How to set REST API access privileges by role

Our Sugar 8.3 instance is integrated with another application (ServiceNow) using REST API, where data is sent from Sugar to ServiceNow, and ServiceNow record ids are saved in Sugar modules. If the API logs into Sugar as a non-admin user, then Sugar does not allow the API to POST data to Sugar (a "forbidden" error is returned). But if the API user is admin, then data can be saved with no problems. The Role Management dashboard shows that the non-admin role has no restrictions on modifying the relevant data fields. I'd prefer to have the API use a non-admin user account, but how can I set up a non-admin user role that is allowed to POST data to Sugar?