This should only be used after manually adding a card to Apple Pay or Google Pay,
and the user has selected the option to authentiticate via the mobile wallet.
Authentication should be done by the mobile application, and the external reference should be provided by Apple Pay or Google Pay.
Card tokenization activated successfully
The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response.
The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server.
The user has sent too many requests in a given amount of time ("rate limiting").
The server has encountered a situation it does not know how to handle.