Hello everyone. Newbie here!
My company is looking into using Kong and I’ve been tasked with doing some research. After digging through the Kong and Key-Auth docs, I’m not able to find an answer to my current question.
Is it possible to return a different HTTP code than 403 if you try to send a request without the proper API key header? For example, how would I return a 401?
If an API key is not found in the request, Kong will return a 401:
And if the presented API key is not found to be configured in the Kong cluster, Kong will also respond with a 401 as well: