Securing Callback Url Endpoint in FHIR Subscription

Hi All,
We are implementing pub-sub system based on FHIR Subscription and Notification Resources.
At present evaluating best practices for securing callback url endpoint.
FHIR Subscription specification says in one example to pass Auth token as header itself in subscription.
Is there any other way which industry has implemented or defined.