You can pass the token using HTTP headers, or via a POST request which will make it invisible in the URL. Using this method the token ID is not present in the URL. Since you are redirecting from one domain to another using a GET request, this leaves the HTTP headers method as your only method to go about implementing this. Please be note that this only works in a server-to-server communication

Domain 1 controls the database while Domain 2 just acts according to the token verification result. In this scenario, Domain 2 will not directly access the database, but it will make a request to Domain 1 (verifyToken.php) to check whether a given token is valid or not. Domain 1 will return a response accordingly after checking the database, and Domain 2 will then grant or deny access based on

Need to restrict access to a page between domains? If your pages are on the same domain, you can use sessions. But what about two different domains? After much experimenting, I present a simple way to restrict page access between domains without a database. EXAMPLE 1: Code for referring domain: <?php $secretKey = '0101010'; $secondDomainURL = 'https://qikgraphics.com/1/banner/creator.php'; //