Secure Google Cloud Functions http trigger with auth

Question

I am trying out Google Cloud Functions today following this guide: https://cloud.google.com/functions/docs/quickstart

I created a function with an HTTP trigger, and

Answer 1

It seems like there are currently 2 ways to secure a Google Cloud Function HTTP endpoint.

1) Use a hard to guess function name (ex: my-function-vrf55m6f5Dvkrerytf35)

2) Check for password/credentials/signed-request within the function itself (using a header or parameter)

Probably best to do both.