Using an API workflow that ignores privacy rules is a good solution to keep data safe. For example for checking whether a Phone number is being used in the app without exposing all user phone numbers.
As you probably realised, the Schedule API action will not let you return data from the API’s ‘Return data’ workflow step. As you said, you will have to Trigger/Call the API instead.
Check the ‘Expose as public API workflow’ box on the API , and then connect it to the API Connector with https://yourdomain.com/api/1.1/wf/workflow_name
The API connector will allow you to call the API from the page, return the data, and access it by using Result of step x.
Make sure to somehow handle authentication, so that people cant call the API arbitrarily/maliciously and access private data. I would recommend at least using a Private Parameter and checking that private parameter on the API conditional, but further security depends on your particular usecase.