POST contacts via JSON:API fails with 403 status code (intermittently)

Problem/Motivation

Repeated posting a redhen contact via the json:api succeeds for exactly 10 times.
The 11th attempt fails with 403 status code.
After waiting for 120 seconds, the next 10 POSTs succeed again.
BasicAuth is used, user account has the ncecessary permissions, also affects user 1.
This happens with contacts only, organizations or connections are not affected.

Steps to reproduce

POST with postman or any other client, 11 times
Request header:
'Accept': 'application/vnd.api+json',
'Content-Type': 'application/vnd.api+json'

Example request body:
{"data": {"type": "redhen_contact--crm_cont_pers", "attributes": {"first_name": "John", "middle_name": null, "last_name": "Smith", "email": null}}}

Example response on{
"jsonapi": {
"version": "1.0",
"meta": {
"links": {
"self": {
"href": "http://jsonapi.org/format/1.0/"
}
}
}
},
"data": {
"type": "redhen_contact--testcontact",
"id": "3ae37931-4216-465e-99e1-261813e56372",
"links": {
"self": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact/3ae37931-421..."
}
},
"attributes": {
"drupal_internal__id": 1007,
"drupal_internal__revision_id": 1007,
"langcode": "de",
"first_name": "John",
"middle_name": null,
"last_name": "Smith",
"email": null,
"status": true,
"created": "2023-06-27T08:20:28+00:00",
"changed": "2023-06-27T08:20:28+00:00"
},
"relationships": {
"redhen_contact_type": {
"data": {
"type": "redhen_contact_type--redhen_contact_type",
"id": "5afeb9a4-5223-4c87-a17d-c01ab9e3dd41",
"meta": {
"drupal_internal__target_id": "testcontact"
}
},
"links": {
"related": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact/3ae37931-421..."
},
"self": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact/3ae37931-421..."
}
}
},
"uid": {
"data": null,
"links": {
"related": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact/3ae37931-421..."
},
"self": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact/3ae37931-421..."
}
}
}
}
},
"links": {
"self": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact"
}
}
} request #1-10, status code 201 - works as expected :
{
"jsonapi": {
"version": "1.0",
"meta": {
"links": {
"self": {
"href": "http://jsonapi.org/format/1.0/"
}
}
}
},
"data": {
"type": "redhen_contact--testcontact",
"id": "3ae37931-4216-465e-99e1-261813e56372",
"links": {
"self": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact/3ae37931-421..."
}
},
"attributes": {
"drupal_internal__id": 1007,
"drupal_internal__revision_id": 1007,
"langcode": "de",
"first_name": "John",
"middle_name": null,
"last_name": "Smith",
"email": null,
"status": true,
"created": "2023-06-27T08:20:28+00:00",
"changed": "2023-06-27T08:20:28+00:00"
},
"relationships": {
"redhen_contact_type": {
"data": {
"type": "redhen_contact_type--redhen_contact_type",
"id": "5afeb9a4-5223-4c87-a17d-c01ab9e3dd41",
"meta": {
"drupal_internal__target_id": "testcontact"
}
},
"links": {
"related": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact/3ae37931-421..."
},
"self": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact/3ae37931-421..."
}
}
},
"uid": {
"data": null,
"links": {
"related": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact/3ae37931-421..."
},
"self": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact/3ae37931-421..."
}
}
}
}
},
"links": {
"self": {
"href": "https://test.example.com/jsonapi/redhen_contact/testcontact"
}
}
}

Response on request #11:

403 Forbidden

You don't have permission to access this resource.

Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes