diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs
--- a/services/identity/src/constants.rs
+++ b/services/identity/src/constants.rs
@@ -258,6 +258,11 @@
   pub const NO_DEVICE_LIST: &str = "no_device_list";
   pub const USER_ID_MISSING: &str = "user_id_missing";
   pub const DEVICE_ID_MISSING: &str = "device_id_missing";
+  pub const MISSING_CONTENT_KEYS: &str = "missing_content_keys";
+  pub const MISSING_NOTIF_KEYS: &str = "missing_notif_keys";
+  pub const KEYSERVER_NOT_FOUND: &str = "keyserver_not_found";
+  pub const PASSWORD_USER: &str = "password_user";
+  pub const INVALID_MESSAGE: &str = "invalid_message";
 }
 
 // Tunnelbroker
diff --git a/services/identity/src/device_list.rs b/services/identity/src/device_list.rs
--- a/services/identity/src/device_list.rs
+++ b/services/identity/src/device_list.rs
@@ -124,7 +124,9 @@
           errorType = error_types::GRPC_SERVICES_LOG,
           "Failed to parse RawDeviceList timestamp!"
         );
-        tonic::Status::invalid_argument("invalid timestamp")
+        tonic::Status::invalid_argument(
+          tonic_status_messages::INVALID_TIMESTAMP,
+        )
       })?;
     Ok(DeviceListUpdate {
       devices,
diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs
--- a/services/identity/src/grpc_services/authenticated.rs
+++ b/services/identity/src/grpc_services/authenticated.rs
@@ -105,12 +105,12 @@
 
     debug!("Refreshing prekeys for user: {}", user_id);
 
-    let content_keys = message
-      .new_content_prekeys
-      .ok_or_else(|| Status::invalid_argument("Missing content keys"))?;
-    let notif_keys = message
-      .new_notif_prekeys
-      .ok_or_else(|| Status::invalid_argument("Missing notification keys"))?;
+    let content_keys = message.new_content_prekeys.ok_or_else(|| {
+      Status::invalid_argument(tonic_status_messages::MISSING_CONTENT_KEYS)
+    })?;
+    let notif_keys = message.new_notif_prekeys.ok_or_else(|| {
+      Status::invalid_argument(tonic_status_messages::MISSING_NOTIF_KEYS)
+    })?;
 
     self
       .db_client
@@ -213,7 +213,9 @@
       .await
       .map_err(handle_db_error)?
     else {
-      return Err(Status::not_found("keyserver not found"));
+      return Err(Status::not_found(
+        tonic_status_messages::KEYSERVER_NOT_FOUND,
+      ));
     };
 
     let primary_device_data = self
@@ -434,7 +436,9 @@
       .map_err(handle_db_error)?;
 
     if maybe_username_and_password_file.is_some() {
-      return Err(tonic::Status::permission_denied("password user"));
+      return Err(tonic::Status::permission_denied(
+        tonic_status_messages::PASSWORD_USER,
+      ));
     }
 
     self
diff --git a/services/identity/src/reserved_users.rs b/services/identity/src/reserved_users.rs
--- a/services/identity/src/reserved_users.rs
+++ b/services/identity/src/reserved_users.rs
@@ -3,7 +3,7 @@
 use serde::Deserialize;
 use tonic::Status;
 
-use crate::config::CONFIG;
+use crate::{config::CONFIG, constants::tonic_status_messages};
 
 // This type should not be changed without making equivalent changes to
 // `ReservedUsernameMessage` in lib/types/crypto-types.js
@@ -38,7 +38,9 @@
     deserialized_message.statement.as_bytes(),
     expected_statement,
   ) {
-    return Err(Status::invalid_argument("message invalid"));
+    return Err(Status::invalid_argument(
+      tonic_status_messages::INVALID_MESSAGE,
+    ));
   }
 
   let issued_at: DateTime<Utc> = deserialized_message
@@ -48,7 +50,9 @@
 
   let now = Utc::now();
   if (now - issued_at).num_seconds() > 5 {
-    return Err(Status::invalid_argument("message invalid"));
+    return Err(Status::invalid_argument(
+      tonic_status_messages::INVALID_MESSAGE,
+    ));
   }
 
   let public_key_string = CONFIG
@@ -81,7 +85,9 @@
   )?;
 
   if deserialized_message.payload.username != username {
-    return Err(Status::invalid_argument("message invalid"));
+    return Err(Status::invalid_argument(
+      tonic_status_messages::INVALID_MESSAGE,
+    ));
   }
 
   Ok(deserialized_message.payload.user_id)
diff --git a/services/identity/src/siwe.rs b/services/identity/src/siwe.rs
--- a/services/identity/src/siwe.rs
+++ b/services/identity/src/siwe.rs
@@ -11,7 +11,8 @@
 use tracing::error;
 
 use crate::constants::{
-  error_types, SOCIAL_PROOF_MESSAGE_ATTRIBUTE, SOCIAL_PROOF_SIGNATURE_ATTRIBUTE,
+  error_types, tonic_status_messages, SOCIAL_PROOF_MESSAGE_ATTRIBUTE,
+  SOCIAL_PROOF_SIGNATURE_ATTRIBUTE,
 };
 
 pub fn parse_and_verify_siwe_message(
@@ -23,7 +24,7 @@
       errorType = error_types::SIWE_LOG,
       "Failed to parse SIWE message: {}", e
     );
-    Status::invalid_argument("invalid message")
+    Status::invalid_argument(tonic_status_messages::INVALID_MESSAGE)
   })?;
 
   let decoded_signature = hex::decode(siwe_signature.trim_start_matches("0x"))
@@ -32,7 +33,7 @@
         errorType = error_types::SIWE_LOG,
         "Failed to decode SIWE signature: {}", e
       );
-      Status::invalid_argument("invalid signature")
+      Status::invalid_argument(tonic_status_messages::SIGNATURE_INVALID)
     })?;
 
   let signature = decoded_signature.try_into().map_err(|e| {
@@ -40,7 +41,7 @@
       errorType = error_types::SIWE_LOG,
       "Conversion to SIWE signature failed: {:?}", e
     );
-    Status::invalid_argument("invalid message")
+    Status::invalid_argument(tonic_status_messages::INVALID_MESSAGE)
   })?;
 
   siwe_message