Encode / Decode

HMAC Generator

Generate HMAC digests with SHA algorithms in the browser.

Runs in your browser
Ready

About HMAC Generator

The HMAC Generator creates keyed message authentication digests for checking webhook signatures, request signing examples, and API documentation.

Common uses

  • Compare a webhook payload against a provider signature.
  • Generate sample HMAC values for integration tests.
  • Switch hash algorithms when an API supports several signature formats.

Good to know

HMAC security depends on keeping the secret key private. Avoid pasting production secrets into any browser tool unless you fully trust the environment.

How to compare signatures

Use the same message bytes, secret, algorithm, and output encoding as the provider you are testing. Even one extra newline or different JSON spacing can produce a completely different HMAC.

Good debugging workflow

Start with the provider's documented test vector if available, then move to your real sample payload. Matching a known example proves the local settings before you inspect application code.

Common mistakes

Secrets should not be pasted into shared machines or screenshots. Use throwaway keys for examples and rotate real keys if they have been exposed during debugging.

Before you rely on the output

  • Check whether the source expects a full document, a URL component, bytes, Unicode text, or another encoding boundary before copying the result.
  • Privacy mode: inputs are processed locally in your browser and are not intentionally sent to an application server.

Related tools

Base64, Hex ASCII Converter, HTML Entities, JWT Decoder

An unhandled error has occurred. Reload x