Protection/ Authorization on callback url's

Hi, our team had a few concerns about the protection on the call back url’s, what is the protection mechanism in place to prevent unauthorized access to the callback urls, also, is there a way we can probably give ABDM a token which can be sent as an authorization token on the call back url for our validation.