I'm marking this as high because it has the potential for a terribly aggravating user experience through one of our (already unnecessarily complicated) API workflows. The fix involves changing an incorrect 200 response that should not be allowed to a 404 response... and I think that should be allowed because you'll otherwise get the same 404 later in the same API workflow (and too late to do anything about it other than to backtrack).
I'm marking this as high because it has the potential for a terribly aggravating user experience through one of our (already unnecessarily complicated) API workflows. The fix involves changing an incorrect 200 response that should not be allowed to a 404 response... and I think that should be allowed because you'll otherwise get the same 404 later in the same API workflow (and too late to do anything about it other than to backtrack).