Creating groups via API on gitlab.com always returns 403 Forbidden
Summary
Creating groups and subgroups via POST request on https://gitlab.com/api/v4/groups always returns 403 Forbidden. There is a user option Can create group within in the user administration on self-hosted GitLab instances but this is not available on gitlab.com, which probably prevents creating groups via API in the first place.
Steps to reproduce
Create a personal access token and assign yourself to a group with the appropriate role (e.g. owner). Then send a POST request to the relevant API endpoint https://gitlab.com/api/v4/groups to create a subgroup. See docs.
What is the current bug behavior?
The API returns 403 Forbidden in all cases.
What is the expected correct behavior?
The API should return a successful response code and actually create the (sub-)group if the access-token is from a user which has the appropriate role for the group for which the (sub-)group should be created.
Output of checks
This bug happens on GitLab.com
Workaround for Self-Managed Instances
To create a group from the API, admins rights are not sufficient, you must have specific authorization to create a group, which can be found at http://:yourgitlaburl/admin/users/:username/edit. Check the checkbox "can create group" You can retrieve if the user can create group or not in the /users path of the API if the authenticated user have admin rights.