diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs
--- a/services/identity/src/client_service.rs
+++ b/services/identity/src/client_service.rs
@@ -1145,7 +1145,7 @@
       Ok(Some(existing_keyserver_device_id))
     } else {
       Err(tonic::Status::already_exists(
-        "user already has a keyserver",
+        tonic_status_messages::USER_ALREADY_HAS_KEYSERVER,
       ))
     }
   }
@@ -1159,20 +1159,26 @@
       _,
     ))
     | DBError::AwsSdk(DynamoDBError::RequestLimitExceeded(_)) => {
-      tonic::Status::unavailable("please retry")
+      tonic::Status::unavailable(tonic_status_messages::RETRY)
     }
     DBError::DeviceList(DeviceListError::InvalidDeviceListUpdate) => {
-      tonic::Status::invalid_argument("invalid device list update")
+      tonic::Status::invalid_argument(
+        tonic_status_messages::INVALID_DEVICE_LIST_UPDATE,
+      )
     }
     DBError::DeviceList(DeviceListError::InvalidSignature) => {
-      tonic::Status::invalid_argument("invalid device list signature")
+      tonic::Status::invalid_argument(
+        tonic_status_messages::INVALID_DEVICE_LIST_SIGNATURE,
+      )
     }
     e => {
       error!(
         errorType = error_types::GENERIC_DB_LOG,
         "Encountered an unexpected error: {}", e
       );
-      tonic::Status::failed_precondition("unexpected error")
+      tonic::Status::failed_precondition(
+        tonic_status_messages::UNEXPECTED_ERROR,
+      )
     }
   }
 }
diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs
--- a/services/identity/src/constants.rs
+++ b/services/identity/src/constants.rs
@@ -249,6 +249,15 @@
   pub const DEVICE_LIST_ERROR: &str = "device_list_error";
   pub const DEVICE_NOT_IN_DEVICE_LIST: &str = "device_not_in_device_list";
   pub const NO_IDENTIFIER_PROVIDED: &str = "no_identifier_provided";
+  pub const USER_ALREADY_HAS_KEYSERVER: &str = "user_already_has_keyserver";
+  pub const RETRY: &str = "retry";
+  pub const INVALID_DEVICE_LIST_UPDATE: &str = "invalid_device_list_update";
+  pub const INVALID_DEVICE_LIST_SIGNATURE: &str =
+    "invalid_device_list_signature";
+  pub const UNEXPECTED_ERROR: &str = "unexpected_error";
+  pub const NO_DEVICE_LIST: &str = "no_device_list";
+  pub const USER_ID_MISSING: &str = "user_id_missing";
+  pub const DEVICE_ID_MISSING: &str = "device_id_missing";
 }
 
 // Tunnelbroker
diff --git a/services/identity/src/device_list.rs b/services/identity/src/device_list.rs
--- a/services/identity/src/device_list.rs
+++ b/services/identity/src/device_list.rs
@@ -59,7 +59,9 @@
         errorType = error_types::GRPC_SERVICES_LOG,
         "Failed to serialize device list updates: {}", err
       );
-      tonic::Status::failed_precondition("unexpected error")
+      tonic::Status::failed_precondition(
+        tonic_status_messages::UNEXPECTED_ERROR,
+      )
     })
   }
 }
@@ -77,7 +79,9 @@
         errorType = error_types::GRPC_SERVICES_LOG,
         "Failed to serialize raw device list: {}", err
       );
-      tonic::Status::failed_precondition("unexpected error")
+      tonic::Status::failed_precondition(
+        tonic_status_messages::UNEXPECTED_ERROR,
+      )
     })?;
 
     Ok(Self {
diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs
--- a/services/identity/src/grpc_services/authenticated.rs
+++ b/services/identity/src/grpc_services/authenticated.rs
@@ -81,10 +81,14 @@
 pub fn get_user_and_device_id<T>(
   request: &Request<T>,
 ) -> Result<(String, String), Status> {
-  let user_id = get_value(request, request_metadata::USER_ID)
-    .ok_or_else(|| Status::unauthenticated("Missing user_id field"))?;
-  let device_id = get_value(request, request_metadata::DEVICE_ID)
-    .ok_or_else(|| Status::unauthenticated("Missing device_id field"))?;
+  let user_id =
+    get_value(request, request_metadata::USER_ID).ok_or_else(|| {
+      Status::unauthenticated(tonic_status_messages::USER_ID_MISSING)
+    })?;
+  let device_id =
+    get_value(request, request_metadata::DEVICE_ID).ok_or_else(|| {
+      Status::unauthenticated(tonic_status_messages::DEVICE_ID_MISSING)
+    })?;
 
   Ok((user_id, device_id))
 }
@@ -645,7 +649,7 @@
             "Failed to join device list task: {join_error}"
           );
           fetch_tasks.abort_all();
-          return Err(Status::aborted("unexpected error"));
+          return Err(Status::aborted(tonic_status_messages::UNEXPECTED_ERROR));
         }
       }
     }
@@ -821,7 +825,9 @@
         errorType = error_types::GRPC_SERVICES_LOG,
         "User has no device list!"
       );
-      return Err(Status::failed_precondition("no device list"));
+      return Err(Status::failed_precondition(
+        tonic_status_messages::NO_DEVICE_LIST,
+      ));
     };
 
     use DeviceListItemKind as DeviceKind;
@@ -833,10 +839,12 @@
 
     if !device_on_list {
       debug!(
-        "Device {} not on device list for user {}",
+        "Device {} not in device list for user {}",
         device_id, user_id
       );
-      return Err(Status::permission_denied("device not on device list"));
+      return Err(Status::permission_denied(
+        tonic_status_messages::DEVICE_NOT_IN_DEVICE_LIST,
+      ));
     }
 
     Ok(())