Logging indicates that at 4 am there was an increase in 401 Authorization errors on certain API requests. As overnight activity is low, these errors didn't reached the required threshold to trigger an alert until 8 am. The issue was introduced by a change made to the ShopperKit authorization services. As a result, some API sessions were being loaded from the cache using the default system Store ID. This Store ID was mismatched with the loaded session API token and resulted in the authorization errors on certain API updates.
The fix to this issue was deployed at 9:40 AM EST. We continue to investigate this issue to understand how this was not detected prior to deployment and also why it did not impact all API sessions.