Custom Endpoint to Jira wierd issue 403 error

Dear all,

I have define a custom endpoint in script runner to be called from an external application

The custom enpoint is defined as below :

UpdateStatus2(httpMethod: "POST",groups:["sg-app-rlx-atlassian-adm"]) { MultivaluedMap queryParams, String body ->

CommentManager commentManager = ComponentAccessor.getCommentManager()
IssueManager issueManager = ComponentAccessor.getIssueManager()
JsonSlurper jsonSlurper = new JsonSlurper()

String JobStatusValue = jsonSlurper.parseText(body).JobStatus
//String JobIdValue=jsonSlurper.parseText(body).JobId
//String RunBookNameValue=jsonSlurper.parseText(body).RunBookName

def jqlQueryParser = ComponentAccessor.getComponent(JqlQueryParser)
def searchService = ComponentAccessor.getComponent(SearchService)

// edit this query to suit
//def query = jqlQueryParser.parseQuery("project = 'Technical Service Desk' AND issuetype = 'Flush AEM Internal Cache' AND 'Azure Automation Job Id' ~ " + JobIdValue)
def query = jqlQueryParser.parseQuery("project = 'Technical Service Desk' AND issuetype = 'Flush AEM Internal Cache' AND status='In Progress'")
def search = searchService.search(user, query, PagerFilter.getUnlimitedFilter())

//search.results.each { documentIssue ->
//log.debug(documentIssue.key)
Issue issue =issueManager.getIssueObject(search.results.first().key)
// Issue issue =issueManager.getIssueObject(documentIssue.key)
commentManager.create(issue, issue.getAssignee(), "Job status has change to $JobStatusValue",true)
//}


return Response.ok().build()
}

What is happening is that if hit the endpoint from PostMan by using corresponding user/passw for Basic Auth on the request, then it is working fine without trouble.

When I ask my customer to hit the same Enpoint using same user/password for Basic Authentication, then he receive a 403 error

Any idea what is  wrong and why external user cannot hit the endpoint using postman without error?

regards