Suppose I have a stateless Site A, which is coupled to Site B (on a different domain) which handles user authentication. There is an endpoint on Site B "user/status" which returns session information for the user to Site A. If an end user is logged in to Site B, a request to "user/status" from Site A will contain the user id, etc.
Suppose the end user is not logged in to Site B, so Site B can't find session data for the end user. Should the request to "user/status" return a 404 response?
The Status Code 404 (Not Found) must be used when a resource was not found.
When you´re working in a static HTML site the 404 must be returned by the HTTP server when the URL does not map to any resource. Same for REST API (the resource does not exist).
In your case the user was not logged and the correct code must be 401 (unauthorized).