[racket] What is a comparable rkt code for curl command with HTTP Auth?

I am trying to see if I can do the following curl cmd (from Parse.com
REST API) in rkt using (require net/*). (To eventually use it from
WebServlet and not from my desktop where curl would suffice.)

export APPLICATION_ID="your application id"
export MASTER_KEY="your master key"

curl --user $APPLICATION_ID:$MASTER_KEY \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"score": 1337, "playerName": "Sean Plott", "cheatMode": false }' \
  https://api.parse.com/1/classes/GameScore


Here is my first approximation:

(define (save-remote! data)
 (let ([URL (string->url "https://www.xyz.com/echo")]
       [DATA (string->bytes/utf-8
              (alist->form-urlencoded `((msg . ,(format "~a" data)) (a
. "a"))))]
       [HEADER (list (insert-field "Authorization"
                                   (string-append "Basic "
                                                  (bytes->string/utf-8
                           (base64-encode (string->bytes/utf-8 "user:pwd"))))
                           empty-header))])
   ;port is closed automatically
   (call/input-url URL
                   (lambda (url)
                     (post-pure-port url DATA))
                   (lambda (port)
                     (port->string port)))))

(save-remote! "hello-world")

When I run the above in DrRacket, I get back the expected
"hello-world" string. But when I actually send the home-made HEADER
(to create a line Authorization: Basic QWx....) as well like

(post-pure-port url DATA HEADER))

I get back "". I am guessing it's because my home-made HEADER is
replacing the default header and the server is not liking it. How
would I solve this? I am thinking along the lines of:

A) If I can get the default header, then I can substitute it for empty-header.
B) I can create the whole header + my field, if I know what the
default header looks like.

Any suggestions?

jGc