I would need to create a php file that will do some work on my webserver and that will be called from a program on another server over the internet. Suppose the php file that will do the work is located at www.example.com/work.php

What is the best way to protect unsollicited calls to the www.example.com/work.php?

What I need is some mechanism so that when the intended program accesses the url (with some query string parameters), the work gets done, but if somebody type www.example.com/work.php in their browser, access will be denied and no work will be done.

The way I've thought is to add some 'token' in the querystring that would be constructed by some algorithm from the calling program, a sample result could be to append to the url :

?key=randomKeyAtEachCall&token=SomeHexadecimalResultCalculatedFromTheKey

and the key and token would be validated with a reverse algorithm on the php side.

Is that safe, Are there any better idea?