API

How to implement authorization without login and password?

Hello!
Straight to the point!
It is necessary to implement a certain site / server with a choice of redirects to other sites
for a specific application on android.
On the site itself there is an authorization for users.
Authorization is needed without entering a login and password for applications (they have a browser that simply leads to the site / server specified in advance. The server
needs to understand who came to it (there are ideas to transfer the bundle id of the application or enter them manually into the database), but how to transfer to the server is not clear
I wanted to do it based on the headers that come to apache when connecting

127.0.0.1 [16/Jul/2018:13:47:07 +0300] "GET / HTTP/1.1" 200 255 "http://fuckingpaaage/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"

And how to get the necessary information (bundle id) from these headers, I did not find a solution.
Well, then, based on this, the server should redirect the one who came to the
manually selected redirect.
There is also such a moment that only applications and a certain circle of people can connect to this site / server (there is already a connection for certain users).
Please help me in this matter.