Private Dynamic Header Value in API Request

Is is possible to dynamically add a private value to an API request header?

I’m accessing the shopify API during a workflow. Shopify requires an access token (acquired during oauth and stored in the DB) to be sent in the header when making the request.

I’m able to dynamically populate this access token when the value is not marked as “private” in Bubble’s api connector. However, Bubble’s api docs mentions:

Note that even though by default, API calls are made from the server, a description of the call is sent to the browser and are thus visible to a savvy user. This means that any sensitive parts of the call, especially secrets / tokens, should be in fields marked “Private”.

I obviously don’t want to reveal a store’s access token because then anyone can access the data for that store. However, marking that field as “private” does not allow me to dynamically populate a store’s token.

How do I go about getting this to work properly?

Bumping this. I’m working with more API integrations and really need a way to hide client secrets and tokens