For invalid user name and password combinations,.... : Quote by Paul Dix

“ For invalid user name and password combinations, the service should return a 400 HTTP status code, which means that the server received a “bad request.” The service could also use the 401 (“unauthorized”) response code, but that code specifies that authentication credentials need to be in the request header, which is not quite what is required. ”

Report, if you have a problem with this page