For all S3 bucket operations and object operations, Amazon uses an authorization header in all requests to provide the authentication information. When a request is made, the secret key is used to generate a signature. This signature along with the access key are sent to the server as part of the HTTP/HTTPS request. The server will retrieve the secret key using the access key and generate its own signature. When the generated signature by the system matches the signature in the request, access is granted to the user who issued the keys.