HMAC Generator
Generate HMAC-SHA256 signatures with a secret key.
How to Use
- Enter the data you want to authenticate in the message field.
- Enter a secret key and select the HMAC algorithm (SHA-256, SHA-512, SHA-1, or MD5). The HMAC signature is computed instantly.
- Copy the HMAC signature and use it for API request authentication, webhook verification, or data integrity checks.
Frequently Asked Questions
- What is HMAC used for?
- HMAC (Hash-based Message Authentication Code) is used to verify both the integrity and authenticity of a message. Common use cases include signing API requests, validating webhook payloads (e.g. Stripe, GitHub), and creating secure tokens that prove data has not been tampered with.
- What is the difference between HMAC and a regular hash?
- A regular hash (like SHA-256) only verifies data integrity — anyone can compute it. HMAC requires a secret key, so only parties who know the key can generate or verify the signature. This makes HMAC suitable for authentication, not just integrity checking.
- Which algorithm should I choose?
- HMAC-SHA256 is recommended for most use cases — it's widely supported, secure, and the industry standard. Use HMAC-SHA512 if you need extra security margin. Avoid HMAC-MD5 and HMAC-SHA1 for new projects as they are considered weak for some attack scenarios.