First of all, it's important to mention that external communication that happens over the internet must be encrypted. The usual way of doing this is via TLS using trusted certificates. This is possible for HTTP as well as for other communication protocols.

The authenticity of the certificates used must be verified at runtime by the implementation. They have to be assured by a trusted internal or external certificate authority.

Insecurely accepting any certificates in the application should be avoided, for production as well as other environments. This implies that properly signed certificates are being provided and used for the communication.