURL(tsURL, chanID, subtopic, thingKey string, header bool) (string, err
 		if header {
 			return fmt.Sprintf("%s/channels/%s/messages", u, chanID), fmt.Errorf("invalid channel id")
 		}
-		return fmt.Sprintf("%s/channels/%s/messages?authorization=%s", u, chanID, thingKey), fmt.Errorf("invalid channel id")
+		return fmt.Sprintf("%s/channels/%s/messages?authorization=%s", u, chanID, clientKey), fmt.Errorf("invalid channel id")
 	}
 
 	subtopicPart := ""
@@ -77,29 +77,29 @@ func makeURL(tsURL, chanID, subtopic, thingKey string, header bool) (string, err
 		return fmt.Sprintf("%s/channels/%s/messages%s", u, chanID, subtopicPart), nil
 	}
 
-	return fmt.Sprintf("%s/channels/%s/messages%s?authorization=%s", u, chanID, subtopicPart, thingKey), nil
+	return fmt.Sprintf("%s/channels/%s/messages%s?authorization=%s", u, chanID, subtopicPart, clientKey), nil
 }
 
-func handshake(tsURL, chanID, subtopic, thingKey string, addHeader bool) (*websocket.Conn, *http.Response, error) {
+func handshake(tsURL, chanID, subtopic, clientKey string, addHeader bool) (*websocket.Conn, *http.Response, error) {
 	header := http.Header{}
 	if addHeader {
-		header.Add("Authorization", thingKey)
+		header.Add("Authorization", clientKey)
 	}
 
-	turl, _ := makeURL(tsURL, chanID, subtopic, thingKey, addHeader)
+	turl, _ := makeURL(tsURL, chanID, subtopic, clientKey, addHeader)
 	conn, res, errRet := websocket.DefaultDialer.Dial(turl, header)
 
 	return conn, res, errRet
 }
 
 func TestHandshake(t *testing.T) {
-	things := new(climocks.ClientsServiceClient)
+	clients := new(climocks.ClientsServiceClient)
 	channels := new(chmocks.ChannelsServiceClient)
 	authn := new(authnMocks.Authentication)
-	svc, pubsub := newService(things, channels)
+	svc, pubsub := newService(clients, channels)
 	target := newHTTPServer(svc)
 	defer target.Close()
-	handler := ws.NewHandler(pubsub, mglog.NewMock(), authn, things, channels)
+	handler := ws.NewHandler(pubsub, mglog.NewMock(), authn, clients, channels)
 	ts, err := newProxyHTPPServer(handler, target)
 	require.Nil(t, err)
 	defer ts.Close()
@@ -107,101 +107,101 @@ func TestHandshake(t *testing.T) {
 	pubsub.On("Publish", mock.Anything, mock.Anything, mock.Anything).Return(nil)
 
