Read Headers / Auth in Zoho Flow Webhook

I have a webhook trigger in my Zoho Flow app and would like to add an additional layer of security by adding some sort of auth ensuring that only authorized application is calling my webhook.

I understand that there is the `zapikey` GET param, which is a type of secret. my concern is that such GET (query) param is not secure enough as URLs are easy to intercept. in other words, a secret in GET param is not good enough.

once again, my goal is to achieve a reasonable level of security that my webhook is only called by trusted apps.

any ideas?

there is something similar mentioned in the docs (although prob not exactly what I am after):

You may occasionally wish to receive custom responses as acknowledgements for your webhook requests in order to ensure that only Zoho Flow is listening to the webhook requests from the application you've configured the webhook URL for.

that said I do not see this option in my Flow builder:

If you want Zoho Flow to send back custom acknowledgements upon receipt of incoming webhooks, you can enable it by checking the Enable webhook acknowledgement box under Advanced settings.