I’ve been in touch with the hosting company and this is what they’ve come back with…
I found this support forum that might be useful for you:
https://stackoverflow.com/questions/45931189/403-rest-forbidden-error-in-wordpress-rest-api-but-only-for-settings
There shouldn’t be anything on the server that would stop it from working, but if you need us to check an IP that the API is connecting to against the firewall, just let us know the IP.
If you need us to check or change the files on the account, we can do that, but we would need to pass data protection with you first.
What would you recommend should be the next steps? Thanks.