I poked it until it worked for me. I gave the API user all group rights and then the command worked - Then I removed the policies one by one. So at the end I left only policy=local,reboot,read,write,policy,test,api,rest-api active. All other commands i’ve added before worked with just group policy=read,write,test,api,rest-api.
I thank you again Amm0 for making the RAML/OpenAPI scheme, it has been useful.