HMAC Generator Online — SHA-256, SHA-384, SHA-512

Sign a message with a secret key using HMAC-SHA. Choose hex or unpadded base64url output. Runs locally — not a password hash and not for production auth scaffolding.

Loading…
HMAC generator — API signing digests
Compute HMAC-SHA digests from a message and secret. Hex or unpadded base64url. Not a password hash.

How HMAC works here

Enter a message and secret key. Choose SHA-256, SHA-384, or SHA-512. The digest updates automatically via Web Crypto. HMAC authenticates a message with a shared secret — it is not for storing passwords. Use bcrypt for password hashing.

Options

Algorithm
HMAC-SHA-256 (default), SHA-384, or SHA-512 — native Web Crypto set.
Output
hex for headers/checksums; base64url unpadded for compact tokens.
Uppercase hex
Applies only when output is hex. Ignored for base64url.

Examples

Classic vector

Message

POST /v1/orders HTTP/1.1 host: api.example.test content-type: application/json x-request-id: fm-demo-hmac-signing-fixture-001 {"id":42,"total":19.99,"currency":"USD","items":[{"sku":"FM-001","qty":2}]} # Fixture body for FastMinify HMAC generator sample (not a real request)

HMAC-SHA-256 (hex)

600cc1f2dd302d203d9a41acdcfd2a2a195e6f5a34da12b55af6d1c27e6d9941

API body

Message

{"id":42}

HMAC-SHA-256 (hex)

Digest with your shared secret (SHA-256 hex by default)

Related tools

For checksums without a secret use hash-generator. For password storage use bcrypt-hash.

HMAC FAQ

Signing digests

Is HMAC a password hash?

No. HMAC signs a message with a shared secret. For password storage use bcrypt-hash.

Is base64url padded?

No — this tool emits unpadded base64url (no trailing =).

Does my secret leave the browser?

No. All HMAC computation runs locally via Web Crypto.

Looking for converters, encoders, formatters, and minifiers in one place? Developer tools hub Open the curated developer tools catalogue.