For similar queriesi n the future, the issue here was that the variable name does NOT need to be enclosed in {{}} in the header field. I am not sure why, as this is a break in convention from the rest of the app, but it did the trick.
Some other items to note: running the query in Preview mode allows you to see the header without it being sanitized; that's how I was able to debug.
Finally - the API resource configuration is super buggy when it comes to switching between environments and saving. Sometimes the save button is disabled and enabled with no discernable pattern, and then apparently saved changes will later just reappear.