HTTP 403 is a standard HTTP status code communicated to clients by an HTTP server to indicate that access to the requested (valid) URL by the client is Forbidden for some reason. The server understood the request, but will not fulfill it due to client related issues. IIS defines non standard “sub-status” error codes that provide a more specific reason for responding with the 403 status code.
If you are getting this issue, Which means your server is preventing the request.
To resolve this issue:
If you are using Wordfence plugin, make sure that you won’t use REST API from this plugin.
Other Security Plugins
If you are using other security plugins, please go to Google and ask for “How to enable Rest API On Your SECURY PLUGIN”.
If you can’t find it from Google, please ask for plugin author
If you won’t use any cache plugin, please contact hosting provider to report this issue.