diff --git a/NOTICE b/NOTICE
index b7267574981b7754d88b264745e6859f35b88d56..bfbb25ff35db421a3b3c2f7a5a2f61a4f740f126 100644
--- a/NOTICE
+++ b/NOTICE
@@ -72,6 +72,7 @@ The following software have components provided under the terms of this license:
 - AssertJ fluent assertions (from )
 - Asynchronous Http Client (from )
 - Asynchronous Http Client Netty Utils (from )
+- AutoValue Annotations (from )
 - Azure AD Spring Security Integration Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
 - Azure Metrics Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
 - Bean Validation API (from http://beanvalidation.org)
@@ -86,6 +87,7 @@ The following software have components provided under the terms of this license:
 - Expression Language 3.0 (from http://uel.java.net)
 - Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
 - FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
+- GSON extensions to the Google HTTP Client Library for Java. (from )
 - Google APIs Client Library for Java (from )
 - Google App Engine extensions to the Google HTTP Client Library for Java. (from )
 - Google Cloud Core (from https://github.com/GoogleCloudPlatform/google-cloud-java/tree/master/google-cloud-core)
@@ -753,6 +755,7 @@ unknown
 The following software have components provided under the terms of this license:
 
 - Byte Buddy (without dependencies) (from )
+- Checker Qual (from https://checkerframework.org)
 - Common Annotations 1.2 API (from )
 - JUnit (from http://junit.org)
 - JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
diff --git a/provider/notification-gcp/README.md b/provider/notification-gcp/README.md
index 28510ea1aa16804a313b26f988a32a49caa897b8..fa8c00970b91e0f2771c7431766d1ffccdbb4d89 100644
--- a/provider/notification-gcp/README.md
+++ b/provider/notification-gcp/README.md
@@ -31,6 +31,7 @@ In order to run the service locally or remotely, you will need to have the follo
 | `APP_REGISTER` | ex `https://register.com/api/register/v1` | Storage API endpoint | no | output of infrastructure deployment |
 | `APP_PROJECT` | ex `opendes` | Google Cloud Project Id | no | output of infrastructure deployment |
 | `APP_AUDIENCES` | ex `*****.apps.googleusercontent.com` | Client ID for getting access to cloud resources | yes | https://console.cloud.google.com/apis/credentials |
+| `PARTITION_API` | ex `http://localhost:8081/api/partition/v1` | Partition service endpoint | no | - |
 
 **System Environment required to run service**
 
diff --git a/provider/notification-gcp/pom.xml b/provider/notification-gcp/pom.xml
index 6e75fe6353dc7306c9de816a24c56cdd2b2a5f60..02ef95b6d78987d86c2872679c8584b5867a1feb 100644
--- a/provider/notification-gcp/pom.xml
+++ b/provider/notification-gcp/pom.xml
@@ -40,11 +40,12 @@
         <dependency>
             <groupId>org.opengroup.osdu</groupId>
             <artifactId>os-core-common</artifactId>
+            <version>0.9.0-rc17</version>
         </dependency>
         <dependency>
             <groupId>org.opengroup.osdu</groupId>
             <artifactId>core-lib-gcp</artifactId>
-            <version>0.7.0</version>
+            <version>0.9.0-SNAPSHOT</version>
         </dependency>
 
         <dependency>
diff --git a/provider/notification-gcp/src/main/java/org/opengroup/osdu/notification/provider/gcp/di/ServiceAccountJwtClientFactory.java b/provider/notification-gcp/src/main/java/org/opengroup/osdu/notification/provider/gcp/di/ServiceAccountJwtClientFactory.java
index 403523702216a70169fdc77a96fef3d4490e3580..ad4a541f081362e8a46fdb84e5af5dcb6a13e381 100644
--- a/provider/notification-gcp/src/main/java/org/opengroup/osdu/notification/provider/gcp/di/ServiceAccountJwtClientFactory.java
+++ b/provider/notification-gcp/src/main/java/org/opengroup/osdu/notification/provider/gcp/di/ServiceAccountJwtClientFactory.java
@@ -20,9 +20,11 @@ import org.opengroup.osdu.notification.provider.gcp.util.AppProperties;
 import org.opengroup.osdu.notification.provider.gcp.util.ServiceAccountJwtGcpClientImpl;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.AbstractFactoryBean;
+import org.springframework.context.annotation.Primary;
 import org.springframework.stereotype.Component;
 
