I have a visualization extension that makes a call to a custom web service I wrote, and I was wondering if there was any way to send a signed token (or something similar) to the web service that I could use to verify that the request indeed came from the Qlik app where my extension is running. At this point I don't necessarily need to know the details of the user initiating the action (though it would be nice); as long as the request is coming from the Qlik app, I want to accept the request.

I have done a fair amount of googling on authentication, but it seems that everything I find has to do with third party apps authenticating with Qlik in order to access Qlik functionality, which is sort of the inverse of what I am trying to achieve.