Hello luke,
I think you don't need to pass header for configured kong-uma-rs. For example, you can see the kong-uma-rs configuration. https://github.com/GluuFederation/kong-plugins/tree/master/kong-uma-rs#enable-kong-uma-rs-protection
Request should be like this:
```
curl -i -X POST \
--url http://localhost:8001/apis/redacted_id/plugins/
--data 'name=kong-uma-rs' \
--data "config.oxd_host=localhost" \
--data "config.oxd_port=8099" \
--data "config.uma_server_host=https://auth.my_redacted_url.com" \
--data "config.protection_document={\"resources\":[
{
\"path\":\"/\",
\"conditions\":[
{
\"httpMethods\":[\"POST\"],
\"scopes\":[
\"https://my_redacted_url.com\"
]
}]}]}"
```
Let me know if you still face any issue.
Thanks,
Meghna