added disabling of loginUrl to the REST guide

docs/guide/rest-authentication.md

@@ -25,7 +25,9 @@ Yii supports all of the above authentication methods. You can also easily create
 
 To enable authentication for your APIs, do the following steps:
 
-1. Configure the [[yii\web\User::enableSession|enableSession]] property of the `user` application component to be false.
+1. Configure the `user` application component:
+   - Set the [[yii\web\User::enableSession|enableSession]] property to be `false`.
+   - Set the [[yii\web\User::loginUrl|loginUrl]] property to be `null` to show a HTTP 403 error instead of redirecting to the login page. 
 2. Specify which authentication methods you plan to use by configuring the `authenticator` behavior
    in your REST controller classes.
 3. Implement [[yii\web\IdentityInterface::findIdentityByAccessToken()]] in your [[yii\web\User::identityClass|user identity class]].
@@ -45,7 +47,7 @@ public function init()
 }
 ```
 
-For example, to use HTTP Basic Auth, you may configure `authenticator` as follows,
+For example, to use HTTP Basic Auth, you may configure the `authenticator` behavior as follows,
 
 ```php
 use yii\filters\auth\HttpBasicAuth;