Requests using token generated from client id and secret with missing token results in 401 instead of 403
A user can authenticate using their client_id and secret without an API key or an incorrect API key.
When using the returned token requests to any endpoint, eg /za/pb/v1/accounts returns a response code of 401 instead of 403.
This should be a 403 because the client is authenticated but is not authorized to see the accounts.