Authenticated Room Question


I’m trying to use Jitsi for conferencing within another application, but I’d like to only allow my back-end services to be able to create a room that users of my application would then join as guests without a password. So I’d like my backend to make an authenticated REST call to jitsi to open a room and allow guests in, then once they disconnect, the room is destroyed. I don’t want anyone to drive by and create and use my Jitsi server. Is this at all possible? I basically don’t want to operate an open, unmoderated Jitsi server, nor do I want the users of my application to need a password to open the room. Any way to do this?