Sounds to me like you want something like request signing:
- generate a random secret key that you give to the authenticating app (ahead of time, shared secret)
- require that the authenticating app sends its current date as part of the request
require that the authenticating app creates a hash of a concatenation of
- the date sent in 2.
- any other unique data that's part of the request
- the secret key
This will form your "unique key". Since you're looking at a message authentication code, you'll want an HMAC hash. E.g.:
code = HMAC(date + data, secret key)
verify that the date is within a certain tolerance, e.g. ±15 minutes
- repeat the same hashing algorithm
- compare the received hash with your hash
This way you can authenticate each request as being sent by the entity in possession of the secret key without sending the secret key over the wire, and each request has a unique authentication code.