diff --git a/api/identity/v2_associations.yaml b/api/identity/v2_associations.yaml
index 247e1b4c..d1b29a8f 100644
--- a/api/identity/v2_associations.yaml
+++ b/api/identity/v2_associations.yaml
@@ -15,22 +15,26 @@
 swagger: '2.0'
 info:
   title: "Matrix Identity Service Establishing Associations API"
-  version: "1.0.0"
+  version: "2.0.0"
 host: localhost:8090
 schemes:
   - https
-basePath: /_matrix/identity/api/v1
+basePath: /_matrix/identity/v2
 consumes:
   - application/json
 produces:
   - application/json
+securityDefinitions:
+  $ref: definitions/security.yaml
 paths:
   "/3pid/getValidated3pid":
     get:
       summary: Check whether ownership of a 3pid was validated.
       description: |-
         Determines if a given 3pid has been validated by a user.
-      operationId: getValidated3pid
+      operationId: getValidated3pidV2
+      security:
+        - accessToken: []
       parameters:
         - in: query
           type: string
@@ -104,7 +108,9 @@ paths:
         specification, the parameters may also be specified as
         ``application/x-form-www-urlencoded`` data.  However, this usage is
         deprecated.
-      operationId: bind
+      operationId: bindV2
+      security:
+        - accessToken: []
       parameters:
         - in: body
           name: body
@@ -221,7 +227,9 @@ paths:
         If this endpoint returns a JSON Matrix error, that error should be passed
         through to the client requesting an unbind through a homeserver, if the
         homeserver is acting on behalf of a client.
-      operationId: unbind
+      operationId: unbindV2
+      security:
+        - accessToken: []
       parameters:
         - in: body
           name: body
diff --git a/api/identity/v2_email_associations.yaml b/api/identity/v2_email_associations.yaml
index 9911bc5d..eff18eaf 100644
--- a/api/identity/v2_email_associations.yaml
+++ b/api/identity/v2_email_associations.yaml
@@ -15,15 +15,17 @@
 swagger: '2.0'
 info:
   title: "Matrix Identity Service Email Associations API"
-  version: "1.0.0"
+  version: "2.0.0"
 host: localhost:8090
 schemes:
   - https
-basePath: /_matrix/identity/api/v1
+basePath: /_matrix/identity/v2
 consumes:
   - application/json
 produces:
   - application/json
+securityDefinitions:
+  $ref: definitions/security.yaml
 paths:
   "/validate/email/requestToken":
     post:
@@ -46,7 +48,9 @@ paths:
         specification, the parameters may also be specified as
         ``application/x-form-www-urlencoded`` data.  However, this usage is
         deprecated.
-      operationId: emailRequestToken
+      operationId: emailRequestTokenV2
+      security:
+        - accessToken: []
       parameters:
         - in: body
           name: body
@@ -92,7 +96,9 @@ paths:
         specification, the parameters may also be specified as
         ``application/x-form-www-urlencoded`` data.  However, this usage is
         deprecated.
-      operationId: emailSubmitTokenPost
+      operationId: emailSubmitTokenPostV2
+      security:
+        - accessToken: []
       parameters:
         - in: body
           name: body
@@ -142,7 +148,9 @@ paths:
 
         Note that, in contrast with the POST version, this endpoint will be
         used by end-users, and so the response should be human-readable.
-      operationId: emailSubmitTokenGet
+      operationId: emailSubmitTokenGetV2
+      security:
+        - accessToken: []
       parameters:
         - in: query
           type: string
diff --git a/api/identity/v2_invitation_signing.yaml b/api/identity/v2_invitation_signing.yaml
index f2d2933d..c1267bdc 100644
--- a/api/identity/v2_invitation_signing.yaml
+++ b/api/identity/v2_invitation_signing.yaml
@@ -15,15 +15,17 @@
 swagger: '2.0'
 info:
   title: "Matrix Identity Service Ephemeral Invitation Signing API"
-  version: "1.0.0"
+  version: "2.0.0"
 host: localhost:8090
 schemes:
   - https
-basePath: /_matrix/identity/api/v1
+basePath: /_matrix/identity/v2
 consumes:
   - application/json
 produces:
   - application/json
+securityDefinitions:
+  $ref: definitions/security.yaml
 paths:
   "/sign-ed25519":
     post:
@@ -33,7 +35,9 @@ paths:
 
