HMAC Generator

HMAC (Hash-based Message Authentication Code) is a specific type of message authentication code involving a cryptographic hash function and a secret cryptographic key. It may be used to simultaneously verify both the data integrity and the authenticity of a message.

Enter the message text and a secret key. Choose a hashing algorithm (e.g., SHA-256) and an output format. The tool will instantly generate the HMAC code.

• API Requests: Many services use HMAC to sign API requests to ensure they haven't been tampered with during transit.
• Webhooks: Services may send an HMAC header so you can verify that the message actually came from them.

Generation happens locally in your browser using the CryptoJS library. Your secret key and text are never sent to our server.

• How is HMAC different from a regular hash? A regular hash (like MD5 or SHA-256) only verifies integrity. HMAC adds a secret key, which also allows verifying the sender's authenticity.
• Which algorithm should I use? SHA-256 is the modern standard and is recommended for most new applications.