registration endpoint security

By TCB

I'm using elgg 2.3.14 currenty and I have a plugin that uses a third-party authenticator (Auth0) to login to my site.  I currently register the auth0 user in the background once I have their credentials making a call like:

forward('register?name='.$name.'&email='.$email.'&authId='.$ authId.'&username='.$username);

where I have pulled the users creds from my auth0 object.  My question is, how can I prevent outsiders from hitting the register api?  I don't want it exposed and need to keep it internal to my server.