This type of thing is probably old-news for many folks, but outside my expertise.
We have a classic ASP website, and a customer has a PHP based website hosted on Amazon EC2.
We need to setup a mechanism whereby the PHP site can pass the ASP website an identifier which represents their request for the ASP site to do something. Later (as in days) the ASP site will want to pass back that ID, plus a bit of extra text based data, to the PHP site. This to "link records" for all intents.
I can envision a very simple .php and .asp page that simply accepts querystring parameters and does the necessary database insertion. But that feels insecure to me (??) If there is a VPN between the two servers, does that not matter? What is the appropriate way to set this up so that there is some degree of authentication involved so that if any old person were to type a url it wouldn't do anything?