I'm not talking about vpns and such but more about (rest-)api authentication. About what amazon uses to generate signed urls to S3-Stored files. It's an hmac used to create a signature using a pre-shared secret and some properties of the request (mainly the url) as input. The PSK must be available to both parties.