BankConfigs
These endpoints let you retrieve, add, update, or delete your bank configurations. Click an item below to expand/collapse its content.


memberId | string – required in path; identifies the requesting TPP





clientId | string – unique identifier of the TPP application
signingKeyId | string – key identifier for private key used in the digital signature
tppId | string – bank's partner identifier for the TPP
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys

clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
jwtSigningAlgorithm | string – algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
jwtSigningKeyId | string – JSON Web Token signing key identifier
signingKeyId | string – key identifier for private key used in the digital signature
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
xApiKey | string – special token needed when making AIS calls; usually sent as a request header

clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
jwtSigningKeyId | string – JSON Web Token signing key identifier
psuCorporateType | string – type of the identification needed to identify PSUCorporate-ID content
psuIdType | string – type of the PSU-ID; needed in scenarios where PSUs have several PSU-IDs as their access possibility
signingKeyId | string – key identifier for private key used in the digital signature
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
xAPIKeyAis | string – special token needed when making AIS calls; usually sent as a request header
xApiKeyPis | string – special token needed when making PIS calls; usually sent as a request header
noLicenceRequired | boolean($boolean) – bank standard does not require a licence

clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
jwtSigningKeyId | string – JSON Web Token signing key identifier
signingKeyId | string – key identifier for private key used in the digital signature
tppId | string – bank's partner identifier for the TPP
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
x5u | string – URL to return the PEM format of the TPP certificate

clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
jwtSigningAlgorithm | string – algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
jwtSigningKeyId | string – JSON Web Token signing key identifier
signingKeyId | string – key identifier for private key used in the digital signature
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys

clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
signingKeyId | string – key identifier for private key used in the digital signature
tppClientId | string – Token member identifier (memberId) of the TPP
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys

aisClientId | string – unique identifier of the TPP's account information service application
aisClientSecret | string – secret value used to authenticate the client AIS application to the authorization server
jwtSigningKeyId | string – JSON Web Token signing key identifier
pisClientId | string – unique identifier of the TPP's payment initiation service application
pisClientSecret | string – secret value used to authenticate the client PIS application to the authorization server
signingKeyId | string – key identifier for private key used in the digital signature
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys

certificateOwnerName | string – registered name of the certificate owner
clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
jwtSigningAlgorithm | string – algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
jwtSigningKeyId | string – JSON Web Token signing key identifier
signingKeyId | string – key identifier for private key used in the digital signature
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys

aisClientId | string – unique identifier of the TPP's account information service application
authenticationType | string – specifies the type of authenication; available values: client-secret-basic, client-secret-post, tls-client-auth, or private-key-jwt
clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server; optional, depending on authenticationType
jwtSigningAlgorithm | string – algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256); required only when there are multiple signing keys in the software statement
jwtSigningKeyId | string – JSON Web Token signing key identifier; created by Open Banking Directory
organisationId
signingKeyId | string – key identifier for private key used in the digital signature
softwareStatementId
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
400 Bad Request | status=INVALID_ARGUMENT.withDescription(error) – client specified an invalid argument
401 Unauthorized | status=UNAUTHENTICATED.withDescription(error) – request does not have valid authentication credentials needed to perform the operation
403 Forbidden | status=PERMISSION_DENIED.withDescription(error) – caller does not have the required permission to execute the operation specified. This error message will be accompanied by the reason from the bank. Typically means the access token has expired and the TPP needs its user to re-authenticate with the bank
404 Not Found | status=NOT_FOUND.withDescription(error) – requested entity, such as a file or directory, was not found
429 Too Many Requests | status=RESOURCE_EXHAUSTED.withDescription(error) – resource, such as a per-user quota or file system, is exhausted (out of space)
500 Internal Server Error | status=INTERNAL.withDescription(error) – could refer to either an error on Token’s end or an error on the bank’s end. When the bank reports a 5xx error, Token sets token-external-error=true as a header in the HTTP response, indicating that the "internal" error originates from the bank. When one of Token's internal services fails or when the bank reports a 4xx error, this header is not populated. The absence of this response header should be interpreted as token-external-error=false.
501 Not Implemented | status=UNIMPLEMENTED.withDescription(error) – operation not implemented / supported / enabled by the bank
503 Service Unavailable | status=UNAVAILABLE.withDescription(error) – service is unavailable, likely due to a transient condition; usually corrected with a retry
504 Gateway Timeout | status=DEADLINE_EXCEEDED.withDescription(error) – deadline expired before operation could complete


