I'm building a sneaker trading platform using Solidity, where each sneaker is represented as an ERC-721 NFT. The NFT’s metadata contains a QR code that needs to update whenever the sneaker is transferred to a new owner.

Current Approach: Each sneaker has a Token URI that stores its metadata. The smart contract emits a Transfer event when an NFT is traded. An off-chain backend listens to these events and updates the metadata accordingly.

Problem: I need to securely update the Token URI after every transfer, but I want to ensure that only authorised parties (e.g., the platform itself) can update it. The current and previous owners should not be able to modify the metadata, as they might manipulate it in unintended ways.

Would it be best to handle this by:

Using the platform’s owner account to approve metadata updates? Implementing a whitelist of authorized updaters within the smart contract? Leveraging an EIP-4906-like mechanism to standardize metadata updates?

What I’ve Tried: Researching EIP-721 and EIP-4906 to see if there’s a standardized way to handle metadata updates.

Considering an off-chain backend that listens for transfer events and updates the metadata, but unsure how to securely enforce authorization.

Looking into on-chain metadata storage, but it's too expensive for frequent updates. How can I securely manage metadata updates so that only authorized parties (excluding current/previous owners) can modify the Token URI? Are there any best practices or alternative approaches?