ExternalSite sends a request to my site. Is there a way to verify the request source, and make sure it's coming from ExternalSite? I don't have access to ExternalSite server. I know that $_SERVER isn't of any help in that case, so I guess it's a more complicated scenario that awaits me.
The form is sent from the external site. It could be anyone filling this form and posting it directly to my website. I'm trying to find if, in that scenario, it is possible to know if the form has been filled on ExternalWebsite and sent from it. I guess a token will be necessary.
You would need a token that is generated for each request that only you and the external site would know how to generate. Otherwise, no there is no way to reliably verify the request was from some form on a paticular site.
Logic without the fatal effects.
All code snippets are licensed under WTFPL.
The shared key would be the salt (php salt) the way you then create the rest of some convoluted key is up to you, its usually done with some other factor such as the date and some esoteric PHP functions.