IIS CMS access web service


We are creating a new web site and it’s using a CMS that will connect to a internal web service that will connect to a sql database. The cms will be in the DMZ and the web service will be in the protection network with the database. My question is would the web service need https and bearer auth ? Or would just http be fine?