The standard solution is to use digital keys and signatures. There is no need to reinvent the wheel here, just use the standard cryptographic constructions to verify that the requests are from trusted sources, e.g. https://medium.com/@georgwiese/hash-based-digital-signatures...
You can use a configuration management tool but you can also just have a bundled archive that is deployed and extracted with SSH. Here's one example: https://community.chef.io/tools/chef-habitat
How do we deploy a list of certificates that a service should accept?
How do we do certificate rotation and revocation?