Remote Access
If the source and destination server are in different networks and the access from one to the other is remote, via the internet, it is most advisable to use authentication via certificate.
On the server, the certificate must be mapped to a special user who has the accesses that the remote system needs.
In this way, the connection is encrypted and the communication secure. In addition you ensure that only the remote server with that certificate will have access.
Internal network
If both systems coexist within an internal Intranet network, you can use rules in your company's proxy or firewall to filter the allowed accesses.
An example would be to allow access to the URL of this service only from the server where the PHP system is located.
Considerations
In both cases, I mentioned techniques that delegate authentication and data privacy to recognized and common security solutions.
Avoid reinventing the wheel (which usually does not work right), for example by creating your own encryption mechanism.