When we access any API and it returns HTTP 403 response code, then it means that client who is accessing the API is forbidden from a valid URL.
There can be various reason for this. e.g. if API is accessible via key and API key is not correct then this error can occur. Other reason can be web application firewall, Sometimes WAF blocks the third party API access.
If we talk about issue in rest API access in sugarCRM then as per sugarCRM’s structure it have some predefined API Exceptions and all are available at include/api folder. Here 403 error code means not_authorized in terms of SugarCRM API response at various endpoints. It means that current user is not authorized to perform this action in SugarCRM. This can be related to access and permission given by administrator of CRM. If there is no any restriction from admin like these then other reason can be some problem in htaccess or something wrong in request.
SugarCRM has inbuilt API exceptions and when access API and return error then it shows error code, error label and error message.