Generate an HMAC (hash-based message authentication code) for any message and secret key using SHA-256, SHA-384 or SHA-512. Unlike a plain hash, an HMAC mixes in a secret key, so it both fingerprints the message and proves it was produced by someone who knows the key. That is why HMACs sign webhooks, API requests and tokens: the receiver recomputes the HMAC with the shared secret and checks that it matches. This tool uses your browser native Web Crypto API to compute the code and shows it as a lowercase hex string. Enter your message, your secret and pick an algorithm, then click generate. Everything runs locally in your browser, so your secret key is never transmitted to any server.