I'm working on overriding the password function so that I can reject calls with a "fake password" (see prior implementation conversation). I have some questions. For reference:

emailpassword.init(
                override=emailpassword.InputOverrideConfig(
                    apis=apis_override_email_password,
                    functions=functions_override_email_password,
)

What is the difference between apis and functions? Within my override, how do I return a 400 response? For reference, this throws a 500 as expected:

def apis_override_email_password(param):
    og_sign_in_post = param.sign_in_post

    async def sign_in_post(
        form_fields,
        api_options,
        user_context,
    ):
        req = user_context.get("_default", {}).get("request")
        if req:
            raise Exception('Invalid password')

        return await og_sign_in_post(form_fields, api_options, user_context)

    param.sign_in_post = sign_in_post
    return param