HMAC Generator
Webhook Signature Helper
Reproduce the exact signature header a provider sends so you can verify or replay webhooks.
HMAC-SHA256 of the raw request body, hex, prefixed with sha256=.
Everything runs in your browser with the Web Crypto API. Your message and secret never leave this page.
What This Tool Does
HMAC Generator is built for deterministic developer and agent workflows.
Compute an HMAC for any message and key (SHA-1/256/384/512) and build webhook signatures in GitHub, Stripe, and Slack formats.
Use How to Use for execution steps and FAQ for constraints, policies, and edge cases.
Last updated:
This tool is provided as-is for convenience. Output should be verified before use in any production or critical context.
Agent Invocation
Best Path For Builders
Browser workflow
Runs instantly in the browser with private local processing and copy/export-ready output.
Browser Workflow
This tool is optimized for instant in-browser execution with local data handling. Run it here and copy/export the output directly.
/hmac-generator/
For automation planning, fetch the canonical contract at /api/tool/hmac-generator.json.
How to Use HMAC Generator
- 1
Enter your message
Paste the payload or raw request body you want to authenticate into the message box.
- 2
Add the secret key
Type the shared secret both sides agree on. It is combined with the message to produce the signature.
- 3
Pick algorithm and encoding
Choose SHA-256 or another hash, then hex or base64 to match what your server expects.
- 4
Use the webhook helper
Select GitHub, Stripe, or Slack to get the exact signed header string, including timestamp handling where required.
- 5
Copy the result
Copy the signature or the full header and compare it against the incoming request to confirm authenticity.