What HTTP status codes are allowed?

[bvdh]

The HTTP status codes section only states support for "200 OK". What to do in case of an error situation? I suggest to add/allow responses in the 400 and/or 500 range.

[kpshek]

Per discussion at the Sept WGM (Tue Q2), we need to clarify the spec that 200 response code are not the only allowed response. EHRs should be robust to other potential response codes that it may receive. We also should add common examples for other response code scenario (eg, 401 if missing the JWT in the request or the JWT wasn't accepted by the CDS Service)