When interpreting error responses it is important to understand that the behaviour of "400 Bad Request" and "403 Forbidden" is as follows:
- 403 Forbidden
- This response indicates that the requested action was not permitted. E.g. the account was locked, a required role was missing, etc.
- If such a response is returned, the credentials supplied were ignored.
- 400 Bad Request
- This response indicates that the parameters supplied were processed
- The processing result was negative. E.g. the credentials were invalid, the step called was unexpected, etc.