diff --git a/src/main/java/nl/ictu/PseudoniemenServiceApplication.java b/src/main/java/nl/ictu/PseudoniemenServiceApplication.java
index c41cced..0daa17c 100644
--- a/src/main/java/nl/ictu/PseudoniemenServiceApplication.java
+++ b/src/main/java/nl/ictu/PseudoniemenServiceApplication.java
@@ -1,6 +1,7 @@
 package nl.ictu;
 
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import lombok.NoArgsConstructor;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.springframework.boot.SpringApplication;
@@ -9,7 +10,9 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.Security;
 
-@SuppressWarnings("HideUtilityClassConstructor")
+@SuppressWarnings({"HideUtilityClassConstructor"})
+@SuppressFBWarnings(value = "EI_EXPOSE_STATIC_REP2",
+    justification = "nl.ictu.PseudoniemenServiceApplication$$SpringCGLIB$$0")
 @SpringBootApplication
 @NoArgsConstructor
 public class PseudoniemenServiceApplication {
diff --git a/src/main/java/nl/ictu/controller/v1/ExchangeIdentifier.java b/src/main/java/nl/ictu/controller/v1/ExchangeIdentifier.java
index a2cc841..4271028 100644
--- a/src/main/java/nl/ictu/controller/v1/ExchangeIdentifier.java
+++ b/src/main/java/nl/ictu/controller/v1/ExchangeIdentifier.java
@@ -4,12 +4,11 @@
 import lombok.SneakyThrows;
 import nl.ictu.Identifier;
 import nl.ictu.pseudoniemenservice.generated.server.api.ExchangeIdentifierApi;
-import nl.ictu.pseudoniemenservice.generated.server.model.WsExchangeIdentifierForIdentifierRequest;
+import nl.ictu.pseudoniemenservice.generated.server.model.WsExchangeIdentifierRequest;
 import nl.ictu.pseudoniemenservice.generated.server.model.WsExchangeIdentifierResponse;
 import nl.ictu.pseudoniemenservice.generated.server.model.WsIdentifier;
 import nl.ictu.pseudoniemenservice.generated.server.model.WsIdentifierTypes;
 import nl.ictu.service.AesGcmSivCryptographer;
-import nl.ictu.service.IdentifierConverter;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RestController;
@@ -24,13 +23,11 @@
 @RestController
 public final class ExchangeIdentifier implements ExchangeIdentifierApi, VersionOneController {
 
-    private final IdentifierConverter identifierConverter;
-
     private final AesGcmSivCryptographer aesGcmSivCryptographer;
 
     @Override
     @SneakyThrows
-    public ResponseEntity<WsExchangeIdentifierResponse> exchangeIdentifierForIdentifier(final String callerOIN, final WsExchangeIdentifierForIdentifierRequest wsExchangeIdentifierForIdentifierRequest) {
+    public ResponseEntity<WsExchangeIdentifierResponse> exchangeIdentifier(final String callerOIN, final WsExchangeIdentifierRequest wsExchangeIdentifierForIdentifierRequest) {
 
         final WsIdentifier wsIdentifierRequest = wsExchangeIdentifierForIdentifierRequest.getIdentifier();
 
diff --git a/src/main/java/nl/ictu/controller/v1/ExchangeToken.java b/src/main/java/nl/ictu/controller/v1/ExchangeToken.java
index 4329a64..116fec4 100644
--- a/src/main/java/nl/ictu/controller/v1/ExchangeToken.java
+++ b/src/main/java/nl/ictu/controller/v1/ExchangeToken.java
@@ -6,12 +6,11 @@
 import nl.ictu.Identifier;
 import nl.ictu.Token;
 import nl.ictu.pseudoniemenservice.generated.server.api.ExchangeTokenApi;
-import nl.ictu.pseudoniemenservice.generated.server.model.WsExchangeTokenForIdentifierRequest;
+import nl.ictu.pseudoniemenservice.generated.server.model.WsExchangeTokenRequest;
 import nl.ictu.pseudoniemenservice.generated.server.model.WsExchangeTokenResponse;
 import nl.ictu.pseudoniemenservice.generated.server.model.WsIdentifier;
 import nl.ictu.service.AesGcmCryptographer;
 import nl.ictu.service.AesGcmSivCryptographer;
-import nl.ictu.service.IdentifierConverter;
 import nl.ictu.service.TokenConverter;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RestController;
@@ -31,11 +30,9 @@ public final class ExchangeToken implements ExchangeTokenApi, VersionOneControll
 
