Validating request source in REST API

I am exposing an API using http-functions.js. The API is only intended to be used by one other server. What’s the best way of validating that an HTTP request has come from that server?

Use keys from the request header.

You can store all valid keys using Wix database.

Could you explain a little bit more please, or point me to an article?