Seperate file server, authorization token on both?

Hello all. I'm after something a bit different.

I have a server with "unlimited" space. I want to upload files to this server via my digital ocean droplet (not very unlimited).

However, these files are only to be viewable by users who are logged in to my Laravel project on the droplet.

I'm intending on storing these outside of public view and access them via something like https://myunlimitedsite.com/?download.php=uploads/folder/1/my-file.pdf&auth_token=hah748rjfjs94

I usually store files outside of the public directories and access them via a PHP file, but this time I'm going to be uploading (hopefully), via a Laravel FTP upload... If this is the best way?

I'm guessing I'll need some kind of auth token generated on both servers that check eachother and match before allowing a download. Is this possible? Has it been done before? Do you have any pointers on the best approach?