Each external link added to the website uses either of these two methods:
It will send using a token id parsed along with the link. The receiving server can check for the token and validate with the collab server to check if this is a valid request or not. The user can use the same token id verification procedure given for RT, the only difference is in the code is, you’ll have to rename “?token_id=” to “?linktoken=” in the code.
For more detail please refer ‘Remote Trigger - How the Token Authentication works’.