 	cases := []struct {
-		desc     string
-		chanID   string
-		subtopic string
-		header   bool
-		thingKey string
-		status   int
-		err      error
-		msg      []byte
+		desc      string
+		chanID    string
+		subtopic  string
+		header    bool
+		clientKey string
+		status    int
+		err       error
+		msg       []byte
 	}{
 		{
-			desc:     "connect and send message",
-			chanID:   id,
-			subtopic: "",
-			header:   true,
-			thingKey: thingKey,
-			status:   http.StatusSwitchingProtocols,
-			msg:      msg,
+			desc:      "connect and send message",
+			chanID:    id,
+			subtopic:  "",
+			header:    true,
+			clientKey: clientKey,
+			status:    http.StatusSwitchingProtocols,
+			msg:       msg,
 		},
 		{
-			desc:     "connect and send message with thingKey as query parameter",
-			chanID:   id,
-			subtopic: "",
-			header:   false,
-			thingKey: thingKey,
-			status:   http.StatusSwitchingProtocols,
-			msg:      msg,
+			desc:      "connect and send message with clientKey as query parameter",
+			chanID:    id,
+			subtopic:  "",
+			header:    false,
+			clientKey: clientKey,
+			status:    http.StatusSwitchingProtocols,
+			msg:       msg,
 		},
 		{
-			desc:     "connect and send message that cannot be published",
-			chanID:   id,
-			subtopic: "",
-			header:   true,
-			thingKey: thingKey,
-			status:   http.StatusSwitchingProtocols,
-			msg:      []byte{},
+			desc:      "connect and send message that cannot be published",
+			chanID:    id,
+			subtopic:  "",
+			header:    true,
+			clientKey: clientKey,
+			status:    http.StatusSwitchingProtocols,
+			msg:       []byte{},
 		},
 		{
-			desc:     "connect and send message to subtopic",
-			chanID:   id,
-			subtopic: "subtopic",
-			header:   true,
-			thingKey: thingKey,
-			status:   http.StatusSwitchingProtocols,
-			msg:      msg,
+			desc:      "connect and send message to subtopic",
+			chanID:    id,
+			subtopic:  "subtopic",
+			header:    true,
+			clientKey: clientKey,
+			status:    http.StatusSwitchingProtocols,
+			msg:       msg,
 		},
 		{
-			desc:     "connect and send message to nested subtopic",
-			chanID:   id,
-			subtopic: "subtopic/nested",
-			header:   true,
-			thingKey: thingKey,
-			status:   http.StatusSwitchingProtocols,
-			msg:      msg,
+			desc:      "connect and send message to nested subtopic",
+			chanID:    id,
+			subtopic:  "subtopic/nested",
+			header:    true,
+			clientKey: clientKey,
+			status:    http.StatusSwitchingProtocols,
+			msg:       msg,
 		},
 		{
-			desc:     "connect and send message to all subtopics",
-			chanID:   id,
-			subtopic: ">",
-			header:   true,
-			thingKey: thingKey,
-			status:   http.StatusSwitchingProtocols,
-			msg:      msg,
+			desc:      "connect and send message to all subtopics",
+			chanID:    id,
+			subtopic:  ">",
+			header:    true,
+			clientKey: clientKey,
+			status:    http.StatusSwitchingProtocols,
+			msg:       msg,
 		},
 		{
-			desc:     "connect to empty channel",
-			chanID:   "",
-			subtopic: "",
-			header:   true,
-			thingKey: thingKey,
-			status:   http.StatusBadGateway,
-			msg:      []byte{},
+			desc:      "connect to empty channel",
+			chanID:    "",
+			subtopic:  "",
+			header:    true,
+			clientKey: clientKey,
+			status:    http.StatusBadGateway,
+			msg:       []byte{},
 		},
 		{
-			desc:     "connect with empty thingKey",
-			chanID:   id,
-			subtopic: "",
-			header:   true,
-			thingKey: "",
-			status:   http.StatusUnauthorized,
-			msg:      []byte{},
+			desc:      "connect with empty clientKey",
+			chanID:    id,
+			subtopic:  "",
+			header:    true,
+			clientKey: "",
+			status:    http.StatusUnauthorized,
+			msg:       []byte{},
 		},
 		{
-			desc:     "connect and send message to subtopic with invalid name",
-			chanID:   id,
-			subtopic: "sub/a*b/topic",
-			header:   true,
-			thingKey: thingKey,
-			status:   http.StatusBadGateway,
-			msg:      msg,
+			desc:      "connect and send message to subtopic with invalid name",
+			chanID:    id,
+			subtopic:  "sub/a*b/topic",
+			header:    true,
+			clientKey: clientKey,
+			status:    http.StatusBadGateway,
+			msg:       msg,
 		},
 	}
 
 	for _, tc := range cases {
 		t.Run(tc.desc, func(t *testing.T) {
-			conn, res, err := handshake(ts.URL, tc.chanID, tc.subtopic, tc.thingKey, tc.header)
+			conn, res, err := handshake(ts.URL, tc.chanID, tc.subtopic, tc.clientKey, tc.header)
 			assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code '%d' got '%d'\n", tc.desc, tc.status, res.StatusCode))
 
 			if tc.status == http.StatusSwitchingProtocols {
diff --git a/ws/api/endpoints.go b/ws/api/endpoints.go
index 040133a9de..eaf4b1d769 100644
--- a/ws/api/endpoints.go
+++ b/ws/api/endpoints.go
@@ -33,7 +33,7 @@ func handshake(ctx context.Context, svc ws.Service) http.HandlerFunc {
 		req.conn = conn
 		client := ws.NewClient(conn)
 
