🔑HMAC Generator

Generate HMAC authentication codes using various hash algorithms.

Message

Secret Key

Algorithm:HMAC-SHA256

About HMAC Generator

HMAC Generator computes Hash-based Message Authentication Codes (HMAC) using MD5, SHA-1, SHA-256, or SHA-512, combining your message with a secret key to produce a tamper-proof authentication code. Use it to verify API signatures, authenticate webhook payloads, or learn how HMAC works.

How to Use HMAC Generator

1
Enter your message and secret key
Type the message or data payload and the secret key you want to use for the HMAC computation.
2
Select the hash algorithm
Choose HMAC-SHA256 (recommended), HMAC-SHA512, HMAC-SHA1, or HMAC-MD5 from the algorithm selector.
3
Copy the HMAC output
Click 'Generate' and copy the resulting HMAC digest in hex or base64 encoding for use in your application.

Common Use Cases

Verifying webhook signatures from services like Stripe, GitHub, and Shopify
Signing API requests with a shared secret for client authentication
Generating message authentication codes for secure communication channels
Learning and testing HMAC implementations during development

Frequently Asked Questions

What is HMAC and how does it differ from a regular hash?

HMAC combines a message with a secret key before hashing, so only someone with the same secret key can verify the hash. A regular hash has no key and can be computed by anyone — HMAC adds authentication to the integrity check.

Which HMAC algorithm should I use?

HMAC-SHA256 is the most widely used algorithm and is recommended for new implementations. HMAC-SHA512 provides a larger output for extra security. HMAC-MD5 and HMAC-SHA1 are legacy algorithms to avoid in new projects.

What is HMAC commonly used for?

HMAC is used to sign and verify API requests and webhook payloads (such as GitHub and Stripe webhooks), generate secure tokens, and authenticate messages in protocols like TLS.