Best Way to Secure Plugin function?

I have a plugin with an admin interface that is displayed within the normal WordPress settings interface. A click on a particular field in my interface places a javascript Ajax call to a standalone php script function to retrieve data from an API on the server.

What is the best way to secure the backend function from any client accessing the call from outside the logged-in admin user context?

I’m wondering if there is anything inherent to the WordPress environment that I can leverage (e.g. WP cookies) to authenticate the calling user. Since this backend function is “standalone”, it isn’t currently requiring any of the core WordPress scripts, so all the proprietary WordPress functions are currently not accessible to the code.