Website is developed on JSF, Servlet, using apache web server. In my website, I accept data submission from few restricted websites using HTTP POST method. We exchange some secure key to ensure that correct source is sending data.

But is there any way to ensure that the data is submitted from specific domain / IP address only? In application level I can check request.header('Referer') , but some proxy or firewall might hide the referer. Can this configuration done on firewall or webserver level to authenticate server to server communication?

Eg. Say my website is a payment gateway website, integrated with www.abc.com. I want only abc.com to submit data. So a user using abc.com should be able to submit data to my website only through abc.com, and not any other website.