SharePoint REST V1 API is failing with unauthorized access, however MS Graph SharePoint api is working fine for the same user

Question

We're currently utilizing the SharePoint List V1 API(For an MS Team site) to create new lists with hidden columns, as this functionality does not work as expected with the Microsoft Graph SharePoint API.

Link to the SharePoint API documentation

URL: POST https://teams.mdlz.com/sites/decisionsatmdlz/_api/web/lists

Request Content:

{
    "__metadata": {
      "type": "SP.List"
    },
    "AllowContentTypes": true,
    "BaseTemplate": 100,
    "ContentTypesEnabled": true,
    "Title": "Test Group - Decision List"
  }

However, for a specific customer, we're encountering an error when attempting to create the list. Attache is the error message:

Response Header:

{
  "cache-control": "private, max-age=0",
  "content-type": "application/json;odata=minimalmetadata;streaming=true;charset=utf-8",
  "expires": "Wed, 31 Jul 2024 12:09:35 GMT",
  "last-modified": "Thu, 15 Aug 2024 12:09:35 GMT",
  "sprequestguid": "e58146a1-7051-6000-3578-89917ec657f5",
  "x-msedge-ref": "Ref A: A41FE2E19EB64C24BB8DE62293A94E94 Ref B: LON21EDGE1319 Ref C: 2024-08-15T12:09:35Z"
}

Response message:

{
  "odata.error": {
    "code": "-2147024891, System.UnauthorizedAccessException",
    "message": {
      "lang": "en-US",
      "value": "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
    }
  }
}

The user, who is the team/site owner, and is able to create new list in the same site using SharePoint Web interface but calling the API is failing with the above issue. We're trying to determine what specific permission settings might be causing this problem.

We aim to replicate the issue in our test environment so that we can provide an informed recommendation to the customer.

Any assistance in understanding how to reproduce and resolve this issue would be greatly appreciated.