Guess i found the solution for the above question. To access any of the APIs, the inbound requestor gets authenticated via the api Service package. This package has the Requires Authentication check box checked by default. This is why the tests were getting a 403 forbidden response. Once i unchecked this, i was able to get a successful response from the APIs. On opening the service package we can see a list of services that uses this service package.
If a certain service has to have a different authentication, i guess the service package of the service has to be modified.
All the default services offered by Pega are in FINAL state, which doesn't give us much choice but to change the service package.
This has to be done especially when Pega robotics tries to talk to Pega server to get the relevant records.