It is not too clear to me what you mean, but - you can, in your web server config or script, differentiate between requests coming in through the loopback or external interfaces. If you need a username as parameter, you have no way without authentication, since http requests are by default anonymous. Only after requesting authentication (e.g. sending back a 401 status code and an Authentication line, the client will send a username embodied in the next GET or POST request.

You could use Kerberos to handle that transparently.

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}