Common use cases
- Sign API requests for AWS, Stripe, GitHub webhooks
- Verify webhook signatures before processing
- Create message authentication codes
Frequently asked questions
What's the difference between HMAC and a regular hash?
HMAC combines a hash function with a secret key. Without the key, an attacker cannot generate a valid HMAC, which makes it suitable for authentication. A regular hash has no key and proves only integrity, not authenticity.