2-way SSL will help you to ensure that the source of the message is trusted and is an important element in security.

For best security you would want to encrypt the message content so that it is not readable anywhere it is persisted, e.g. any cache or longer term storage in a database as well as while it is in transit.

But you're correct that encrypting the message does add extra complexity. For example you would probably want to have a mechanism that enables you to change your encryption key - in the case that the decryption key becomes compromised / just good general practice to rotate keys; so there would be some extra complexity in managing the encryption key changeover / distribution, making sure that all sources of the requests get the updated key and handing decryption during key changeover.

There will also be various performance impacts because encrypting and decrypting, which will vary depending on the specific encryption algorithms and ciphers. There is a tradeoff that needs to be made.

And last of all, while this is not specifically the scope of your question and maybe you are already; you should consider human factors - e.g. you may have encryption but how do you maintain security on the target server, for example controlling access to decryption utilities and making sure that you have appropriate audit records of who, when and why those utilities might be being used.