Wrong response status code on unauthorized calls - getting 400 instead of 401

I’m using HMAC as my authentication mode. The issue is the client gets status code 400 instead of 401 on unauthorized calls.

Is there something am not getting?

Please help.

After digging into Tyk found out about request signing on auth schemes like Bearer Tokens and Tyk enables one to set a custom error_code and error_message on invalid signatures as below:


“algorithm”: “MasherySHA256”,
“header”: “Signature”,
“secret”: “$tyk_meta.secret”,
“allowed_clock_skew”: 5,
“error_code”: 401,
“error_message”: “Unauthorized”

Could having such a feature for HMAC auth scheme solve this HMAC issue?