memberId | string – required in path; identifies the requesting TPP
bankId | string – bankId | string – required in path; unique bank identifier




clientId | string – unique identifier of the TPP application
signingKeyId | string – key identifier for private key used in the digital signature
tppId | string – bank's partner identifier for the TPP
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys

clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
jwtSigningAlgorithm | string – algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
jwtSigningKeyId | string – JSON Web Token signing key identifier
signingKeyId | string – key identifier for private key used in the digital signature
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
xApiKey | string – special token needed when making AIS calls; usually sent as a request header

clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
jwtSigningAlgorithm | string – algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
jwtSigningKeyId | string – JSON Web Token signing key identifier
psuCorporateType | string – type of identification needed for PSU Corporate content
psuIdType | string – type of the PSU-ID needed in scenarios where PSUs have several PSU-IDs as their access possibility
signingKeyId | string – key identifier for private key used in the digital signature
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
xApiKeyAis | string – special token needed when making AIS calls; usually sent as a request header
xApiKeyPis | string – special token needed when making PIS calls; usually sent as a request header
noLicenceRequired | boolean($boolean) – bank configuration does not require a licence

clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
jwtSigningKeyId | string – JSON Web Token signing key identifier
signingKeyId | string – key identifier for private key used in the digital signature
tppId | string – bank's partner identifier for the TPP
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
x5u | string – URL to return the PEM format of the TPP certificate

clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
jwtSigningAlgorithm | string – algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
jwtSigningKeyId | string – JSON Web Token signing key identifier
signingKeyId | string – key identifier for private key used in the digital signature
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys

clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
signingKeyId | string – key identifier for private key used in the digital signature
tppClientId | string – Token member identifier (memberId) of the TPP
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys

aisClientId | string – unique identifier of the TPP's account information service application
aisClientSecret | string – secret value used to authenticate the client AIS application to the authorization server
jwtSigningKeyId | string – JSON Web Token signing key identifier
pisClientId | string – unique identifier of the TPP's payment initiation service application
pisClientSecret | string – secret value used to authenticate the client PIS application to the authorization server
signingKeyId | string – key identifier for private key used in the digital signature
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys

certificateOwnerName | string – registered name of the certificate owner
clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server
jwtSigningAlgorithm | string – algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
jwtSigningKeyId | string – JSON Web Token signing key identifier
signingKeyId | string – key identifier for private key used in the digital signature
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys

aisClientId | string – unique identifier of the TPP's account information service application
authenticationType | string – specifies the type of authentication; available values: client-secret-basic, client-secret-post, tls-client-auth, or private-key-jwt
clientId | string – unique identifier of the TPP application
clientSecret | string – secret value used to authenticate the client application to the authorization server; optional, depending on authenticationType
jwtSigningAlgorithm | string – algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256); required only when there are multiple signing keys in the software statement
jwtSigningKeyId | string – JSON Web Token signing key identifier; created by Open Banking Directory
organisationId
signingKeyId | string – key identifier for private key used in the digital signature
softwareStatementId
transportKeyId | string – identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
400 Bad Request | status=INVALID_ARGUMENT.withDescription(error) – client specified an invalid argument
401 Unauthorized | status=UNAUTHENTICATED.withDescription(error) – request does not have valid authentication credentials needed to perform the operation
403 Forbidden | status=PERMISSION_DENIED.withDescription(error) – caller does not have the required permission to execute the operation specified. This error message will be accompanied by the reason from the bank. Typically means the access token has expired and the TPP needs its user to re-authenticate with the bank
404 Not Found | status=NOT_FOUND.withDescription(error) – requested entity, such as a file or directory, was not found
429 Too Many Requests | status=RESOURCE_EXHAUSTED.withDescription(error) – resource, such as a per-user quota or file system, is exhausted (out of space)
500 Internal Server Error | status=INTERNAL.withDescription(error) – could refer to either an error on Token’s end or an error on the bank’s end. When the bank reports a 5xx error, Token sets token-external-error=true as a header in the HTTP response, indicating that the "internal" error originates from the bank. When one of Token's internal services fails or when the bank reports a 4xx error, this header is not populated. The absence of this response header should be interpreted as token-external-error=false.
501 Not Implemented | status=UNIMPLEMENTED.withDescription(error) – operation not implemented / supported / enabled by the bank
503 Service Unavailable | status=UNAVAILABLE.withDescription(error) – service is unavailable, likely due to a transient condition; usually corrected with a retry
504 Gateway Timeout | status=DEADLINE_EXCEEDED.withDescription(error) – deadline expired before operation could complete


