Why does XSLT throw a 503 error when the same URL works fine from a browser?

Question

I have built a Rest API for a database on a web server, using PHP and MySQL. The URL is rewritten (using .htaccess) to be passed to my api.php code, which cuts up the URL parts and decides which data to return. As some fields for the query are optional, I have used an asterisk to have my api code skip that field and handle the next one.

This works fine when retrieving data in a browser and it also works when using AJAX calls. But when I use the exact same URL to retrieve data in an XSL transform, the server returns a 503 code. It seems that the asterisks I am using in my Rest API are causing the 503, but only when called from the XSL.

To make things even less understandable, pointing the XSL to a copy of the entire Rest API that runs on my localhost works fine with the asterisks.

I am trying to understand where the difference is. Does a web browser encode characters in a specific way before the request is sent to the server? Does a DNS server change the URL so that it never reaches my api code? Is the handling by the public web server correct and my localhost not? Unfortunately, I cannot check what happens to the URLs before they are passed to my api code, as it runs on a hosted domain, where I cannot open the access logs.