Authorization and authentication are best handled using cryptographic techniques, because nothing in an incoming request packet can be relied upon.   However, in order to properly answer your question we would need to know a great deal more about the situation.   Where are the requests coming from, both geographically and programmatically speaking?   What is the situation here?   Describe the problem in context.