memberId | string – required in path; identifies the requesting TPP
bankId | string – bankId | string – required in path; unique bank identifier
uk_open_banking_standard.bank_config.organizsationId | string – optional query parameter; sets the name of the TPP's organisation
uk_open_banking_standard.bank_config.softwareStatementId | string – optional query parameter; a signed set of assertions fixing OAuth-related protocol values and informational assertions as a signed assertion from a trusted party
uk_open_banking_standard.bank_config.authenticationType | string – optional query parameter; specifies the type of authentication; available values: client-secret-basic, client-secret-post, tls-client-auth, or private-key-jwt
uk_open_banking_standard.bank_config.aisClientId | string – optional query parameter; unique identifier of the TPP's account information service application
uk_open_banking_standard.bank_config.clientId | string – optional query parameter; unique identifier of the TPP application
uk_open_banking_standard.bank_config.clientSecret | string – optional query parameter; secret value used to authenticate the client application to the authorization server; optional, depending on authenticationType
uk_open_banking_standard.bank_config.jwtSigningKeyId | string – optional query parameter; JSON Web Token signing key identifier; created by Open Banking Directory
uk_open_banking_standard.bank_config.jwtSigningAlgorithm | string – optional query parameter; algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256); optional query parameter; required only when there are multiple signing keys in the software statement
uk_open_banking_standard.bank_config.signingKeyId | string – optional query parameter; key identifier for private key used in the digital signature
uk_open_banking_standard.bank_config.transportKeyId | string – optional query parameter; identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
next_gen_psd2_standard.bank_config.xApiKeyAis | string – optional query parameter; special token needed when making AIS calls
next_gen_psd2_standard.bank_config.xApiKeyPis | string – optional query parameter; special token needed when making PIS calls
next_gen_psd2_standard.bank_config.clientId | string – optional query parameter; unique identifier of the TPP application
next_gen_psd2_standard.bank_config.clientSecret | string – optional query parameter; secret value used to authenticate the client application to the authorization server
next_gen_psd2_standard.bank_config.psuCorporateType | string – optional query parameter; type of identification needed for PSU Corporate content
next_gen_psd2_standard.bank_config.psuIdType | string – optional query parameter; type of the PSU-ID needed in scenarios where PSUs have several PSU-IDs as their access possibility
next_gen_psd2_standard.bank_config.jwtSigingKeyId | string – optional query parameter; JSON Web Token signing key identifier
next_gen_psd2_standard.bank_config.jwtSigningAlgorithm | string – optional query parameter; algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
next_gen_psd2_standard.bank_config.signingKeyId | string – optional query parameter; key identifier for private key used in the digital signature
next_gen_psd2_standard.bank_config.transportKeyId | string – optional query parameter; identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
polish_api_standard.bank_config.clientId | string – optional query parameter; unique identifier of the TPP application
polish_api_standard.bank_config.clientSecret | string – optional query parameter; secret value used to authenticate the client application to the authorization server
polish_api_standard.bank_config.jwtSigningKeyId | string – optional query parameter; JSON Web Token signing key identifier
polish_api_standard.bank_config.signingKeyId | string – optional query parameter; key identifier for private key used in the digital signature
polish_api_standard.bank_config.tppId | string – optional query parameter; bank's partner identifier for the TPP
polish_api_standard.bank_config.transportKeyId | string – optional query parameter; identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
polish_api_standard.bank_config.x5u | string – optional query parameter; URL to return the PEM format of the TPP certificate
provider_sample_standard.bank_config.clientId | string – optional query parameter; unique identifier of the TPP application
provider_sample_standard.bank_config.clientSecret | string – optional query parameter; secret value used to authenticate the client application to the authorization server
provider_sample_standard.bank_config.jwtSigningAlgorithm | string – optional query parameter; algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
provider_sample_standard.bank_config.jwtSigningKeyId | string – optional query parameter; JSON Web Token signing key identifier
provider_sample_standard.bank_config.signingKeyId | string – optional query parameter; key identifier for private key used in the digital signature
provider_sample_standard.bank_config.transportKeyId | string – optional query parameter; identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
stet_psd2_standard.bank_config.certificateOwnerName | string – optional query parameter; registered name of the certificate owner
stet_psd2_standard.bank_config.clientId | string – optional query parameter; unique identifier of the TPP application
stet_psd2_standard.bank_config.clientSecret | string – optional query parameter; secret value used to authenticate the client application to the authorization server
stet_psd2_standard.bank_config.jwtSigningAlgorithm | string – optional query parameter; algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
stet_psd2_standard.bank_config.jwtSigningKeyId | string – optional query parameter; JSON Web Token signing key identifier
stet_psd2_standard.bank_config.signingKeyId | string – optional query parameter; key identifier for private key used in the digital signature
stet_psd2_standard.bank_config.transportKeyId | string – optional query parameter; identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
starling_api_standard.bank_config.aisClientId | string – optional query parameter; unique identifier of the TPP's account information service application
starling_api_standard.bank_config.aisClientSecret | string – optional query parameter; secret value used to authenticate the client AIS application to the authorization server
starling_api_standard.bank_config.jwtSigningKeyId | string – optional query parameter; JSON Web Token signing key identifier
starling_api_standard.bank_config.pisClientId | string – optional query parameter; unique identifier of the TPP's payment initiation service application
starling_api_standard.bank_config.pisClientSecret | string – optional query parameter; secret value used to authenticate the client PIS application to the authorization server
starling_api_standard.bank_config.signingKeyId | string – optional query parameter; key identifier for private key used in the digital signature
starling_api_standard.bank_config.transportKeyId | string – optional query parameter; identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
czech_psd2_standard.bank_config.clientId | string – optional query parameter; unique identifier of the TPP application
czech_psd2_standard.bank_config.clientSecret | string – optional query parameter; secret value used to authenticate the client application to the authorization server
czech_psd2_standard.bank_config.jwtSigningAlgorithm | string – optional query parameter; algorithm used to generate the signature; JWTs are most commonly signed using one of two algorithms: HS256 (HMAC using SHA256), and RS256 (RSA using SHA256)
czech_psd2_standard.bank_config.jwtSigningKeyId | string – optional query parameter; JSON Web Token signing key identifier
czech_psd2_standard.bank_config.signingKeyId | string – optional query parameter; key identifier for private key used in the digital signature
czech_psd2_standard.bank_config.transportKeyId | string – optional query parameter; identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
czech_psd2_standard.bank_config.xApiKey | string – optional query parameter; special token needed when making AIS calls
budapest_psd2_standard.bankk_config.clientId | string – optional query parameter; unique identifier of the TPP application
budapest_psd2_standard.bankk_config.signingKeyId | string – optional query parameter; key identifier for private key used in the digital signature
budapest_psd2_standard.bankk_config.tppId | string – optional query parameter; bank's partner identifier for the TPP
budapest_psd2_standard.bankk_config.transportKeyId | string – optional query parameter; identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
slovak_psd2_standard.bank_config.clientId | string – optional query parameter; unique identifier of the TPP application
slovak_psd2_standard.bank_config.clientSecret | string – optional query parameter; secret value used to authenticate the client application to the authorization server
slovak_psd2_standard.bank_config.signingKeyId | string – optional query parameter; key identifier for private key used in the digital signature
slovak_psd2_standard.bank_config.tppClientId | string – optional query parameter; Token member identifier (memberId) of the TPP
slovak_psd2_standard.bank_config.transportKeyId | string – optional query parameter; identifies the transport key; transport keys protect a key that is sent to another system, received from another system, or stored with data in a file; can be either AES or DES keys
bank_config.noLicenceRequired | boolean($boolean) – optional query parameter; bank configuration does not require a licence


