When using the REST API to create a repository, the write policy can be set.
For example using a POST to /v1/repositories/nuget/hosted
The example in the API UI shows a writePolicy of allow_once which works correctly. However, the other options allow and deny, do not correctly convert to the known constants within the UI after creation and remain as 'allow' and 'deny' instead of 'Allow Redeploy' and 'Read-Only'.
If upper case values are used (ALLOW, ALLOW_ONCE, DENY) then everything works as expected, but as the values are not documented and only a single lower-case value is presented in the swagger description, this is not clear.
It seems that the values are not being normalised and/or validated.
According to the API Swagger description in Nexus UI, it states the use lower case
Controls if deployments of and updates to assets are allowed
[ allow, allow_once, deny ]