diff --git a/e2core/auth/access.go b/e2core/auth/access.go
index 4e1aa023..b88b7949 100644
--- a/e2core/auth/access.go
+++ b/e2core/auth/access.go
@@ -1,7 +1,6 @@
 package auth
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -18,9 +17,9 @@ import (
 
 type TenantInfo struct {
 	AuthorizedParty string `json:"authorized_party"`
-	Organization    string `json:"organization"`
 	Environment     string `json:"environment"`
-	Tenant          string `json:"tenant"`
+	ID              string `json:"id"`
+	Name            string `json:"name"`
 }
 
 func AuthorizationMiddleware(opts *options.Options) echo.MiddlewareFunc {
@@ -37,8 +36,7 @@ func AuthorizationMiddleware(opts *options.Options) echo.MiddlewareFunc {
 				return echo.NewHTTPError(http.StatusUnauthorized).SetInternal(err)
 			}
 
-			c.Set("ident", tntInfo.Tenant)
-			c.SetRequest(c.Request().WithContext(context.WithValue(c.Request().Context(), "ident", tntInfo.Tenant)))
+			c.Set("ident", tntInfo.ID)
 
 			return next(c)
 		}
@@ -51,7 +49,7 @@ func NewApiAuthClient(opts *options.Options) *AuthzClient {
 			Timeout:   20 * time.Second,
 			Transport: http.DefaultTransport,
 		},
-		location: opts.ControlPlane + "/api/v1/tenant/%s",
+		location: opts.ControlPlane + "/environment/v1/tenant/",
 		cache:    NewAuthorizationCache(opts.AuthCacheTTL),
 	}
 }
@@ -74,7 +72,7 @@ func (client *AuthzClient) Authorize(token system.Credential, identifier, namesp
 
 func (client *AuthzClient) loadAuth(token system.Credential, identifier string) func() (*TenantInfo, error) {
 	return func() (*TenantInfo, error) {
-		authzReq, err := http.NewRequest(http.MethodGet, fmt.Sprintf(client.location, identifier), nil)
+		authzReq, err := http.NewRequest(http.MethodGet, client.location+identifier, nil)
 		if err != nil {
 			return nil, common.Error(err, "post authorization request")
 		}
diff --git a/e2core/auth/authorizer_test.go b/e2core/auth/authorizer_test.go
index 2d859517..d3f0e8bd 100644
--- a/e2core/auth/authorizer_test.go
+++ b/e2core/auth/authorizer_test.go
@@ -40,9 +40,8 @@ func TestAuthorizerCache_ConcurrentRequests(t *testing.T) {
 				w.WriteHeader(http.StatusOK)
 				_ = json.NewEncoder(w).Encode(&TenantInfo{
 					AuthorizedParty: "tester",
-					Organization:    "acct",
 					Environment:     "env",
-					Tenant:          "123",
+					ID:              "tnt",
 				})
 			},
 			assertOpts: func(t *testing.T, actual uint64) bool {
@@ -96,7 +95,7 @@ func TestAuthorizerCache_ConcurrentRequests(t *testing.T) {
 
 		authorizer := &AuthzClient{
 			httpClient: svr.Client(),
-			location:   svr.URL + "/api/v2/tenant/%s",
+			location:   svr.URL + "/environment/v1/tenant/",
 			cache:      newAuthorizationCache(common.StableTime(time.Now()), 10*time.Minute),
 		}
 
@@ -175,9 +174,8 @@ func TestAuthorizerCache(t *testing.T) {
 				env, tenant, _ := strings.Cut(ident, ".")
 				_ = json.NewEncoder(w).Encode(&TenantInfo{
 					AuthorizedParty: "tester",
-					Organization:    "acct",
 					Environment:     env,
-					Tenant:          tenant,
+					ID:              tenant,
 				})
 			},
 			assertOpts: func(t *testing.T, actual uint64) bool {
@@ -247,9 +245,8 @@ func TestAuthorizerCache(t *testing.T) {
 					env, tenant, _ := strings.Cut(ident, ".")
 					_ = json.NewEncoder(w).Encode(&TenantInfo{
 						AuthorizedParty: "tester",
-						Organization:    "acct",
 						Environment:     env,
-						Tenant:          tenant,
+						ID:              tenant,
 					})
 				}
 			},
@@ -269,7 +266,7 @@ func TestAuthorizerCache(t *testing.T) {
 
 		authorizer := &AuthzClient{
 			httpClient: svr.Client(),
-			location:   svr.URL + "/api/v2/tenant/%s",
+			location:   svr.URL + "/api/v2/tenant/",
 			cache:      newAuthorizationCache(common.StableTime(time.Now()), 10*time.Minute),
 		}
 
@@ -306,9 +303,8 @@ func TestAuthorizerCache_ExpiringEntry(t *testing.T) {
 				w.WriteHeader(http.StatusOK)
 				_ = json.NewEncoder(w).Encode(&TenantInfo{
 					AuthorizedParty: "tester",
-					Organization:    "acct",
 					Environment:     "env",
-					Tenant:          "123",
+					ID:              "123",
 				})
 			},
 			assertOpts: func(t *testing.T, actual uint64) bool {
@@ -332,7 +328,7 @@ func TestAuthorizerCache_ExpiringEntry(t *testing.T) {
 
 		authorizer := &AuthzClient{
 			httpClient: svr.Client(),
-			location:   svr.URL + "/api/v2/tenant/%s",
+			location:   svr.URL + "/api/v2/tenant/",
 			cache:      authzCache,
 		}
 
diff --git a/e2core/server/handlers.go b/e2core/server/handlers.go
index b2f5d793..461eb60e 100644
--- a/e2core/server/handlers.go
+++ b/e2core/server/handlers.go
@@ -13,9 +13,9 @@ import (
 
 func (s *Server) executePluginByNameHandler() echo.HandlerFunc {
 	return func(c echo.Context) error {
-		ident := c.Param("ident")
-		namespace := c.Param("namespace")
-		name := c.Param("name")
+		ident := ReadParam(c, "ident")
+		namespace := ReadParam(c, "namespace")
+		name := ReadParam(c, "name")
 
 		mod := s.syncer.GetModuleByName(ident, namespace, name)
 		if mod == nil {
@@ -203,3 +203,12 @@ func (s *Server) healthHandler() echo.HandlerFunc {
 		return c.JSON(http.StatusOK, map[string]bool{"healthy": true})
 	}
 }
+
+func ReadParam(ctx echo.Context, name string) string {
+	v := ctx.Get(name)
+	if v != nil {
+		return v.(string)
+	}
+
+	return ctx.Param(name)
+}