How to use this tool
- Enter your message and secret key in the input fields.
- Select an algorithm (SHA-1, SHA-256, SHA-384, or SHA-512) and click Generate.
- Copy the hex signature for use in APIs, webhooks, or verification workflows.
About HMAC Generator
This tool helps you compute HMAC signatures when building or debugging APIs, webhooks, and signed payloads. Security depends on keeping the secret key protected; anyone with the secret can produce valid signatures.
Common use cases
- Signing webhook payloads for API verification
- Generating request signatures for AWS or similar APIs
- Debugging HMAC-based auth in development
FAQ
- What is HMAC used for?
- HMAC (Hash-based Message Authentication Code) proves that a message was created by someone who knows the secret key and that the message was not altered. It is commonly used for API signatures, webhook verification, and signed tokens.
- Does this tool store or send my secret anywhere?
- No. All HMAC computation runs locally in your browser. Your message and secret never leave your device.
- Which HMAC algorithm should I use?
- Use SHA-256 or SHA-512 for new work; SHA-1 is weaker and mainly for legacy compatibility. Match the algorithm your API or system expects.
- Why does my HMAC differ from another tool?
- Ensure message and secret match exactly, including whitespace and encoding. Output is lowercase hex; some tools use uppercase or Base64.