Compliance API Returns Strings instead of AppException Object on Invalid Request

The swagger for the OSDU compliance API says all endpoints on error should return an AppError json payload of the form:
{ "code": 0, "reason": "string", "message": "string" }

But when I test it manually they don't appear to return a payload of this shape. So far I have seen the following payload when providing an incorrect data-partition-id to GET /legaltags
"The user is not authorized to perform this action"

This contract mismatch means that our client that is generated from the swagger is unable to decode the response body and no code, reason, or message is logged.