Finally!
NodeJS is my jam! 
Assuming you are using Express (or if you are using Restify, etc, let me know) you can simply setup a proxy server w/ routes and use an HTTP client (Axios is my favorite )
Axios: GitHub - axios/axios: Promise based HTTP client for the browser and node.js
Sample setup:
const express = require('express')
const app = express()
app.post('/proxy', function (req, res) {
const httpInstance = axios.create({
headers: {'AuthCode': 'YourSecretCode'}
});
httpInstance.get('yoursupersecreturl').then(function (response) {
// handle success or error. Implement rest of your logic here :)
console.log(response);
//res.send(response) //do whatever you want
})
})
Then setup the rest of the server logic, this way all you have to do is send a POST request to /proxy and you won’t need to pass any sensitive info