How to authenticate CloudCode Web Task?

When triggering a CloudCode task via an HTTP request, what is the best way to implement authentication?

A common API authentication method is Bearer authentication. Similarly to Basic authentication, Bearer authentication should only be used over HTTPS (SSL).

Here is a simple example of using it in a CloudCode task which compares the received token to a static token stored in a config file:

const sharedConfig = require('../shared/config.js');

// This must be defined, and should return either access.authorized() or access.unauthorized()
export async function authenticate({ request, access }) {
  const auth = request.header("Authorization");
  if (auth === `Bearer ${sharedConfig.timebotAPIKey}`) {
    return access.authorized();
  return access.unauthorized();

I suppose another option is to store the token in the DB and not a config file