-		if err := svc.Subscribe(ctx, req.thingKey, req.chanID, req.subtopic, client); err != nil {
+		if err := svc.Subscribe(ctx, req.clientKey, req.chanID, req.subtopic, client); err != nil {
 			req.conn.Close()
 			return
 		}
@@ -56,7 +56,7 @@ func decodeRequest(r *http.Request) (connReq, error) {
 	chanID := chi.URLParam(r, "chanID")
 
 	req := connReq{
-		thingKey: authKey,
+		clientKey: authKey,
 		chanID:   chanID,
 	}
 
diff --git a/ws/api/logging.go b/ws/api/logging.go
index 5c693a45e2..3af78796e1 100644
--- a/ws/api/logging.go
+++ b/ws/api/logging.go
@@ -25,7 +25,7 @@ func LoggingMiddleware(svc ws.Service, logger *slog.Logger) ws.Service {
 
 // Subscribe logs the subscribe request. It logs the channel and subtopic(if present) and the time it took to complete the request.
 // If the request fails, it logs the error.
-func (lm *loggingMiddleware) Subscribe(ctx context.Context, thingKey, chanID, subtopic string, c *ws.Client) (err error) {
+func (lm *loggingMiddleware) Subscribe(ctx context.Context, clientKey, chanID, subtopic string, c *ws.Client) (err error) {
 	defer func(begin time.Time) {
 		args := []any{
 			slog.String("duration", time.Since(begin).String()),
@@ -42,5 +42,5 @@ func (lm *loggingMiddleware) Subscribe(ctx context.Context, thingKey, chanID, su
 		lm.logger.Info("Subscribe completed successfully", args...)
 	}(time.Now())
 
-	return lm.svc.Subscribe(ctx, thingKey, chanID, subtopic, c)
+	return lm.svc.Subscribe(ctx, clientKey, chanID, subtopic, c)
 }
diff --git a/ws/api/metrics.go b/ws/api/metrics.go
index a1a8d59322..a04a658cc3 100644
--- a/ws/api/metrics.go
+++ b/ws/api/metrics.go
@@ -31,11 +31,11 @@ func MetricsMiddleware(svc ws.Service, counter metrics.Counter, latency metrics.
 }
 
 // Subscribe instruments Subscribe method with metrics.
-func (mm *metricsMiddleware) Subscribe(ctx context.Context, thingKey, chanID, subtopic string, c *ws.Client) error {
+func (mm *metricsMiddleware) Subscribe(ctx context.Context, clientKey, chanID, subtopic string, c *ws.Client) error {
 	defer func(begin time.Time) {
 		mm.counter.With("method", "subscribe").Add(1)
 		mm.latency.With("method", "subscribe").Observe(time.Since(begin).Seconds())
 	}(time.Now())
 
-	return mm.svc.Subscribe(ctx, thingKey, chanID, subtopic, c)
+	return mm.svc.Subscribe(ctx, clientKey, chanID, subtopic, c)
 }
diff --git a/ws/api/requests.go b/ws/api/requests.go
index cc3f50dcd2..7f7854fb6d 100644
--- a/ws/api/requests.go
+++ b/ws/api/requests.go
@@ -6,7 +6,7 @@ package api
 import "github.com/gorilla/websocket"
 
 type connReq struct {
-	thingKey string
+	clientKey string
 	chanID   string
 	subtopic string
 	conn     *websocket.Conn
diff --git a/ws/handler.go b/ws/handler.go
index 1e439fc437..27244d689b 100644
--- a/ws/handler.go
+++ b/ws/handler.go
@@ -55,7 +55,7 @@ var channelRegExp = regexp.MustCompile(`^\/?channels\/([\w\-]+)\/messages(\/[^?]
 // Event implements events.Event interface.
 type handler struct {
 	pubsub   messaging.PubSub
-	things   grpcClientsV1.ClientsServiceClient
+	clients   grpcClientsV1.ClientsServiceClient
 	channels grpcChannelsV1.ChannelsServiceClient
 	authn    mgauthn.Authentication
 	logger   *slog.Logger
@@ -67,7 +67,7 @@ func NewHandler(pubsub messaging.PubSub, logger *slog.Logger, authn mgauthn.Auth
 		logger:   logger,
 		pubsub:   pubsub,
 		authn:    authn,
-		things:   clients,
+		clients:   clients,
 		channels: channels,
 	}
 }
@@ -91,8 +91,8 @@ func (h *handler) AuthPublish(ctx context.Context, topic *string, payload *[]byt
 
