Improving upon the Security of my Export Remote DB API [closed]

I am working on an in-house application, and I am working on how our application communicates with our remote server.

I have a PHP script that acts as an API to call to our MySQL DB and dump its contents.

I've been doing research on best security practices for this type of scenario, and I believe I've hit the key points. Any insight on what could further improve the security?

<?php$dbUser = 'redacted';$dbPass = 'redacted';$dbName = 'redacted';if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] === 'off') {    http_response_code(403);    echo "Secure connection required.";    exit;}if ($_SERVER['REQUEST_METHOD'] !== 'GET') {    http_response_code(405); // Disallow    echo "Invalid request method.";    exit;}$secretToken = "redacted";$headers = getallheaders();$clientToken = isset($headers['X-API-KEY']) ? $headers['X-API-KEY'] : '';if (!hash_equals($secretToken, $clientToken)) {    error_log("Unauthorized API access attempt from " . $_SERVER['REMOTE_ADDR'] . " at " . date("Y-m-d H:i:s"));    http_response_code(401);    echo "Unauthorized.";    exit;}$tempFile = tempnam(sys_get_temp_dir(), 'dump_');if ($tempFile === false) {    http_response_code(500);    echo "Error: Could not create temporary file.";    exit;}$tables = ['users','tables redacted'];$escapedTables = array_map('escapeshellarg', $tables); // Extra layer of security even though everything is predefined$tableList = implode('', $escapedTables);$escapedDbUser   = escapeshellarg($dbUser);$escapedDbPass   = escapeshellarg($dbPass);$escapedDbName   = escapeshellarg($dbName);$escapedTempFile = escapeshellarg($tempFile);$cmd = "mysqldump --compact --skip-comments -u{$dbUser} -p{$dbPass} {$dbName} {$tableList} > {$escapedTempFile}";exec($cmd, $output, $returnVar);if ($returnVar !== 0) {    http_response_code(500);    echo "Error: Could not generate mysqldump.";    unlink($tempFile);    exit;}$dumpData = file_get_contents($tempFile);if ($dumpData === false) {    http_response_code(500);    echo "Error: Could not read dump file.";    unlink($tempFile);    exit;}// Encrypt response even if valid request$method = 'aes-256-cbc';$key = hash('sha256', $secretToken, true);$ivLength = openssl_cipher_iv_length($method);$iv = openssl_random_pseudo_bytes($ivLength);if ($iv === false) {    http_response_code(500);    echo "Error: Failed to generate IV.";    unlink($tempFile);    exit;}$encryptedData = openssl_encrypt($dumpData, $method, $key, OPENSSL_RAW_DATA, $iv);if ($encryptedData === false) {    http_response_code(500);    echo "Error: Encryption failed.";    unlink($tempFile);    exit;}$finalData = $iv . $encryptedData;unlink($tempFile);header('Content-Type: application/octet-stream');header('Content-Disposition: attachment; filename="remote_dump.enc"');header('Cache-Control: no-store, no-cache, must-revalidate');header('Pragma: no-cache');echo $finalData;exit;?>