You can add basic API authentication two different ways.
- Add a Filter step to a workflow and reject any requests that don’t contain the API key secret in the headers
- Create a custom HTTP source with this logic built in, so you can filter out events before they hit your workflow