Is there a way for a Cloudflare Worker to accept incoming calls only from another Cloudflare Workers' subdomain?

Hi! I am new to Cloudflare Workers here. Is there an easier way for a Cloudflare Workers subdomain to accept only incoming calls from another Cloudflare Workers’ subdomain? I’ve configured 2 Workers domains, i.e. api-gateway.customdomain.com and backend-apis1.customdomain.com. How can I restrict backend-apis1.customdomain.com to receive incoming calls only from api-gateway.customdomain.com?

I’ve seen one of solutions provided, using custom headers key and secret value to implement this. But I am not sure if there is easier way, by using any Cloudflare features for example Cloudflare Access/Firewall/Page rules etc to accomplish that?

Yeah, this is pretty easy to accomplish but note it is not as secure as an auth token or similar.

You can check the CF-Worker header which all Worker’s set on request out, this should be removed from user requests but I would never rely on that kind of behaviour

export default {
  fetch(request) {
    // Get the "CF-Worker" header
    const worker = request.headers.get('cf-worker');
    // If the header is not set or it's not "subdomain.workers.dev" then send a 403
    if (!worker || worker !== 'subdomain.workers.dev') {
      return new Response('No Access', { status: 403 });
    }
  }
}