The following message was recorded in the Audit log.

NONE 3457c649096f7e74d5cba6d43e283f45 Gateway01 20191101 10:10:10.101 WARNING XyzAPI [/xyzapi/v1/*] Message was not processed: Assertion Falsified (600)

Usually the following message is expected and Code=-4 is shown in the Associated Logs.

2019-10-10T10:10:10.101+0900 INFO 868 com.l7tech.server.policy.assertion.ServerAuditDetailAssertion: -4: error: invalid_request, error_description: Access token does not exist (expired, revoked, replaced, unknown, ...). access_token='8d4b737f-0a04-4dda-a2c5-cec2eff8c4d4'

Are there any similar defects reported for API Gateway 9.4?

The "Custom Error Response" assertion is placed after the "OTK Require OAuth 2.0 Token" assertion but no error message was left by the assertion in the Audit log.

Release : 9.4

Component : API GATEWAY

This is working as designed, not a defect.

The message "com.l7tech.server.policy.assertion.ServerAuditDetailAssertion: -4: error: invalid_request, error_description: Access token does not exist (expired, revoked, replaced, unknown, ...). access_token=..." won't be recorded by the "OTK Require OAuth 2.0 Token" assertion when no access_token is passed.

The purpose of the "Custom Error Response" assertion isn't logging, it was just triggered by the event "status 600 (Assertion Falsified)".