     private final TokenConverter tokenConverter;
 
-    private final IdentifierConverter identifierConverter;
-
     @Override
     @SneakyThrows
-    public ResponseEntity<WsExchangeTokenResponse> exchangeTokenForIdentifier(final String callerOIN, final WsExchangeTokenForIdentifierRequest wsExchangeTokenForIdentifierRequest) {
+    public ResponseEntity<WsExchangeTokenResponse> exchangeToken(final String callerOIN, final WsExchangeTokenRequest wsExchangeTokenForIdentifierRequest) {
 
         final String encodedToken = aesGcmCryptographer.decrypt(wsExchangeTokenForIdentifierRequest.getToken(), callerOIN);
 
diff --git a/src/main/java/nl/ictu/controller/v1/GetToken.java b/src/main/java/nl/ictu/controller/v1/GetToken.java
index 5c0870c..0a2395c 100644
--- a/src/main/java/nl/ictu/controller/v1/GetToken.java
+++ b/src/main/java/nl/ictu/controller/v1/GetToken.java
@@ -9,7 +9,6 @@
 import nl.ictu.pseudoniemenservice.generated.server.model.WsGetTokenResponse;
 import nl.ictu.service.AesGcmCryptographer;
 import nl.ictu.service.AesGcmSivCryptographer;
-import nl.ictu.service.IdentifierConverter;
 import nl.ictu.service.TokenConverter;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RestController;
@@ -26,8 +25,6 @@ public final class GetToken implements GetTokenApi, VersionOneController {
 
     private final TokenConverter tokenConverter;
 
-    private final IdentifierConverter identifierConverter;
-
     @Override
     @SneakyThrows
     public ResponseEntity<WsGetTokenResponse> getToken(final String callerOIN, final WsGetTokenRequest wsGetTokenRequest) {
diff --git a/src/main/java/nl/ictu/service/AESHelper.java b/src/main/java/nl/ictu/service/AESHelper.java
index bbc0be1..3c6cdcb 100644
--- a/src/main/java/nl/ictu/service/AESHelper.java
+++ b/src/main/java/nl/ictu/service/AESHelper.java
@@ -24,14 +24,12 @@ public static GCMParameterSpec generateIV() {
         byte[] iv = new byte[IV_LENGTH]; // AES block size is 16 bytes
         SECURE_RANDOM.nextBytes(iv);
 
-        final GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(TAG_LENGTH, iv);
+        return new GCMParameterSpec(TAG_LENGTH, iv);
 
-        return gcmParameterSpec;
     }
 
     public static GCMParameterSpec createIVfromValues(final byte[] iv) {
-        final GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(TAG_LENGTH, iv);
-        return gcmParameterSpec;
+        return new GCMParameterSpec(TAG_LENGTH, iv);
     }
 
     public static Cipher createCipher() throws NoSuchPaddingException, NoSuchAlgorithmException {
diff --git a/src/main/java/nl/ictu/service/AesGcmCryptographerImpl.java b/src/main/java/nl/ictu/service/AesGcmCryptographerImpl.java
index 48df88c..21bf2da 100644
--- a/src/main/java/nl/ictu/service/AesGcmCryptographerImpl.java
+++ b/src/main/java/nl/ictu/service/AesGcmCryptographerImpl.java
@@ -87,9 +87,8 @@ private SecretKey createSecretKey(final String salt) {
 
         byte[] key = sha256Digest.digest(salterSecretBytes);
 
