Consider Rest-Service rule uses basic authentication. There are two kinds of Pre-Emptive auths named "Global" and "Pre-Emptive"
Preemptive means “HttpClient will send the basic authentication response even before the server gives an unauthorized response in certain situations, thus reducing the overhead of making the connection”.
Global HTTP Setting means “HttpClient will send the request without credentials then server throws the exception if authentication is enabled request resends with credentials again for the same request.”
For the external system, it will be configurable to send the credential in the first request itself. The example in PRPC: Authentication Profile has the preemptive check box to send the credential in the first request itself.
The root cause of this problem is a third-party product integrated with PRPC. Credentials are not coming as part of the first request. The request was sent with authorization type Global HTTP Settings.