Updating contentRightsDeclaration now returns FORBIDDEN_ERROR

Recently I've started receiving a "FORBIDDEN_ERROR" error when submitting a PATCH to "/v1/apps/xxxx". The data below is what is being sent:

{
  "data": {
    "type": "apps",
    "id": "xxxx",
    "attributes": {
      "contentRightsDeclaration": "DOES_NOT_USE_THIRD_PARTY_CONTENT"
    }
  }
}

This used to work (for over a year) fine. We also update several other things (Category, Age Rating, Available Territories etc) and they still work as expected; this is the only type that has started (about a month or so ago) to behave this way. I also generated a new API key with full Admin privileges but the issue still occurs.

The specific error returned is:

{
  "errors" : [ {
    "id" : "1cfb7772-940c-46d5-bfe5-a97bbe314",
    "status" : "403",
    "code" : "FORBIDDEN_ERROR",
    "title" : "This request is forbidden for security reasons",
    "detail" : "The API key in use does not allow this request"
  } ]
}

Any ideas how to fix this or what's going on?

Thanks in advance.