How to Generate HMAC Signatures
HMAC Generation
What is HMAC?
HMAC (Hash-based Message Authentication Code) combines a secret key with a message to produce a signature. APIs use HMAC for webhook verification, request signing, and integrity checks.
Common Use Cases
- Verifying GitHub or Stripe webhook signatures
- Debugging AWS Signature Version 4 components
- Testing API authentication during development
Frequently asked questions
Which HMAC algorithm should I use?
HMAC-SHA256 is the most common default. Use the algorithm specified by the API you are integrating with.
Is my secret key sent anywhere?
No. The key and message are processed entirely in your browser. Clear the page when finished if on a shared machine.