 @Component
+@Primary
 public class ServiceAccountJwtClientFactory extends AbstractFactoryBean<IServiceAccountJwtClient> {
 
     @Autowired
diff --git a/provider/notification-gcp/src/main/resources/application.properties b/provider/notification-gcp/src/main/resources/application.properties
index fa6abe7faedd3e9971e6f725712c99e80a1788c8..d0b075ff8b42da1bfc4f25b2de3206abe1935f11 100644
--- a/provider/notification-gcp/src/main/resources/application.properties
+++ b/provider/notification-gcp/src/main/resources/application.properties
@@ -19,4 +19,7 @@ logging.level.org.springframework.web=${LOG_LEVEL:DEBUG}
 server.servlet.contextPath=/
 app.expireTime=300
 app.maxCacheSize=10
-server.error.whitelabel.enabled=false
\ No newline at end of file
+server.error.whitelabel.enabled=false
+
+google.audiences=${APP_AUDIENCES}
+partition.api=http://localhost:8081/api/partition/v1
\ No newline at end of file
diff --git a/testing/notification-test-gcp/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointGSA.java b/testing/notification-test-gcp/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointGSA.java
index 0aa5c1c3cfa70e87ecc0ea8d0bf4d306192b673e..a743915e56c34ee0919d4213dbf74727a9b5b0b1 100644
--- a/testing/notification-test-gcp/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointGSA.java
+++ b/testing/notification-test-gcp/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointGSA.java
@@ -1,36 +1,72 @@
 package org.opengroup.osdu.notification.api;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import com.sun.jersey.api.client.ClientResponse;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
-import org.opengroup.osdu.notification.util.Config;
+import org.junit.Test;
 import org.opengroup.osdu.notification.util.GCPTestUtils;
-import org.opengroup.osdu.notification.util.RestDescriptor;
 
 public class TestPubsubEndpointGSA extends PubsubEndpointGSATests {
 
-    private static final GCPTestUtils gcpTestUtils = new GCPTestUtils();
+  private static final GCPTestUtils gcpTestUtils = new GCPTestUtils();
 
 
-    @BeforeClass
-    public static void classSetup() throws Exception {
-        PubsubEndpointGSATests.classSetup(gcpTestUtils.getOpsToken());
-    }
+  @BeforeClass
+  public static void classSetup() throws Exception {
+    PubsubEndpointGSATests.classSetup(gcpTestUtils.getOpsToken());
+  }
 
-    @AfterClass
-    public static void classTearDown() throws Exception {
-    }
+  @AfterClass
+  public static void classTearDown() throws Exception {
+  }
 
-    @Before
-    @Override
-    public void setup() throws Exception {
-        this.testUtils = new GCPTestUtils();
-    }
+  @Before
+  @Override
+  public void setup() throws Exception {
+    this.testUtils = new GCPTestUtils();
+  }
+
+  @After
+  @Override
+  public void tearDown() throws Exception {
+    this.testUtils = null;
+  }
+
+  @Override
+  @Test
+  public void should_return20X_when_usingCredentialsWithOpsPermission() throws Exception {
+    createResource();
+
+    try {
+      ClientResponse response = descriptor.run(getArg(), testUtils.getOpsToken());
 
