I'm trying to update a user's custom field.

API Url Path: /api/users/7 (this user exists, double-checked)

Json body:

{
	"cust_id": "test2"
}

I have included Content-Type: application/json and the correct Authorization header information in my request.

The source code response of this request is as follows:

403 Forbidden

Forbidden
You don't have permission to access /api/users/7
on this server.

Why?

Given it's a 403 versus a 404, I'd suggest you check the file ownership/permissions of your api.php file in the root of your store. If you get a 404 page on a GET, you may have to disable mod_security for the API to work.