better error message when API authentication fails

app/controllers/application_controller.rb

@@ -171,7 +171,7 @@ class ApplicationController < ActionController::Base
       begin
         current_user
       rescue Discourse::InvalidAccess
-        return render plain: I18n.t(type), status: status_code
+        return render plain: I18n.t(opts[:custom_message] || type), status: status_code
       end
 
       render html: build_not_found_page(status_code, opts[:include_ember] ? 'application' : 'no_ember')

config/locales/server.en.yml

@@ -164,6 +164,7 @@ en:
   not_logged_in: "You need to be logged in to do that."
   not_found: "The requested URL or resource could not be found."
   invalid_access: "You are not permitted to view the requested resource."
+  invalid_api_credentials: "You are not permitted to view the requested resource. The API username or key is invalid."
   read_only_mode_enabled: "The site is in read only mode. Interactions are disabled."
 
   reading_time: "Reading time"

lib/auth/default_current_user_provider.rb

@@ -76,7 +76,7 @@ class Auth::DefaultCurrentUserProvider
     # possible we have an api call, impersonate
     if api_key
       current_user = lookup_api_user(api_key, request)
-      raise Discourse::InvalidAccess unless current_user
+      raise Discourse::InvalidAccess.new(I18n.t('invalid_api_credentials'), nil, custom_message: "invalid_api_credentials") unless current_user
       raise Discourse::InvalidAccess if current_user.suspended? || !current_user.active
       @env[API_KEY_ENV] = true
     end

spec/components/auth/default_current_user_provider_spec.rb

@@ -19,7 +19,7 @@ describe Auth::DefaultCurrentUserProvider do
   it "raises errors for incorrect api_key" do
     expect {
       provider("/?api_key=INCORRECT").current_user
-    }.to raise_error(Discourse::InvalidAccess)
+    }.to raise_error(Discourse::InvalidAccess, /API username or key is invalid/)
   end
 
   it "finds a user for a correct per-user api key" do