utils logo UTILS
Free online tools to generate, calculate, convert, format, transform, and de/en-code.
 

HMAC Generator

Generate HMAC (Hash-based Message Authentication Code) for message authentication and integrity verification. Commonly used for API security.

Configuration

The secret key used to generate the HMAC

Verify HMAC

About HMAC

HMAC (Hash-based Message Authentication Code) is a mechanism for message authentication using cryptographic hash functions. It's used to verify both the integrity and authenticity of a message.

Common Use Cases:
  • API Authentication: Sign API requests to verify they haven't been tampered with
  • Webhooks: Verify webhook payloads from services like GitHub, Stripe
  • Data Integrity: Ensure data hasn't been modified in transit
  • Session Tokens: Create secure session identifiers

Security Best Practices

Key Management

  • Use strong, random secret keys
  • Never expose secret keys in client-side code
  • Rotate keys periodically
  • Use different keys for different purposes

Implementation

  • Use HMAC-SHA256 or HMAC-SHA512
  • Avoid HMAC-SHA1 for new applications
  • Always use constant-time comparison
  • Include timestamp to prevent replay attacks

Feedback

Help us improve this page by providing feedback:


Share with