 	var token string
 	switch {
-	case strings.HasPrefix(string(s.Password), "Thing"):
-		token = strings.ReplaceAll(string(s.Password), "Thing ", "")
+	case strings.HasPrefix(string(s.Password), "Client"):
+		token = strings.ReplaceAll(string(s.Password), "Client ", "")
 	default:
 		token = string(s.Password)
 	}
@@ -113,8 +113,8 @@ func (h *handler) AuthSubscribe(ctx context.Context, topics *[]string) error {
 
 	var token string
 	switch {
-	case strings.HasPrefix(string(s.Password), "Thing"):
-		token = strings.ReplaceAll(string(s.Password), "Thing ", "")
+	case strings.HasPrefix(string(s.Password), "Client"):
+		token = strings.ReplaceAll(string(s.Password), "Client ", "")
 	default:
 		token = string(s.Password)
 	}
@@ -162,9 +162,9 @@ func (h *handler) Publish(ctx context.Context, topic *string, payload *[]byte) e
 
 	var clientID, clientType string
 	switch {
-	case strings.HasPrefix(string(s.Password), "Thing"):
-		thingKey := extractClientSecret(string(s.Password))
-		authnRes, err := h.things.Authenticate(ctx, &grpcClientsV1.AuthnReq{ClientSecret: thingKey})
+	case strings.HasPrefix(string(s.Password), "Client"):
+		clientKey := extractClientSecret(string(s.Password))
+		authnRes, err := h.clients.Authenticate(ctx, &grpcClientsV1.AuthnReq{ClientSecret: clientKey})
 		if err != nil {
 			return errors.Wrap(svcerr.ErrAuthentication, err)
 		}
@@ -245,9 +245,9 @@ func (h *handler) Disconnect(ctx context.Context) error {
 func (h *handler) authAccess(ctx context.Context, token, topic string, msgType connections.ConnType) error {
 	var clientID, clientType string
 	switch {
-	case strings.HasPrefix(token, "Thing"):
-		thingKey := extractClientSecret(token)
-		authnRes, err := h.things.Authenticate(ctx, &grpcClientsV1.AuthnReq{ClientSecret: thingKey})
+	case strings.HasPrefix(token, "Client"):
+		clientKey := extractClientSecret(token)
+		authnRes, err := h.clients.Authenticate(ctx, &grpcClientsV1.AuthnReq{ClientSecret: clientKey})
 		if err != nil {
 			return errors.Wrap(svcerr.ErrAuthentication, err)
 		}
diff --git a/ws/tracing/tracing.go b/ws/tracing/tracing.go
index ed7e62c9ce..0eff5beaed 100644
--- a/ws/tracing/tracing.go
+++ b/ws/tracing/tracing.go
@@ -32,9 +32,9 @@ func New(tracer trace.Tracer, svc ws.Service) ws.Service {
 }
 
 // Subscribe traces the "Subscribe" operation of the wrapped ws.Service.
-func (tm *tracingMiddleware) Subscribe(ctx context.Context, thingKey, chanID, subtopic string, client *ws.Client) error {
+func (tm *tracingMiddleware) Subscribe(ctx context.Context, clientKey, chanID, subtopic string, client *ws.Client) error {
 	ctx, span := tm.tracer.Start(ctx, subscribeOP)
 	defer span.End()
 
-	return tm.svc.Subscribe(ctx, thingKey, chanID, subtopic, client)
+	return tm.svc.Subscribe(ctx, clientKey, chanID, subtopic, client)
 }