Planning to use access_token (Bearer jwt) for user identification and the JWT comes from external system as part of service request/authorization header. Presently, service isn't configured with authentication and simply taking jwt as part of request header and validating it . since service is unauthenticated we are getting couple of issues around executing authentication activities ..
Decided to make the service authenticated but it's asking userName and password to run it , Do we really need to pass pega operator id and pwd in order to execute the service ?
To run from Service-REST rule, either you can use current logged in user context OR you can give different user ID and password. For your use case, you can test using tools like postman and pass the JWT token as header.