I agree to the extent that you are leaking metadata but the codes are for context. As a developer hitting your API I need a 403 or 401 to understand whether I have hit a rate-throttle or my token has expired and I need to reauthenticate.
And as a developer of API you use I don't want to give you that info so you get 404. Hehe. I understand your point but just a perspective on why you won't get it sometimes
I agree to the extent that you are leaking metadata but the codes are for context. As a developer hitting your API I need a 403 or 401 to understand whether I have hit a rate-throttle or my token has expired and I need to reauthenticate.
And as a developer of API you use I don't want to give you that info so you get 404. Hehe. I understand your point but just a perspective on why you won't get it sometimes
And I'll just use a competitors company and their API because it's easier to code against
:)