There is a huge gap in the documentation on how to authenticate when calling an external service.
In https://help.hcltechsw.com/domino_volt/1.0/cr_in_app_service.html it's only: "Specify authentication options in the Authentication section."
And when you dig deeper, you get pages like https://help.hcltechsw.com/domino_volt/1.0/ref_service_http_service_transport.html and https://help.hcltechsw.com/domino_volt/1.0/ref_service_service_description.html, which are hard to understand even with 20 years of programming experiences - if you don't happen to be a J2EE developer. Most citizen developer aren't.
IMHO, calling an external service should be "doable" even for the citizen developer. Needed are more introductory text with easy to understand examples, at least for the common use-cases.
And there could be a bit more input validation. Since cookie names couldn't contain = (equal signs), you could check, if the user enters something like cookie-name=value, cookie-name=value in the Cookies field of the authorization section in the service configuration. The message could be: Enter a list of cookies names only. Their values are copied from the request, the browser sent to the Domino server" with a "More" or "Details" button/link to the documentation.