Salesforce Integration with external system - authentication best practices

A few reasons that the external URLs would be secured are:

1. The data obtained from them is not public information and only authorized clients should be able to access it e.g. someones personal details or things like bank account details.
2. The URLs allow the data to be changed and only authorized clients should be allowed to make changes.
   There is a concern that the URLs might be overloaded with requests e.g. unexpected clients start to use the URLs because of they available.
3. If none of these apply - the data is fine for anyone to see, the data is not updated, and the data is of no interest to others - you could leave the access unauthenticated.

If the access does need to be authenticated, the technique you use will depend on what is available on the server you access via the URLs - there are a variety of techniques.

Another way,

1. Go for WSDL To APEX tool if the external service supports only SOAP based request and response.
2. Go for HttpRequest Class and make callout from force.com if the external service supports JSON. Also, you can use this for SOAP request / response as well. But, you have to construct request (XML) in your code
Thanks,