concept

HMAC

HMAC (Hash-Based Message Authentication Code) is a cryptographic technique that combines a secret key with a hash function to verify both the integrity and authenticity of a message. It produces a fixed-size output (the MAC) that can be sent alongside the message, allowing the receiver to recompute it with the same key to detect tampering or forgery. It is widely used in secure communication protocols, APIs, and data storage to ensure data has not been altered by unauthorized parties.

Also known as: Hash-Based Message Authentication Code, Keyed-Hash Message Authentication Code, HMAC-SHA256, HMAC-MD5, Message Authentication Code
🧊Why learn HMAC?

Developers should learn HMAC when building systems that require secure message verification, such as API authentication (e.g., in webhooks or REST APIs), digital signatures, or data integrity checks in distributed systems. It is particularly useful in scenarios where symmetric keys are shared between parties, as it provides a lightweight and efficient way to prevent replay attacks and ensure message trustworthiness without the overhead of full encryption.

Compare HMAC

HMAC vs Digital SignaturesHMAC vs JwtHMAC vs Oauth

Learning Resources

📄
RFC 2104 - HMAC: Keyed-Hashing for Message Authentication
docs
📝
HMAC Explained - Khan Academy
tutorial
🎓
Cryptography I - Coursera (includes HMAC)
course
📝
HMAC in Python - Real Python Tutorial
tutorial
📄
HMAC - Wikipedia
docs

Related Tools

CryptographyHash FunctionsApi AuthenticationDigital SignaturesSymmetric Key Cryptography

Alternatives to HMAC

Digital SignaturesJwtOauth