Quoting from the HTTP specification for 400.x error codes:
The 4xx class of status code is intended for cases in which the client
seems to have erred. Except when responding to a HEAD request, the
server SHOULD include an entity containing an explanation of the error
situation, and whether it is a temporary or permanent condition. These
status codes are applicable to any request method. User agents SHOULD
display any included entity to the user.
It is best practice to include the error message as an entity in the body of the HTTP response – be it JSON, plain text, formatted HTML, or whatever other format you may want to utilize.