@Ana You could proxy requests for these endpoints via APIM as well. The redirect-content-urls does this for you out-of-the-box.
For the proxied URLs to work, you will have to define APIs on APIM that forward the requests to your function app using the same managed identity.
If you require, you could completely rewrite the URLs in the body using the set-body policy and define endpoints on APIM that a more REST-like
For example, the endpoints could be /track/{taskHub}/{connection}/{GUID}
and you can use the rewrite-uri policy to change it to the one required by functions. The system key could just be a named value since it doesn't really change.