I'm in the process of architecting a mobile application and we're considering adding header security to the PHP file that's currently generating the app's XML data. So when the app requests the XML document it also sends a custom header with a secret key and some other encrypted values that the PHP script can validate.

Any suggestions on a robust way to achieve this?

I see IBM has documented something similar but it's designed for SOAP requests.

Thanks for your help