Hi, hope I'm not a bother. I am trying to implement my own SDK for use with Kotlin, however there is some behavior I'd like to know about. https://app.swaggerhub.com/apis/supertokens/CDI/2.13.0#/EmailPassword%20Recipe/emailPasswordSignin What status code response is sent in the case of an incorrect password here? Is it the 400, or the 401(but this one seems to be for invalid API keys)?

Actually a 200 is sent. But with a text status field indicating incorrect password

Oh haha, sounds good, thanks. Wouldn't it be better to send one of the standard response codes(maybe a 403 Forbidden might be okay in order to not clash with the invalid api key one) to avoid confusion though?

Well, we have two types of errors: - expected errors - unexpected errors expected errors are the ones where it's the end users "fault" and in that case the code should handle it according to that by displaying a nice message to the user. Unexpected errors as usually due to coding or infra related issues. In this case, showing a generic "something went wrong" to the end user is what's needed and the message (if any) is for the dev to debug the issue. --------- So to make this clear, we kept expected errors as 200 status code. I know it's a little unconventional, but it allows us to communicate the intended affect of the error more easily.

Ah, makes sense. Thank you! (and also thank you for the quick response time :o)