Limit access to the Admin REST API

According to the documentation the Admin REST API of the SyncGateway shouldn’t be exposed. This makes sense but I’m wondering how I can grant my Application Server which runs on Google AppEngine and which handles the sign-up / creation of sessions access to the API without exposing it? Is there an option to expose the Admin REST API but limit the access to a specific server sending the request or requiring a username / password combination like the GUI on the :8091 port?

Thanks.