When user is accessing the API Gateway communication url, if user is contains special character in his first name or last name and this becomes part of the Cookie Header we see a 400 bad request.

Release : 10.1

In 9.4 an which utilized an earlier version of tomcat having a cookie with a i18n char did not cause issues. 
Note: This could be user/password or even location. 

For example

 Cookie: ConcurrentSession=Location=Québec, QC due to the é

Removing the e or making it a plain e resolves the 400 bad request error.

Guided by RFC 6265: https://www.ietf.org/rfc/rfc6265.txt

The use arbitrary Unicode characters in cookie values the web server has to do some encoding to fit the specified in the RFC character range.

Typically, web frameworks and libraries for cookies have methods for encoding/decoding cookie values.

There is yet another upgrade from 10.1 base (tomcat) to 10.1 CR01 and this tomcat should have loosened the requirements around this.

The suggestion is to either upgrade to 10.1 CR01+ to see if the new version resolves your cookie issue. 

OR

Ensure the client is encoding the characters using special values are properly encoded by the client to follow the RFC.