alldataback I'd need more details to give an accurate answer. The correct answer to permission numbers is always "the lower possible that still let the user do what you want with the files".
In most hostings the user you use for SSH is the owner of the files so no group or public permission is necessary (meaning 700 could work)
On a VPS I'd recommend to run the webserver with the same user as the shell to make things easier, in which case you wouldn't need to change the default permissions.
If your shell user has no common group with the webserver user you might have to set very broad permissions. Ideally the shell user should own the composer files (composer.json/lock and vendor folder) and you could give 744 permission to let the webserver read the files. But if the webserver owns the files, then you'll need at least 766 to let the shell user update the files when running composer.
In your case it appears your shell user no longer own the files, which suggests you used a chown
command to change the owner. I'd suggest reverting back to the shell user owning the files and setting 744 or 755 so the webserver can read them, or update Apache config to run as your shell user if your environment allows it and nothing else runs on the server.