🔧

HMAC Generator

Generate HMAC-SHA256 signatures with a secret key.

How to Use

  1. Enter the data you want to authenticate in the message field.
  2. Enter a secret key and select the HMAC algorithm (SHA-256, SHA-512, SHA-1, or MD5). The HMAC signature is computed instantly.
  3. Copy the HMAC signature and use it for API request authentication, webhook verification, or data integrity checks.

Frequently Asked Questions

What is HMAC used for?
HMAC (Hash-based Message Authentication Code) is used to verify both the integrity and authenticity of a message. Common use cases include signing API requests, validating webhook payloads (e.g. Stripe, GitHub), and creating secure tokens that prove data has not been tampered with.
What is the difference between HMAC and a regular hash?
A regular hash (like SHA-256) only verifies data integrity — anyone can compute it. HMAC requires a secret key, so only parties who know the key can generate or verify the signature. This makes HMAC suitable for authentication, not just integrity checking.
Which algorithm should I choose?
HMAC-SHA256 is recommended for most use cases — it's widely supported, secure, and the industry standard. Use HMAC-SHA512 if you need extra security margin. Avoid HMAC-MD5 and HMAC-SHA1 for new projects as they are considered weak for some attack scenarios.