         The identity server will look up ``token`` which was stored in a call
         to ``store-invite``, and fetch the sender of the invite.
-      operationId: blindlySignStuff
+      operationId: blindlySignStuffV2
+      security:
+        - accessToken: []
       parameters:
         - in: body
           name: body
diff --git a/api/identity/v2_phone_associations.yaml b/api/identity/v2_phone_associations.yaml
index 8d0da628..cfaea410 100644
--- a/api/identity/v2_phone_associations.yaml
+++ b/api/identity/v2_phone_associations.yaml
@@ -15,15 +15,17 @@
 swagger: '2.0'
 info:
   title: "Matrix Identity Service Phone Number Associations API"
-  version: "1.0.0"
+  version: "2.0.0"
 host: localhost:8090
 schemes:
   - https
-basePath: /_matrix/identity/api/v1
+basePath: /_matrix/identity/v2
 consumes:
   - application/json
 produces:
   - application/json
+securityDefinitions:
+  $ref: definitions/security.yaml
 paths:
   "/validate/msisdn/requestToken":
     post:
@@ -46,7 +48,9 @@ paths:
         specification, the parameters may also be specified as
         ``application/x-form-www-urlencoded`` data. However, this usage is
         deprecated.
-      operationId: msisdnRequestToken
+      operationId: msisdnRequestTokenV2
+      security:
+        - accessToken: []
       parameters:
         - in: body
           name: body
@@ -94,7 +98,9 @@ paths:
         specification, the parameters may also be specified as
         ``application/x-form-www-urlencoded`` data. However, this usage is
         deprecated.
-      operationId: msisdnSubmitTokenPost
+      operationId: msisdnSubmitTokenPostV2
+      security:
+        - accessToken: []
       parameters:
         - in: body
           name: body
@@ -144,7 +150,9 @@ paths:
 
         Note that, in contrast with the POST version, this endpoint will be
         used by end-users, and so the response should be human-readable.
-      operationId: msisdnSubmitTokenGet
+      operationId: msisdnSubmitTokenGetV2
+      security:
+        - accessToken: []
       parameters:
         - in: query
           type: string
diff --git a/api/identity/v2_ping.yaml b/api/identity/v2_ping.yaml
index fd81c7c3..61f5d35b 100644
--- a/api/identity/v2_ping.yaml
+++ b/api/identity/v2_ping.yaml
@@ -17,7 +17,7 @@
 swagger: "2.0"
 info:
   title: "Matrix Identity Service Ping API"
-  version: "1.0.0"
+  version: "2.0.0"
 host: localhost:8090
 schemes:
   - https
@@ -25,7 +25,7 @@ basePath: /_matrix/identity
 produces:
   - application/json
 paths:
-  "/api/v1":
+  "/v2":
     get:
       summary: Checks that an identity server is available at this API endpoint.
       description: |-
@@ -36,7 +36,7 @@ paths:
 
         This is primarly used for auto-discovery and health check purposes
         by entities acting as a client for the identity server.
-      operationId: ping
+      operationId: pingV2
       responses:
         200:
           description: An identity server is ready to serve requests.
diff --git a/api/identity/v2_pubkey.yaml b/api/identity/v2_pubkey.yaml
index 48446ace..68facd68 100644
--- a/api/identity/v2_pubkey.yaml
+++ b/api/identity/v2_pubkey.yaml
@@ -15,11 +15,11 @@
 swagger: '2.0'
 info:
   title: "Matrix Identity Service Public Key API"
-  version: "1.0.0"
+  version: "2.0.0"
 host: localhost:8090
 schemes:
   - https
-basePath: /_matrix/identity/api/v1
+basePath: /_matrix/identity/v2
 consumes:
   - application/json
 produces:
@@ -30,7 +30,7 @@ paths:
       summary: Get a public key.
       description: |-
         Get the public key for the passed key ID.
-      operationId: getPubKey
+      operationId: getPubKeyV2
       parameters:
         - in: path
           type: string
@@ -72,7 +72,7 @@ paths:
       description: |-
         Check whether a long-term public key is valid. The response should always
         be the same, provided the key exists.
-      operationId: isPubKeyValid
+      operationId: isPubKeyValidV2
       parameters:
         - in: query
           type: string
@@ -101,7 +101,7 @@ paths:
       summary: Check whether a short-term public key is valid.
       description: |-
         Check whether a short-term public key is valid.
-      operationId: isEphemeralPubKeyValid
+      operationId: isEphemeralPubKeyValidV2
       parameters:
         - in: query
           type: string
diff --git a/api/identity/v2_store_invite.yaml b/api/identity/v2_store_invite.yaml
index 802478dc..afc41a1c 100644
--- a/api/identity/v2_store_invite.yaml
+++ b/api/identity/v2_store_invite.yaml
@@ -15,15 +15,17 @@
 swagger: '2.0'
 info:
   title: "Matrix Identity Service Store Invitations API"
-  version: "1.0.0"
+  version: "2.0.0"
 host: localhost:8090
 schemes:
   - https
-basePath: /_matrix/identity/api/v1
+basePath: /_matrix/identity/v2
 consumes:
   - application/json
 produces:
   - application/json
+securityDefinitions:
+  $ref: definitions/security.yaml
 paths:
   "/store-invite":
     post:
@@ -48,14 +50,16 @@ paths:
         ``address`` parameter, notifying them of the invitation.
 
         Also, the generated ephemeral public key will be listed as valid on
-        requests to ``/_matrix/identity/api/v1/pubkey/ephemeral/isvalid``.
+        requests to ``/_matrix/identity/v2/pubkey/ephemeral/isvalid``.
 
         Currently, invites may only be issued for 3pids of the ``email`` medium.
 
         Optional fields in the request should be populated to the best of the
         server's ability. Identity servers may use these variables when notifying
         the ``address`` of the pending invite for display purposes.
-      operationId: storeInvite
+      operationId: storeInviteV2
+      security:
+        - accessToken: []
       parameters:
         - in: body
           name: body