Jira to ServiceNow webhook security

Hi

We are looking to implement the ServiceNow Jira Webhook (JiraCloud) to enable bi-directional updates. In the push flow from Jira to ServiceNow, the configuration documentation uses API Token.

Is it possible to use OAuth instead of the API Token.
If not, what are security best practices to secure the webhook? E.g., IP address restrictions

I think what you are looking for is described here:

May I ask what the reasons were for you to not use JiraSpokes from IntegrationHub and go for a custom integration instead?

Thanks for the reference. We will see if we can use this.
Re the ServiceNow spoke - we are using the servicenow jira spoke - but the documentation for the bidirection flow back from Jira to ServiceNow only specifies API token, and the infosec security team are raising a risk on API tokens.