The exchange of data between http and https

Of course not,
or do you not understand the situation or contradict yourself:
\r

third-party site, as simple as possible for developers, have been able to access my site (of course with signatures , etc. so as not forged) and get the data.

If the site works only on https, and even monitors the keys, then the http access will not last.
\r
Make for third-party developers a separate http page
and instead of the SSL key let them md5 salt, let hachirou your details and priklepyvayut hash, and you're on your side, check your hash and the hash sent to them.

Ie I have a php script available at http accessed third-party website for GET with salt. Further, this script makes an https request (by the way, how is it done? via curl?), generates the response and sends it to the website. But no, the answer is, take it unencrypted. I just need to not caught.
\r
Third-party site is trying to authenticate the user using my. And in response I suppose you want to send the response to the authorized/not authorized. If an attacker is able to impersonate it, that is authorized for a third-party website.