One permission to use action=review is review, it should be part of the patrol grants on Special:BotPasswords, see the special page for a overview: https://en.wikipedia.org/wiki/Special:ListGrants?uselang=en#patrol

I can confirm that Special:ListGrants has review as part of patrol indeed in my wiki.

Special:BotPasswords/osadminbot has Patrol changes to pages with info symbol:

Mark others' edits as patrolled; Mark revisions as being "checked"; Mark revisions as being "quality"

which is enabled (granted).

User must be also in group with this right. See Special:ListGroupRights, Special:UserRights.

Since @adrelanos stated that the upgrade broke this, i.e. it used to work, I find it unlikely that it’s a problem with user groups – why would an upgrade remove any user from a group?

Have you been able to use FlaggedRevs API action=review function?

Under Special:BotPasswords/botname all grants are granted. Here is the list:

Basic rights
High-volume (bot) access
Import revisions
Edit existing pages
Edit protected pages
Edit your user CSS/JSON/JavaScript
Edit your user preferences and JSON configuration
Edit the MediaWiki namespace and sitewide/user JSON
Edit sitewide and user CSS/JS
Create, edit, and move pages
Upload new files
Upload, replace, and move files
Patrol changes to pages
Rollback changes to pages
Block and unblock users
View deleted files and pages
View restricted log entries
Delete pages, revisions, and log entries
Hide users and suppress revisions
Protect and unprotect pages
View your watchlist
Edit your watchlist
Send email to other users
Create accounts
Access private information
Merge page histories
Create and edit widgets

Special:UserRights

Sure this is related for API based edits using bot?

Anyhow. All rights except bot and massreplace are granted. (massreplace I only noticed since MediaWiki version 1.41.1 and I doubt it's related and probably implicit allowed anyhow due to administrator / bureaucrat status.)

Go to Special:UserRights and give your bot account "Editor" group or something else.
Yes, you can use Grants, but bot account must be allowed to use some of them.

That is already the case. Special:UserRights shows Editors already:

Member of: Autochecked users, Bureaucrats, Comment administrators, Editors, Interface administrators, observer, oversight, Reviewers, Suppressors, Administrators, uploadaccess, Widget editors

Did anyone test FlaggedRevs usage using API on MediaWiki 1.40.0 or higher?

I’ve just tested it in my local install (1.42 alpha, bot password with all grants granted, called from Pywikibot), and it works. The grant configuration of FlaggedRevs hasn’t been touched since 1.34 (4eba7cf0f). (By the way, review is part of the patrol grant.)