I have an API Gateway that uses Lambda Authorizer. In my API Gateway I have custom header fields that are validated by the Lambda (e.g. if required, proper format etc.).
The thing is, when there is an invalid header field, the API Gateway returns a HTTP 401 code (unauthorized). I want to make it HTTP 400 instead as it is the proper message for invalid input fields (bad requests).
Based on research, doing this in the lambda authorizer forces its API gateway to return HTTP 401
callback("Unauthorized", null);
I like to make it HTTP 400, so I did this:
callback("Bad Request", null);
When I did this, it instead returned an HTTP 500 error
Can anyone help me on this? by the way, the lambda authorizer with the APIGW is working fine for happy paths. It just doesn't work as expected for error handling for invalid headers (e.g. missing, invalid format).