If you create REST Service using Pega, you can use Authentication Type in service package data instance. There you have an option to select the type of authentication. You can select "Custom" as authentication type for Container managed systems.
Authentication type - Select the type of authentication to use. Select Basic authentication for HTTP-based services such as REST, HTTP, SOAP, and SAP. Select custom authentication to select an authentication service. When you select Custom, the Authentication service field is displayed for selecting the authentication service to use.
Authentication service - This field appears only when Requires authentication ? is checked and Authentication type is Custom. If you are using LDAP authentication, select an authentication service (a Data-Admin-AuthService instance) when the service type is SOAP (Rule-Service-SOAP) or HTTP (Rule-Service-HTTP), SAP (Rule-Service-SAP, or REST (Rule-Service-REST).
Note:Authentication service is required only for custom authentication including LDAP and SAML 2.0 authentication. You could also use HTTP Basic for user authentication, or, in the case of HTTP Service you could provide the HTTP headers UserIdentifier and Password for user authentication instead of basic authentication.
One query here, if we use custome LDAP authentication, and if user is not present or does not have access which challange type should be used for REST service ? like for exapmle I wouls like to post HTTP response as 403.
If user doesn't have authorization to access the service. it throws 403 forbidden error.
A web server may return a 403 ForbiddenHTTP status code in response to a request from a client for a web page or resource to indicate that the server can be reached and understood the request, but refuses to take any further action. Status code 403 responses are the result of the web server being configured to deny access, for some reason, to the requested resource by the client.