empty object – no response data sent for HTTP 200 result
400 Bad Request | status=INVALID_ARGUMENT.withDescription(error) – client specified an invalid argument
401 Unauthorized | status=UNAUTHENTICATED.withDescription(error) – request does not have valid authentication credentials needed to perform the operation
403 Forbidden | status=PERMISSION_DENIED.withDescription(error) – caller does not have the required permission to execute the operation specified. This error message will be accompanied by the reason from the bank. Typically means the access token has expired and the TPP needs its user to re-authenticate with the bank
404 Not Found | status=NOT_FOUND.withDescription(error) – requested entity, such as a file or directory, was not found
429 Too Many Requests | status=RESOURCE_EXHAUSTED.withDescription(error) – resource, such as a per-user quota or file system, is exhausted (out of space)
500 Internal Server Error | status=INTERNAL.withDescription(error) – could refer to either an error on Token’s end or an error on the bank’s end. When the bank reports a 5xx error, Token sets token-external-error=true as a header in the HTTP response, indicating that the "internal" error originates from the bank. When one of Token's internal services fails or when the bank reports a 4xx error, this header is not populated. The absence of this response header should be interpreted as token-external-error=false.
501 Not Implemented | status=UNIMPLEMENTED.withDescription(error) – operation not implemented / supported / enabled by the bank
503 Service Unavailable | status=UNAVAILABLE.withDescription(error) – service is unavailable, likely due to a transient condition; usually corrected with a retry
504 Gateway Timeout | status=DEADLINE_EXCEEDED.withDescription(error) – deadline expired before operation could complete


