Heartbeat: Locking-Down Heartbeat and Beats when "HTTP Endpoint" is Enabled on the Beats?

I have a test Heartbeat and test Filebeat (with "HTTP Endpoint" enabled) set-up and working (via Uptime) but they do not have security features enabled/configured between them.

I've stored the credentials in the Heartbeat's keystore, so they can be retrieved and used to authenticate to the Filebeat. However, how do you store and configure the same on the Filebeat side (with "HTTP Endpoint" enabled) so that the Filebeat can "allow" or "deny" the authentication attempts made by the Heartbeat?