Wrong response status code on unauthorized calls - getting 400 instead of 401

I’m using HMAC as my authentication mode. The issue is the client gets status code 400 instead of 401 on unauthorized calls.

Is there something am not getting?

Please help.