https://username:password@yourhostname/inboundhook
This way, access to your inbound hook is protected by username and password. Of course, your web app needs to prevent access for any other credentials. Also, secure protocol will be used, so this is a good way to protect your hook. You may want to read additional sources on security strength with HTTPS/basic auth, like: http://stackoverflow.com/questions/1837627/is-basic-auth-with-ssl-secure-enough
Regards,
Milan Gornik
Postmark developer, Wildbit