How should multiple server-side apps "communicate" with each other

Question

Lets say there are two server-side applications on two separate servers.

Server #1, IP address 1.2.3.4, contains a PHP web application with MySQL database.

Server #2, IP address 5.6.7.8, contains a NodeJS app with MongoDB database.

How can the PHP app "commands" the NodeJS app (or vice versa) to do something, like :

• "please save this data on your database", or
• "I want to retrieve data from your database, where some_id = 123"

These internal communication should be secure, it means that no one except both servers can execute them.

I think that this is possible with simple HTTP POST / GET requests.
For example, the NodeJS app sends a POST request with parameters to http://1.2.3.4/do_something.php Or maybe the PHP app sends GET request to http://5.6.7.8/retrieveSomething
But I think it is not secure because the URL is exposed to public. (correct me if I'm wrong)

I don't even know the google search keyword for this problem.
Is it web services? SOA? RPC?

Answer 1

Your example is perfectly fine. In terms of securing it, a simple way would be to have the "client/sender" send some sort of agreed upon API key along with the request. The "server/receiver" would then check this API key. If it is valid, then the appropriate command would be executed. If it's not, the server will simply return a 404 Not Found.