-        final SecretKey secretKey = new SecretKeySpec(key, "AES");
+        return new SecretKeySpec(key, "AES");
 
-        return secretKey;
     }
 
     @Override
diff --git a/src/main/java/nl/ictu/service/AesGcmSivCryptographerImpl.java b/src/main/java/nl/ictu/service/AesGcmSivCryptographerImpl.java
index 33f1184..2ecfb19 100644
--- a/src/main/java/nl/ictu/service/AesGcmSivCryptographerImpl.java
+++ b/src/main/java/nl/ictu/service/AesGcmSivCryptographerImpl.java
@@ -7,6 +7,7 @@
 import nl.ictu.Identifier;
 import nl.ictu.configuration.PseudoniemenServiceProperties;
 import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.MultiBlockCipher;
 import org.bouncycastle.crypto.engines.AESEngine;
 import org.bouncycastle.crypto.modes.GCMSIVBlockCipher;
 import org.bouncycastle.crypto.params.AEADParameters;
@@ -29,6 +30,8 @@
 @Service
 public class AesGcmSivCryptographerImpl implements AesGcmSivCryptographer {
 
+    public static final int MAC_SIZE = 128;
+
     private final PseudoniemenServiceProperties pseudoniemenServiceProperties;
 
     private static final int NONCE_LENTH = 12;
@@ -37,7 +40,7 @@ public class AesGcmSivCryptographerImpl implements AesGcmSivCryptographer {
 
     private final Base64.Decoder base64Decoder = Base64.getDecoder();
 
-    private final AESEngine aesEngine;
+    private final MultiBlockCipher aesEngine;
 
     private final MessageDigest sha256Digest;
 
@@ -50,7 +53,7 @@ public AesGcmSivCryptographerImpl(final PseudoniemenServiceProperties pseudoniem
         pseudoniemenServiceProperties = pseudoniemenServicePropertiesArg;
         identifierConverter = identifierConverterArg;
 
-        aesEngine = new AESEngine();
+        aesEngine = AESEngine.newInstance();
         sha256Digest = MessageDigest.getInstance("SHA-256");
 
         if (!StringUtils.hasText(pseudoniemenServiceProperties.getIdentifierPrivateKey())) {
@@ -69,9 +72,7 @@ private AEADParameters createSecretKey(final String salt) {
 
         final KeyParameter keyParameter = new KeyParameter(base64Decoder.decode(identifierPrivateKey));
 
-        final AEADParameters cipherParameter = new AEADParameters(keyParameter, 128, nonce12);
-
-        return cipherParameter;
+        return new AEADParameters(keyParameter, MAC_SIZE, nonce12);
 
     }
 
@@ -117,9 +118,7 @@ public Identifier decrypt(final String ciphertextString, final String salt) thro
 
         final String encodedIdentifier = new String(plaintext, StandardCharsets.UTF_8);
 
-        final Identifier identifier = identifierConverter.decode(encodedIdentifier);
-
-        return identifier;
+        return identifierConverter.decode(encodedIdentifier);
 
