I don't know how important it is to keep this request token hidden from your users, but if that's the case you could let your application act as a proxy for fetching/serving the images.
To achieve this, you could add a custom route/action which directly passes the image to your client without temporary storing it. Example:
public function imageAction($filename)
{
$response = \GuzzleHttp\get(
'https://www.customwebservice.be/v1/api/photo/' . $filename,
array('headers' => array('access_tokenid' => 'token123'))
);
return new Response(
$response->getBody(),
200,
array('content-type' => $response->getContentType())
);
}
Your template would look like this:
<img src="{{ path('image', {'filename': 'ece1d868.jpg'}) }}" />
Be aware that this is a quite low-performing solution, so if your application serves lots of image-heavy pages or has to handle a lot of traffic, you should consider implementing some kind of caching solution.