I think the question should be
Do I need to validate the message's integrity?
If all you care about is limiting access to said resource, anything other than an API-key will be over-kill; API-keys are light-weight, simple to implement and use authentication standards (BASIC, etc.). Once the message is received you can perform simple sanity checks on the data.
If you need to validate the authenticity of both user and message, then Message Based Authentication is the way to go