I am accessing a WP site with the WP API BasicAuth plugin installed & activated, and for very basic WP installs the following lines, added to the .HTACCESS files allows perfect GET / POST / PUT requests:

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

as:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

However, as I have been using iThemes Security, I have a much more verbose .htacces file, as per the below, where only the below 'paragraph seems to disable / dissalow access from a remote site :

Strangest things is that the GET REQUEST works perfectly from POSTMAN:
**

http://my-wp-website/wp-json/wp/v2/posts

**

A shortened version of the incriminated htacces paragraph:

Start HackRepair Blacklist

RewriteEngine on
# Start Abuse Agent Blocking
RewriteCond %{HTTP_USER_AGENT} "^Mozilla.*Indy" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Mozilla.*NEWT" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^$" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^Maxthon$" [NC,OR]<br/>

Many thanks for your help on this
BR,
JMB