if you want to authenticate the caller, its better to use mTLS (or TLS with client cert). Client certificates and https is basically SSH, but for the web.