As long as it would be feasible to serialize the unverified user contacts into a JSON within the payload size limits (5MB), it might work. However, there are other details from this question that are not mentioned here, that will also determine the feasibility of creating such a workflow. Specifically, it is not clear whether the push notification will need to be sent to each user in unverified segment, whether the push tokens exist in ACS etc. From External API point of view, the main points to...

External API activity will show the format of the request body JSON format that will be generated on the Inbound Mapping tab of the activity, under Post Body Template. This format is also shown in the documentation - https://docs.adobe.com/content/help/en/campaign-standard/using/managing-processes-and-data/data-management-activities/external-api.html#description The request body format is not customizable at this time. Hope this helps.

Until External API activity adds built-in support for OAuth token retrieval, the marketer (or consultant helping the customer) will need to refresh the OAuth token every 24 hours (or other expiry times) and configure those in the workflow activity Execution tab where one can specify any custom Headers to be sent on the API call.

Workflow execution logs will typically show you the various steps taken during the execution of that workflow, including the URLs of external API endpoints to which calls are made. Whether GET or POST method is used during the call is based on whether there is any request body to be sent to the API endpoint or not. If the problem is not yet resolved, you can submit the log messages from the workflow to this post for further troubleshooting help.