On the 12th of May at approximately 15:11, our REST and SOAP APIs intermittently stopped being able to properly authenticate with some other internal services. This manifested in a partial outage of our API services until the issue was resolved at 19:55. A proportion of client calls to our services were affected.
The root cause of the issue was that our internal authentication provider made some changes to their authentication mechanism which had an unforeseen impact on our internal services, even though the change had been reviewed by Engineering ahead of time. The issue was esoteric in nature and required a concerted effort to resolve from the whole team to detect and resolve.