PHP and mcrypt security on remote post

Hey guys. I'm trying to make an appstore for a web service and i'm stucked at the security part. The main idea for appstore is this: on the already installed platform, the user can install themes, skins, sample content or plugins. The process will work like this:

• in the backed, the user will click on the install button;
• using ajax, a php function from the local server will be called and the function will make a remote POST to the main server
• the call contains a mcrypt key (MCRYPT_RIJNDAEL_128) based on serialize(array('id'=>$unique_id,'url'=>site_url);
• The arguments are checked on the remote server and if the unique id is assigned to the specified URL inside the remote database, the update will be send back.
• The $unique_id is stored inside the database. The user has no access to the php fil开发者_StackOverflow社区es or has no access to the keys stored inside the database. Also, the keys used to encrypt the array are stored inside the database.

The remote call is made from server to server. The user has no direct access to the call arguments or call details.

How secure is the entire thing?

---

I guess the unique ID may be some kind of Auto Number, which may be guessed by someone (may not be always). If you want more secure, do some kind of encryption and send, from the server side again do decryption and check whether that is a valid entry or not and process accordingly.