One very common problem is that you're requiring BasicAuth for GET but not POST, because you have the word "Limit" somewhere in your htaccess. Can you show us the relevant part of your htaccess? (And google for "don't limit the LIMITs", or something like that.)