This posts reports similar issues, suggesting templating is possible… but: unexpected for yaml, they use an Authorization header attribute with a Capital A. Could that be it? It is what the header needs it to be:
It is also what the docs said (where we both should have looked first )
)