There are several ways to authenticate users and servers.
jwt token, oauth, signed request
For authenticating between servers signing request with signature considered is one of the most secured one.
Both server and client have key_id and key_secret
key_id - transffered through the network
key_secret - used only as a key for hash function and not transffered
The general logic for creating a signature for request is to combine different fields of it and then hash it those several times.
Note: Important to hash also time with seconds. In that case we can guarantee that the same signature can be used for the same request only with 3 -5 second interval.
Best documentaion on that kind of signature belongs to Amazon.