WP PHP REST API returning 403 error on some files passed with curl from different website

Question

I developed a REST API endpoint on a WordPress website. It accepts a file and responds after scanning it and I never set the 403 code.

function api_fwd_response($HttpStatus,$code,$msg,$data=null){
    $resp=array("id"=>"infoPmi","code"=>$code,"message"=>$msg,"data"=>$data);
    $res = new WP_REST_Response($resp);
    $res->set_status($HttpStatus);
    return $res;
}

function api_fwd_init(WP_REST_Request $req){
    ...

    $res=api_fwd_file_parse($filePath,$ext);
    if(!is_array($res))
        $apiRes= api_fwd_response(200, 'FILE3', "Api_fwd_file_parse res is not an array", array( 'status' => 500 ) );
    else if(@$res["res"]=="OK"){
        $apiRes= api_fwd_response( 200,'OK', 'Success', $res );

//No one condition set the 403 code
return $apiRes;
                      
}

I make the API calls from a different website by CURL PHP.

class fwdXcg_Api{
...

function CallCurl($data){
if(!$this->UserPw()){
    return false;
}
    $this->curl = curl_init();
    curl_setopt($this->curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($this->curl, CURLOPT_USERPWD, "{$this->user}:{$this->pw}");

    curl_setopt($this->curl, CURLOPT_URL, $this->url);
    curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, 1);

    curl_setopt($this->curl, CURLOPT_POST, 1);
    curl_setopt($this->curl, CURLOPT_FAILONERROR, true);
 
    curl_setopt($this->curl, CURLOPT_CONNECTTIMEOUT, 1); 
    curl_setopt($this->curl, CURLOPT_TIMEOUT, 20); //timeout in seconds

    curl_setopt($this->curl, CURLOPT_POSTFIELDS, $data);
    $result = curl_exec($this->curl);

    if($result===false)
       $result= curl_error($this->curl);
    else if(is_string($result))
       $result= json_decode($result,true);
    curl_close($this->curl);
    return $result;

    }

function CallFileRead($filePath){
       
    if(!file_exists($filePath))
        return "File inesistente: $filePath";

    $ext = strtolower(pathinfo($filePath, PATHINFO_EXTENSION));
    
    if (function_exists('curl_file_create')) { // php 5.5+
       $cFile = curl_file_create($filePath);
    } else { 
       $cFile = '@' . realpath($filePath);
    }
    
    $data=array("type"=>"fileScan",'file_contents' => $cFile,"file_ext"=>$ext);
    return $this->CallCurl($data);
    }
}
 

API call

...
$api=new fwdXcg_Api();

$ret=$api->CallFileRead(FWD_XCG_DIR_UPLOAD.$file);

echo "<pre>";
print_r($ret);
echo "</pre>";

Everything works correctly but for some files, I get a CURL error: "The requested URL returned an error: 403". But as explained before I've never set that code in my API endpoint.

I think the problem is coming from the WordPress environment where I developed the API, but I don't know why. Some upload security options? Thanks.