Seems like I solved it, just don't understand why...
I added the ontapi application to the new user, now it's working:
security login create -user-or-group-name someuser -application ontapi -authentication-method password -role admin -is-ns-switch-group no -second-authentication-method none -vserver CLUSTER
Can someone explain this to me? Why the HTTP management portal user need ontapi access?