Encode / Decode
HMAC Generator
Generate HMAC digests with SHA algorithms in the browser.
About HMAC Generator
The HMAC Generator creates keyed message authentication digests for checking webhook signatures, request signing examples, and API documentation.
Common uses
- Compare a webhook payload against a provider signature.
- Generate sample HMAC values for integration tests.
- Switch hash algorithms when an API supports several signature formats.
Good to know
HMAC security depends on keeping the secret key private. Avoid pasting production secrets into any browser tool unless you fully trust the environment.
How to compare signatures
Use the same message bytes, secret, algorithm, and output encoding as the provider you are testing. Even one extra newline or different JSON spacing can produce a completely different HMAC.
Good debugging workflow
Start with the provider's documented test vector if available, then move to your real sample payload. Matching a known example proves the local settings before you inspect application code.
Common mistakes
Secrets should not be pasted into shared machines or screenshots. Use throwaway keys for examples and rotate real keys if they have been exposed during debugging.
Before you rely on the output
- Check whether the source expects a full document, a URL component, bytes, Unicode text, or another encoding boundary before copying the result.
- Privacy mode: inputs are processed locally in your browser and are not intentionally sent to an application server.
