Generate HMAC (Hash-based Message Authentication Code) signatures with our free HMAC Generator. Create HMAC-MD5, HMAC-SHA1, HMAC-SHA256, and HMAC-SHA512 signatures for API authentication, webhook verification, and data integrity validation. Used by AWS, Stripe, GitHub, and other major APIs.
Enter the message or data to sign.
Enter the secret key for HMAC computation.
Select the hash algorithm (SHA-256 recommended).
Click 'Generate' to create the HMAC signature.
HMAC is used to simultaneously verify data integrity and authenticity. It's commonly used in API authentication (AWS Signature V4), webhook verification (Stripe, GitHub), JWT signing, and secure communication protocols.
A regular hash only uses the message as input and anyone can compute it. HMAC uses both a message and a secret key, so only parties who know the key can generate or verify the signature. This proves both integrity and authenticity.
HMAC-SHA256 is the most widely recommended. It provides strong security and is required by most modern APIs. HMAC-SHA1 is still acceptable but being phased out. Avoid HMAC-MD5 for new implementations.