Details
Description
Issue Summary
When sending a REST API request authenticated using Oauth2 (3LO) to a mispelled/wrong REST API endpoint, status code 401 (unauthorized) is returned instead of 404 (not found).
This is misleading since the customers think the authentication is broken instead of trying to check whether the endpoint they are using is correct.
Steps to Reproduce
- Send a REST API call toward the https://api.atlassian.com/ex/confluence/[CLOUD-ID]/wiki/rest/api/group?... endpoint
- See that the request is successful.
- Now add an extra 's' to the endpoint so that's "groups" instead of "group" https://api.atlassian.com/ex/confluence/[CLOUD-ID]/wiki/rest/api/groups?....
Expected Results
Since the endpoint is wrong/misspelled, we expect to get 404 - Not found
Actual Results
Status code 401 - Unauthorized is returned instead
Workaround
No workaround available at the moment.