With serverless workflow there is a need to be able to invoke REST APIs (defined in OpenAPI operations) that expect the Authentication to be provided via a custom header, ie X-IBM-Client-Id

Currently, as far as I know, there is no way to provide custom headers with a serverless workflow yaml document. This needs to be supported as well as the ability to inject security details into the header value.

Security is defined in the OpenAPI yaml as:

securityDefinitions:
  client_id:
    type: apiKey
    in: header
    name: X-IBM-Client-Id
    x-key-type: clientId
security:
  - client_id: []