Best way to handle DDP authentication calls from external client

I have a (non-meteor) app that is connecting to a Meteor backend via Asteroid. My first thought was to utilize some sort of hash to check on each call in order to validate that the request is being sent from my client and not any random site. Then I thought maybe I should just set up a global DDP user on the meteor backend for the client to connect to behind the scenes.

Basically I am looking for the correct way to do this. Any suggestions would be appreciated, I’m rather new to the Meteor “universe”.

Can you share how did you solved this, please?