HMAC SHA-256

How it works

HMAC (Hash‑based Message Authentication Code) uses a cryptographic hash (SHA‑256) together with a secret key to authenticate messages.

• The key is normalized to the hash block size and combined with inner/outer pads (ipad/opad).
• Compute H(key ⊕ opad || H(key ⊕ ipad || message)), where H is SHA‑256.
• Verification recomputes the same MAC and compares in constant time.

Use‑cases: API request signing, webhooks, and integrity/authentication of messages between parties sharing a secret.