I have created a LWC component in Salesforce and want to publish this as an app to AppExchange, this component passes the salesforce object data to my external application to process the data, for this I have exposed an endpoint to my application and I'm accessing it from salesforce apex class, so basically I call the apex method from the LWC which makes an api call to my application, since I have exposed this api endpoint, how can I authenticate that the request comes only from salesforce via my LWC component and prevent unauthorised access,
should I create a unique key in the LWC and verify this key in my application whenever I receive the request or salesforce has any mechanism to achieve the same
