HMAC Generator

Compute HMAC signatures for API authentication and webhook verification. Enter your secret key, paste the message, and click Run.

  • Runs entirely in your browser
  • No data stored or sent to a server
  • Free forever — no signup
  • Instant conversion

Input and Output

Use the interactive encoder and decoder on this page to process your text.

Learn more about HMAC

How to Generate HMAC Signatures

HMAC Generation

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a secret key with a message to produce a signature. APIs use HMAC for webhook verification, request signing, and integrity checks.

Common Use Cases

  • Verifying GitHub or Stripe webhook signatures
  • Debugging AWS Signature Version 4 components
  • Testing API authentication during development

Frequently asked questions

Which HMAC algorithm should I use?

HMAC-SHA256 is the most common default. Use the algorithm specified by the API you are integrating with.

Is my secret key sent anywhere?

No. The key and message are processed entirely in your browser. Clear the page when finished if on a shared machine.