GET responses should have a 401 unauthorized HTTP status code, communicating that consumers do not have access
OpenAPI Response Get 401 Status Code Info
Message: GET Responses MUST Have 401 Status Code
Policies
Response 4xx
Client error responses are where developer experience lives or dies. Consistent 400, 401, 403, 404, and 429 responses with shared schema references make error handling predictable.