Sign a webhook payload
Paste a sample payload and shared secret to generate an HMAC signature for webhook documentation or local tests.
Security tools
HMAC Generator
Generate HMAC signatures for text using SHA-1, SHA-256, SHA-384, or SHA-512.
Signatures
HMAC-SHA-1
Calculating...
Base64
Calculating...
HMAC-SHA-256
Calculating...
Base64
Calculating...
HMAC-SHA-384
Calculating...
Base64
Calculating...
HMAC-SHA-512
Calculating...
Base64
Calculating...
More security tools
Continue with nearby tools in the same workflow category.
Hash Generator
Generate SHA digests for short text snippets in the browser.
JWT Decoder
Decode JWT headers and payloads without verifying signatures.
Password Generator
Generate random passwords in the browser with adjustable rules.
SSL Certificate Checker
Inspect certificate issuer, dates, SANs, and validity.
About HMAC signatures
HMAC combines a secret key, a message, and a hash algorithm to create a signature. APIs and webhook providers often use HMAC to prove that a payload came from a trusted sender.
This generator runs in your browser with Web Crypto APIs and returns both hexadecimal and Base64 signatures.
Common uses
- Sign webhook payload examples
- Debug API request signing
- Compare HMAC-SHA-256 output
- Create test signatures for documentation
Notes
Avoid pasting production secrets into any online tool. Use reduced test values when checking signature formats.
Examples
Compare API signature output
Check SHA-256 or SHA-512 HMAC output when debugging request signing examples.
FAQ
What is an HMAC?ShowHide
An HMAC is a keyed message authentication code. It combines a secret key with a message and hash algorithm to create a signature.
Does this HMAC generator upload my secret?ShowHide
No. Signing runs in your browser using Web Crypto APIs, so the message and secret are not sent to UtilPilot servers.
Which algorithm should I choose?ShowHide
HMAC-SHA-256 is a common default for modern API signatures unless a service specifically requires another algorithm.
Related next tools
Use these nearby utilities when the current task is part of a larger debugging, writing, security, or site maintenance workflow.