Pega REST service recording 401 response code though it is serving with http code 200
I have a service where it responds for an inbound request coming from different application.
Though everything look normal, in access logs there is additional response recording with http code 401 as below (altered the service names for security purpose). Could someone please suggest where it might go wrong in Pega?
220.127.116.11 [30/Jul/2019:10:45:50 +0100] HTTP/1.1 8080 POST /prweb/PRRestService/abcd/x2/cases 401 - 82 - POST /prweb/PRRestService/abcd/x2/cases HTTP/1.1
18.104.22.168 [30/Jul/2019:10:45:52 +0100] HTTP/1.1 8080 POST /prweb/PRRestService/abcd/v2/cases 201 237 1858 - POST /prweb/PRRestService/abcd/x2/cases HTTP/1.1
here, the response codes highlighted are showing two different responses within 2 seconds interval recorded in access logs.
Yes, My service require authentication and the credentials are correct because there is no denial of service I can see. As I have mentioned in my question, there is http 200 response recording as well immediately after http 401 response in access logs. End user also able to use the service. Only thing puzzling me is why the unauthorized response is being recorded before valid response? Any ways to debug at this level to spot where it is going wrong?
Is the client using preemptive authentication? If not, I believe it will attempt to connect to the resource without the authentication header, detect the 401 error, then connect a second time with the authentication header. Enabling preemptive authentication ensures that authentication is passed every time.