We have an exposed Workflow API that is secured via an API key. In order to manage and review usage we want to capture the API Key and possibly some other header information from the caller. It does not look like anything is exposed in the workflow to capture this. I have not found any plugins that address this either.
It’s possible when you use Detect request data but not if you manually create the parameters for the endpoint. When you select detect request data, you will have an option to detect headers too.