Yes, the approach here would be to fetch the images in your code, which would apply the user’s credentials, and then store the images in temporary blob storage. You’d want to then return the image as the type ImageAttachment, so that Coda ingests the temporary URL into a more permanent one. Be aware though that this approach will only work within a sync table (see here). If this is in a formula then there isn’t a great way to deal with images that require authentication.
Instead of returning stringified JSON, the better approach would be to return an object defined by a schema (see here).