The criteria aren’t clear, but it seems Hugging Face is intentionally restricting access to external APIs that could potentially be exploited for creating bots. I don’t know the reason, but there must be one.
There may be workarounds, but if they’re discovered, those workarounds will likely be blocked as well.