Securing SOAP Function

[John Urban]

I am working on a PoC that needs to:

- receive a SOAP message from a legacy web service, in a GCP function as a POST

- convert that XML to JSON

- publish the converted JSON message to GCP pubsub. 

What is the best way to secure the function?

I've heard about API gateway, but that requires REST/JSON. Maybe there is a much better approach that i'm not seeing to pubsub'ing a SOAP message.

[John Urban]

I found this but it is related to a function making an external call to an endpoint that allows a specific IP...

https://cloud.google.com/functions/docs/networking/network-settings#associate-static-ip

I still haven't been able to find where I can limit calls to a function from a specific IP address. Still searching.