Authenticate Google Cloud Functions using Service Account / IAM

Question

Can one Google Cloud Function (Background function) make an HTTP request to another function (HTTP function) and provide something that guarantees that the data was from the previous function (ie. hasn't been tampered with) by using the Google IAM Service Accounts or something similar?

Apologies - not the clearest question...

EDIT 1: We can't use pub/sub for this as it will make our internal infrastructure very complex

EDIT 2: Background:

The issue is that the HTTP function is running our main API (using Apollo Server - can't find a way to use Apollo Server internally within the same function [ideal solution] & so have to expose it via HTTP) so we are making multiple of calls to this API function from which we need responses. If we used pub/sub instead we would have to break the background function into 3+ functions to allow us to use the responses which would make it unmanageable and increase costs (invocation, pub/sub traffic, etc.). FYI there are 30+ different background functions all talking to the API.

Answer 1

If you want to communicate between functions, I would say the best option is not using http requests, but rather a Pub/Sub topic.

Then make the second function Pub/Sub-triggered, and you can be sure that only accounts with publisher access to the Pub/sub thread will be able to send messages.

Extra-advantages: Automatic retries, metrics, ...