Hi gangotri,
You may want to take a look at this document: Secure an API Endpoint with OAuth - CA API Management OAuth Toolkit - 3.5 - CA Technologies Documentation
It is from a newer version of OTK but mostly still applies to your version. You can use the encapsulated assertion 'Require OAuth 2.0 Token' to retrieve the access token. Note encapsulated vs the policy fragment you mentioned. This can be found in your assertion palette.The token can be passed as an authorization header, ie: Authorization: Bearer <Token> or query parameter named as 'access_token'.
Example Request:
The assertion logic is set to use either of these options as seen below. You can simply drag this to the top of your policy without further modification. As long as the token is passed in either manner (and the token is valid) you will gain access.
Regards,
Joe