The short answer is: Yes. All your APIs should use https from the moment on Apple enforces this. (They announced this moment to be the January of 2017) Your exisiting apps in the store will still work but you can not submit new apps that do not comply to ATS.
Allow Arbitrary Loads will definitely lead to a rejection then but you shouldn´t already use this today for your production app and rather use exceptions per domain.
Apple also announced that there will still be exceptions for servers that are not under your control. You can mark them as Third party exceptions with the help of the following entries in your plist file:
NSThirdPartyExceptionAllowsInsecureHTTPLoads NSThirdPartyExceptionRequiresForwardSecrecy NSThirdPartyExceptionMinimumTLSVersion
But there is no insurance that Apple will accept these servers as third party exceptions and therefore accept your app.
Here is some more information about the topic.
Hope this helps!