Hash Generator for API Request Signatures
Quick Answer: API request signing typically uses HMAC-SHA256: hash the request body with a shared secret key. This is how AWS Signature V4, Stripe webhooks, and many payment APIs verify request authenticity and integrity.
FAQ
What is HMAC-SHA256?
HMAC (Hash-based Message Authentication Code) combines a secret key with SHA-256 hashing. It proves both the integrity of the message and the identity of the sender.
How do I verify a Stripe webhook signature?
Stripe sends a Stripe-Signature header. Compute HMAC-SHA256 of the raw request body using your webhook secret, then compare with the header value.