-    @After
-    @Override
-    public void tearDown() throws Exception {
-        this.testUtils = null;
+      assertEquals(error(response.getStatus() == 204 ? "" : response.getEntity(String.class)),
+          expectedOkResponseCode(), response.getStatus());
+      assertEquals("GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH",
+          response.getHeaders().getFirst("Access-Control-Allow-Methods"));
+      assertEquals(
+          "access-control-allow-origin, origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey",
+          response.getHeaders().getFirst("Access-Control-Allow-Headers"));
+      assertEquals("*", response.getHeaders().getFirst("Access-Control-Allow-Origin"));
+      assertEquals("true", response.getHeaders().getFirst("Access-Control-Allow-Credentials"));
+      assertEquals("DENY", response.getHeaders().getFirst("X-Frame-Options"));
+      assertEquals("1; mode=block", response.getHeaders().getFirst("X-XSS-Protection"));
+      assertEquals("nosniff", response.getHeaders().getFirst("X-Content-Type-Options"));
+      assertEquals("no-cache, no-store, must-revalidate",
+          response.getHeaders().getFirst("Cache-Control"));
+      assertEquals("default-src 'self'", response.getHeaders().getFirst("Content-Security-Policy"));
+      assertTrue(response.getHeaders().get("Strict-Transport-Security").get(0)
+          .contains("max-age=31536000"));
+      assertTrue(response.getHeaders().get("Strict-Transport-Security").get(0)
+          .contains("includeSubDomains"));
+      assertEquals("0", response.getHeaders().getFirst("Expires"));
+    } finally {
+      deleteResource();
     }
+  }
 }
\ No newline at end of file
diff --git a/testing/notification-test-gcp/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java b/testing/notification-test-gcp/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
index af7b1fba71692e4e40bb78ba9ef5679eaea2af6e..5ba744d1eb3c15eebab7d0c71bdcb0a1a02d0b00 100644
--- a/testing/notification-test-gcp/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
+++ b/testing/notification-test-gcp/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
@@ -1,34 +1,69 @@
 package org.opengroup.osdu.notification.api;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import com.sun.jersey.api.client.ClientResponse;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
-import org.opengroup.osdu.notification.util.Config;
+import org.junit.Test;
 import org.opengroup.osdu.notification.util.GCPTestUtils;
-import org.opengroup.osdu.notification.util.RestDescriptor;
-import org.opengroup.osdu.notification.util.TestUtils;
 
 public class TestPubsubEndpointHMAC extends PubsubEndpointHMACTests {
 
-    @BeforeClass
-    public static void classSetup() throws Exception {
-        PubsubEndpointHMACTests.classSetup();
-    }
+  @BeforeClass
+  public static void classSetup() throws Exception {
+    PubsubEndpointHMACTests.classSetup();
+  }
 
-    @AfterClass
-    public static void classTearDown() throws Exception {
-    }
+  @AfterClass
+  public static void classTearDown() throws Exception {
+  }
 
-    @Before
-    @Override
-    public void setup() throws Exception {
-        this.testUtils = new GCPTestUtils();
-    }
+  @Before
+  @Override
+  public void setup() throws Exception {
+    this.testUtils = new GCPTestUtils();
+  }
+
+  @After
+  @Override
+  public void tearDown() throws Exception {
+    this.testUtils = null;
+  }
+
+  @Override
+  @Test
+  public void should_return20X_when_usingCredentialsWithOpsPermission() throws Exception {
+    createResource();
+
+    try {
+      ClientResponse response = descriptor.run(getArg(), testUtils.getOpsToken());
 
-    @After
-    @Override
-    public void tearDown() throws Exception {
-        this.testUtils = null;
+      assertEquals(error(response.getStatus() == 204 ? "" : response.getEntity(String.class)),
+          expectedOkResponseCode(), response.getStatus());
+      assertEquals("GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH",
+          response.getHeaders().getFirst("Access-Control-Allow-Methods"));
+      assertEquals(
+          "access-control-allow-origin, origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey",
+          response.getHeaders().getFirst("Access-Control-Allow-Headers"));
+      assertEquals("*", response.getHeaders().getFirst("Access-Control-Allow-Origin"));
+      assertEquals("true", response.getHeaders().getFirst("Access-Control-Allow-Credentials"));
+      assertEquals("DENY", response.getHeaders().getFirst("X-Frame-Options"));
+      assertEquals("1; mode=block", response.getHeaders().getFirst("X-XSS-Protection"));
+      assertEquals("nosniff", response.getHeaders().getFirst("X-Content-Type-Options"));
+      assertEquals("no-cache, no-store, must-revalidate",
+          response.getHeaders().getFirst("Cache-Control"));
+      assertEquals("default-src 'self'", response.getHeaders().getFirst("Content-Security-Policy"));
+      assertTrue(response.getHeaders().get("Strict-Transport-Security").get(0)
+          .contains("max-age=31536000"));
+      assertTrue(response.getHeaders().get("Strict-Transport-Security").get(0)
+          .contains("includeSubDomains"));
+      assertEquals("0", response.getHeaders().getFirst("Expires"));
+    } finally {
+      deleteResource();
     }
+  }
 }
\ No newline at end of file