Authorization not working in REST api?

Hi everyone i am testing apis with an user that doesn’t have an authorization to read/write some fields on a entity. On the browser is ok i don’t see that value, but in the rest api i can see all the values of that entity why?