No, but circumventing the security system does. Ultimately though, its admin’s decision if this constitutes deliberately circumventing the security system.
If you look at this post from Admin:
It does say that Rest API’s are generally blocked. I know admin has stated previously that automated uploads, or uploads using external software (other than FTP) are (usually) blocked by the security system. Remember the security system doesn’t know the difference between a wordpress Rest API, or a completely unrelated rest API
Its optimised for general web hosting (as I understand it), not specifically wordpress.
403 errors generally show up when you try to access a page you don’t have access to. If an API is being blocked, it can throw all sorts of strange errors, or can simply disconnect.
Its not always as clear cut with APIs