Hitting Security API Endpoint

I am not sure how else you could accomplish this other than using a proxy at this time until we have anonymous access.

You mentioned that is not possible in this scenario. Why is that? You should be able to inject a different authorization header based on the path or some factor to account for these different instances.