Challenge 1: Pick the Right Status Code — Possible Solution ==================================================================== (a) A client requests a product ID that doesn't exist — NOT_FOUND. The request itself was well-formed (a valid ID was provided), but the specific resource being asked for genuinely doesn't exist — exactly what NOT_FOUND is defined for. (b) A client sends a request with no auth token at all — UNAUTHENTICATED. This is specifically the "no valid credentials were provided at all" case — distinct from PERMISSION_DENIED, which would apply if the client WAS authenticated but simply lacked authorization for this specific action. No token at all means the call never got past identifying who's calling in the first place. (c) A downstream service is temporarily down and the call couldn't be completed — UNAVAILABLE. This reflects a transient infrastructure problem rather than anything wrong with the request itself — the request might well succeed if retried once the downstream service recovers, which is exactly why UNAVAILABLE is described as "often safe to retry," unlike a code such as INVALID_ARGUMENT that would still fail on retry since the request itself was the problem.