diff --git a/routes/idp.js b/routes/idp.js
index 8667a6a7..ea9c2ef1 100644
--- a/routes/idp.js
+++ b/routes/idp.js
@@ -39,30 +39,6 @@ module.exports = function (log, crypto, error, isA, serverPublicKey, bridge) {
           file: './provision.html'
         }
       }
-    },
-    {
-      method: 'POST',
-      path: '/get_random_bytes',
-      config: {
-        handler: function getRandomBytes(request) {
-          request.reply({ data: crypto.randomBytes(32).toString('hex') })
-        }
-      }
-    },
-    {
-      method: 'GET',
-      path: '/verify_email',
-      config: {
-        handler: function (request, next) {
-          return request.reply.redirect(bridge.url + request.raw.req.url)
-        },
-        validate: {
-          query: {
-            code: isA.String().regex(HEX_STRING).required(),
-            uid: isA.String().max(64).required()
-          }
-        }
-      }
     }
   ]
 
diff --git a/routes/index.js b/routes/index.js
index 98938eb6..3a691667 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -24,20 +24,21 @@ module.exports = function (
   var password = require('./password')(log, isA, error, models.Account, models.tokens)
   var session = require('./session')(log, isA, error, models.Account, models.tokens)
   var sign = require('./sign')(log, isA, error, signer, models.Account)
+  var util = require('./util')(log, crypto, error, isA, serverPublicKey, config.bridge)
 
   var v1Routes = [].concat(
     auth,
-    idp,
     account,
     password,
     session,
-    sign
+    sign,
+    util
   )
   v1Routes.forEach(function(route) {
     route.path = "/v1" + route.path
   })
 
-  var routes = defaults.concat(v1Routes)
+  var routes = defaults.concat(idp, v1Routes)
 
   return routes
 }
diff --git a/routes/util.js b/routes/util.js
new file mode 100644
index 00000000..f7b73f59
--- /dev/null
+++ b/routes/util.js
@@ -0,0 +1,37 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+module.exports = function (log, crypto, error, isA, serverPublicKey, bridge) {
+
+  const HEX_STRING = /^(?:[a-fA-F0-9]{2})+$/
+
+  var routes = [
+    {
+      method: 'POST',
+      path: '/get_random_bytes',
+      config: {
+        handler: function getRandomBytes(request) {
+          request.reply({ data: crypto.randomBytes(32).toString('hex') })
+        }
+      }
+    },
+    {
+      method: 'GET',
+      path: '/verify_email',
+      config: {
+        handler: function (request, next) {
+          return request.reply.redirect(bridge.url + request.raw.req.url)
+        },
+        validate: {
+          query: {
+            code: isA.String().regex(HEX_STRING).required(),
+            uid: isA.String().max(64).required()
+          }
+        }
+      }
+    }
+  ]
+
+  return routes
+}