Can someone please confirm what ML HFix-20351 has been ported into, and further given that different Hotfixes were required for REST and SOAP, whether more changes are required or have been made to address other Service Types?
The Soap correction is documented as fixed in Pega 7.1.8 and the rest in Pega 7.1.9.
Here is the content from a pending support article sans image. Check that your code matches
Using Pega 7.1.8 and calling PegaAPI for case and data. You would like use a security token in the request header instead of Basic Authorization.
STEPS TO REPRODUCE
Modify API Service Package to use Custom Authentication type instead of Basic.
Then write an Authentication Activity for this Custom Authentication Service that retrieves the security token from the request header and does user validation for Authenticating the request for invoking PegaAPI Rest service. Here is the code that can be used in a java step inside the Authentication Activity for retrieving the token from the request header.