     }
 
diff --git a/src/main/resources/public/v1/openapi.yaml b/src/main/resources/public/v1/openapi.yaml
index f300d72..768165e 100644
--- a/src/main/resources/public/v1/openapi.yaml
+++ b/src/main/resources/public/v1/openapi.yaml
@@ -8,6 +8,8 @@ servers:
 paths:
   /getToken:
     post:
+      tags:
+        - Token
       summary: get a token
       operationId: getToken
       parameters:
@@ -19,8 +21,11 @@ paths:
           $ref: '#/components/responses/getTokenResponse'
   /exchangeToken:
     post:
+      tags:
+        - Token
+        - Identifier
       summary: excgange token for an identifier
-      operationId: exchangeTokenForIdentifier
+      operationId: exchangeToken
       parameters:
         - $ref: "#/components/parameters/callerOIN"
       requestBody:
@@ -30,8 +35,10 @@ paths:
           $ref: '#/components/responses/exchangeTokenResponse'
   /exchangeIdentifier:
     post:
+      tags:
+        - Identifier
       summary: exchange an identifier for another identifier
-      operationId: exchangeIdentifierForIdentifier
+      operationId: exchangeIdentifier
       parameters:
         - $ref: "#/components/parameters/callerOIN"
       requestBody:
diff --git a/src/test/java/nl/ictu/service/TestAesGcmCryptographer.java b/src/test/java/nl/ictu/service/TestAesGcmCryptographer.java
index 90d47a6..b1e691a 100644
--- a/src/test/java/nl/ictu/service/TestAesGcmCryptographer.java
+++ b/src/test/java/nl/ictu/service/TestAesGcmCryptographer.java
@@ -20,9 +20,9 @@
 @ActiveProfiles("test")
 public class TestAesGcmCryptographer {
 
-    private AesGcmCryptographer aesGcmCryptographer = new AesGcmCryptographerImpl(new PseudoniemenServiceProperties().setTokenPrivateKey("bFUyS1FRTVpON0pCSFFRRGdtSllSeUQ1MlRna2txVmI="));
+    private final AesGcmCryptographer aesGcmCryptographer = new AesGcmCryptographerImpl(new PseudoniemenServiceProperties().setTokenPrivateKey("bFUyS1FRTVpON0pCSFFRRGdtSllSeUQ1MlRna2txVmI="));
 
-    private Set<String> testStrings = new HashSet<>(Arrays.asList("a", "bb", "dsv", "ghad", "dhaht", "uDg5Av", "d93fdvv", "dj83hzHo", "38iKawKv9", "dk(gkzm)Mh", "gjk)s3$g9cQ"));
+    private final Set<String> testStrings = new HashSet<>(Arrays.asList("a", "bb", "dsv", "ghad", "dhaht", "uDg5Av", "d93fdvv", "dj83hzHo", "38iKawKv9", "dk(gkzm)Mh", "gjk)s3$g9cQ"));
 
     @Test
     public void testEncyptDecryptForDifferentStringLengths() {
diff --git a/src/test/java/nl/ictu/service/TestAesGcmSivCryptographer.java b/src/test/java/nl/ictu/service/TestAesGcmSivCryptographer.java
index 6c0d1c5..29407d0 100644
--- a/src/test/java/nl/ictu/service/TestAesGcmSivCryptographer.java
+++ b/src/test/java/nl/ictu/service/TestAesGcmSivCryptographer.java
@@ -22,12 +22,12 @@
 @ActiveProfiles("test")
 public class TestAesGcmSivCryptographer {
 
-    private AesGcmSivCryptographer aesGcmSivCryptographer = new AesGcmSivCryptographerImpl(
+    private final AesGcmSivCryptographer aesGcmSivCryptographer = new AesGcmSivCryptographerImpl(
         new PseudoniemenServiceProperties().setIdentifierPrivateKey("QTBtVEhLN3EwMHJ3QXN1ZUFqNzVrT3hDQTBIWWNIZTU="),
         new IdentifierConverterImpl(new ObjectMapper())
     );
 
-    private Set<String> testStrings = new HashSet<>(Arrays.asList("a", "bb", "dsv", "ghad", "dhaht", "uDg5Av", "d93fdvv", "dj83hzHo", "38iKawKv9", "dk(gkzm)Mh", "gjk)s3$g9cQ"));
+    private final Set<String> testStrings = new HashSet<>(Arrays.asList("a", "bb", "dsv", "ghad", "dhaht", "uDg5Av", "d93fdvv", "dj83hzHo", "38iKawKv9", "dk(gkzm)Mh", "gjk)s3$g9cQ"));
 
     @Test
     public void testEncyptDecryptForDifferentStringLengths() {