HTTP Integration Security



What are your suggestions for securing endpoints that consume the HTTP integration POSTs?

I can do IP whitelisting but obviously that is not particularly strong defense.
Based on the guide here: github does some sort of secret hashing with the request body but as far as I can tell, this is not possible with static headers that the current integration supports.

Is there something I can do with the current version to ensure the messages are coming from the lora-app-server in my downstream application?