memberId | string – required in path; identifies the requesting TPP
bankId | string – bankId | string – required in path; unique bank identifier


empty object – no response data sent for HTTP 200 result
400 Bad Request | status=INVALID_ARGUMENT.withDescription(error) – client specified an invalid argument
401 Unauthorized | status=UNAUTHENTICATED.withDescription(error) – request does not have valid authentication credentials needed to perform the operation
403 Forbidden | status=PERMISSION_DENIED.withDescription(error) – caller does not have the required permission to execute the operation specified. This error message will be accompanied by the reason from the bank. Typically means the access token has expired and the TPP needs its user to re-authenticate with the bank
404 Not Found | status=NOT_FOUND.withDescription(error) – requested entity, such as a file or directory, was not found
429 Too Many Requests | status=RESOURCE_EXHAUSTED.withDescription(error) – resource, such as a per-user quota or file system, is exhausted (out of space)
500 Internal Server Error | status=INTERNAL.withDescription(error) – could refer to either an error on Token’s end or an error on the bank’s end. When the bank reports a 5xx error, Token sets token-external-error=true as a header in the HTTP response, indicating that the "internal" error originates from the bank. When one of Token's internal services fails or when the bank reports a 4xx error, this header is not populated. The absence of this response header should be interpreted as token-external-error=false.
501 Not Implemented | status=UNIMPLEMENTED.withDescription(error) – operation not implemented / supported / enabled by the bank
503 Service Unavailable | status=UNAVAILABLE.withDescription(error) – service is unavailable, likely due to a transient condition; usually corrected with a retry
504 Gateway Timeout | status=DEADLINE_EXCEEDED.withDescription(error) – deadline expired before operation could complete