I am not sure if I quite following you...I added the line that you suggested but I still got the login prompt when the session is expired.

Class ABC.KAT.Service.RestApiService Extends %CSP.REST
{ Parameter UseSession As Integer = 1; Parameter HandleCorsRequest = 1; XData UrlMap [ XMLNamespace = "http://www.intersystems.com/urlmap]
<Route Url="/Record/:schema/:table/:id" Method="GET" Call="Record" />
ClassMethod Record(schema As %String, table As %String, id As %Integer) As %Status
#dim eException As %Exception.AbstractException
#dim tSC As %Status = $$$OK
Set %response.ContentType="application/json"
do %response.SetHeader("WWW-Authenticate","Basic")
set className = "ABC.KAT.Data."_schema_"."_table
set tRS = $CLASSMETHOD(className, "%OpenId", id)
set jsonstring =""
set tResult = ##class(%DynamicObject).%FromJSON(jsonstring)
write tResult.%ToJSON()
  Catch eException
Set tSC = eException.AsStatus()
Quit tSC
} }