Data source plugin with custom authentication headers

I 'm developing a Data source plugin for Grafana.
The problem is that my data source uses custom headers for authentication in HTTP API.
When I get data from the data source, I have to add below headers to the request.
X-User: “admin”
X-Password: “admin”

I know that I can add headers in the client javascript. However, I don’t want to expose the user and password to the user.
I tried “routes” field in the “plugin.json” but it does not work

"routes": [
      "path": "webapi",
      "method": "GET",
      "url": "{{.Url}}",
      "headers": [
        {"name": "X-User", "content": "{{.SecureJsonData.xuser}}"},
        {"name": "X-Password", "content": "{{.SecureJsonData.xpassword}}"}

Is there any way to configure Grafana back-end to add custom headers before sending the request to my data source?

Thank you.