Update secure-rest-api.md

Moving the public preview to the header

Author: yoelhor

articles/active-directory-b2c/secure-rest-api.md

@@ -182,6 +182,8 @@ The following is an example of a RESTful technical profile configured with an HT
 
 ## OAuth2 bearer authentication 
 
+[!INCLUDE [b2c-public-preview-feature](../../includes/active-directory-b2c-public-preview.md)]
+
 Bearer token authentication is defined in [OAuth2.0 Authorization Framework: Bearer Token Usage (RFC 6750)](https://www.rfc-editor.org/rfc/rfc6750.txt). In bearer token authentication, Azure AD B2C sends an HTTP request with a token in the authorization header.
 
 ```http
@@ -193,7 +195,6 @@ A bearer token is an opaque string. It can be a JWT access token or any string t
 - **Bearer token**. To be able to send the bearer token in the Restful technical profile, your policy needs to first acquire the bearer token and then use it in the RESTful technical profile.  
 - **Static bearer token**. Use this approach when your REST API issues a long-term access token. To use a static bearer token, create a policy key and make a reference from the RESTful technical profile to your policy key. 
 
-[!INCLUDE [b2c-public-preview-feature](../../includes/active-directory-b2c-public-preview.md)]
 
 ## Using OAuth2 Bearer